Latest news with #JenEasterly
Atlantic
a day ago
- Politics
- Atlantic
The Trojan Horse Will Come for Us Too
I stopped using my cellphone for regular calls and text messages last fall and switched to Signal. I wasn't being paranoid—or at least I don't think I was. I worked in the National Security Council, and we were told that China had compromised all major U.S. telecommunications companies and burrowed deep inside their networks. Beijing had gathered information on more than a million Americans, mainly in the Washington, D.C., area. The Chinese government could listen in to phone calls and read text messages. Experts call the Chinese state-backed group responsible Salt Typhoon, and the vulnerabilities it exploited have not been fixed. China is still there. Telecommunications systems aren't the only ones compromised. China has accessed enormous quantities of data on Americans for more than a decade. It has hacked into health-insurance companies and hotel chains, as well as security-clearance information held by the Office of Personnel Management. The jaded response here is All countries spy. So what? But the spectacular surprise attacks that Ukraine and Israel have pulled off against their enemies suggest just how serious such penetration can become. In Operation Spiderweb, Ukraine smuggled attack drones on trucks with unwitting drivers deep inside of Russia, and then used artificial intelligence to simultaneously attack four military bases and destroy a significant number of strategic bombers, which are part of Russia's nuclear triad. Israel created a real pager-production company in Hungary to infiltrate Hezbollah's global supply chains and booby-trap its communication devices, killing or maiming much of the group's leadership in one go. Last week, in Operation Rising Lion, Israel assassinated many top Iranian military leaders simultaneously and attacked the country's nuclear facilities, thanks in part to a drone base it built inside Iran. In each case, a resourceful, determined, and imaginative state used new technologies and data to do what was hitherto deemed impossible. America's adversaries are also resourceful, determined, and imaginative. Just think about what might happen if a U.S.-China war broke out over Taiwan. A Chinese state-backed group called Volt Typhoon has been preparing plans to attack crucial infrastructure in the United States should the two countries ever be at war. As Jen Easterly put it in 2024 when she was head of the Cyber and Infrastructure Security Agency (CISA), China is planning to 'launch destructive cyber-attacks in the event of a major crisis or conflict with the United States,' including 'the disruption of our gas pipelines; the pollution of our water facilities; the severing of our telecommunications; the crippling of our transportation systems.' The Biden administration took measures to fight off these cyberattacks and harden the infrastructure. Joe Biden also imposed some sanctions on China and took some specific measures to limit America's exposure; he cut off imports of Chinese electric vehicles because of national-security concerns. Biden additionally signed a bill to ban TikTok, but President Donald Trump has issued rolling extensions to keep the platform functioning in the U.S. America and its allies will need to think hard about where to draw the line in the era of the Internet of Things, which connects nearly everything and could allow much of it—including robots, drones, and cloud computing—to be weaponized. China isn't the only problem. According to the U.S. Intelligence Community's Annual Threat Assessment for this year, Russia is developing a new device to detonate a nuclear weapon in space with potentially 'devastating' consequences. A Pentagon official last year said the weapon could pose 'a threat to satellites operated by countries and companies around the globe, as well as to the vital communications, scientific, meteorological, agricultural, commercial, and national security services we all depend upon. Make no mistake, even if detonating a nuclear weapon in space does not directly kill people, the indirect impact could be catastrophic to the entire world.' The device could also render Trump's proposed 'Golden Dome' missile shield largely ineffective. Americans can expect a major adversary to use drones and AI to go after targets deep inside the United States or allied countries. There is no reason to believe that an enemy wouldn't take a page out of the Israeli playbook and go after leadership. New technologies reward acting preemptively, catching the adversary by surprise—so the United States may not get much notice. A determined adversary could even cut the undersea cables that allow the internet to function. Last year, vessels linked to Russia and China appeared to have severed those cables in Europe on a number of occasions, supposedly by accident. In a concerted hostile action, Moscow could cut or destroy these cables at scale. Terrorist groups are less capable than state actors—they are unlikely to destroy most of the civilian satellites in space, for example, or collapse essential infrastructure—but new technologies could expand their reach too. In their book The Coming Wave, Mustafa Suleyman and Michael Bhaskar described some potential attacks that