White House reboots cybersecurity priorities. - CyberWire Daily

Summary8 min read

CyberWire Daily: White House Reboots Cybersecurity Priorities
Released on June 9, 2025

Host: Dave Bittner, CyberWire Network powered by N2K Networks

Executive Summary

In today's episode of CyberWire Daily, Dave Bittner delves into significant shifts in U.S. and European cybersecurity policies, examines ongoing investigations within the Pentagon, highlights emerging cyber threats from state actors, and discusses recent cybercriminal activities. The episode features an in-depth interview with Tim Starks from Cyberscoop, who provides insights into Sean Cairncross's journey toward confirmation as the next National Cyber Director and the surrounding political dynamics.

Key Topics Covered

White House Overhauls U.S. Cybersecurity Policy
European Union Updates Cybersecurity Blueprint
Pentagon’s Inspector General Investigates Defense Secretary Hegseth
Chinese Hackers Target U.S. Smartphones
Emergence of a New Mirai Botnet Variant
Compromise of Gluestack Packages on NPM
Exploitation of Fortigate Security Appliances by Attackers
Sentencing of Nigerian Cybercriminal Kingsley Ukelu Utulu
Interview with Tim Starks on National Cyber Director Confirmation

1. White House Overhauls U.S. Cybersecurity Policy

President Trump has issued a new executive order that significantly reshapes U.S. cybersecurity policy, replacing directives from former Presidents Obama and Biden announced on June 6. The key changes include:

Narrowed Cyber Sanctions: The new order focuses cyber sanctions solely on foreign malicious actors, reversing broader authorities that previously raised concerns about potential domestic misuse.
Scrapping Biden-Era Initiatives: Several initiatives from the Biden administration are eliminated, including:
- Software Vendor Security Standards: Requirements for software vendors to meet federal security standards.
- AI Research for Cyber Defense: Initiatives aimed at leveraging artificial intelligence for enhancing cyber defense mechanisms.
- Post-Quantum Encryption Readiness: Efforts to prepare for encryption methods resistant to quantum computing threats.
Removed Programs and Mandates:
- IoT Security Labeling Program: This program is discontinued.
- Supply Chain Restrictions: Eased regulations concerning supply chain security.
- AI Security Rules: Revisions to rules governing artificial intelligence security.
- Phishing-Resistant Authentication: Mandates for stronger authentication methods within federal agencies are removed.
New Priorities: The administration emphasizes:
- Secure Software Development: Enhancing practices to develop secure software.
- Stronger Network Protections: Increasing the robustness of network defenses.
- AI for Vulnerability Detection: Utilizing artificial intelligence primarily for identifying system vulnerabilities.

The White House justifies these changes as a move towards "more focused professional cybersecurity practices," eliminating what they consider "distracting issues" introduced by the previous administration.

2. European Union Updates Cybersecurity Blueprint

The EU has refreshed its cybersecurity blueprint to enhance coordination in responding to large-scale cyber attacks. Key aspects of the updated strategy include:

Strengthened Military Ties: Enhanced collaboration with national militaries and NATO to address cyber threats.
Clarified Crisis Response Roles: The blueprint defines the roles of various institutions during cyber crises across technical, operational, and political levels.
NATO Contact Points and Joint Exercises: Plans to establish NATO contact points and initiate joint cyber exercises starting June 2026, involving private sector participants and countries like Ukraine and Moldova.
Focus on Geopolitical Tensions: Addressing threats from geopolitical tensions and hybrid attacks that could destabilize the EU's security, economy, and society.
Secure Communications Enhancement: The EU is urging the European Commission to propose solutions for crisis communication by the end of 2026 and encouraging governments to develop contingency plans for network disruptions.

