No panic—just patch. - CyberWire Daily

Summary7 min read

CyberWire Daily: "No Panic—Just Patch" Summary

Release Date: June 26, 2025
Host: Dave Buettner, N2K Networks
Guest: Andy Boyd, Former Director of the CIA's Center for Cyber Intelligence and Operating Partner at AE Industrial Partners

Introduction

In the June 26, 2025 episode of CyberWire Daily, host Dave Buettner delivers a comprehensive overview of the latest cybersecurity threats, vulnerabilities, and significant industry developments. The episode features an in-depth interview with Andy Boyd, a seasoned expert in cyber intelligence, who shares his insights on offensive cyber operations, policy challenges, and the evolving role of the private sector in national security.

News Highlights

1. Critical Vulnerabilities and Patches

Cisco’s Emergency Advisory
Timestamp: 00:02
Cisco has issued an urgent advisory addressing two critical vulnerabilities in its Identity Services Engine (ISE) and ISE Passive Identity Connector, both scoring a CVSS of 10. The first vulnerability allows remote attackers to execute arbitrary code as root through crafted API requests, while the second permits the upload of malicious files to privileged directories, also leading to root-level execution. Despite no known exploits currently, Cisco emphasizes immediate patching as no workarounds are available.
Citrix’s Active Exploited Flaw
Timestamp: 00:02
Citrix has released patches for a severe memory overflow flaw affecting its NetScaler, ADC, and Gateway products. Contrary to Citrix's classification as a denial-of-service (DoS) risk, the vulnerability is actively exploited and can lead to remote code execution. Additional critical flaws related to memory handling and access controls necessitate urgent upgrades and session terminations.

2. CISA’s Known Exploited Vulnerabilities

Fortinet FortaOS Systems
Timestamp: 00:02
CISA has added CVE-2019-6693 to its Known Exploited Vulnerabilities catalog, highlighting active targeting of Fortinet FortaOS systems. The flaw involves hard-coded encryption keys in backup files, enabling attackers to decrypt sensitive configuration data. Federal organizations are mandated to apply fixes or discontinue use of affected systems by July 16.
AMI’s Megarack BMC Firmware
Timestamp: 00:02
CISA has also listed a critical authentication bypass flaw in AMI’s Megarack BMC firmware, utilized in servers from vendors like HPE and ASUS. This vulnerability allows unauthenticated remote hijacking and potential bricking of servers, with over 1,000 exposed instances discovered online. Federal agencies must patch by July 16 to mitigate risks of malware deployment, firmware tampering, and physical damage.

3. Tragic Consequences of Cyber Attacks

NHS Ransomware Attack and Patient Death
Timestamp: 00:02
A ransomware attack in 2023 on NHS IT provider Synovus has been linked to a patient death at King’s College Hospital. The attack, attributed to the Russian group Kilin, disrupted pathology services, delaying over 1,100 cancer treatments, canceling 2,000 outpatient appointments, and postponing more than 1,000 operations. The incident underscores the severe real-world impacts of cybercrime.

4. Cybercriminal Indictments

Intel Broker Indicted
Timestamp: 00:02
U.S. authorities have indicted Kai West, known online as Intel Broker, for leading a global hacking scheme causing over $25 million in damages. West and his group breached numerous companies, stealing and selling sensitive data, including customer lists and marketing information, primarily via the Breach forum. Arrested in France, West faces up to 20 years in prison if convicted.

5. Columbia University Cyber Attack

System Disruptions and Potential Manipulation
Timestamp: 00:02
A suspected cyber attack has disabled key computer systems at Columbia University’s Morningside campus for two consecutive days, affecting email, Zoom, and course platforms. An image of President Trump appeared on some screens, though no data breaches or ransomware were detected. The University Medical Center remained unaffected, and law enforcement has been notified. This incident highlights the increasing cyber threats faced by academic institutions.

6. Flock’s Data Misuse and Policy Changes

License Plate Reader Company Restricts Data Access
Timestamp: 00:02
Flock, a major license plate reader company, has limited cross-state data access in Illinois, California, and Virginia following reports of misuse by police agencies. Investigations revealed that Flock’s National Lookup feature was exploited to aid ICE operations and track individuals related to immigration and abortion enforcement, violating state laws. In response, Flock disabled national lookups in affected states, revoked access for 47 Illinois agencies, and introduced real-time search blocking for illegal terms. Plans to implement an AI tool for flagging suspicious searches and reeducating agencies on legal data use are underway.