terrorists could undertake: unleashing hundreds or thousands of drones equipped with automatic weapons and facial recognition on multiple cities simultaneously, say, or even one drone to spray a lethal pathogen on a crowd. A good deal of American infrastructure is owned by private companies with little incentive to undertake the difficult and costly fixes that might defend against Chinese infiltration. Certainly this is true of telecommunications companies, as well as those providing utilities such as water and electricity. Making American systems resilient could require a major public outlay. But it could cost less than the $150 billion (one estimate has that figure at an eye-popping $185 billion) that the House of Representatives is proposing to appropriate this year to strictly enforce immigration law. Instead, the Trump administration proposed slashing funding for CISA, the agency responsible for protecting much of our infrastructure against foreign attacks, by $495 million, or approximately 20 percent of its budget. That cut will make the United States more vulnerable to attack. The response to the drone threat has been no better. Some in Congress have tried to pass legislation expanding government authority to detect and destroy drones over certain kinds of locations, but the most recent effort failed. Senator Rand Paul, who was then the ranking member of the Senate Committee on Homeland Security and Governmental Affairs and is now the chair, said there was no imminent threat and warned against giving the government sweeping surveillance powers, although the legislation entailed nothing of the sort. Senators from both parties have resisted other legislative measures to counter drones. The United States could learn a lot from Ukraine on how to counter drones, as well as how to use them, but the administration has displayed little interest in doing this. The massively expensive Golden Dome project is solely focused on defending against the most advanced missiles but should be tasked with dealing with the drone threat as well. Meanwhile, key questions go unasked and unanswered. What infrastructure most needs to be protected? Should aircraft be kept in the open? Where should the United States locate a counter-drone capability? After 9/11, the United States built a far-reaching homeland-security apparatus focused on counterterrorism. The Trump administration is refocusing it on border security and immigration. But the biggest threat we face is not terrorism, let alone immigration. Those responsible for homeland security should not be chasing laborers on farms and busboys in restaurants in order to meet quotas imposed by the White House.
Yahoo
06-06-2025
- Business
- Yahoo
Jen Easterly to Keynote 2025 Hybrid Identity Protection Conference
Easterly joins identity-first defenders at the award-winning conference, October 7–9 in Charleston, SC HOBOKEN, N.J., June 6, 2025 /PRNewswire/ -- Semperis, a leader in AI-powered identity security and cyber resilience, today announced that Jen Easterly, former Director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA), will keynote the Hybrid Identity Protection Conference (HIP Conf), taking place October 7-9 in Charleston, SC. A globally recognized leader in cybersecurity and national defense, Easterly led CISA through a transformative period—scaling it into a $3 billion agency with over 10,000 personnel and establishing it as a cornerstone of U.S. cyber defense. A combat veteran, former Morgan Stanley executive, and cybersecurity pioneer, Easterly brings decades of experience at the intersection of security, technology, and resilience. "Defenders working in hybrid identity environments set the standard for resilience in a world where adversaries move fast and trust is everything," said Easterly. "We are in an era where adversaries exploit every weakness and identity is the first and last line of defense. I am looking forward to joining this community at the upcoming HIP Conf." HIP Conf is the premier global event for identity-first defenders, uniquely focused on securing hybrid and multi-cloud environments. This year's Semperis' conference will deliver the latest in identity threat detection and response (ITDR); Active Directory, Entra ID, and Okta security; and building operational resilience in a rapidly evolving threat landscape. The 2025 program features a robust lineup of technical sessions and strategic insights from dozens of leaders across industry, government, and academia. Key sessions include: What's New, What's Next? Active Directory Roadmap – Linda Taylor, Principal Software Engineer, Microsoft A Quarter Century, a Quarter Million Breaches: AD Security & Incident Response in 2025 – Michael Van Horenbeeck, CEO, The Collective The State of Identity Security 2026 – Henrique Teixeira, SVP, Strategy, Saviynt, and David Lee, Field CTO, Saviynt Beyond Backups: Practical Steps to Build Operational Resilience – Ben Cauwel, Head of Cyber Security, Capgemini From Hybrid to Full Cloud: Is It Right for You? – Joe Kaplan, Security Delivery Associate Director, Accenture Demystifying Managed Service Accounts: Best Practices & Security Measures to Reduce Risk – Jorge De Almeida Pinto, Senior Incident Response Lead, Semperis Additional speakers and sessions to be announced. Longtime