The nominee in limbo. - CyberWire Daily

Summary7 min read

CyberWire Daily: "The Nominee in Limbo" (June 17, 2026)

Host: Dave Bittner (N2K Networks)
Guest Interviews: Christy Wyatt (CEO, Absolute Security), Maria Vermazes (Host, T-Minus Space Cyber Podcast)

Overview

This episode centers on major developments in US cyber and national security leadership, significant shifts in international tech sovereignty, new threats from malware and attacks, and evolving approaches to board-level cybersecurity conversations—highlighting how AI is amplifying risks. The episode also features an industry segment with Christy Wyatt exploring organizational resilience and a DOJ case tying environmental regulation to national security infrastructure.

Key Discussion Points & Insights

1. Political Standoff Over National Intelligence Nominee

[01:38–04:30]

President Trump has delayed the Senate confirmation of Jay Clayton (for Director of National Intelligence) to gain leverage over unrelated issues: the confirmation of Jamie McDonald for US Attorney, and a voting restrictions bill.
Trump announced via Truth Social that Clayton’s hearing is canceled until demands—such as FISA Section 702 reauthorization and legislative priorities—are met.
Clayton, seen as a noncontroversial pick, now sits in limbo, while acting intelligence chief Bill Pulte remains in the role despite criticism for lack of experience and politicized conduct.
Senator Mark Warner warns the ongoing uncertainty could destabilize leadership and hurt both the Office of the Director of National Intelligence and critical intelligence-gathering capabilities.

Notable Quote:

“The dispute threatens both leadership stability at the Office of the Director of National Intelligence and the future of an important intelligence gathering tool, while highlighting ongoing political battles over national security and election-related issues.”
—Dave Bittner [03:45]

2. CISA Under Threat: Budget Cuts and Workforce Departures

[04:30–05:35]

Senator Mark Warner’s letter calls attention to a one-third staff loss at CISA and $700M proposed cuts.
Shutdown of federal support for the Multi-State Information Sharing and Analysis Center (MS-ISAC) has impacted states and localities.
Warner seeks oversight on staffing, vacancies, and critical infrastructure support at CISA.

3. France and the Bigger Move for Digital Sovereignty

[05:35–06:50]

France’s PM Sebastien Lecornieu announced the DGSI will sever ties with US firm Palantir, citing dependence concerns and a €655M investment in French AI.
The move is spurred by US limitations on Anthropic’s Fable model for non-Americans and fears over reliance on foreign providers.
This reflects a European push for independent technology, seen also in moves against Microsoft and warnings from UK officials.

Notable Quote:

“France cannot afford strategic digital dependencies controlled by outside governments or companies.”
—Dave Bittner [06:25]

4. Emerging and Escalating Threats

a. Android Banking Trojan: "Rockarolla"

[06:50–08:10]

Sophisticated malware targeting 217 banking and crypto apps via fake sites.
Leverages Android Accessibility for deep device compromise, stealing credentials, intercepting messages, and deploying overlays to phish for info.

b. Fortinet Firewalls Credential Stuffing

[08:10–09:10]

Massive campaign compromised nearly 74,000 firewall URLs, across 194 countries, through large-scale credential stuffing.
Over 21,000 affected domains, including major enterprises and infrastructure.

Notable Quote:

“Strong passwords provide little protection once credentials have been stolen or leaked.”
—Dave Bittner [09:00]

c. Joomla Content Editor Plugin Exploit

[09:10–09:50]

CISA mandates emergency patching; exploit allows upload and execution of malicious code.

d. Madison Square Garden Ransomware Leak

[09:50–10:30]

Shiny Hunters publish 45GB of data after ransom demand rejected; leak includes sensitive info linked to high-profile individuals post-NBA Finals.

e. Malware in Steam Wallpapers

[10:30–12:00]

Attackers hid malware in Steam’s Wallpaper Engine, targeting mainly Chinese users.
Malicious wallpapers steal credentials, hijack sessions, and drop various malware; new variants keep appearing despite removals.