Interview with Andy Boyd

Background and Career Path

Timestamp: 13:06 - 14:00

Andy Boyd shares his extensive background, starting from his education at the Air Force Academy, followed by five years in Air Force Intelligence. Transitioning to the State Department, Boyd spent a decade in various embassies across the Middle East before joining the CIA. He ultimately served nearly four years as the Director of the CIA’s Center for Cyber Intelligence (CCI).

Notable Quote:
"CCI is the mission manager for all things cyber at CIA. That includes offensive Cyber Operations, intelligence collection and strategic analysis..."
— Andy Boyd [14:07]

Defining Offensive Cyber Operations

Timestamp: 15:04 - 17:34

Boyd explains that offensive cyber operations encompass both intelligence collection and disruptive or destructive attacks against adversaries' networks. He differentiates offensive cyber from cyber defense by emphasizing its role in supporting broader military and strategic objectives, similar to electronic warfare.

Notable Quote:
"Offensive cyber is such an important thing for intelligence collection, but also, you know, for other sorts of operations, that in and of itself doesn't make it particularly unique."
— Andy Boyd [19:36]

Cyber Operations in Contemporary Conflicts

Timestamp: 17:34 - 19:17

Discussing the Israel-Iran tensions, Boyd asserts that kinetic military activity remains decisive in conflicts. While cyber operations can support military objectives, such as disrupting communication grids, they are unlikely to replace traditional military engagements. He emphasizes that cyber tools should complement rather than substitute for conventional military strategies.

Notable Quote:
"I don't think we've really settled on what our strategic intent in cyber is currently and how that's going to nest into our broader national security strategy."
— Andy Boyd [20:59]

Ethical Boundaries and Policymaker Understanding

Timestamp: 19:24 - 22:18

Boyd addresses the ethical considerations of offensive cyber operations, likening cyber tools to other military instruments without inherent uniqueness. He highlights the ongoing debate among policymakers regarding the classification of cyber attacks as acts of war, particularly when targeting foreign infrastructure. Boyd advocates for clear, strategic discussions to define the role of cyber operations in national security.

Notable Quote:
"Cyber offensive cyber is a supporting activity, not unlike electronic warfare, to support whatever the strategic goal is of a military activity."
— Andy Boyd [16:22]

Role of the Private Sector

Timestamp: 23:56 - 25:22

Boyd emphasizes the critical role of the private sector in both defending and conducting offensive cyber operations. He notes that over 90% of critical infrastructure is privately owned, necessitating robust collaboration between government agencies and private companies. Additionally, he points out that the U.S. government relies on private sector expertise for vulnerability research and exploit development, underscoring the need for continued private sector involvement to stay ahead of cyber threats.

Notable Quote:
"The private sector has to be deeply, deeply involved in defending those networks. And I think we're way behind the curve on that."
— Andy Boyd [24:08]

Advice for Future Cyber Leaders

Timestamp: 25:32 - 26:38

Boyd offers guidance to emerging cyber leaders, stressing the importance of adaptability and continuous learning in the rapidly evolving cyber landscape. He praises the advancements in cyber leadership within organizations like Cyber Command but expresses concern over talent retention. Boyd encourages fostering a steady influx of skilled professionals to maintain robust cyber defenses and offensive capabilities.

Notable Quote:
"We'll take a step back, you know, five years from now, and I think we'll have a very healthy cyber leadership in the intelligence community, DOD, FBI, and CISA."
— Andy Boyd [25:32]

Conclusion

The episode of CyberWire Daily titled "No Panic—Just Patch" provides listeners with a thorough update on critical cybersecurity vulnerabilities and incidents, underscoring the urgent need for patches and strategic defenses. The insightful conversation with Andy Boyd offers a deep dive into the complexities of offensive cyber operations, highlighting the interplay between government policy, private sector involvement, and ethical considerations. Boyd’s expertise illuminates the multifaceted approach required to navigate and mitigate the escalating cyber threats in today’s interconnected world.