HIP advocate Alex Weinert, Chief Product Officer at Semperis and former VP of Identity Security at Microsoft, returns to the stage for his third consecutive year. "Identity is the new security perimeter, and as organizations modernize their infrastructure, they need to stay ahead of increasingly complex identity-based attacks," said Weinert. "HIP continues to be a go-to event for real-world strategies and community connections. We're proud to be leading this important global conversation." Unlike broader cybersecurity conferences, HIP Conf is purpose-built for practitioners managing and defending hybrid identity environments. The event fosters long-term collaboration, community, and real-world knowledge sharing that continues well beyond the conference. For more information and to register for HIP Conf 25, visit: About the Hybrid Identity Protection Conference Mobile workforces, cloud applications, and digitalization are changing every aspect of the modern enterprise. With radical transformation comes new business risks. The Hybrid Identity Protection Conference (HIP Conf) is the premier educational forum for identity-centric practitioners. Whatever the industry sector or job function, HIP strives to provide its community with the insights and relationships needed to enable and protect today's digitally driven organizations. Learn more about HIP Conf 25 via our social media feeds: X / LinkedIn / Facebook About Semperis Semperis protects critical enterprise identity services for security teams charged with defending hybrid and multi-cloud environments. Purpose-built for securing hybrid identity environments—including Active Directory, Entra ID, and Okta—Semperis' AI-powered technology protects more than 100 million identities from cyberattacks, data breaches and operational errors. As part of its mission to be a force for good, Semperis offers a variety of cyber community resources, including the award-winning Hybrid Identity Protection (HIP) Conference, HIP Podcast, and free identity security tools Purple Knight and Forest Druid. Semperis is a privately owned, international company headquartered in Hoboken, New Jersey, supporting the world's biggest brands and government agencies, with customers in more than 40 countries. Learn more: Follow us: Blog / LinkedIn / X / Facebook / YouTube Media Contact:Bill KeelerSenior Director, PR & Commsbillk@ View original content to download multimedia: SOURCE Semperis Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Yahoo
06-06-2025
- Business
- Yahoo
Jen Easterly to Keynote 2025 Hybrid Identity Protection Conference
Easterly joins identity-first defenders at the award-winning conference, October 7–9 in Charleston, SC HOBOKEN, N.J., June 6, 2025 /PRNewswire/ -- Semperis, a leader in AI-powered identity security and cyber resilience, today announced that Jen Easterly, former Director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA), will keynote the Hybrid Identity Protection Conference (HIP Conf), taking place October 7-9 in Charleston, SC. A globally recognized leader in cybersecurity and national defense, Easterly led CISA through a transformative period—scaling it into a $3 billion agency with over 10,000 personnel and establishing it as a cornerstone of U.S. cyber defense. A combat veteran, former Morgan Stanley executive, and cybersecurity pioneer, Easterly brings decades of experience at the intersection of security, technology, and resilience. "Defenders working in hybrid identity environments set the standard for resilience in a world where adversaries move fast and trust is everything," said Easterly. "We are in an era where adversaries exploit every weakness and identity is the first and last line of defense. I am looking forward to joining this community at the upcoming HIP Conf." HIP Conf is the premier global event for identity-first defenders, uniquely focused on securing hybrid and multi-cloud environments. This year's Semperis' conference will deliver the latest in identity threat detection and response (ITDR); Active Directory, Entra ID, and Okta security; and building operational resilience in a rapidly evolving threat landscape. The 2025 program features a robust lineup of technical sessions and strategic insights from dozens of leaders across industry, government, and academia. Key sessions include: What's New, What's Next? Active Directory Roadmap – Linda Taylor, Principal Software Engineer, Microsoft A Quarter Century, a Quarter Million Breaches: AD Security & Incident Response in 2025 – Michael Van Horenbeeck, CEO, The Collective The State of Identity Security 2026 – Henrique Teixeira, SVP, Strategy, Saviynt, and David Lee, Field CTO, Saviynt Beyond Backups: Practical Steps to Build Operational Resilience – Ben Cauwel, Head of Cyber Security, Capgemini From Hybrid to Full Cloud: Is It Right for You? – Joe Kaplan, Security Delivery Associate Director, Accenture Demystifying Managed Service Accounts: Best Practices & Security Measures to Reduce Risk – Jorge De Almeida Pinto, Senior Incident Response Lead, Semperis Additional speakers and sessions to be announced. Longtime HIP advocate Alex Weinert, Chief Product Officer at Semperis and former VP of Identity Security at Microsoft, returns to the stage for his third consecutive year. "Identity is