3. Pentagon’s Inspector General Investigates Defense Secretary Hegseth

The Pentagon's Inspector General is probing whether Defense Secretary Pete Hegseth's aides were instructed to delete Signal messages that may contain sensitive information about U.S. airstrikes in Yemen. Key points include:

Focus Period: The investigation centers on communications from March 15.
Potential Compromises: Messages involving Hegseth's family and top officials, as well as inadvertent disclosures to journalists, are under scrutiny.
Secretary Hegseth’s Response: He denies sharing classified data, attributing the messages to informal and unclassified communications.
Criticism and Risks: Critics argue that such posts could endanger pilot safety and warrant disciplinary action if made by lower-ranking personnel.
Additional Scrutiny: Hegseth is also examined for installing an unsecured internet line in his office amid the ongoing investigation.
Next Steps: Hegseth is expected to face congressional testimony next week, and the investigation may release unclassified findings to the public.

4. Chinese Hackers Target U.S. Smartphones

A recent cyber attack has targeted smartphones of U.S. officials and professionals across politics, technology, and journalism sectors. Highlights include:

Nature of the Attack: Zero-click hacks allowing access without user interaction.
Attribution: Investigations by Iverify link the attacks to Chinese hackers.
Targets: Devices belonging to Donald Trump's campaign and top aides were reportedly compromised.
State-Sponsored Espionage: Experts believe these attacks are driven by state-sponsored espionage objectives.
U.S. Response: Introduction of initiatives like a cyber trust mark for secure connected devices.
Vulnerabilities: Emphasis on the need for users to maintain basic security precautions as misconfigurations and unsecured connections pose significant risks.

5. Emergence of a New Mirai Botnet Variant

Researchers have identified a new variant of the Mirai botnet exploiting vulnerabilities in TBK DVR models:

Exploitation Method: Command injection flaws allow shell command execution via crafted POST requests.
Active Exploitation: Kaspersky confirmed ongoing exploitation, with the botnet deploying ARM32 malware to connect infected DVRs to command and control servers.
Impact: Approximately 50,000 DVRs remain exposed, primarily in China, India, and other countries.
Challenges: Rebranding of devices under multiple names complicates patch management, and it's unclear if TBK Vision has issued patches.

6. Compromise of Gluestack Packages on NPM

A significant supply chain attack has compromised 17 popular Gluestack native Aria packages on NPM:

Attack Timeline: Began on June 6.
Malware Injection: Obfuscated remote access Trojan code inserted, enabling:
- Shell Command Execution
- File Uploads
- Hijacking Python Paths
Discovery and Attribution: Cybersecurity firm Akito linked the attack to the same group behind recent NPM compromises.
Affected Packages: Spanning UI components used in React Native applications.
Response: Gluestack revoked the compromised access token, deprecated the affected packages, and directed users to safe versions.

7. Exploitation of Fortigate Security Appliances by Attackers

A new wave of cyberattacks is leveraging vulnerabilities in Fortigate security appliances to deploy Keelin ransomware:

Attack Strategy: Bypassing traditional perimeter defenses to gain privileged access within enterprise networks.
Keelin Ransomware: Also known as Agenda Ransomware, it boasts:
- Strong Encryption
- Evasion Capabilities
- Advanced Obfuscation Techniques
Impact: Targets critical infrastructure, posing risks of operational disruption, regulatory penalties, and reputational damage.
Recommendation: Organizations are urged to patch vulnerabilities promptly and bolster defenses against infrastructure-based ransomware attacks.

8. Sentencing of Nigerian Cybercriminal Kingsley Ukelu Utulu

A U.S. court has sentenced Nigerian national Kingsley Ukelu Utulu to over five years in prison for his involvement in a hacking and fraud scheme targeting U.S. tax preparation companies:

Scheme Details:
- Target: Personal data from tax firms in Texas and New York.
- Fraudulent Activity: Filing tax returns to solicit $8.4 million, successfully obtaining $2.5 million.
- Additional Fraud: $819,000 fraudulently claimed through the Small Business Administration's disaster loan program using stolen identities.
Legal Outcome:
- Extradition: Utulu was extradited from the UK.
- Restitution: Must pay over $3.6 million in restitution and forfeit $290,000.
Broader Implications: The case is linked to others facing similar charges, highlighting ongoing efforts by U.S. authorities to combat international cybercriminal networks exploiting financial and government systems.