5. Space Cybersecurity: DHS and the Sparta Framework

[12:40–14:05]

Maria Vermazes details the DHS Science & Technology Directorate’s work with Aerospace Corporation on Sparta, a framework cataloging TTPs for satellite systems:

New Sparta updates:
- Behavioral indicators for detecting attacks (beyond malware signatures).
- Prioritization methods for cybersecurity measures tailored to space missions’ constraints.
Motivation: Lessons from the 2022 ViaSat hack following Russia’s Ukraine invasion.
Open-source threat detection tools expected by year-end.

Notable Quote:

“The new resources aim to make advanced space cybersecurity practices more accessible and to help operators build resilience against emerging threats.”
—Maria Vermazes [13:30]

6. Industry Voices: Christy Wyatt (Absolute Security) on Boardroom Cyber Risk and Resilience

[16:38–27:53]

a. AI as Risk Amplifier

AI escalates both threats and responses; “Are we resilient enough?” is the board’s central concern.
Boards must understand not just the technologies but if their organizations will continue operating if a breach happens.

Notable Quote:

“Do we understand enough about how things have changed both for the positive and the negative as a result of AI?”
—Christy Wyatt [16:48]

b. From Threat Prevention to Business Resilience

Overfocus on prevention is unsustainable: resilience—how to keep running after an attack—is now essential.
Board conversations must move from technical KPIs to business impact.

Notable Quote:

“You could spend an infinite amount on prevention and detection…it just takes one thing to get through. If you’re not equally invested in resilience…when the inevitable actually happens…have we rehearsed?”
—Christy Wyatt [18:07]

c. Economics of Downtime

Downtime, not just breaches, is the biggest business risk.
Technical metrics (MTTR, # of vulnerabilities) don’t resonate with boards; the real focus is business continuity and financial impact.

Notable Quote:

“If the house burned down, how would you continue to operate? If instead of the house burning down, we’re talking about someone clicking the wrong thing…we’re still having a business conversation.”
—Christy Wyatt [20:48]

d. Metrics That Matter: Translating to Risk, Revenue, Cost, Service Delivery

Risk: Discuss in dollar impact terms (revenue at stake, potential cost).
Revenue: Quantify potential income loss from downtime.
AI: AI vastly accelerates both attack and defense, making legacy patch/update cycles (“Patch Tuesday is dead”) obsolete. Boards must re-evaluate their risk models for AI’s scale and speed.

Notable Quote:

“The critical risk…is in speed and in scale…you don’t get to wait and bundle up everything…Patch Tuesday is dead.”
—Christy Wyatt [24:18]

e. Advice for Boardroom Communication

Don’t present cyber KPIs; frame everything in terms of business impact.
Focus on what happens if key systems go down and quantify the revenue/cost impacts.
“Translate into business impact.”

7. Pollution and National Security: DOJ Steps into Xai Turbine Lawsuit

[29:12–end]

The DOJ intervened in a lawsuit (NAACP vs. Xai, Elon Musk’s company) over unpermitted gas turbines at a Mississippi data center (Colossus 2).
Xai’s Grok AI model supports classified military operations; the DOJ claims shutting down turbines could hinder missions (including strikes against Iran).
The case pits environmental health vs. the role of local infrastructure in modern national security.

Notable Quote:

“So the court is left weighing two competing [priorities]: local air quality and…the proposition that…a fleet of generators has become part of America’s national security infrastructure. That’s not a sentence many people expected to read just a few years ago.”
—Dave Bittner [29:59]

Notable Quotes & Memorable Moments

“What is the acceptable threshold of risk? …You could spend infinitely on prevention and detection…it just takes one thing to get through.”
—Christy Wyatt [18:07]
“Patch Tuesday is dead…you don’t get to wait and bundle up everything that you’ve heard from all of your vendors and then test it and stay two versions behind.”
—Christy Wyatt [24:18]
“Strong passwords provide little protection once credentials have been stolen or leaked.”
—Dave Bittner [09:00]
“France cannot afford strategic digital dependencies controlled by outside governments or companies.”
—Dave Bittner [06:25]
“If the house burned down, how would you continue to operate?…we’re still having a business conversation.”
—Christy Wyatt [20:48]