Notable Quotes

Andy Boyd on CCI’s Role:
"CCI is the mission manager for all things cyber at CIA."
[14:07]
On Offensive Cyber Operations:
"Offensive cyber is such an important thing for intelligence collection, but also, you know, for other sorts of operations, that in and of itself doesn't make it particularly unique."
[19:36]
On Strategic Intent in Cyber:
"I don't think we've really settled on what our strategic intent in cyber is currently and how that's going to nest into our broader national security strategy."
[20:59]
On Private Sector’s Role:
"The private sector has to be deeply, deeply involved in defending those networks. And I think we're way behind the curve on that."
[24:08]
Advice to Future Leaders:
"We'll take a step back, you know, five years from now, and I think we'll have a very healthy cyber leadership in the intelligence community, DOD, FBI, and CISA."
[25:32]

This detailed summary encapsulates the key discussions and insights from the CyberWire Daily episode, providing a comprehensive overview for listeners and those interested in the evolving landscape of cybersecurity.

Loading summary

Transcript32 lines

[00:02]
Dave Buettner
You're listening to the Cyberwire network, powered by N2K. Hey everybody, Dave here. I've talked about Deleteme before and I'm still using it because it still works. It's been a few months now and I'm just as impressed today as I was when I signed up. Deleteme keeps finding and removing my personal information from data broker sites and and they keep me updated with detailed reports so I know exactly what's been taken down. I'm genuinely relieved. Knowing my privacy isn't something I have to worry about every day. The Deleteme team handles everything. It's the set it and forget it peace of mind. And it's not just for individuals. Deleteme also offers solutions for businesses, helping companies protect their employees personal information and reduce exposure to social engineering and phishing threats. And right now our listeners get a special 20% off your delete me plan. Just go to JoinDeleteMe.com N2K and use promo code N2K at checkout. That's JoinDeleteMe.com N2k code N2K patches, patches and more patches. A patient death has been linked to the 2023 ransomware attack on an NHS IT provider. US authorities indict the man known online as Intel Broker. A suspected cyber attack disrupts Columbia University, a major license plate reader Company restricts cross state data access after reports revealed misuse of its network by agencies. Our guest is Andy Boyd, former director of the CIA's center for Cyber Intelligence and currently operating partner at AE Industrial Partners and discounted parking as a gateway cybercrime. It's Thursday, June 26th, 2025. I'm Dave Buettner and this is your CyberWire Intel Brief. Thanks for joining us here today. It's great as always to have you with us. We begin today with quite the collection of critical vulnerability notifications. Cisco has issued an Emergency advisory for two critical vulnerabilities with a CVSS of 10 in its Identity Services engine and ISE Passive Identity Connector. The first allows remote attackers to execute arbitrary code as root via crafted API requests. The second lets attackers upload malicious files to privileged directories, also leading to root level code execution. Cisco has released patches to fix the flaws. The company says there are no known attacks yet, but stresses immediate patching as no workarounds exist. Organizations using affected systems should update now to prevent possible full system compromise. Citrix has patched a critical memory overflow flaw in its netscaler, ADC and Gateway products which has been actively exploited. The vulnerability can be triggered remotely and may lead to code execution, despite Citrix labeling it a denial of service risk. Two additional critical flaws affect sensitive memory handling and access controls. Patches are available for supported versions, and users are urged to upgrade and terminate all active sessions, especially recalling past issues with Citrix Bleed. CISA has added CVE2019 6693 to its Known Exploited Vulnerabilities catalog, warning that Fortinet Fortaos systems are being actively targeted. The critical flaw involves hard coded encryption keys in backup files, allowing attackers to decrypt sensitive configuration data. Federal organizations must apply fixes or stop using affected systems by July 16. The vulnerability reflects a broader issue with hard coded credentials, which can't be changed without altering source code, posing serious risks to network security infrastructure if left unaddressed. CISA has confirmed active exploitation of a critical authentication byPass flaw in AMI's Megarack BMC firmware used in servers from vendors like HPE and asus. The bug lets unauthenticated attackers remotely hijack and potentially brick unpatched servers discovered by Eclipsium. It can lead to malware deployment, firmware tampering and physical damage. With over 1000 exposed servers found online, CISA has added it to its Known Exploited Vulnerabilities list, mandating federal agencies patch by July 16. Patient death has been linked to the 2023 ransomware attack on NHS IT provider Synovus, which disrupted pathology services in southeast