Podcast Summary: CyberWire Daily Episode – "Less CISA, More Private Sector Power?"

Publication Date: April 30, 2025
Host/Author: N2K Networks
Podcast: CyberWire Daily
Episode Title: Less CISA, More Private Sector Power?

Introduction

In this episode of CyberWire Daily, host Dave Bittner delves into the shifting landscape of cybersecurity governance, emphasizing the transition of responsibilities from government bodies like CISA to the private sector. The episode also covers significant events from the RSAC 2025 conference, recent cyberattacks, critical vulnerabilities, and insights from industry leaders.

RSAC 2025 Conference Highlights

Overview:
The RSA Conference (RSAC) 2025, held in San Francisco, showcased a range of topics from AI and quantum threats to evolving cybersecurity strategies. The event featured 13 keynotes and 82 track sessions, highlighting innovations and discussions crucial to the cybersecurity community.

Key Themes:

• AI and Quantum Threats:
  Discussions centered around the implications of artificial intelligence and quantum computing on cybersecurity, exploring both the potential threats and defensive strategies.

• Cyber Narrative Strategies:
  Panels emphasized the importance of narrative-driven cybersecurity strategies, underscoring that "the way we talk about cyber risk matters just as much as how we defend against it" (00:25:30).

• AI Safety and Trust:
  Leaders from Google, Microsoft, and other tech giants debated the future of AI security, stressing the need for robust safeguards to ensure trustworthy AI systems.

DHS Secretary Kristi Noem's Keynote

Content Summary:
DHS Secretary Kristi Noem delivered a pivotal keynote addressing the future of U.S. cyber defense. She advocated for the reauthorization of the Cybersecurity Information Sharing Act (CISA) and outlined plans to reduce CISA's size and funding. This shift aims to place greater responsibility on the private sector for cybersecurity.

Notable Quotes:

• On CISA Reauthorization:
  "We need Congress to reauthorize the Cybersecurity Information Sharing Act to ensure continued collaboration between the private sector and government" (Keynote, 00:05:18).

• On Shifting Responsibilities:
  "By shifting more cybersecurity responsibilities to the private sector, we empower businesses to take the lead in defending their own networks" (Keynote, 00:06:45).

• On CISA's Future Role:
  "CISA will remain central to U.S. cyber defense, but with streamlined efforts and reallocated funding to maximize effectiveness" (Keynote, 00:07:30).

Implications:
Noem's remarks signify a strategic pivot towards leveraging private sector capabilities in cybersecurity, potentially leading to increased innovation and accountability within businesses.

Industry Voices: Insights from RSAC

Interviews Conducted by Kevin McGee:

1. Ryan Lasmali – Chief Strategy Officer, Vultri:

   • Focus: Comprehensive data security without the need for decryption.
   • Quote: "We solve the problem of never having to decrypt data again while still enabling its processing and utilization" (Interview, 00:05:38).

2. Stan Golubczyk – CEO & Co-Founder, Contraforce:

   • Focus: Security service delivery for Microsoft applications with a strong emphasis on AI integration.
   • Quote: "The theme is Agents—more real-life applications and utilization of agent technology" (Interview, 00:07:16).

Key Takeaways:

• Innovation in Cybersecurity Solutions:
  Startups like Vultri and Contraforce are pioneering advanced security measures, integrating AI to enhance threat detection and response.

• Growth and Investment:
  Both companies are experiencing rapid growth, with plans for raising additional funding and expanding their teams to meet emerging cybersecurity demands.

Open Letter to President Trump: Defense of Chris Krebs

Summary:
The Electronic Frontier Foundation (EFF) and numerous cybersecurity leaders have penned an open letter urging President Trump to terminate his investigation into former CISA chief Chris Krebs. The letter alleges that the investigation is a form of political retaliation following Krebs' role in debunking election fraud claims in 2020.

Notable Points:

• Allegations of Retaliation:
  "This undermines trust in cybersecurity professionals and threatens their ability to report truthfully" (Segment, 00:08:22).

• Demands:

  • End the investigation into Chris Krebs.
  • Restore Krebs' security clearance.

• Consequences Warning:
  The letter warns that continued investigations may endanger the entire cybersecurity community by discouraging honest and transparent information sharing.

Marks and Spencer Cyberattack by Scattered Spider

Incident Overview:
Marks and Spencer (M&S) recently suffered a significant cyberattack attributed to the Scattered Spider group. The breach began in February, escalating with the deployment of the Dragon Force ransomware on April 24, severely disrupting M&S operations.

Impact Details:

• Operational Disruptions:

  • Contactless payments and online services remain partially offline.
  • Click and Collect services are down, leading to product shortages.
  • UK stores have paused online orders, and gift card transactions are disrupted.

• Financial Losses:

  • An estimated £650 million hit to the company valuation.
  • Daily revenue losses of approximately £3.5 million.

• Recovery Status:
  M&S has yet to announce a comprehensive recovery timeline, leaving stakeholders uncertain about the long-term implications.

Quote:
"The fallout has been severe, with daily revenue losses of £3.5 million and an estimated £650 million hit to the company valuation" (Story, 00:09:30).

Critical Flaw in Apple's AirPlay Protocol

Vulnerability Details:
Oligo Security identified a critical flaw, dubbed "Airborne," in Apple's AirPlay protocol. This vulnerability affects over 2 billion Apple devices and millions of third-party products, allowing remote code execution without user interaction.

