Latest news with #CybersecurityandInfrastructureSecurityAgency
Politico
3 days ago
- Business
- Politico
US critical networks are prime targets for cyberattacks. They're preparing for Iran to strike.
The organizations representing critical networks that keep the lights on, the water running and transportation systems humming across the U.S. are bracing for a possible surge of Iranian cyberattacks. Virtually every critical infrastructure sector is on high alert amid a deepening conflict between Iran and Israel, though no major new cyber threat activity has been publicly reported so far. As these groups proactively step up their defenses, it's unclear whether Washington is coordinating with them on security efforts — a change from prior moments of geopolitical unrest, when federal agencies have played a key role in sounding the alarm. 'Iranian cyber activity has not been as extensive outside of the Middle East but could shift in light of the military actions,' said John Hultquist, chief analyst for Google Threat Intelligence Group. As the conflict evolves — and particularly if the U.S. decides to strike Iran directly — 'targets in the United States could be reprioritized for action by Iran's cyber threat capability,' he said. During previous periods of heightened geopolitical tension, U.S. agencies, including the Cybersecurity and Infrastructure Security Agency, stepped up to warn the operators of vital U.S. networks about emerging threats. Ahead of Russia's full-scale invasion of Ukraine in 2022, CISA launched its 'Shields Up' program to raise awareness about potential risks to U.S. companies emanating from the impending war. Anne Neuberger, who served as deputy national security adviser for cyber and emerging tech at the White House under President Joe Biden, coordinated with CISA and other agencies, including the Office of the Director of National Intelligence, to support critical infrastructure sectors before Russia attacked Ukraine. She stressed that the government is crucial in helping these companies step up their defenses during a crisis. 'The government can play a very important role in helping companies defend themselves, from sharing declassified intelligence regarding threats to bringing companies together to coordinate defenses,' Neuberger said. 'Threat intel firms should lean forward in publicly sharing any intelligence they have. ODNI and CISA should do the same.' Spokespersons for CISA, the White House and the National Security Council did not respond to requests for comment on increasing concerns that cyber adversaries could target U.S. critical networks. Beyond federal resources, thousands of the nation's critical infrastructure operators turn to information sharing and analysis centers and organizations, or ISACs, for threat intelligence. The Food and Ag-ISAC — whose members include the Hershey Company, Tyson and Conagra — and the Information Technology ISAC — whose members include Intel, IBM and AT&T — put out a joint alert late last week strongly urging U.S. companies to step up their security efforts to prepare for likely Iranian cyberattacks. In a joint statement from the groups provided to POLITICO on Monday, the organizations cautioned that even if no U.S.-based companies were directly targeted, global interconnectivity meant that 'cyberattacks aimed at Israel could inadvertently affect U.S. entities.' ISACs for the electricity, aviation, financial services, and state and local government sectors are also on alert. Jeffrey Troy, president and CEO of the Aviation ISAC, said that in the past, companies in the aviation sector had been impacted by cyberattacks disrupting GPS systems, and that as a result, 'our members remain in a constant state of vigilance, sharing intelligence in real time and collaborating on prevention, detection, and mitigation strategies.' Andy Jabbour, founder and senior adviser for the Faith-Based Information Sharing and Analysis Organization, said his organization is monitoring potential efforts by Iranian-linked hackers to infiltrate the websites of U.S. religious groups or spread disinformation. Jabbour said his organization is working with the National Council of ISACs on scanning for these threats, and noted that the council had stood up a program following the first strikes by Israel on Iran late last week to monitor for specific threats to U.S. infrastructure. The National Council of ISACs did not respond to a request for comment on whether they are preparing for evolving Iranian threats. Concerns about attacks on U.S. critical infrastructure linked to conflicts abroad have grown in recent years. Following the Oct. 7, 2023, attack on Israel by militant group Hamas, Iranian government-linked hacking group Cyber Av3ngers hacked into multiple U.S. water facilities that were using Israeli-made control panels. The intrusions did not disrupt water supplies, but they served as a warning to utility operators about devices that could be easily hacked and potentially targeted first in a cyber conflict with Iran. 'If anti-Israeli threat actors make good on any claim of impacting critical infrastructure at this time … they're going to look for the low-hanging fruit, easily compromised devices,' said Jennifer Lyn Walker, director of infrastructure cyber defense at the Water ISAC. Walker said that while her team has not yet detected any enhanced threats to member groups since last week, the Water ISAC would be sending out an alert this week, encouraging organizations to stay vigilant. 