Latest news with #JenEasterly
Epoch Times
06-05-2025
- Politics
- Epoch Times
China's Cybersecurity ‘Pearl Harbor' Against America: ‘Everything, Everywhere, All at Once'
Originally published by Commentary China's multidimensional war against U.S. interests is already underway and well-documented. One underappreciated dimension of its attack on American primacy, however, is the arena of cybersecurity. For decades, Communist China's spies, hackers and businessmen have feasted on the In the last two years, however, the Chinese Communist Party's (CCP) cyber-attacks against America have These changes in the CCP's cyber offensive on America consist of two basic capabilities. Related Stories 4/22/2025 4/18/2025 The newer capability is China's comprehensive data-collection operation, given the title of 'Salt Typhoon' by Microsoft, and known by other names, such as ' China is also simultaneously The second revolutionary advance in China's offensive cyber-warfare capabilities that target U.S. interests is more deadly. It threatens a Pearl Harbor-magnitude attack on America. ' Then U.S. Rep. Mike Waltz, shortly before he was appointed National Security Advisor, stated in an '[W]e have been, over the years, trying to play better and better defense when it comes to cyber. We need to start going on offense and start imposing, I think, higher costs and consequences to private actors and nation state actors that continue to steal our data, that continue to spy on us, and that even worse, with the Volt Typhoon penetration, that are literally putting cyber time bombs on our infrastructure, our water systems, our grids, even our ports.' China could The gravity of this weaponization of cyberspace at the strategic level has been Volt Typhoon is devised to create chaos in the United States. Jen Easterly, former head of the US Cybesecurity and Infrastructure Security Agency, If China is successful in placing undiscovered and undefused malware that is capable of disabling critical infrastructure in the United States, the result would most likely be the complete loss of confidence in America's ability to protect 'Free Asia' or anyone else, and enabling China to be closer to achieving its goal of ruling in the Indo-Pacific region, which it appears to see as the The Trump Administration's plan of action would do well to include massive arms deliveries to Taiwan and encouraging the island democracy to move to a war footing. President Donald Trump has already sent Trump might also convene a cabinet meeting to assure that all aspects of American public and private capabilities should be mobilized to build resiliency in critical national infrastructure, while simultaneously examining U.S. cyberspace vulnerabilities. The United States also might also go on the offense and target China's critical national infrastructure, perhaps starting with the Cyberspace Administration of China? Views expressed in this article are opinions of the author and do not necessarily reflect the views of The Epoch Times.
Forbes
02-05-2025
- Business
- Forbes
AI And Cybersecurity: The New Administration's 100-Day Reckoning
Just 100 days into the Trump administration, cybersecurity leaders are grappling with a volatile mix of deregulation, rising geopolitical tension, and accelerated adoption of AI. At the RSAC 2025 conference this week, Snyk hosted a timely panel titled 'The First 100 Days: How AI, Policy & Cybersecurity Collide,' featuring an all-star lineup: Jen Easterly, former CISA Director; Nicole Perlroth, former journalist and partner with Ballistic Ventures; Sumit Dhawan, CEO of Proofpoint; and Peter McKay, CEO of Snyk. Moderated by Axios cybersecurity reporter Sam Sabin, the conversation examined the early signs of disruption and dysfunction—and what it all means for software security, national defense, and innovation. The discussion was grounded in new findings from a Snyk-commissioned CISO survey, which revealed stark concerns about AI-generated threats, fragmented regulation, and eroding trust between the public and private sectors. Since January, 70% of surveyed CISOs reported experiencing a cyberattack involving AI. Panelists noted that organizations are rapidly embracing AI to increase productivity, but often without properly considering security implications. This rush to adopt AI is creating a widening gap between innovation and risk management. At the same time, nearly all CISOs surveyed expressed concern that AI-generated code may be introducing hidden vulnerabilities, suggesting a dangerous disconnect between perceived readiness and the evolving threat landscape. Peter McKay observed, 'Everybody is just focused on productivity... just get the benefits of AI and we'll figure out security later,' highlighting the widespread rush to adopt AI tools without sufficient safeguards. The panel addressed the impact of federal workforce reductions and policy reversals, including the rollback of Biden-era AI executive orders. Former CISA Director Jen Easterly described the loss of technical talent from government agencies as damaging to national cyber readiness. The panelists noted that reported loyalty requirements