In-Depth Interview: Tim Starks Discusses National Cyber Director Confirmation

Guest: Tim Starks, Senior Reporter at Cyberscoop
Timestamp: [15:15]

Dave Bittner welcomes back Tim Starks to discuss the confirmation journey of Sean Cairncross as the next National Cyber Director and the ensuing political dynamics.

Key Discussion Points:

Sean Cairncross's Confirmation Hearings:
- Grilling on CISA Budget Cuts: Tim explains that Sean faced tough questions regarding proposed $495 million cuts to CISA:
  
  "He sidestepped the question... focusing instead on looking at the most efficient ways to conduct cyber defenses." [15:36]
- Lack of Direct Responsibility: Although Cairncross is not directly responsible for CISA's budget, he possesses some influence through budget guidance authority with the Office of Management and Budget (OMB.
Cairncross's Cybersecurity Experience:
- Management vs. Technical Expertise: Cairncross highlighted his extensive management experience, overseeing operations with thousands of personnel and billions in budgetary responsibilities.
  
  "I have management experience, running operations with thousands of people and billions of dollars." [17:10]
- Handling Cyber Issues on the User End: While he claims to have dealt with cyber on the user end, critics remain unconvinced about the depth of his technical cybersecurity expertise.
- Endorsements: Industry officials and past intelligence and cyber experts, primarily from GOP administrations, have endorsed Cairncross's suitability for the role.
Legislative Skepticism:
- Democratic Concerns: Gary Peters, a top Democrat on the committee, remains non-committal, indicating uncertainty about voting intentions:
  
  "You'll find out when I vote." [19:17]
- Impact of Political Dynamics: The confirmation outcome may largely depend on Republican support in the Senate, regardless of Democratic reservations.
Additional Scoop on CISA’s Mobile App Security Program:
- Republican Pushback: Representative Andrew Garbarino expressed concerns about the termination of CISA's mobile app vetting program, emphasizing its importance in federal agency app security.
  
  "This program is used to help agencies... test out apps that they either create or third party apps." [20:26]
- Underlying Budget Cuts: Tim suggests that the criticism may mask broader intentions to reduce government size:
  
  "They might be looking for a reason to cut the size of government overall." [25:31]
Future Implications:
- Potential Outcomes: The investigation into CISA's budget cuts and the ongoing political discourse may influence Cairncross's confirmation process.
- Government Size Debate: The discussions reflect a deeper debate on the role and size of government in cybersecurity management.

Tim Starks's Insights:

On Cairncross’s Performance:

"He came off as a serious guy. It seemed like he'd done his homework." [17:39]
On CISA’s Challenges:

"CISA has too much going on on its plate... Maybe they gave short shrift to the telecom sector at a time when they shouldn't have." [23:45]
On Political Motives:

"This could be an excuse to cut down the size of government." [26:13]

Conclusion of Interview:

Tim emphasizes the complexity of the confirmation process, noting that while Cairncross presented himself well, underlying political motivations and organizational budget cuts pose significant challenges. The interplay between managing government size and maintaining robust cybersecurity measures remains a contentious issue.

Final Thoughts

Today's episode highlights a pivotal shift in U.S. cybersecurity policy under the new executive order, the EU's strategic enhancements to its cyber defense mechanisms, and the intricate political landscape surrounding the appointment of the National Cyber Director. Additionally, emerging threats from botnets and state-sponsored hacks underscore the evolving nature of cyber threats globally. The insights from Tim Starks provide a nuanced understanding of the political and administrative hurdles in shaping national cybersecurity leadership.

Stay Informed: For a comprehensive overview of today's cybersecurity news and in-depth analyses, subscribe to CyberWire Daily and follow us on your preferred podcast platform.

