11-08-2025
Black Hat and DEF CON offer lessons for Congress
With help from John Sakellariadis
Driving the day
— After a week in Las Vegas talking to some of the top cybersecurity professionals in the country, your host compiled three key takeaways from Black Hat and DEF CON for federal lawmakers.
HAPPY MONDAY, and welcome to MORNING CYBERSECURITY! John and I are back on the East Coast after Black Hat and DEF CON. By the end, I successfully convinced a small group of reporters to go to The Rainforest Cafe with me. It was a real bonding moment. Anyone else get into any fun side quests? Drop me a line at dnickel@
Follow POLITICO's cybersecurity team on X at @RosiePerper,@johnnysaks130,@delizanickel and @magmill95, or reach out via email or text for tips. You can also follow @POLITICOPro on X.
Want to receive this newsletter every weekday? Subscribe to POLITICO Pro. You'll also receive daily policy news and other intelligence you need to act on the day's biggest stories.
On The Hill
HIGHLIGHTS — Cybersecurity professionals converged on Las Vegas last week for the back-to-back Black Hat and DEF CON cyber conferences.
Top cyber experts from the private and public sectors highlighted some of the biggest challenges and innovations in the industry today, from the scope of U.S. adversaries' cyber capabilities to how federal cuts are impacting the country's cyber posture.
— No target is 'too small': During the conference, the cybersecurity community detailed that foreign adversaries such as China have the hacking capabilities to cast a wide net in cyberspace. And no entity involved in vital U.S. defense operations is too small to be considered an attractive target for foreign hackers, according to a top NSA official.
'China's hacking resources outnumber those of the U.S. and allies combined, and China has stolen more corporate data from the United States than any other nation in the world,' said Bailey Bickley, chief of defense industrial base defense at the NSA's Cybersecurity Collaboration Center, which helps U.S. defense contractors protect their networks. Bickley said during a Black Hat keynote that many of the 'small companies' in the defense industrial base often 'think what they do is not important enough' to be targeted by Chinese-backed hacking groups.
'But when you have the significant resources like that to conduct mass-scanning and mass exploitation, there is no company and no target too small,' she said.
Cybersecurity experts have long warned that any device connected to the internet can be a key gateway for hackers to breach a network. At DEF CON on Sunday, officials from the U.S. Coast Guard disclosed last year's discovery of a little-known device that potentially left ports across the country exposed to Chinese hacking.
Kenny Miltenberger, a lieutenant commander for a Coast Guard cyber protection teams, told John that many of the port operators weren't even aware of the devices, cellular modems embedded in cranes and support infrastructure made by a Chinese company.
'The good news story here is we're finding a lot of vulnerabilities on cranes, and our partners are mitigating those,' Miltenberger said on the Coast Guard's work to help operators find and plug cyber vulnerabilities.
— 'Too close to the bone': Meanwhile, experts spoke out about the impacts of the Trump administration's cuts to federal cyber agencies, including CISA and the Pentagon's Cyber Command and Defense Information Systems Agency.
'You've cut assets at CISA and in other places … we're less able to make a government contribution to the collective welfare of the cyber ecosystem,' said Chris Inglis, former national cyber director, on the sidelines of Black Hat.
Congress has previously examined how cuts to the federal cyber workforce and funding could hurt the country's ability to defend itself long-term.
Inglis added that though he isn't aware of the specific number of positions cut from cyber agencies, 'I do think we should be concerned about cutting those capacities too close to the bone.'
— AI everywhere: The role that artificial intelligence is playing in global cyber operations was one of the key topics of discussion. Michael Leland, field CTO of cyber firm Island, told your host at Black Hat that the U.S. and its adversaries see AI as 'the great force multiplier.'
'AI is going to be used as a tool, both by the [U.S. government], but the adversaries are leveraging it against us in the opposite way,' he said, highlighting reports of adversarial use of AI — including Russian-linked hackers using the tech to spread disinformation and Iranian-linked hackers using AI to ramp up the scope of phishing campaigns.
At DEF CON on Friday, the Defense Advanced Research Projects Agency announced the winners of a years-long competition to build AI models to autonomously find and patch vulnerabilities in open-source code used across critical infrastructure networks.
For experts like John Watters, CEO of cyber risk firm iCounter, entities will have to walk a fine line of embracing AI while also ensuring it is implemented securely.