Important Segment Timestamps

Key headlines overview: [01:38–12:40]
Space security (Maria Vermazes): [12:40–14:05]
Industry Voices w/ Christy Wyatt: [16:38–27:53]
DOJ, Xai, and pollution as national security: [29:12–end]
Notable Christy Wyatt insights:
- AI and resilience: [16:48–18:07]
- Economics of downtime: [19:49–21:21]
- Risk and board discussions: [21:40–24:07]
- Speed and scale of AI threats: [24:18–26:43]

Tone & Language

Professional, concise, but conversational.
Uses terminology relevant for business, policy, and technical listeners.
Strives for clarity in the translation of highly technical and policy issues for boardroom and public understanding.

Summary

This episode vividly illustrates the intersection of cybersecurity, politics, business, and national infrastructure—from the stalled intelligence nomination and agency resource struggles, to Europe’s digital sovereignty and the changing mechanics of cyber threats in enterprises and satellites. Christy Wyatt’s segment brings practical advice for reframing the cyber risk dialogue in boardrooms—cutting through the noise of technical jargon to focus on resilience, business impact, and the economics of downtime, especially in an era where AI has altered the speed and scale of both attack and defense.

For more stories and the full analysis, visit cyberwire.com.

Loading summary

Transcript30 lines

[00:02]
Podcast Announcer
You're listening to the Cyberwire network, powered
[00:05]
Christy Wyatt
by N2K,
[00:13]
Dave Bittner
Looking to understand the cybersecurity risks emerging beyond Earth's atmosphere? In the weekly Signals in Space newsletter, T Minus host Maria Vermazes and producer Ethan Cook connect the dots between terrestrial infrastructure and the growing attack surface in space. Each week you'll get the latest space cyber headlines, direct access to the week's T Minus podcast conversation, plus expert insights and resources to help security professionals better understand this rapidly evolving domain. Space systems are becoming critical. Infrastructure Signals in Space helps you stay ahead of the threats shaping the next frontier. Subscribe now to the Signals in Space newsletter. Foreign.
[01:04]
Commercial Voice
This episode is brought to you by Google Chrome. You think you know a browser, but Gemini and Chrome? That's new. It can help you with practically anything on the web, like restoring a vintage motorcycle from a 50 page restoration block. Or finally break down that long article you've had open for weeks. Gemini and Chrome is here for it, ready to make anything online make sense. There's no place like Chrome. Check responses, set up required compatibility and availability various 18/.
[01:38]
Dave Bittner
President Trump halts a key intelligence nomination the FBI warns of a new Microsoft 365 phishing threat. France cuts ties with Palantir, a new Android banking Trojan emerges. Fortinet firewalls come under attack, CISA orders emergency Joomla patching, plus Madison Square Garden data leaks and malware hidden in Steam wallpapers. Our guest is Christy Wyatt, CEO at Absolute Security, discussing their newest ebook and the DOJ claims pollution is mission critical. It's Wednesday, June 17, 2026. I'm Dave Buettner and this is your Cyberwire Intel. Thanks for joining us here today. It's great to have you with us. President Trump has abruptly delayed the Senate confirmation process for Jay Clayton as director for National Intelligence, using the nomination to pressure lawmakers on two separate priorities the confirmation of another nominee, Jamie McDonald for U.S. attorney and the passage of a voting restrictions bill. In an early morning Truth social post, Trump announced the cancellation of Clayton's scheduled Senate hearing and said acting intelligence chief Bill Pulte would remain in the role until his demands are met. The move surprised lawmakers because Clayton, currently the U.S. attorney for the Southern District of New York and former securities and Exchange Commission chair, appeared headed for a relatively smooth confirmation. Senators had hoped to install him quickly to limit the tenure of Pulte, whose appointment has drawn criticism due to his lack of intelligence experience and his history of publicly targeting Trump's political opponents. Trump also wants reauthorization of FISA Section 702, a key US surveillance authority tied to the voting legislation. The dispute threatens both leadership stability at the Office of the Director of National Intelligence and the future of an important intelligence gathering tool. While highlighting ongoing political battles over national security and election related issues. Senator Mark Warner is raising concerns about the future of cisa, warning that staffing cuts, leadership vacancies and the loss of a key information sharing program could weaken the nation's cyber offenses. In a letter to acting CISA Director Nick Anderson, DHS leadership and all 