London. The attack, attributed to Russian group Kilin, delayed 1100 cancer treatments, canceled 2000 outpatient appointments and postponed over 1000 operations. King's College Hospital confirmed the death, citing delayed blood test results as a contributing factor. The cyber attack impacted multiple NHS trusts and primary care across six boroughs, marking a tragic escalation in the real world. Impact of cybercrime kai West, a 25 year old British man known online as Intel Broker, has been indicted by US Authorities for leading a global hacking scheme that caused over $25 million in damages. Prosecutors allege west and his group breached dozens of companies stealing and selling sensitive data, including customer lists and marketing information. Operating on the notorious Breach forum site, west reportedly sold or offered stolen data over 150 times. He was arrested in France in February and remains in custody pending US Extradition. Authorities linked him to the crimes through cryptocurrency transactions, including a Bitcoin payment from an undercover officer. Intel Broker is also connected to past breaches of companies like amd, Cisco and Hewlett Packard Enterprise. If convicted, west faces up to 20 years in prison on the most serious charge. French authorities have arrested several individuals, including those known online as Shiny Hunters, hollow, knocked and depressed. Suspected of reviving Breach Forums, the major marketplace for stolen data. The suspects, all in their 20s, are linked to high profile data breaches targeting companies like SFR and France Travail Breach Forums was first shut down in 2023 after its co founder, Connor Fitzpatrick was arrested. Authorities allege the group helped relaunch the site in 2024 using new infrastructure. A suspected cyber attack has disrupted Columbia University's computer systems for a second day, affecting services on its Morningside campus, including email, zoom and course platforms. While many systems were restored by Wednesday, key services like the course and library catalogs remained offline. An image of President Trump appeared on some campus screens, though officials say it might not be tied to the attack. No data breaches or ransomware have been detected and law enforcement has been notified. The University Medical center was unaffected, though no group has claimed responsibility. The incident comes amid rising cyber threats to universities, which face increasing attacks due to valuable data and complex networks. Flock, a major license plate reader company, has restricted cross state data access in Illinois, California, California and Virginia after reports revealed misuse of its network by police agencies. Investigations by 404 Media showed police used Flock's National Lookup feature to aid ICE operations and track individuals for reasons tied to immigration and abortion, violating state laws. In response, Flock disabled national lookups in those states, revoked access for 47 agencies in Illinois and introduced real time search blocking for illegal terms. Virginia's new law, effective July 1, limits license plate data use to specific crimes. Flock also plans an AI tool to flag suspicious searches and is reeducating agencies on legal data use. The change follows mounting public concern on audits and local media reports of unauthorized data sharing. Several cities, including Austin and San Marcos, have ended or scaled back contracts with Flock over these concerns. Flock says it's reinforcing compliance through audits, new training and stricter oversight. Coming up after the break, Andrew Boyd, former director of the CIA's center for Cyber Intelligence and currently an operating partner at AE Industrial Partners and discounted parking as a gateway cybercrime. Stay with us. And now a word from our sponsor, ThreatLocker. Keeping your system secure shouldn't mean constantly reacting to threats. ThreatLocker helps you take a different approach by giving you full control over what software can run in your environment. If it's not approved, it doesn't run. Simple as that. It's a way to stop ransomware and other attacks before they start without adding extra complexity to your day. See how ThreatLocker can help you lock down your environment at www.threatlocker.com.
[11:14]
Andy Boyd
Foreign.
[11:21]
Ben Yellen
Regulations, third party risk, and customer security demands are all growing and changing fast. Is your manual GRC program actually slowing you down? If you've ever found yourself drowning in spreadsheets, chasing down screenshots or wrangling manual processes just to keep your GRC program on track, you're not alone. But let's be clear. There is a better way. Banta's trust management platform takes the headache out of governance, risk and compliance. It automates the essentials from internal and third party risk to consumer trust, making your security posture stronger, yes, even helping to drive revenue. And this isn't just nice to have. According to a recent analysis from IDC, teams using Vanta saw a 129% boost in productivity. That's not a typo, that's real impact. So if you're ready to trade in chaos for clarity, check out Vanta and bring some serious efficiency to your GRC game. Vanta GRC how much easier trust can be? Get started@vanta.com Cyber.