the new security perimeter, and as organizations modernize their infrastructure, they need to stay ahead of increasingly complex identity-based attacks," said Weinert. "HIP continues to be a go-to event for real-world strategies and community connections. We're proud to be leading this important global conversation." Unlike broader cybersecurity conferences, HIP Conf is purpose-built for practitioners managing and defending hybrid identity environments. The event fosters long-term collaboration, community, and real-world knowledge sharing that continues well beyond the conference. For more information and to register for HIP Conf 25, visit: About the Hybrid Identity Protection Conference Mobile workforces, cloud applications, and digitalization are changing every aspect of the modern enterprise. With radical transformation comes new business risks. The Hybrid Identity Protection Conference (HIP Conf) is the premier educational forum for identity-centric practitioners. Whatever the industry sector or job function, HIP strives to provide its community with the insights and relationships needed to enable and protect today's digitally driven organizations. Learn more about HIP Conf 25 via our social media feeds: X / LinkedIn / Facebook About Semperis Semperis protects critical enterprise identity services for security teams charged with defending hybrid and multi-cloud environments. Purpose-built for securing hybrid identity environments—including Active Directory, Entra ID, and Okta—Semperis' AI-powered technology protects more than 100 million identities from cyberattacks, data breaches and operational errors. As part of its mission to be a force for good, Semperis offers a variety of cyber community resources, including the award-winning Hybrid Identity Protection (HIP) Conference, HIP Podcast, and free identity security tools Purple Knight and Forest Druid. Semperis is a privately owned, international company headquartered in Hoboken, New Jersey, supporting the world's biggest brands and government agencies, with customers in more than 40 countries. Learn more: Follow us: Blog / LinkedIn / X / Facebook / YouTube Media Contact:Bill KeelerSenior Director, PR & Commsbillk@ View original content to download multimedia: SOURCE Semperis Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Epoch Times
06-05-2025
- Politics
- Epoch Times
China's Cybersecurity ‘Pearl Harbor' Against America: ‘Everything, Everywhere, All at Once'
Originally published by Commentary China's multidimensional war against U.S. interests is already underway and well-documented. One underappreciated dimension of its attack on American primacy, however, is the arena of cybersecurity. For decades, Communist China's spies, hackers and businessmen have feasted on the In the last two years, however, the Chinese Communist Party's (CCP) cyber-attacks against America have These changes in the CCP's cyber offensive on America consist of two basic capabilities. Related Stories 4/22/2025 4/18/2025 The newer capability is China's comprehensive data-collection operation, given the title of 'Salt Typhoon' by Microsoft, and known by other names, such as ' China is also simultaneously The second revolutionary advance in China's offensive cyber-warfare capabilities that target U.S. interests is more deadly. It threatens a Pearl Harbor-magnitude attack on America. ' Then U.S. Rep. Mike Waltz, shortly before he was appointed National Security Advisor, stated in an '[W]e have been, over the years, trying to play better and better defense when it comes to cyber. We need to start going on offense and start imposing, I think, higher costs and consequences to private actors and nation state actors that continue to steal our data, that continue to spy on us, and that even worse, with the Volt Typhoon penetration, that are literally putting cyber time bombs on our infrastructure, our water systems, our grids, even our ports.' China could The gravity of this weaponization of cyberspace at the strategic level has been Volt Typhoon is devised to create chaos in the United States. Jen Easterly, former head of the US Cybesecurity and Infrastructure Security Agency, If China is successful in placing undiscovered and undefused malware that is capable of disabling critical infrastructure in the United States, the result would most likely be the complete loss of confidence in America's ability to protect 'Free Asia' or anyone else, and enabling China to be closer to achieving its goal of ruling in the Indo-Pacific region, which it appears to see as the The Trump Administration's plan of action would do well to include massive arms deliveries to Taiwan and encouraging the island democracy to move to a war footing. President Donald Trump has already sent Trump might also convene a cabinet meeting to assure that all aspects of American public and private capabilities should be mobilized to build resiliency in critical national infrastructure, while simultaneously examining U.S. cyberspace vulnerabilities. The United States also might also go on the offense and target China's critical national infrastructure, perhaps starting with the Cyberspace Administration of China? Views expressed in this article are opinions of the author and do not necessarily reflect the views of The Epoch Times.