'We don't want to cause any undo panic, but for those members that aren't already watching and aren't already vigilant, we definitely want to amplify the message that the potential exists,' Lyn Walker said. Some of these groups noted that the lack of federal support so far in preparing for Iranian cyberattacks may be due to widespread changes across agencies since President Donald Trump took office. CISA, the nation's main cyber defense agency, is expected to lose around 1,000 employees, and many of its programs have been cut or put on pause, including funding for the organization that supports the ISACs for state and local governments. CISA has also been without Senate-confirmed leadership since former Director Jen Easterly departed in January. 'CISA is in a state of transition,' Jabbour said, noting that while 'CISA is still accessible,' there had been no outreach to strengthen defenses against Iranian hackers since tensions erupted last week. It isn't a complete blackout. Lyn Walker said that the Water ISAC has 'received reporting from DHS partners who are striving to maintain continuity of operations and valuable information sharing during this challenging time.' There could also be another reason for the less visible federal response: 'Shields Up' advisories are still available from 2022, when CISA worked with organizations to prepare for an onslaught of Russian cyberattacks tied to the war in Ukraine. Kiersten Todt, who served as chief of staff at CISA when the program was stood up, said that its legacy has heightened awareness of potential cyber pitfalls across the nation's critical operations. 'Because the [cyber] threat is so serious, all of those things ended up sustaining,' Todt, current president of creative company Wondros, said. 'That 'Shields Up' mentality has now become part of the culture of critical infrastructure.' The enhanced level of vigilance reflects concerns that the threats from Iran could change quickly. Jabbour noted that a lot is in the hands of Trump as he weighs how heavily to assist Israel. 'The next 24-48 hours will be interesting in that sense, and his decisions and his actions could certainly influence what we see here in the United States,' Jabbour said.
Yahoo
06-06-2025
- Politics
- Yahoo
Trump says he has no evidence to justify his unprecedented Biden investigation
Late Wednesday, Donald Trump broke new ground, directing the Justice Department to launch a wide-ranging investigation into Joe Biden and officials in the Democrat's administration, based on Republican conspiracy theories about the former president's mental health. It was an unprecedented move: An incumbent American president had never before publicly ordered a federal probe of his predecessor. There was a degree of irony to the circumstances. After his defeat in the 2020 election, Trump spent years insisting that Biden had ordered an investigation into him — an odd conspiracy theory for which there is literally no evidence. As of this week, it's Trump who's doing exactly what he falsely accused his predecessor of doing. The day after the incumbent president delivered his directive to Attorney General Pam Bondi, as NBC News reported, a reporter asked Trump a good question. Trump said he does not have evidence to support his claims of illegal autopen use during the Biden administration. Asked by NBC News whether he has uncovered any evidence that anything specific was signed without Biden's knowledge or that someone in the former president's administration acting illegally, Trump said, 'No.' The Republican specifically said, 'No, but I've uncovered, you know, the human mind. I was in a debate with the human mind.' He went on to say, 'So, you know, it's just one of those things.' In other words, as far as Trump is concerned, he debated Biden last year; the Democrat struggled; so the Justice Department should investigate the former president and his team to see if White House aides secretly signed laws, orders, directives and pardons without Biden's knowledge. In this country, federal law enforcement is supposed to launch investigations when presented with evidence of wrongdoing. As of now, however, the Trump administration is less concerned with the existence of evidence and more concerned with a president who believes he's 'uncovered, you know, the human mind.' I can appreciate why this might seem like the latest in a series of head-shaking 'Trump being Trump' stories, but it has a broader significance. A sitting American president, effectively by his own admission, just ordered the attorney general to launch an unprecedented fishing expedition against a former American president because on the basis of a flubbed debate performance. What's more, this week's White House offensive marked the third time in three months that Trump has ordered baseless investigations into Americans he perceives as political foes. The story was soon eclipsed by dozens of other administration controversies, but in April, Trump signed two first-of-their-kind executive orders targeting a pair of officials from his first term who defied him. There was barely a pretense in the orders that the targeted former officials — Christopher Krebs, who led the Cybersecurity and Infrastructure Security Agency, and Miles Taylor, a former high-ranking Department of Homeland Security official — had done anything wrong. Indeed, the closer one looked at the stated rationales in support of the directives, the more ridiculous they appeared. Nevertheless, the president directed Pam Bondi and the Department of Homeland Security to launch a 'review' into Krebs, while simultaneously ordering DHS to investigate Taylor. A week later, The New York Times' Jonathan Swan reminded White House press secretary Karoline Leavitt, 'The president has