'AI is being deployed everywhere by everybody, individually,' he told your host. 'AI [is being] fully embraced by adversaries, and defenders are still kind of looking at, 'What's the risk of doing it? And [how] should it be regulated?'
At the Agencies
COAST TO COAST — Hackers at DEF CON concentrated their efforts on attacking a 20-foot Coast Guard Auxiliary vessel, a self-driving Pentagon naval drone and software from the largest U.S. ports.
John reported on Sunday that the decision to focus hacker efforts at the conference on maritime vessels and technology signals two pressing worries: that recreational boats, U.S. ports and commercial ships are increasingly hooked up to the internet, and that the U.S. military isn't prepared for the cyber assault many expect China to launch if it invades Taiwan.
'The South China Sea is where the next generation of autonomous warfare and homeland defense will be demonstrated,' said Duncan Woodbury, executive director of the conference's Maritime Hacking Village — which made its debut at this year's conference.
— Boosting security: The demonstration at DEF CON comes as the U.S. Coast Guard implemented a final rule last month that requires U.S.-flagged ships and ports to beef up their network defenses. The Coast Guard also received an injection of $25 billion in Congress' recent reconciliation bill, which will enable it to ramp up its cybersecurity measures.
Critical infrastructure
TSUNAMI OF THREATS — A small army of hackers are coming together to protect one of the country's most vulnerable sectors: water systems.
Jake Braun, former acting principal deputy national cyber director, unveiled a new group at this year's DEF CON to help beef up water systems' cyber defenses.
'We've both the urgency of the threat and the potential of a community-driven solution,' Braun, co-founder of the group, told your host. He added that the new group, known as DEF CON Franklin, was unveiled after a nine-month pairing period of DEF CON hackers with small water utilities across four states.
Cyberattacks on water treatment facilities could lead to potentially fatal consequences, including shutting off water access completely to altering the chemical balance of the water.
— Zoom out: Cyber experts have signaled that the water sector faces significant gaps in cybersecurity funding and expertise, which was demonstrated by cyberattacks against water facilities in the U.S. by Iranian-linked hackers in 2023.
'Protecting our nation's critical infrastructure isn't a want but a necessity, and for the nearly 50,000 water systems nationwide, they need the tools and resources to not only be cyber aware but cyber resilient,' said Matt Holmes, CEO of the National Rural Water Association.
Hacked
INFORMANTS AT RISK — Officials are worried that Latin American drug cartels are among the groups that obtained sensitive court information from a massive breach of the federal judiciary's case filing system.
John and POLITICO's Josh Gerstein reported on Friday that judicial officials with knowledge of the cyberattack are concerned cartels could weaponize the stolen data to identify witnesses in cases the federal government has opened against them or gain insights on criminal investigations, such as arrest and search warrants.
— Zoom out: As of Friday, at least a dozen district courts across the country are believed to have been directly impacted by the ongoing breach of the digital case filing system — known as CM/ECF. The incident is believed to be one of the most severe cyberattacks on a federal court filing system in years. While it's unclear if the cartels were directly connected to the breaches, it's possible that they could purchase data from the hackers with access to the system.
Quick Bytes
TROLL TOLL — Cybersecurity researchers unmasked a prolific scamming operation that involves the infamous unpaid toll or undelivered mail item texts, writes Zack Whittaker for TechCrunch.
'ANSWER MACHINE' — President Donald Trump's new AI search tool on Truth Social contradicts the president by saying the 2020 election wasn't stolen, and the Jan. 6, 2021, Capitol riot was violent and linked to Trump's 'baseless claims of widespread election fraud,' reports Drew Harwell for The Washington Post.
PRIVACY PLEASE — Apple's AI ecosystem, known as Apple Intelligence, routinely transmits sensitive user data to company servers beyond what its privacy policies inform, cyber firm Lumia Security revealed, Greg Otto writes for CyberScoop.
INVESTING IN THE CYBER TALENT POOL — The non-profit NobleReach foundation last week announced its second-ever cohort of public-interest cyber and emerging tech scholars. The 28 recent graduates and earlier-career professionals will take up one-year posts at places including the Department of Defense, city of Pittsburgh, and Oklahoma City, and the state of Maryland.
Chat soon.
Stay in touch with the whole team: Rosie Perper (rperper@ John Sakellariadis (jsakellariadis@ Maggie Miller (mmiller@ and Dana Nickel (dnickel@