for federal cybersecurity personnel could further erode morale and independence. Concerns also extended to international partnerships, with reports that allied nations are beginning to limit intelligence sharing with the U.S., reflecting declining trust in the current administration. AI is drastically accelerating software development cycles, but this rapid pace is straining traditional security frameworks. Panelists highlighted how internal pressure to innovate often overrides caution, leading to insufficiently vetted tools and code. They stressed the importance of integrating security from the outset rather than as an afterthought, and called for secure-by-design practices to become standard. Without these safeguards, AI tools that can prevent threats may also be exploited to cause harm. Speakers emphasized that recent setbacks in federal cybersecurity leadership and policy risk reversing years of progress in public-private cooperation. The collaboration that once enabled a strong collective response to cyber threats—most notably in Ukraine—is now showing signs of strain. Several panelists expressed concern that trust is weakening on both sides, with private companies unsure about their role in threat reporting and mitigation, and government agencies losing key channels for visibility. CISA's partnership-enabling authorities, such as CPAC, were cited as critical tools that are currently on hold. When asked what single change they would make if given a 'magic wand,' panelists offered a range of pragmatic solutions. Proposals included mandating secure-by-design standards for consumer-grade routers—long a weak link in infrastructure security—and launching a national effort to clean up the open source codebase that underpins most modern applications. Others called for harmonized, standardized AI development regulations to prevent a patchwork of conflicting state laws. There was also strong support for a software liability regime tied to demonstrable secure development practices, as well as the use of AI to refactor legacy code written in memory-unsafe languages. As his top policy wish, McKay advocated for a national effort to improve software security at the source: 'If we all just focused on how we can just clean up open source code, we would have been in a better place.' A unifying theme throughout the discussion was the urgent need for coordination—across sectors, agencies, and borders. The convergence of rapid AI adoption, regulatory rollbacks, and mounting cyber threats is creating a perfect storm. Industry leaders stressed that security cannot be an afterthought, and that public trust and international cooperation hinge on transparency, integrity, and mutual accountability. The panel concluded with a call to preserve the principles of trust and collaboration that once underpinned America's cyber defense strategy—and to ensure those values guide policy moving forward. Easterly closed with a reflection on her time at CISA and how that should serve as a guiding light moving forward: 'We built trust and catalyzed trust and collaboration, and we did it with integrity, we did it with humility, we did it with transparency, and we did it with character. And that's what you all should demand from your government.'
Forbes
17-04-2025
- Forbes
CVE's Near Cybersecurity Miss Averted — But The World Must Step Up
The cybersecurity world, shocked by the near-shutdown of the CVE system — a quiet crisis that nearly ... More disrupted the backbone of global vulnerability coordination. In cybersecurity, some moments pass quietly. Others expose deep fault lines. The near shutdown of the Common Vulnerabilities and Exposures Program — operated by MITRE and funded by the United States Cybersecurity and Infrastructure Security Agency — was the latter. With just hours left before funding expired, CISA, already operating under intense budget pressure, extended the contract and narrowly averted disruption to the backbone of global vulnerability coordination. This wasn't a budget hiccup or a DOGE sensational headline. It was a warning flare. For more than two decades, CVE has served as the global catalog of known cybersecurity vulnerabilities. Everyone — from intelligence agencies and infrastructure operators to security vendors and open-source developers — relies on it. Yet one nation has carried the cost while the entire world benefits. That model is no longer sustainable — and it never truly was. MITRE is a federally funded research and development center — a nonprofit that operates exclusively in the public interest. It runs multiple research centers on behalf of agencies like the Department of Defense, Department of Homeland Security, Federal Aviation Administration and the Centers for Medicare and Medicaid Services. Unlike commercial firms, MITRE doesn't sell products or compete for private contracts. Its mandate is to solve problems too complex, sensitive or mission-critical for the private sector to address alone. In cybersecurity, MITRE is best known for stewarding: • CVE: Common Vulnerabilities and Exposures, the global identifier system for software flaws • ATT&CK: a framework of adversary