[12:39]
Dave Buettner
Andrew Boyd is former director of the CIA's center for Cyber Intelligence and currently an operating partner at AE Industrial Partners. He recently joined me and my co host Ben Yellen on the Caveat Podcast to discuss offensive cyber and the United States government. Here's part of our conversation. Andy, it's a real treat to have you join us here today. We really appreciate you taking the time.
[13:06]
Andy Boyd
Thanks Dave and Ben, it's an honor to be on the show. I've been a longtime listener and it's an honor for me as well.
[13:13]
Dave Buettner
Well, let's start off with your experience. Can you share with us where did you get your start and what led you to where you are today?
[13:22]
Andy Boyd
Well, I got my start in Northern New Jersey and then headed off to the Air Force Academy and then after graduating from the Air Force Academy, spent five years in Air Force Intelligence, migrated to the State Department, fell in love with the overseas experience, and spent a decade in the field with the U.S. state Department. A variety of embassies across the Middle East. I went and joined the CIA, started working on real concrete counterterrorism issues, but eventually migrated into cyber operations, ultimately culminating at the end of my career serving for almost four years as the Director of CIA center for Cyber Intelligence.
[14:01]
Dave Buettner
What is the primary mission that you had there as Director of the center for Cyber Intelligence with the CIA?
[14:07]
Andy Boyd
So what I like to say is CCI is the mission manager for all things cyber at CIA. That includes offensive Cyber Operations, intelligence collection and strategic analysis Writing products on nation state and non nation state cyber threats for the Oval Office and what we call the presidential President's daily brief, all the way down to specific analyses of cyber threats that probably would not be of interest to policymakers, but certainly would be interested of interest to threat hunters in the intelligence community, but also in the other parts of the, of the U.S. government, DHS, CISA and folks that, that are defenders of our networks.
[14:51]
Unknown
So you just, based on your experience, I think you're well situated to answer this question. One of the things you told us before this interview is that there is a say do gap in offensive cyber operations. Can you describe that?
[15:04]
Andy Boyd
A little bit?
[15:05]
Unknown
Because I think politicians in both parties, presidential administrations say that they want to improve offensive cyber operations and nobody really knows what that means in practice.
[15:16]
Andy Boyd
So yeah, this Seydou gap, I think I stole that from some of my, my DOD friends who, who like that phrase. I take the new administration at their word, including John Ratcliffe, who's the director of CIA currently, who said that they want to expand offensive cyber operations against our adversaries. I think in part it comes from not really understanding what cyber tools can do and what they can't do. We use our cyber tools in the intelligence community and in cyber command and across the government to collect information, to collect intelligence, but also under very specific authorities from the White House to disrupt or in some cases destroy networks that are of our adversaries where we see a threat.
[16:06]
Dave Buettner
As Ben sort of alluded to, I think offensive cyber is sometimes a fuzzy term, sometimes a loaded term. I would love to hear how you define it and how you think it's different from cyber defense or active defense.
[16:23]
Andy Boyd
I tend to define offensive cyber as two things. Information intelligence collection on one side of it, which, which frankly, not just the United States, but a number of nations with capabilities do that. And then on the other side, the destruction, destructive and or disruptive attacks using cyber tools to bring down networks. Now, there are some who consider, you know, cyber warfare to be in a completely separate domain of warfare. Like, you know, the army and the Marines on the ground, the Air Force and Navy, Naval aviation in the air, space Force, you know, using space as, as a military domain. In my opinion, cyber offensive cyber is a supporting activity, not unlike electronic warfare, to support whatever the strategic goal is of a military activity. Again, separate from my point on information collection, intelligence collection. Now, if you have a well thought out strategy, cyber attacks against a military adversary's communications grids, things like that can be, you know, quite helpful.
[17:35]
Unknown
Yeah. So just for Example, as we're recording this, tensions have erupted between Israel and Iran and there's been discussion of US Involvement and I think certainly a reticence to send active US Service members into the region for this type of conflict. Do you foresee some point down the line where our entire involvement in a conflict like this, even just supporting an ally, whether that's Israel or a NATO ally, is going to be through our expertise and offensive cyber operations?
[18:09]
Andy Boyd