Forbes
02-05-2025
- Business
- Forbes
AI And Cybersecurity: The New Administration's 100-Day Reckoning
Just 100 days into the Trump administration, cybersecurity leaders are grappling with a volatile mix of deregulation, rising geopolitical tension, and accelerated adoption of AI. At the RSAC 2025 conference this week, Snyk hosted a timely panel titled 'The First 100 Days: How AI, Policy & Cybersecurity Collide,' featuring an all-star lineup: Jen Easterly, former CISA Director; Nicole Perlroth, former journalist and partner with Ballistic Ventures; Sumit Dhawan, CEO of Proofpoint; and Peter McKay, CEO of Snyk. Moderated by Axios cybersecurity reporter Sam Sabin, the conversation examined the early signs of disruption and dysfunction—and what it all means for software security, national defense, and innovation. The discussion was grounded in new findings from a Snyk-commissioned CISO survey, which revealed stark concerns about AI-generated threats, fragmented regulation, and eroding trust between the public and private sectors. Since January, 70% of surveyed CISOs reported experiencing a cyberattack involving AI. Panelists noted that organizations are rapidly embracing AI to increase productivity, but often without properly considering security implications. This rush to adopt AI is creating a widening gap between innovation and risk management. At the same time, nearly all CISOs surveyed expressed concern that AI-generated code may be introducing hidden vulnerabilities, suggesting a dangerous disconnect between perceived readiness and the evolving threat landscape. Peter McKay observed, 'Everybody is just focused on productivity... just get the benefits of AI and we'll figure out security later,' highlighting the widespread rush to adopt AI tools without sufficient safeguards. The panel addressed the impact of federal workforce reductions and policy reversals, including the rollback of Biden-era AI executive orders. Former CISA Director Jen Easterly described the loss of technical talent from government agencies as damaging to national cyber readiness. The panelists noted that reported loyalty requirements for federal cybersecurity personnel could further erode morale and independence. Concerns also extended to international partnerships, with reports that allied nations are beginning to limit intelligence sharing with the U.S., reflecting declining trust in the current administration. AI is drastically accelerating software development cycles, but this rapid pace is straining traditional security frameworks. Panelists highlighted how internal pressure to innovate often overrides caution, leading to insufficiently vetted tools and code. They stressed the importance of integrating security from the outset rather than as an afterthought, and called for secure-by-design practices to become standard. Without these safeguards, AI tools that can prevent threats may also be exploited to cause harm. Speakers emphasized that recent setbacks in federal cybersecurity leadership and policy risk reversing years of progress in public-private cooperation. The collaboration that once enabled a strong collective response to cyber threats—most notably in Ukraine—is now showing signs of strain. Several panelists expressed concern that trust is weakening on both sides, with private companies unsure about their role in threat reporting and mitigation, and government agencies losing key channels for visibility. CISA's partnership-enabling authorities, such as CPAC, were cited as critical tools that are currently on hold. When asked what single change they would make if given a 'magic wand,' panelists offered a range of pragmatic solutions. Proposals included mandating secure-by-design standards for consumer-grade routers—long a weak link in infrastructure security—and launching a national effort to clean up the open source codebase that underpins most modern applications. Others called for harmonized, standardized AI development regulations to prevent a patchwork of conflicting state laws. There was also strong support for a software liability regime tied to demonstrable secure development practices, as well as the use of AI to refactor legacy code written in memory-unsafe languages. As his top policy wish, McKay advocated for a national effort to improve software security at the source: 'If we all just focused on how we can just clean up open source code, we would have been in a better place.' A unifying theme throughout the discussion was the urgent need for coordination—across sectors, agencies, and borders. The convergence of rapid AI adoption, regulatory rollbacks, and mounting cyber threats is creating a perfect storm. Industry leaders stressed that security cannot be an afterthought, and that public trust and international cooperation hinge on transparency, integrity, and mutual accountability. The panel concluded with a call to preserve the principles of trust and collaboration that once underpinned America's cyber defense strategy—and to ensure those values guide policy moving forward. Easterly closed with a reflection on her time at CISA and how that should serve as a guiding light moving forward: 'We built trust and catalyzed trust and collaboration, and we did it with integrity, we did it with humility, we did it with transparency, and we did it with character. And that's what you all should demand from your government.'