tactics and techniques • CWE: Common Weakness Enumeration, a catalog of software design weaknesses MITRE operates quietly but critically — a trusted technical authority at the center of digital defense. And for the record — MITRE doesn't stand for anything. It's a legacy name, like RAND. Originally affiliated with the Massachusetts Institute of Technology, the organization has long since outgrown its acronymic roots. CVE is the Rosetta Stone of vulnerability management. Every known software flaw receives a unique identifier, enabling defenders, vendors and governments to coordinate response, issue guidance and deploy patches with precision. Without CVE: • Teams use inconsistent naming conventions • Alerts become fragmented • Security tools lose interoperability • Threat intelligence sharing breaks down As Jen Easterly, the prior Director of CISA, noted this week, CVE is more than a database — it is 'a pillar of operational resilience and national security.' And it came dangerously close to collapse. The Trump administration has made clear its intent to streamline federal spending and question programs that do not yield direct national benefit. Whether this latest contract drama was the result of oversight or intentional brinkmanship, the outcome is the same — a critical global system was nearly put at risk because of domestic budget negotiations. So the shock to the system happened. On April 15, MITRE issued a stunning warning: funding for the CVE system would expire within 24 hours. The cybersecurity community responded with alarm. A breakdown in this system would mean chaos — confusion among defenders, delayed patching and increased exposure to active threats. Hours before the deadline, CISA issued an eleven-month extension. But while the short-term crisis was averted, the structural risk remains. CVE is a global system — yet it lives entirely on American funding. Since 1999, MITRE has operated CVE under U.S. government sole sponsorship. That funding has enabled a global system — but the burden has fallen squarely on one agency, and one country. The European Union has its own database, but it is largely unknown. Nations across Asia, the Middle East Gulf States and beyond all consume CVE data and build tools around it — without meaningful financial contribution. Meanwhile, cybersecurity vendors spend millions annually on conference booths, marketing activations and branded swag. Redirecting even a fraction of those budgets toward shared infrastructure like CVE would likely do more to secure their customers — and strengthen their credibility — than another oversized LED wall or fancy drone display at the upcoming RSA conference. This crisis genuinly creates the opportunity for reform. A newly announced nonprofit — the CVE Foundation — has emerged as a potential future steward of the CVE system. This is the right move — but it needs broad support, generous funding and real structure. The best solution is to transition CVE to a multi-stakeholder foundation model, governed by both private industry and international governments, with MITRE as the technical anchor — not the financial underwriter. Here's what that model should include: • Private Sector Co-Funding: Security vendors, cloud providers and software giants should contribute proportionally. They all benefit from CVE — it's time they help sustain it. In fact, this may be one of the highest-return investments a company can make from its marketing budget. • Global Buy-In and Funding: Countries outside the United States must step up. The European Union maintains its own vulnerability catalog, but it lacks global adoption and visibility. CVE has become the de facto international standard — the common language for cybersecurity coordination across borders. It's time for allied nations, especially those who rely on CVE for their own national defense and critical infrastructure, to redirect a portion of their cybersecurity budgets toward sustaining this shared system. Funding a globally relied-upon platform is not charity — it's strategic investment in collective resilience. • Independent Oversight: The new CVE Foundation must be neutral, community-driven and resilient — free from sole reliance on any one government. Let MITRE continue operating CVE. Their technical stewardship is excellent. But move the financial dependency to a diversified global model before the next contract cliff. The near-collapse of CVE was a stark reminder of just how fragile our cybersecurity foundations can be. It exposed the risks of relying on a single point of failure — and the assumption that one nation will indefinitely shoulder the weight of a global system. This isn't about blame. It's about modernization. A vulnerability catalog used by every business and government on Earth cannot hinge on the budget cycles of a single capital. The system held — for now. But what comes next must be deliberate, strategic and shared. Why should American taxpayers alone fund a tool the entire world depends on? Should the security of our digital infrastructure rise and fall with domestic politics? If the world relies on CVE — the world must help fund CVE.