50 governors, Warner argued that the agency has lost roughly one third of its workforce, including many senior officials, while facing a proposed budget reduction of more than $700 million. Warner said state and local officials, educators, law enforcement and industry leaders have reported reduced support and slower responsiveness from CISA with. He also criticized the shutdown of federal funding for the multi State Information Sharing and Analysis center, which helps protect state and local governments. While Anderson has announced plans to hire more than 300 employees, Warner is seeking detailed information about staffing levels, vacancies, service delivery and the agency's ability to support critical infrastructure nationwide. France is cutting ties between its domestic intelligence agency and Palantir. Citing concerns about growing dependence on American technology, Prime Minister Sebastien Lecornieu announced that the DGSI will end its contract with the US Data analytics company as part of a broader push for digital sovereignty and a 655 million euros investment in French artificial intelligence. The move follows the US decision to restrict access to Anthropic's Fable AI model for non American users, a development French officials say highlights the risks of relying on foreign providers that can suddenly limit access. Lecornieu argued that France cannot afford strategic digital dependencies controlled by outside governments or companies. The decision reflects a wider European trend toward reducing reliance on US Technology. France is also replacing some Microsoft products with European alternatives, while officials in the UK have raised similar concerns about Palantir contracts. Warning that dependence on a small number of American tech firms could create strategic vulnerabilities, researchers at Zimperium have identified a new Android banking trojan dubbed Rockarolla, a highly sophisticated malware strain designed to steal credentials from 217 banking and cryptocurrency applications distributed through malicious websites masquerading as legitimate apps such as TikTok or Google Chrome. The malware uses a dropper to install a second stage payload while impersonating Google Play Protect. Once installed, Rocka Rolla abuses Android accessibility services and extensive permissions to to gain deep control over infected devices. The malware can steal lock screen pins and passwords, harvest SMS messages and contacts, log keystrokes, intercept calls, manipulate clipboard contents and capture screenshots for remote surveillance. It also deploys convincing overlays that mimic banking apps and Android lock screens to trick users into surrendering credentials. Researchers identified 137 commands that allow attackers to manage infected devices, disable Google Play, protect, suppress alerts and maintain persistence. The malware communicates with resilient command and control infrastructure that can dynamically switch domains, making detection and disruption more difficult while enabling long term financial fraud. Researchers are warning about a massive campaign targeting Fortinet firewalls and VPN gateways, with attackers reportedly compromising nearly 74,000 firewall URLs across 194 countries. Analysis by Hudson Rock and researcher Volodymyr Dychenko suggests the operation relied on credential stuffing at enormous scale, testing leaked usernames and passwords against exposed fortigate devices. The attackers allegedly conducted more than a billion login attempts and in some cases intercepted and cracked VPN authentication hashes before moving deeper into corporate networks. The dataset includes more than 21,000 affected domains and reportedly contains credentials linked to major enterprises, government organizations and critical infrastructure providers. The findings underscore a familiar cybersecurity lesson. Strong passwords provide little protection once credentials have been stolen or leaked. Researchers recommend immediate password rotation, Universal Multi Factor Authentication, log reviews for suspicious access and monitoring for exposed credentials. The campaign highlights how exposed gateways combined with recycled or compromised credentials remain a highly effective path into enterprise networks. CISA has ordered federal agencies to patch a critical vulnerability in the Joomla Content Editor plugin by Friday after confirming active exploitation in the wild. The flaw allows unauthenticated attackers to upload and execute malicious PHP code through improperly secured editor profiles. The issue was fixed in a recent version, but developers warn that updating alone will not remove malware from already compromised systems. CISA added the bug to its known Exploited Vulnerabilities catalog and warned that public exploit code and automated attacks make unpatched Joomla. Sites especially vulnerable. Hackers associated with Shiny Hunters have published nearly 45 gigabytes of