I don't think so. I mean, I think the conflict between Israel and Iran is proving that kinetic military activity, for lack of a better term, is what wins wars. Again, there is, there is some indication that there's been some cyber activity on the Israeli side, on Tehran, again, I think against a bank that was associated with the IRGC in Iran. That is a supporting element to the broader military operation. If in fact, the United States decides to use only cyber tools against Iran. And I'm not saying that this is even in the offing, that would really, in my opinion, and this is not a judgment on, on any administration, it's just what I've experienced over, over my career that that would really just, just be a, a sort of crutch to, to indicate that we're doing something because there is no concrete way to affect what's happening between Israel and Iran in comparison to the, you know, the, the air dominance that the Israelis have and, and, and the, the attacks that they've done on, on the leadership infrastructure in Iran.
[19:17]
Dave Buettner
Andy, what do you see as the boundaries or ethical red lines for offensive cyber?
[19:25]
Andy Boyd
I would suspect Ben, as an attorney, may, may be better equipped to answer that, but it, but I will give, give my opinion on that.
[19:31]
Unknown
As an attorney, I'd just like to say I have no ethics.
[19:35]
Andy Boyd
Okay.
[19:35]
Unknown
Just kidding.
[19:37]
Andy Boyd
I, I mean, again, there's, there's some sort of mystery and magic applied to cyber that, that is always sort of mystified me, frankly, when it, it's really just another tool for intelligence collection or again, disruptive or destructive activity, not unlike electronic warfare or any other inventions that we've had over the years. It's just that a lot of people, again, going back to our policy discussion, don't understand how it works. But handsets, our phones, our iPhones, Android phones, endpoints on laptops, you know, small office, home routers, all the endpoints you can think of, that's where the information is. So that is why, you know, cyber, offensive cyber is such, such an important thing for intelligence collection, but also, you know, for, for other sorts of operations, you know, that in and of itself doesn't make it particularly unique. It's just unique in that that's where we are in 2025 as opposed to where we were 20 years ago. We're where offensive cyber vectors weren't quite what they are today.
[20:47]
Dave Buettner
Do you think policymakers themselves are up to speed on cyber capabilities and how offensive cyber is actually used?
[20:59]
Andy Boyd
I think there are some, I think there are some both in the Senate and the House and in the executive branch who are very cognizant of it. I mean obviously there's you know, professional, you know, permanent non political staff at the intelligence community and out at DHSA and elsewhere who are very, very cognizant of all of it. But I think writ large, I, I don't think we've really settled on what our strategic intent in cyber is currently and, and how that's going to nest into our broader national security strategy. I don't think we've really settled on. The big part of that grand strategy debate is what, you know, whether or not our cyber tools are war fighting domain in and of themselves or is it a supporting sporting fire?
[21:50]
Dave Buettner
Yeah, it's been my perception that, you know, leadership up to and including presidents are reticent to draw red lines in the sand when it comes to cyber and you can understand why that may be. But it seems to me like there's intentional fuzziness there, like maybe to not hold back capabilities or perhaps not even reveal capabilities. Do you think there's anything to that line of thinking?
[22:19]
Andy Boyd
Well, I mean, I also don't think that debate is settled yet either. I mean there's, there are some in the previous administration that believe that a disruptive or destructive cyber attack inside Russia, post Russian invasion of Ukraine, that that would be considered an act of war because the activity was happening on boxes inside of Russia. There was a whole nother group of folks in the previous administration who argued that that was not the case, if no one was going to be injured, that that would not be an act of war. And I, I really do not think we've resolved that, that, that debate. And I think, you know, you all are familiar with the Cyber Solarium Commission where a lot of these discussions and that kind of grew into the, the founding of the office of the National Cyber Director. A lot of these ideas were discussed in there and frankly the naming of the Cyber Solarium Commission, linking it to the discussion in the 1950s about the appropriate deterrent capability of nuclear weapons, I think despite all the effort Mark Montgomery and others put into that is inconclusive. And I think frankly, with the legislative branch and the executive branch, we need a behind closed door discussion on that strategy and then a very open discussion, including academia, as to where we want to go, not unlike what we did in the 1950s on the discussion of our deterrence strategy back then.
[23:44]
Unknown
You are now back in the private sector. What role do you think the private sector can play in all of this? As advisors to the government as a way to enhance capabilities. Can you talk a little bit about that?