Yahoo
01-04-2025
- Business
- Yahoo
CyberArk to Host CyberArk IMPACT 2025: The Premier Conference for Identity Security
NEWTON, Mass. & PETACH TIKVA, Israel, April 01, 2025--(BUSINESS WIRE)--CyberArk (NASDAQ: CYBR), the global leader in identity security, will host its annual conference, CyberArk IMPACT 2025, in Boston, MA from April 9-11. As the premier conference for identity security, CyberArk IMPACT 2025 will bring together in-person more than 1,500 cybersecurity professionals to explore the latest developments and trends in identity-based threats and the advancements in products and technologies for securing every identity, human and machine, including AI agents and other non-human identities (NHIs). Keynote sessions will address the challenges and essential solutions for ensuring identity security in an increasingly dangerous threat landscape, including the impact of agentic AI. Attendees will also get a firsthand look at the newest capabilities of the CyberArk Identity Security Platform. This groundbreaking update will demonstrate how CyberArk is continually innovating to secure identities in an increasingly connected and chaotic world. Additionally, Jen Easterly, former Director of the Cybersecurity and Infrastructure Security Agency (CISA), will deliver a keynote address on the 'Promise and Perils of Emerging Technology.' Easterly's expert insights will provide critical perspectives on how AI and other emerging technologies are reshaping cybersecurity and the broader landscape of national security. With more than 70 breakout sessions, 20 hands-on labs, technical certifications and other special events, this year's CyberArk IMPACT will empower attendees to leverage comprehensive identity security to strengthen their security postures and drive real business outcomes for their organizations. Topics include strategies for accelerating and extending identity security, scaling machine identity security, securing AI agents, real-world attack simulations, product roadmap sessions and much more. "In today's rapidly evolving threat landscape, cyberattacks continue to accelerate and intensify. Add AI into the mix and the attack surface isn't just expanding – it's skyrocketing, and identities are the top target," said Matt Cohen, Chief Executive Officer, CyberArk. "Identity security must be central to every organization's cybersecurity strategy. It's a critical time for our industry and at CyberArk IMPACT 2025, we'll explore the many challenges facing security teams and most importantly, how to take back control to protect organizations and people." Speakers and session highlights include: Executive Keynotes: Presentations by Matt Cohen, CEO CyberArk and Udi Mokady, Founder and Executive Chairman, CyberArk. Platform Keynote: New product innovations presented by Peretz Regev, CyberArk Chief Product Officer. Industry Keynote: Jen Easterly, Former Director of CISA, will explore the intersection of AI and cybersecurity. Academic Keynote: Professor Retsef Levi, MIT Sloan School of Management, will discuss AI systems and emerging risks. Partner Perspectives: Executives from AWS, Accenture and PwC will share insights on key cybersecurity issues. Research Keynote: Lavi Lazarovitz, CyberArk's Vice President of Cyber Research at CyberArk, will explore the future of AI-based threats. Customer presentations: Security leaders from Aflac, Discover Financial Services, Four Seasons Hotels and many others will share insights and learnings. Hands-on Labs: Sessions which earn Continuing Professional Education (CPE) credits for attendees. CYBR Arena: A showcase of new products and services from CyberArk and its partners, delivered through an immersive event experience. About CyberArk IMPACT CyberArk IMPACT is CyberArk's annual flagship event for customers, partners and its extended community. In addition, in 2025, CyberArk will host a series of CyberArk IMPACT World Tour events in 37 cities around the world. Those who cannot attend in person can register for a virtual pass here. About CyberArk CyberArk (NASDAQ: CYBR) is the global leader in identity security, trusted by organizations around the world to secure human and machine identities in the modern enterprise. CyberArk's AI-powered Identity Security Platform applies intelligent privilege controls to every identity with continuous threat prevention, detection and response across the identity lifecycle. With CyberArk, organizations can reduce operational and security risks by enabling zero trust and least privilege with complete visibility, empowering all users and identities, including workforce, IT, developers and machines, to securely access any resource, located anywhere, from everywhere. Learn more at Copyright © 2025 CyberArk Software. All Rights Reserved. All other brand names, product names, or trademarks belong to their respective holders. View source version on Contacts Investor Relations: Srinivas Anantha, CFACyberArk617-558-2132ir@ Media: Rachel GardnerCyberArk603-531-7229press@