data allegedly stolen from Madison Square Garden after the organization reportedly refused to pay a ransom. A sample reviewed by 404 Media includes customer communications, contact details and files referencing Knicks players, coaches, celebrities and other sports personalities. The leak comes just days after the Knicks NBA Finals victory, increasing public attention on the incident. Shiny Hunters claims the breach occurred on June 5 and warned that organizations that do not pay ransoms risk having their data exposed. Madison Square Garden has not publicly commented on the latest data release. Kaspersky Researchers have uncovered dozens of malicious wallpapers distributed through Steam Workshop by abusing a feature in Wallpaper Engine that allows users to run executable applications as desktop backgrounds. Since late 2025, attackers have embedded malware including Dark Comet, Luma, Vidar, Cryptominers and ransomw inside seemingly harmless wallpapers that have been downloaded thousands of times. When activated, some wallpapers secretly install malware that steals Steam credentials, hijacks active sessions, and communicates with attacker controlled servers. Researchers found attackers using both bundled malware files and password protected archives to evade detection. The campaign primarily targets gamers in China, which accounted for 89% of observed malicious downloads, though users in Russia and several other countries were also affected. Steam has removed the identified wallpapers, but researchers warn that new malicious uploads continue to appear, making antivirus scanning and caution essential when downloading community created content. Maria Vermazes is host of the T Minus Space Cyber Podcast. She joins us with news on an update to the Sparta framework from the DHS ST Directorate.
[12:41]
Maria Vermazes
Thank you, Dave. The Department of Homeland Security's Science and Technology Directorate is backing new efforts to strengthen cybersecurity across the space sector as satellites become increasingly critical to communications, navigation and other infrastructure. The DHS is working with the Aerospace Corporation to expand the Space Attack Research and Tactic Analysis, or Sparta, framework, which is the open source catalog of tactics, techniques and procedures specifically targeting spacecraft. The two DHS updates to Sparta include a new set of behavioral indicators designed to help operators detect attacks through unusual system activity rather than through traditional malware signatures. The second update to Sparta includes methods for prioritizing cybersecurity countermeasures with the unique challenges of the space threat landscape in mind as they are based on effectiveness, mission deployment constraints and mission lifecycle cost. The DHS says that its contributions to Sparta were partially motivated by the 2022 cyberattack on the ViaSat commercial satellite network at the start of Russia's invasion of Ukraine, and that the new resources aim to make advanced space cybersecurity practices more accessible and to help operators build resilience against emerging threats. An open source reference implementation of threat detection tools is expected later this year. For the Cyberwire Daily, I'm Maria Varmanzas from T Minus Space Cyber Briefing. Back to you, Dave.
[14:05]
Dave Bittner
Be sure to check out the T Minus Space Cyber Podcast wherever you get your favorite shows. Coming up after the break, my conversation with Christy Wyatt, CEO from Absolute Security. We're discussing their latest ebook and the DOJ Claims pollution is mission critical. Stay with us. What's the one thing in business that's spreading as fast as AI? AI risk. Every new tool your team signs up for. Every vendor that turns on AI features, every new integration each one creates another opportunity for something to go wrong. And most security programs just weren't built for AI's pace of growth. Enter Vanta. Vanta is the number one agentic trust platform used by more than 16,000 fast moving companies like Ramp, Cursor and Harvey to help ensure they're always audit ready. And now Vanta is helping companies watch for the risks that show up between audits across vendors, AI tools and their entire environment. The Vanta Agent works like a 24.7grc engineer in the background, finding issues, drafting fixes and cutting vendor assessment time by up to 50%. Whether you're a fast growing startup or a global enterprise, Vanta is here to help you automate your security and compliance and earn and prove trust. Get started today@vanta.com cyber that's V A N T A dot com cyber.
[16:04]
Podcast Announcer
When you need to build up your team to handle the growing chaos at work, use Indeed Sponsored Jobs. It gives your job post the boost it needs to be seen and helps reach people with the right skills, certifications and more. Spend less time searching and more time actually interviewing candidates who check all your boxes. Listeners of this show will get a $75 sponsored job credit@ Indeed.com podcast. That's Indeed.com podcast. Terms and conditions apply. Need a hiring hero? This is a job for Indeed Sponsored Jobs.
