CyberWire Daily – “America’s Tech Turn”
Date: December 8, 2025
Host: Dave Bittner (N2K Networks)
Featured Guest: Tim Starks (CyberScoop Senior Reporter)
Episode Overview
This episode of CyberWire Daily delves into America’s shifting national cybersecurity strategy under the Trump administration, touching on the international implications of tech policy, high-profile phishing and cyberattack campaigns, new legal protections for researchers, sector-specific legislative efforts, and the evolving risks posed by AI. The show features an in-depth conversation with Tim Starks about the style, substance, and politics of the White House’s latest draft cyber strategy, as well as the fate of a key CISA leadership nomination.
Key Discussion Points and Insights
1. U.S. National Cybersecurity Strategy: Shift in Focus
(03:22 - 05:49)
- Overview:
The latest U.S. National Security Strategy is a 33-page document that places technology leadership and economic security at the heart of national power and signals a more aggressive, self-interested doctrine. - Key Elements:
- Controls on advanced technologies and active defense against foreign cyber-enabled threats
- Strong emphasis on confronting China’s IP theft, espionage, and influence
- Tightly integrated cooperation between government and private sector
- Hardened Western Hemisphere networks relying on American security standards
- Push for U.S.-led global standards in AI, biotech, and quantum computing
- Notable shift: Replaces democracy promotion with "tightly focused vision of self-interest"
- International Ramifications:
- Potential for weakened transatlantic cyberspace cooperation
- “Europe's expected shock at the NSS could weaken coordination on cyber defense and counter disinformation efforts.”
- China likely to push back more aggressively
- Notable Quote (Bittner, 03:22):
“The document ties America's security to control of advanced technologies and to stopping foreign cyber enabled threats.”
2. Technical Threat Landscape
a. LLM Prompt Injection: A Persistent AI Security Gap
(05:49 - 06:52)
- UK NCSC Warning:
- Prompt injection may remain an unfixable, fundamental risk for large language models (LLMs)
- Difficulties stem from LLMs’ inability to distinguish data from instructions
- Risks: leak of sensitive data, manipulation of automated decisions, extraction of hidden prompts
- Need for risk-aware design and strong limitations
- Notable Quote (Bittner, 05:49):
“LLMs inherently do not separate instructions from data... The NCSC concludes that prompt injection will remain a persistent risk.”
b. Phishing Campaign Hits U.S. Universities
(06:52 - 07:36)
- At least 18 universities targeted using Evil Jinx toolkit
- Attackers bypassed MFA by stealing session cookies
- Custom phishing domains, many disguised as campus SSO pages
- Universities remain “prime, high-impact targets”
- Notable Quote (Bittner, 06:52):
“Infoblox traced nearly 70 shifting attacker domains used to target schools... Universities remain prime high-impact targets for cybercriminals.”
c. Russian Internet Restrictions
(07:36 - 08:13)
- Blocking of Apple FaceTime and Snapchat:
- Cited as tools for ‘terrorism, recruitment, fraud’
- Part of Russia’s expanding state control over internet and digital platforms
d. Major VPN and API Attacks
(10:01 - 11:09)
- Palo Alto GlobalProtect & SonicWall SonicOS Campaign:
- 7,000+ IPs, credential stuffing and brute force against enterprise VPNs, mainly from German hosting provider
- Over 2.3 million scans in mid-November alone
- “Palo Alto Networks urged all customers to enforce MFA.”
3. Policy and Legal Developments
a. U.S. Healthcare Sector: Strengthening Cybersecurity
(08:13 - 09:19)
- Bipartisan Senators Revive Cybersecurity Bill:
- Updates HIPAA, clarifies federal roles, creates a five-year grant program
- Focus: improving defenses against ransomware and protecting patient data, especially in rural areas
- Notable Quote (Bittner, 08:13):
“Lawmakers say healthcare remains highly vulnerable with cyberattacks exposing sensitive medical data and disrupting patient, especially in rural areas with limited resources.”
b. Portugal’s “Safe Harbor” Law for Security Research
(09:19 - 10:01)
- Legal Protection for Good-Faith Researchers:
- Exempts ethical hacking under strict conditions (no financial gain, limited scope, report vulnerabilities)
- Aligns Portugal with U.S. and Germany in supporting responsible disclosure
4. Cybercrime and Business Briefs
a. North Korean IT Worker Scam in the U.S.
