Cyber Security Headlines – Week in Review
Shutdown Furloughs CISA, DoD Risk Framework, Oracle Extortion Problem
Date: October 3, 2025
Host: Nick Espinoza (Deep Dive Security Show)
Guest: Steve Zalewski (Co-host, Defense in Depth)
Sponsor: Nudge Security
Episode Overview
This episode dives into the turbulent week in cybersecurity, spotlighting the US government shutdown’s impact on CISA, the DoD’s pivot to a new risk management approach, extortion leveraging alleged Oracle data leaks, and a ransomware attack paralyzing Japan’s Asahi Beer. The hosts discuss both technical and policy ramifications, emphasizing the interplay of cybersecurity, government operations, and public resilience.
Key Discussion Points and Insights
1. Government Shutdown Furloughs Most of CISA (02:20–07:42)
- The shutdown furloughed 65% of CISA staff, leaving about 900 active of 2,500.
- Short-term resilience: Steve argues 900 is enough for critical response and defense of government infrastructure for a few days.
- "Before we say, oh my goodness, we're not covered, 900 people is a fair number... we're going to put a moat around the government and hyper focus on protecting them." (03:40, Steve)
- Long-term risks: Both hosts worry about burnout and talent attrition if shutdowns persist.
- "Over time, right, they may go somewhere else and it's very hard to find new people to come in. Substantial potential long term consequence." (04:59, Steve)
- Loss of proactive, intelligence-sharing work is highlighted as a key weakness during furloughs.
- Nick likens cybersecurity’s role to "the airbags, the seatbelt" of the tech economy, underscoring broad impact.
2. Department of Defense (DoD) Launches New Cyber Risk Framework (07:45–13:27)
- End of old RMF: Static, checklist-driven risk management (NIST 800) deemed inadequate.
- New direction: The Cyber Risk Management Construct (CRMC) is dynamic, automated, and continuous, aiming to ensure cyber defense keeps up with modern warfare and evolving threats.
- Resiliency as a focus:
- "This fundamental shift is an acknowledgment that... introducing enough process and friction and security controls... is not working so well." (09:42, Steve)
- New framework favors resiliency and preparedness over pure prevention.
- Role of AI: Hosts debate leveraging AI both as a threat and a defense mechanism.
- "How are we weaponizing AI for defense? ...Static checklists and manual processes lend themselves to generative AI and agentic AI" (12:15, Steve)
- The shift draws parallels to broader organizational needs for proactive risk and incident management.
3. Oracle E-Business Suite Data Used for Executive Extortion (13:28–17:21)
- Mandiant/Google issues warning: Threat actors claim to have stolen sensitive data via Oracle's E-Business Suite, attempting to extort corporate execs.
- Evolution of attacker monetization:
- Steve praises the attackers' ingenuity in targeting individuals post-breach, maximizing extortion avenues:
- "I'm really smart now. I'm going to all the people that I have their medical records and I'm going to extort them. This is just genius..." (15:38, Steve)
- Steve praises the attackers' ingenuity in targeting individuals post-breach, maximizing extortion avenues:
- Vendor responsibility: Both hosts note that due diligence can never guarantee immunity; vendor breaches blur classic boundaries of risk.
- "They've got a compliance page where they check every box up to Fedramp high. So the issue that I've got is like, okay, great, I've done my due diligence... and here we go." (17:21, Nick)
4. Ransomware Disrupts Asahi Beer – Maximum Public Impact (18:15–21:28)
- Attack halts production in 30 factories; Japan suffers a beer shortage, and 12 product launches are postponed.
- Broader implications: Not just a supply chain disruption, but a strike at national morale and daily life.
- "This is an example of what a nation state attack could look like... they're trying to do is impact the social fabric of a country." (20:20, Steve)
- OT Security: Underscores the vulnerability of operational technology, with lessons for critical infrastructure everywhere.
- Parallels drawn with UK retail attacks and Russian pre-war activity in Ukraine, where civilian systems are deliberately targeted for destabilization effects.
5. UK’s Digital ID (“Brit Card”) Plans – Security vs. Surveillance (23:10–26:25)
- UK proposes digital IDs to curb illegal migration; triggers fears over privacy, civil liberties.
- Tech perspective: Secure digital identity is foundational for cybersecurity, but social acceptance is tied to trust, especially regarding government use.
- "People have no problem with the concept... they're afraid of how it can be abused by the government to ... implement additional policies." (23:10, Steve)
- Transparency is necessary but may never be enough for skeptics:
- "The problem I see is with government... They don't trust the government for a lot of good reasons." (25:10, Steve)
- Deepfakes and identity fraud also complicate digital ID implementation.
6. Week’s Face Palm and Thumbs Up (27:05–28:07)
- Face Palm: US government’s cavalier approach to cybersecurity funding ("It's a war. It's not optional.").
- Thumbs Up: Asahi attack as an awareness tool for why even non-digital sectors must prioritize cybersecurity—with real consequences for ordinary people.
- "This is us brushing the teeth so that you have your beer and don't impact your ... social life." (27:05, Steve)
Notable Quotes & Memorable Moments
-
On CISA’s Furlough:
- "We're going to keep those 900 people, we're going to put a moat around the government... and hyper focus on protecting them and responding consequence." — Steve, 03:40
- "The engine of the economy is technology... we are the early warning system on the car..." — Nick, 07:42
-
On DoD Framework Shift:
- "Resiliency now has to be part of the conversation... managing our risk framework ... defense in depth to understand what resiliency looks like." — Steve, 09:42
-
On Oracle Extortion:
- "Genius, right? ...how do I leverage that information... by going after all the people that have been breached." — Steve, 15:38
-
On Asahi Ransomware Fallout:
- "This is an example of what a nation state attack could look like..." — Steve, 20:20
- "Torches and pitchforks at the hacker's door for me." — Nick, 19:47
-
On Digital IDs:
- "Security is agnostic to politics, but we're not immune from it." — Nick, 22:48
- "Having an authoritative source of knowing who I am... is the foundation of security." — Steve, 23:10
Timestamps for Key Segments
- 02:20 — CISA Shutdown: What Does It Mean?
- 07:45 — DoD's New Cyber Risk Framework
- 13:28 — Oracle E-Business Suite Data Breach and Executive Extortion
- 18:15 — Asahi Beer Ransomware Attack & Societal Impact
- 23:10 — UK Proposes Digital ID “Brit Card”
- 27:05 — Face Palm and Thumbs Up (Weekly Recap)
Wrap-up
Summary:
A week marked by government dysfunction, a pivotal shift in defense risk management, vendor-driven extortion, and ransomware’s march into national culture (and beer), all anchored by recurring anxieties of resilience, burnout, and trust. The hosts inject candor, humor, and practical perspective, reminding us: cybersecurity is the invisible seatbelt of today’s society.
Find More:
- For more headlines, visit cisoseries.com
- Connect with Steve Zalewski on LinkedIn
- Learn more about the sponsor: Nudge Security