[16:39]
Dave Bittner
Christy Wyatt is CEO at Absolute Security and in today's Sponsored Industry Voices segment we discuss their latest ebook.
[16:49]
Christy Wyatt
The big news that we've seen over the past 12 months is clearly the introduction of AI. We came from a world where we continue to see escalating breaches and new kinds of risk and novel attacks and ransomware was a very big conversation for a long period of time. Introducing AI into the conversation is just adding fuel to the fire. The discussion today is are we resilient enough? Have we invested enough? Are we fast enough? Do we understand enough? And I think that's a big one, by the way. Do we understand enough about how things have changed both for the positive and the negative as a result of AI? And all of this kind of comes back to and what is our overall resilience in the face of risk? If something bad happened, would we be okay? I mean, at the end of the day, that's what we're trying to answer for these boardrooms, right? We're trying to demonstrate some investment and some, some knowledge and awareness and understanding in response to the risk landscape that we're all living within today.
[17:50]
Dave Bittner
I think for years security was kind of sold as a threat conversation. You know, we've got this bad thing we're trying to fight. Here are some tools that maybe help us stop it. I know you've argued that the boardroom has moved past that. What are the boards asking of their security leaders now?
[18:08]
Christy Wyatt
For a long time and part of, by the way, the boardroom response as a result of what we've been presenting as an industry, we've been talking, talking about here is the long list of bad things that could happen and here are the investments we're making to prevent those bad things from happening. And so we've very much focused as an industry in our conversations with one another, as well as what we present to the board. Have we invested enough? And it's a little bit of thinking of it as fraud prevention or financial risk. What is the acceptable threshold of risk? And are we investing enough to make sure that we're being responsible and responding to that risk? I think that the conversation has shifted because we know that you could spend infinitely on prevention and detection. I heard a very well regarded voice in cybersecurity say the best way to become more resilient is to invest more in prevention and detection. And the fact is that you could spend an infinite amount on prevention and detection and visibility. It just takes one thing to get through. And so if you're not equally invested in resilience, if you're not also talking about what should the response be when the inevitable actually happens, something will, will come through, large or small. And have we rehearsed, have we invested? Do we have the same level of visibility and what that response to that event would be, not just, and did we see it coming and you know, should we pay the ransom or not?
[19:35]
Dave Bittner
I know you've been talking about this notion of the economics of downtime, that it's the downtime and not necessarily the breach itself that is the real thing that we should be focused on here. Can you unpack that for us?
[19:49]
Christy Wyatt
Yeah, I started writing about this last year and I. It's my belief that as an industry, both as a practitioner as well as an active director, and I work with a number of different companies, that our conversation, you know, lots of us are technical and so we talk about KPIs that don't necessarily resonate in the boardroom. We want to talk about mean time to recover and how many severity XYZs. And have we remediated? I mean, it's a very technical conversation, and I believe that that actually focuses the discussion on the wrong set of things. Ultimately, at the end of the day, this is a business conversation. This is an economic conversation. What we want to understand as a group of business owners is what is the risk? What is the cost to remediate that risk? You know, what is the service delivery or the continuity of the business? How can we continue to take orders and pay people and continue to operate?
[20:48]
Dave Bittner
Right.
[20:49]
Christy Wyatt
And what is the financial impact of all of those things? And so I think we do ourselves a disservice if we make this a technical discussion. Right. And we say the cyber guys want to talk about their cyber metrics. What we're having is a business conversation. If the house burned down, how would you continue to operate? And so if instead of the house burning down, what we're talking about is somebody clicked on the wrong thing or there's some novel new approach that AI happened to be the vehicle for that does not make this an AI conversation. We're still having a business conversation.