long said that it would be an abuse of power for a president to direct prosecutors to investigate him. Last week, President Trump explicitly directed the Justice Department to scrutinize Chris Krebs to see if it can find any evidence of criminal wrongdoing. How is that not an abuse of power, to direct the Justice Department to look into an individual, a named individual?' Leavitt struggled badly to defend Trump's move, and for good reason: The directives were indefensible. That did not, however, stop the Republican president from pushing the problem to a new level by going after his immediate predecessor. I can appreciate why the media landscape is crowded, but I continue to believe this should be more than a one-day story. Trump — who ran on an authoritarian platform, who's trying to concentrate power while expressing indifference to the rule of law — has now ordered three investigations into Americans he doesn't like. He has an enemies list, and he's using the power of the presidency to target people on that list, despite the inconvenient fact that there's no evidence whatsoever of actual wrongdoing. If the pushback is muted, Trump will do what he's always done: assume that he can get away with such an abuse, while preparing to go even further down the same radical and dangerous path. Not to put too fine a point on this, but if the president can sic the Justice Department on his critics and perceived enemies and this isn't seen as a dramatic scandal, who'll be next? How far down his enemies list will he go? I'm reminded anew of J. Michael Luttig, a prominent conservative legal scholar put on the federal bench by President George H.W. Bush who published a Bluesky thread on the orders against Krebs and Taylor, calling them 'shameful' and 'constitutionally corrupt' and accused Trump of 'palpably unconstitutional conduct.' The more routine this becomes, the greater the severity of the offense. This post updates our related earlier coverage. This article was originally published on
Yahoo
04-06-2025
- Business
- Yahoo
New Absolute Security Research Shows Top Endpoint Security Controls Fail 22% of the Time
Critical Patching for PCs Running Windows 10 and 11 is Delayed Nearly Two Months 35% of PCs Lack Encryption, 26% are Unaccounted for, and 18% Store Sensitive Data AI Use is Exploding, with Enterprise PCs Logging Thousands of Visits to DeepSeek SEATTLE, June 04, 2025--(BUSINESS WIRE)--New research from Absolute Security shows that organizations allow their critical endpoint security controls to drop out of compliance with internal security and performance policies 22% of the time. This dangerous failure rate undermines their ability to defend their businesses against ransomware strikes, compromises, and complexity-driven disruptions. Based on anonymized telemetry from more than 15 million enterprise PCs, the Absolute Security Resilience Risk Index 2025 details how this finding and other silent risks are eroding enterprise security and threatening business continuity. Security Tools Aren't Holding the Line Leading Endpoint Protection Platforms (EPP), Security Service Edge (SSE) solutions, and Vulnerability and Patch Management platforms fail to maintain compliance with internal security and performance policies 22% of the time. This increases the risk of ransomware infections, data breaches, and disruptive incidents across PCs where these tools are deployed. High Performing Solutions are Increasing Concentrated Risk This year, the data revealed a new issue the industry must face — Concentrated Risk. It emerges when organizations fail to recognize that even solutions with high compliance and performance rates can present significant risk when they are deployed across a substantial percentage of PCs. High performers may fail less often — but when these widely-used technologies mafunction, the impact can be catastrophic. This is why every control, regardless of performance rate, must be supported by resilience capabilities that can help organizations to withstand and recover from failure on a large scale. Patching Delays Ignore Industry Best Practices Organizations across all industries take nearly two months to patch vulnerabilities in PCs running Windows. Most organizations determine their own vulnerability scanning and patching schedules. However, this average defies guidance from leading authorities such as the Cybersecurity and Infrastructure Security Agency (CISA), which recommends that patches should not be delayed more than 30 days to avoid vulnerability-driven risks. AI Use is Exploding, Frequently in Defiance of Usage Policies Available data showed that enterprise PCs are logging millions of visits to popular generative AI platforms. Thousands of these visits are landing on DeepSeek, despite organizational and multi-government sanctions against this China-based site. The inability to control usage along with explosive growth is leaving organizations open to not only compliance violations but also the potential to download malicious content and to expose sensitive information to hostile adversaries. Devices Are Missing Encryption, Unaccounted for, and Filled with Sensitive Data 35% of enterprise PCs are not encrypted, 26% are unaccounted for, and 18% store sensitive data. This dangerous combination creates blind spots that leave data and PCs without protection against cybercriminals. These lapses can also give unauthorized users access to corporate networks for prolonged periods, opening an opportunity for threats to expand laterally across systems and assets. "This research shows that organizations are failing to maintain effective operational performance