(11:09 - 13:56)
- Maryland man sentenced for letting North Korean IT workers use his identity
- Over $970,000 in illicit salary, remote access to sensitive FAA defense information
- Fits broader trend of North Korean cyber-operations funding regime activities
b. Industry Investments & Acquisitions
(11:09 - 13:56)
- Strong cybersecurity investment activity, including:
- Zafran Security ($60M), Augment ($18M), Codenotary ($16.5M), netFoundry/Cisco (>$15M), Blast Security ($10M seed), Sapporo (7M Euros)
- Notable M&A: ServiceNow/Veza ($1B), McAfee/Saymine, Eluradi/MSF Partners, Wallix/Malazan
Feature Interview: Tim Starks on Trump Administration’s Draft Cyber Strategy
(16:26 - 24:01)
a. The Document’s Unusual Format & Style
- Document Shortness:
- "This is a five-page document... The Biden administration strategy was 35 pages." – Tim Starks [17:05]
- Six Pillars, Less Than a Page Each:
- Key areas: cyber offense/deterrence, regulatory harmonization, cyber workforce, federal procurement, critical infrastructure, emerging tech
b. It’s Messaging, Not Strategy
- Not a traditional strategy:
- “Some people have told me that it's not viewed so much as a traditional strategy document, more a messaging document, a statement of purpose...” – Tim Starks [17:15]
- Substance:
- Despite brevity, the strategy references a wide range of issues: AI, post-quantum cryptography, China, cybercrime, critical infrastructure, and procurement reform
c. “America First” and “Muscular” Approach
- Preamble and tone:
- "Sort of the kind of Trumpian rhetoric you hear... going on the offense and making the enemies fear America is kind of the gist of the rhetoric." – Tim Starks [18:54]
- Expect more aggressive posture, less emphasis on alliances or global norms
d. Political Maneuverings: CISA Leadership Nomination
- Sean Planky’s CISA nomination likely “as close to dead as you can have...without it actually being fully deceased.” – Tim Starks [20:30]
- Political and personal obstacles:
- Contract cancellations in Florida angered key Sen. Rick Scott (R-FL)
- Additional holds from Sen. Wyden (D, telecom report) and NC senators (disaster funding)
- Quote (on nomination downfall):
“...the person who has the most resilient, hard to overcome hold on that nomination is Senator Rick Scott of Florida and he's a Republican. So there's some intrigue there...” – Tim Starks [22:38]
Fast News Highlights
- AI Hoaxes:
- Fake AI image of Lancaster’s Carlisle Bridge collapse halted trains across northern England (25:24 – 26:56)
- “As one rail specialist put it, what seems like a game can derail someone's very real plans.”
- Business Brief:
- Full rundown of funding and deal news at CyberWire website
Notable Quotes & Timestamps
- “This is a five-page document... The Biden administration strategy was 35 pages.”
— Tim Starks [17:05] - “Some people have told me it's more a messaging document, a statement of purpose, than a full-fledged strategy.”
— Tim Starks [17:15] - “...going on the offense and making the enemies fear America is kind of the gist of the rhetoric.”
— Tim Starks [18:54] - “...as close to dead as you can have...without it actually being fully deceased.”
— Tim Starks on Sean Planky’s CISA nomination [20:30] - “The document ties America's security to control of advanced technologies and to stopping foreign cyber enabled threats.”
— Dave Bittner [03:22]
Episode Tone
Clear, direct, and analytical with a balance of industry gravitas and occasional dry wit—especially when addressing political intrigue or the quirks of “AI disasters.”
Useful Timestamps for Main Segments
- 03:22 – New U.S. National Security Strategy analysis
- 05:49 – LLM prompt injection risks
- 06:52 – University phishing campaign
- 08:13 – U.S. Healthcare cyber legislation
- 09:19 – Portugal’s safe harbor for infosec researchers
- 10:01 – GlobalProtect/SonicWall attacks
- 11:09 – North Korean cyber workforce scam
- 16:26 – Tim Starks interview: Trump’s cyber strategy & CISA nomination
- 25:24 – AI hoax halts UK trains
For more details or links to all the stories, visit cyberwire.com.