[21:22]
Dave Bittner
Well, let's go through these things one at a time. I know you've made the point that there are four main things that boards care about. There's risk, revenue, cost, and service delivery. Can we start with risk? How should a security leader talk about risk so that that resonates with the board?
[21:40]
Christy Wyatt
You need to be able to talk about these in terms of the business impact, the dollar impact. Right. What is the revenue that would be impacted if this bad thing happened? So I think if we redirect the discussion away from the number of vulnerabilities or the number of systems, and we focus on, you know, what is the actual cost and impact of us going down for an hour or a day or a month, and what is the cause of that risk and how would we prevent that from happening? So it's really about the metric and putting that metric back in business terms.
[22:18]
Dave Bittner
Can we talk about revenue? I think, is it fair to say that that's an area that many security teams probably don't really consider. It's not top of mind for them.
[22:30]
Christy Wyatt
It's top of mind for them when they go to ask for funding for their next program, and then they're having a conversation with the cfo and the CFO says, haven't we spent enough? Oh, my gosh, look at how much more we're spending this year than we're spending last year. And I do think there's an Argument for consolidation and spending intelligently. But I talk a lot about this return on resilience concept that says when you're making an investment like any other part of your business, you should be asking yourself, what am I expecting in return? That should be a quantifiable financial value. So if the cost of an hour of downtime or a day of not being able to conduct business cost my business a million dollars, I'm just making it simple. You know, the number of things that could impact that, and you can quantify what is the probability and the size of the impact that that kind of risk would have on your business, then the investment to offset that is, is either logical or illogical. Right? It is a. You know, we can't. We can turn this into a math equation or at least a little bit more of a business proposal, as opposed to the number of. The kinds of metrics we typically want to track in those conversations, in the more traditional cyber sense are how many security applications do we have and how many vulnerabilities and how many patches have we deployed? I mean, these are, these are not metrics that are going to land for the CFO or for the board director who really doesn't need to become a cybersecurity expert. What they want to understand is what is the risk and how is that going to impact my bottom line and am I doing enough to respond to that?
[24:08]
Dave Bittner
Can we talk about AI here? What is the application for agentic AI? Is there such a thing about agentic cyber resilience?
[24:18]
Christy Wyatt
AI is an amplifier to every part of this problem. So it's absolutely going to be an amplifier of, of the risk. Because you're seeing people use these tools to create novel new ways to approach your system. We collectively as an industry are increasingly using these tools to further defend whether it is remediate those attacks or look for the vulnerabilities ourselves before the bad actors find them. So AI is an amplifier of all of it. But I think the critical risk that a lot of boards may not understand is that the real impact of that is in speed and in scale. Patching vulnerabilities and having bad actors look for vulnerabilities or things that are broken in your environment is not new. And it's been one of the most pervasive problems in our industry for well over a decade, several decades. The new part is how quickly we can discover not just new vulnerabilities, but vulnerabilities that have been there for a very long time. Using things like Mythos or some of these new Frontier models. How quickly people can chain these things together and come up with novel attacks. So you're not addressing individual vulnerabilities. You're in an infinite number of combinations of how you string these things together to compromise a system that you're trying to approach. So what that means is that Patch Tuesday is dead. You don't get to wait and bundle up everything that you've heard from all of your vendors and then test it and stay two versions behind and figure out all of the things we thought about, how we maintain compliance kind of break. And so that just means the speed and the velocity at which these new vulnerabilities and these new approaches are coming at organizations is just unheard of. Now. They also have an equally powerful set of tools to be able to respond to that. But the entire landscape has dramatically changed as a result of AI. And so even if as a board, you felt really comfortable with how you stacked up on compliance with NIST and how you stacked up on your response and you did your tabletop exercises, even if you feel like you get a gold star as an organization in being responsible and appropriate in how you think about risk, you kind of have to put it all back out at the table and say, now does that scale and does that match the current velocity of what we're seeing in the industry?