for leading endpoint security controls, unaware of risky behaviors taking place, and may not be able to keep as up to date on patching as they should. These are all factors that will eventually lead to a major security breach or extended and costly period of downtime," said Christy Wyatt, CEO, Absolute Security. "To remain truly protected in today's digital business environment, leaders need to think beyond legacy prevention and detection practices. They must enforce resilience as a core capability to ensure the visibility, control, and agility needed to keep their organizations secure, responsive, and always operational." For greater details on the resilience risks identified and to learn how to mitigate them with technologies that enforce resilience across your organization, download your complimentary copy of the Absolute Security Resilience Risk Index 2025. About Absolute Security Absolute Security is partnered with more than 28 of the world's leading endpoint device manufacturers, embedded in the firmware of 600 million devices, trusted by thousands of global enterprise customers, and licensed across 16 million PC users. With the Absolute Security Cyber Resilience Platform integrated into their digital enterprise, customers ensure their mobile and hybrid workforces connect securely and seamlessly from anywhere in the world and that business operations recover quickly following cyber disruptions and attacks. To learn more, visit and follow us on LinkedIn, X, Facebook, and YouTube. ABSOLUTE SECURITY, ABSOLUTE, the ABSOLUTE LOGO, AND NETMOTION are registered trademarks of Absolute Software Corporation ©2025, or its subsidiaries. All Rights Reserved. Other names or logos mentioned herein may be the trademarks of Absolute or their respective owners. The absence of the symbols ™ and ® in proximity to each trademark, or at all, herein is not a disclaimer of ownership of the related trademark. View source version on Contacts News Contact:Joe Franscellapress@ Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Business Wire
04-06-2025
- Business
- Business Wire
New Absolute Security Research Shows Top Endpoint Security Controls Fail 22% of the Time
SEATTLE--(BUSINESS WIRE)--New research from Absolute Security shows that organizations allow their critical endpoint security controls to drop out of compliance with internal security and performance policies 22% of the time. This dangerous failure rate undermines their ability to defend their businesses against ransomware strikes, compromises, and complexity-driven disruptions. Based on anonymized telemetry from more than 15 million enterprise PCs, the Absolute Security Resilience Risk Index 2025 details how this finding and other silent risks are eroding enterprise security and threatening business continuity. Security Tools Aren't Holding the Line Leading Endpoint Protection Platforms (EPP), Security Service Edge (SSE) solutions, and Vulnerability and Patch Management platforms fail to maintain compliance with internal security and performance policies 22% of the time. This increases the risk of ransomware infections, data breaches, and disruptive incidents across PCs where these tools are deployed. High Performing Solutions are Increasing Concentrated Risk This year, the data revealed a new issue the industry must face — Concentrated Risk. It emerges when organizations fail to recognize that even solutions with high compliance and performance rates can present significant risk when they are deployed across a substantial percentage of PCs. High performers may fail less often — but when these widely-used technologies mafunction, the impact can be catastrophic. This is why every control, regardless of performance rate, must be supported by resilience capabilities that can help organizations to withstand and recover from failure on a large scale. Patching Delays Ignore Industry Best Practices Organizations across all industries take nearly two months to patch vulnerabilities in PCs running Windows. Most organizations determine their own vulnerability scanning and patching schedules. However, this average defies guidance from leading authorities such as the Cybersecurity and Infrastructure Security Agency (CISA), which recommends that patches should not be delayed more than 30 days to avoid vulnerability-driven risks. AI Use is Exploding, Frequently in Defiance of Usage Policies Available data showed that enterprise PCs are logging millions of visits to popular generative AI platforms. Thousands of these visits are landing on DeepSeek, despite organizational and multi-government sanctions against this China-based site. The inability to control usage along with explosive growth is leaving organizations open to not only compliance violations but also the potential to download malicious content and to expose sensitive information to hostile adversaries. Devices Are Missing Encryption, Unaccounted for, and Filled with Sensitive Data 35% of enterprise PCs are not encrypted, 26% are unaccounted for, and 18% store sensitive data. This dangerous combination creates blind spots that leave data and PCs without protection against cybercriminals. These lapses can also give unauthorized users access to corporate networks for prolonged periods, opening an opportunity for threats to expand laterally across systems and assets. 'This research shows that organizations are failing to maintain effective operational performance for leading endpoint security controls, unaware of risky behaviors taking place, and may not be able to keep as up to date on patching as they should. These are all factors that will eventually lead to a major security breach or extended and costly period of downtime,' said Christy Wyatt, CEO, Absolute Security. 