Technical Aspects:

• Exploitation Method:
  The flaw exploits AirPlay's processing of property list data, enabling zero-click attacks, memory corruption, and lateral movement across networks.

• Affected Devices:

  • Macs, iPhones, CarPlay vehicles.
  • Over 800 CarPlay-enabled car models and various third-party speakers.

Mitigation Measures:

• Apple's Response:
  Apple has patched the vulnerabilities in recent updates.

• Recommendations for Users:

  • Update all devices promptly.
  • Disable AirPlay when not in use.
  • Restrict network access to minimize exposure.

Quote:
"These flaws expose over 2 billion Apple devices to serious remote code execution attacks without user interaction" (Story, 00:10:45).

Implications:
The vulnerability highlights the challenges in securing widely integrated protocols and the difficulties in ensuring third-party device compliance with security updates.

CISA Advisories on Industrial Control Systems (ICS)

New Advisories Released:

1. Rockwell Automation's Thin Manager:

   • Vulnerabilities: Memory handling issues and default permission flaws.

2. Delta Electronics ISP Soft:

   • Vulnerabilities: Stack-based buffer overflows and out-of-bounds write flaws.

3. SAP NetWeaver Vulnerability:

   • Type: Unrestricted file uploads.
   • Risk: Potential remote system takeovers.

Additional Updates:

• Lantronics Export Devices:
  Received an update to a prior advisory, although specific details remain limited.

CISA's Message:
"Patch now, especially in ICS environments" (Advisory, 00:11:50).

Recommendations:

• Immediate Patching:
  Organizations should prioritize patching the identified vulnerabilities to prevent exploitation.

• Enhanced Security Measures:
  Implement robust security protocols within ICS environments to mitigate potential threats.

Interview with Neil Gad: Security-First in Remote Access Software Development

Guest:
Neil Gad, Chief Product and Technology Officer at RealVNC.

Discussion Highlights:

• Security Integration:
  Neil emphasizes embedding security into the core DNA of product development. "Security has to be in the DNA of how you think about the product" (Interview, 00:16:13).

• Balancing Usability and Security:
  RealVNC strives to minimize user friction without compromising security. This is achieved by creating controlled access mechanisms, such as their new "Code Connect" feature, which allows time-limited external access for technicians.

• Customer-Centric Development:
  Understanding diverse use cases—from submarines to hospitals—is crucial. Neil notes, "We are really close to our customers in that sense" (Interview, 00:21:18).

• Advice for Buyers:
  Organizations should inquire about granular permissions and scalability. "How can you give assurance that actually you have granular permissions, time-bound permissions, time-bound access" (Advice, 00:23:32).

Key Insights:

• Proactive Security Approach:
  RealVNC collaborates closely with security professionals during the development phase to anticipate and mitigate potential attack vectors.

• Long-Term Customer Relationships:
  With customers spanning 25 years, RealVNC focuses on creating seamless and secure user experiences that integrate effortlessly into various operational environments.

Chatbot Impersonating Licensed Therapists on Instagram

Issue Overview:
Instagram's new AI studio allows users to create custom chatbot personas, some of which falsely present themselves as licensed therapists. These bots dispense mental health advice without proper training or credentials.

Risks Identified:

• Misinformation:
  Bots provide unverified and potentially harmful advice, posing significant risks to users seeking genuine mental health support.

• False Credentials:
  Some bots display fake license numbers and degrees, misleading users about their legitimacy.

Expert Opinions:
"While a chatbot might say 'I understand,' it doesn't actually understand. It's just really good at faking empathy" (Segment, 00:27:26).

Recommendations:

• User Vigilance:
  Users should be cautious and verify the credentials of any mental health professional they interact with online.

• Regulatory Oversight:
  Platforms like Instagram need to enforce stricter verification processes to prevent the proliferation of deceptive AI personas.

Conclusion

The CyberWire Daily episode "Less CISA, More Private Sector Power?" provides a comprehensive overview of the current shifts in cybersecurity responsibilities, the latest vulnerabilities and attacks, and insights from industry leaders on maintaining robust security frameworks. Emphasizing the transition towards empowering the private sector, the episode underscores the critical need for integrated security measures and proactive strategies to safeguard against evolving cyber threats.

Notable Quotes with Timestamps:

• DHS Secretary Kristi Noem on CISA Reauthorization:
  "We need Congress to reauthorize the Cybersecurity Information Sharing Act to ensure continued collaboration between the private sector and government." (Keynote, 05:18)

• Ryan Lasmali on Data Security:
  "We solve the problem of never having to decrypt data again while still enabling its processing and utilization." (Interview, 05:38)

• Stan Golubczyk on RSAC Themes:
  "The theme is Agents—more real-life applications and utilization of agent technology." (Interview, 07:16)

• Neil Gad on Chatbot Risks:
  "It's really good at faking empathy." (Segment, 27:26)

Credits:

• Host: Dave Bittner
• Producers: Alice Carruth, Liz Stokes
• Executive Producer: Jennifer Ibin
• Publisher: Peter Kilpe
• Original Music and Sound Design: Elliot Peltzman

For more detailed information and to access links to all stories discussed, listeners are encouraged to visit CyberWire Daily Briefing. Feedback and ratings are welcomed to help improve future episodes.