[23:56]
Andy Boyd
Well, thanks for asking, Ben. Yes, I think the, the private sector plays an enormous role. They're both on the defensive and the offensive side. I mean, on the defensive side, the 90% or more, I can't put a real, a hard number on it. But the infrastructure is owned by the private sector, be it our telecommunications networks who were victims of salt, iPhone, be it all 16 critical infrastructure sectors, oil and gas, transportation and whatnot, even our medical system and our education system are vulnerable to nation state, non nation state, cyber cyber threats. The private sector has to be deeply, deeply involved in defending those networks. And I think we're way behind the curb on that. On the offensive side, you know, we have a number of companies that do vulnerability research and, you know, under appropriate authorities of the federal government or state and local law enforcement, provide that vulnerability research. And then, you know, what we would call exploit development to do legal activity, be it under DoD Title 10 authorities, Intelligence Community Title 50 authorities, or under Law Enforcement Authorities. And the US government doesn't have the capacity to be doing that vulnerability research on their own. And frankly, if the private sector is not deeply involved in that, we would be behind the power curve.
[25:22]
Dave Buettner
Andy, what advice would you give to the next generation of cyber leaders who are navigating this evolving offensive cyber landscape?
[25:32]
Andy Boyd
Yeah, I mean, I think luckily it didn't just evolve overnight. I mean, we've sort of watched this progress and frankly, I always, I point to where Cyber Command was, was born, you know, a decade and a half ago and really had a hard time standing up and getting the appropriate people to work. Now it's a much more collaborative environment and the leadership at Cyber Command is frankly, second to none. You know, I do worry about retaining talent in the intelligence community. We are, we are losing some folks to the voluntary early retirement program that has sort of been in effect since the new administration came in. But I think, you know, we'll take a step back, you know, five years from now, and, and I think we'll have a very healthy cyber leadership in the intelligence community, dod, FBI and cisa and I think the people we have coming up are very talented. They just have to keep that flow of talent coming in.
[26:38]
Dave Buettner
Be sure to check out the entire conversation on the Caveat podcast, which you can find right here on the N2K CyberWire network or wherever you get your favorite podcasts. Today's cyber attacks move fast. Your team needs to move faster. That's why Cloudrange is redefining cyber readiness with real world AI driven Cyber range simulations. Join CEO Debbie Gordon as she shares how organizations are replacing outdated tabletop exercises with live fire training that builds confidence and sharpens response in real time. It's not just training, it's transformation. Listen now and make sure your team is prepared for the threats ahead. And finally, what began as a quest for cheaper parking at Western Sydney University turned into a full blown cybercrime saga, complete with grade tampering, dark web threats and a cryptocurrency ransom. A 27 year old former student who allegedly didn't take no discount lightly has been charged with 20 cyber offenses after a four year hacking spree that police say escalated from financial mischief to digital extortion. Her digital trail included altering academic records, compromising systems, and eventually demanding $40,000 in crypto to keep sensitive student and staff data off the dark web. The motive? Unresolved grievances, police say. Though parking rates may have been the proverbial gateway crime authorities seized over 100 gigabytes of data during raids while the university scrambled to shore up its cybersecurity. Experts say universities can be more vulnerable due to complex staff, student roles and apparently parking policies that drive some straight into cyber villainy. She'll appear in court on Friday. No word on whether the courthouse validates parking. And that's the cyberwar. For links to all of today's stories, check out our daily briefing@thecyberwire.com we'd love to hear from you. We're conducting our annual audience survey to learn more about our listeners. We're collecting your insights through the end of August. There's a link in the show notes. We hope you'll check it out. N2K's senior producer is Alice Carruth. Our producer is Liz Stokes. We're mixed by Elliot Peltzman and Trey Hester with original music by Elliot Peltzman. Our executive producer is Jennifer Ibin. Peter Kilpe is our publisher and I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow. Did you know Active Directory is targeted in 9 out of 10 cyber attacks? Once attackers get in, they can take control of your entire network. That's why Semperis created Purple Knight, the free security assessment tool that scans your active directory for hundreds of vulnerabilities and shows you how to fix them. Join thousands of IT pros using Purple Knight to stay ahead of threats. Download it now at sempras.com purple-knight that's sempris.com purple knight.