'To remain truly protected in today's digital business environment, leaders need to think beyond legacy prevention and detection practices. They must enforce resilience as a core capability to ensure the visibility, control, and agility needed to keep their organizations secure, responsive, and always operational.' For greater details on the resilience risks identified and to learn how to mitigate them with technologies that enforce resilience across your organization, download your complimentary copy of the Absolute Security Resilience Risk Index 2025. About Absolute Security Absolute Security is partnered with more than 28 of the world's leading endpoint device manufacturers, embedded in the firmware of 600 million devices, trusted by thousands of global enterprise customers, and licensed across 16 million PC users. With the Absolute Security Cyber Resilience Platform integrated into their digital enterprise, customers ensure their mobile and hybrid workforces connect securely and seamlessly from anywhere in the world and that business operations recover quickly following cyber disruptions and attacks. To learn more, visit and follow us on LinkedIn, X, Facebook, and YouTube. ABSOLUTE SECURITY, ABSOLUTE, the ABSOLUTE LOGO, AND NETMOTION are registered trademarks of Absolute Software Corporation ©2025, or its subsidiaries. All Rights Reserved. Other names or logos mentioned herein may be the trademarks of Absolute or their respective owners. The absence of the symbols ™ and ® in proximity to each trademark, or at all, herein is not a disclaimer of ownership of the related trademark.
Axios
03-06-2025
- Business
- Axios
Exclusive: One-third of top U.S. cyber force has left since Trump took office
Roughly 1,000 people have already left the nation's top cybersecurity agency during the second Trump administration, a former government official tells Axios — cutting the agency's total workforce by nearly a third. Why it matters: The Cybersecurity and Infrastructure Security Agency is also facing a potential 17% budget cut under the president's proposed budget — raising fears that power grids, water utilities, and election systems could be left without a well-equipped federal partner as cyber threats mount. The big picture: Trump officials are actively pursuing plans to increase offensive cyber operations against adversarial nations like China — and experts warn those nations are bound to respond in-kind to those strikes. But security experts fear that with a smaller cyber defense agency, the country won't have the resources needed to protect the homeland. Driving the news: The White House suggested cutting CISA's workforce by 1,083 positions — from 3,732 employees to 2,649 roles — during the 2026 fiscal year in its proposed budget, released Friday. However, the agency has already reached those numbers, sources tell Axios. Zoom in: About 600 people at CISA took the Department of Homeland Security's second buyout offer in the last two months, according to a source familiar with the matter. Their last day was Friday. Roughly 174 people had taken the first round of deferred-resignation offers as of March 28, according to a second source familiar with the matter. The rest of the roughly 1,000 departures likely involved people working on government contracts or teams — like the election integrity unit or diversity-and-inclusion offices — that have reportedly been cut, the former official told Axios. Between the lines: Sources did not have precise details on which departments have been slashed, but public social media posts and other reporting suggest the losses are widespread — including in several of CISA's most visible and impactful initiatives. An internal memo sent to employees last week says that virtually all of CISA's senior officials have now left. Lauren Zabierek and Bob Lord, two officials who oversaw the agency's touchstone "Secure by Design" initiative, left last month. Matt Hartman, the No. 2 official in CISA's cybersecurity division, departed last week. Members of CISA's international partnerships and engagement division also left, according to LinkedIn. Lisa Einstein, who was CISA's chief AI officer, resigned in February. Boyden Rohner, assistant director of CISA's integrated operations division, took an early retirement offer in April. What they're saying: "I've personally seen how CISA has lost its very best," Jack Cable, CEO and co-founder of Corridor and a former CISA employee who departed in January, told lawmakers during a field hearing in Silicon Valley last week. "In the face of increasing threats, we can't undermine the capacity of America's cyber defense agency and its ability to attract and retain the best technical talent," he added. "This only makes us less secure as a nation." In a statement to Axios, CISA executive director Bridget Bean said the agency has "the right team in place to fulfill that mission and ensure that we are prepared for a range of cyber threats from our adversaries." "CISA is doubling down and fulfilling its statutory mission to secure the nation's critical infrastructure and strengthen our collective cyber defense," Bean said. The intrigue: The agency has considered scrapping plans for mass layoffs due to the overwhelming response to the buyouts, the former official noted. Politico Pro previously reported on this possibility. What to watch: Sean Plankey, Trump's pick to run CISA, will testify before the Senate Homeland Security Committee on Thursday and is expected to field questions about the workforce cuts.