[26:44]
Dave Bittner
What's your advice for that CISO who's walking into the board meeting on a Monday morning, ready to have that, you know, this year's conversation or this quarter's conversation? What sort of things should they be focused on?
[26:58]
Christy Wyatt
The number one thing I would say walking into a boardroom is translated into business impact. I think if you come in with really beautiful, well defined charts and metrics around your cyber KPIs, I think you run the risk of people not understanding the impact and being able to have the right conversation. I think business leaders need to be having a robust conversation about what would happen if the three critical systems we rely on stopped working tomorrow for whatever reason, then what happens? And it's really about that resilience conversation. And so the way you can help land that within that audience is really by translating into these business metrics that I talked about. Talk about the risk, talk about the cost against that risk, and use, you know, use metrics that are going to be meaningful. You know, the true impact on the business is downtime and the impact it has to revenue.
[27:54]
Dave Bittner
That's Christy Wyatt, CEO at Absolute Security.
[28:09]
Commercial Voice
Study and play come together on a Windows 11 PC and for a limited time, college students get the best of both worlds. Get the Unreal College Deal everything you need to study and play with select Windows 11 PCs. Eligible students get a year of Microsoft 365 Premium and a year of Xbox Game. Pass ultimate with a custom color Xbox wireless controller. Learn more@windows.com studentoffer while supplies last ends June 30, terms at aka Ms. College
[28:38]
Maria Vermazes
PC so good, so good, so good.
[28:42]
Christy Wyatt
New markdowns up to 70% off are at Nordstrom Rack stores now. Stock up and save big on shoes, tops, dresses, accessories and more must haves for summer. Join the nordiclub to unlock exclusive discounts. Shop new arrivals first and more. Plus, buy online and pick up at your favorite Rack store for free. Great brands, great prices. That's why you Rack.
[29:12]
Dave Bittner
And finally, what began as a dispute over air permits in Mississippi has evolved into a remarkably modern how many gas turbines does it take to power national security? The Department of Justice has entered the NAACP's lawsuit against Elon Musk's Xai, urging a court to dismiss claims that the company is operating dozens of unpermitted national gas turbines at its Colossus 2 data center in Southaven. The NAACP argues the turbines violate the Clean Air act and increase pollution risks in communities that already face significant health burdens. The DOJ sees the matter differently. According to court filings, xai's Grok model is one of only a handful of AI systems supporting operations on classified government networks. A Defense Department official said the technology supports critical national security missions, including recent military strikes against Iran, and warned that shutting down the turbines could disrupt those efforts. Meanwhile, the numbers continue to grow. The Lawsuit originally cited 27 turbines. Environmental advocates say records now show 57 operating at the site. So the court is left weighing two competing local air quality and the proposition that somewhere in Mississippi, a fleet of generators has become part of America's national security infrastructure. That's not a sentence many people expected to read just a few years ago. And that's the Cyber Wire. For links to all of today's stories, check out our daily briefing@thecyberwire.com we'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k.com N2K's lead producers, Liz Stokes, were mixed by Trey Hester with original music and sound design by Elliot Peltzman. Our contributing host is Maria Vermazes. Our executive producer is Jennifer Ibin. Peter Kilpe is our publisher and I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow.
[32:09]
Commercial Voice
The right window treatments change everything. Your sleep, your privacy, the way every room looks and feels. @blinds.com, we've spent 30 years making it surprisingly simple to get exactly what your home needs. We've covered over 25 million windows and have 50,000 five star reviews to prove we deliver. Whether you DIY it or want a pro to handle everything from measure to install, we have you covered. Real design professionals, free samples, zero pressure right now. Get up to 50% off with minimum purchase plus get a free professional measure. @blinds.com rules and restrictions apply.