Loading summary

Transcript35 lines

[00:02]
Dave Bittner
You're listening to the Cyberwire Network powered by N2K. We've all been there. You realize your business needs to hire someone yesterday. How can you find amazing candidates fast? Well, it's easy. Just use Indeed when it comes to hiring, Indeed is all you need. Stop struggling to get your job post noticed Indeed. Sponsored Jobs helps you stand out and hire fast. Your post jumps to the top of search results so the right candidates see it first. And it works. Sponsored Jobs on indeed get 45% more applications than non sponsored ones. One of the things I love about Indeed is how fast it makes hiring. And yes, we do actually use Indeed for hiring here at N2K CyberWire. Many of my colleagues here came to us through Indeed. Plus with Sponsored Jobs. There are no subscriptions, no long term contracts. You only pay for results. How fast is Indeed? Oh, in the minute or so that I've been Talking to you, 23 hires were made on Indeed according to Indeed Data worldwide. There's no need to wait any longer. Speed up your hiring right now with Indeed and listeners to this show will get a $75 sponsored job credit. To get your jobs more visibility at indeed.com cyberwire just go to indee indeed.com cyberwire right now and support our show by saying you heard about Indeed on this podcast. Indeed.com cyberwire terms and conditions apply. Hiring Indeed is all you need. A new White House executive order overhauls U.S. cybersecurity policy the EU updates its cybersecurity blueprint. The Pentagon's inspector general investigates Defense Secretary Hegseth's signal messages. Chinese hackers target U.S. smartphones. A new Mirai botnet variant drops malware on vulnerable DVRs. 17 popular gluestack packages on NPM have been compromised. Attackers exploit vulnerabilities in fortigate security appliances to deploy Keelin ransomware. A Nigerian man gets five years in prison for a hacking infrastructure fraud scheme. Our guest is Tim Starks from cyberscoop discussing Sean Cairncross journey toward confirmation as the next National Cyber Director and Fire stick flicks spark a full on legal blitz. It's Monday, June 9th, 2025. I'm Dave Bittner and this is your Cyberwire Intel Brief. Thanks for joining us here today. It's great to have you with us. President Trump has issued a new executive order that overhauls U.S. cybersecurity policy, replacing earlier directives from Presidents Obama and Biden announced on June 6. The order narrows cyber sanctions to target only foreign malicious actors, reversing broader authorities that critics feared could be misused domestically. The order also scraps several Biden era initiatives, including requirements for software vendors to meet federal security standards, AI research for cyber defense and post quantum encryption readiness. Trump's directive eliminates the IoT security labeling program, eases supply chain restrictions, revises AI security rules and removes mandates for phishing resistant authentication in federal agencies. Instead, the new policy prioritizes secure software development, stronger network protections and AI use focused on vulnerability detection. The White House framed the shift as a move toward more focused professional cybersecurity practices, while removing what it called distracting issues introduced by the Biden administration shortly before Trump took office. The European Union has updated its cybersecurity blueprint to better coordinate responses to large scale cyber attacks, strengthening ties with national militaries and NATO. Approved by ministers meeting in Luxembourg, the plan clarifies which institutions will act during cyber crises across technical, operational and political levels. Poland, which reports about 700 daily cyber incidents, highlighted the need for collective preparedness. The new strategy includes establishing NATO contact points and launching joint cyber exercises starting in June of 2026 involving private sector players and countries like Ukraine and Moldova. The blueprint stresses the growing threat from geopolitical tensions and hybrid attacks that could disrupt the EU's security, economy and society. It also urges the EU to enhance secure communications, calling on the European Commission to propose crisis communication solutions by the end of 2026 and for governments to develop contingency plans for disrupted networks. The Pentagon's inspector general is investigating whether Defense Secretary Pete Hegseth's aides were told to delete signal messages possibly containing sensitive information about U.S. airstrikes in Yemen. The inquiry focuses on March 15 communications and whether they compromised military operations. One signal chat reportedly included Hegseth's family. Another included top officials and, inadvertently, a journalist. Hegseth denies sharing classified data, saying messages were informal and unclassified. The probe also examines access to Hegseth's phone and who posted strike details. Critics argue the posts risked pilot safety and would have led to disciplinary action if done by lower ranking personnel. Hegseth is also under scrutiny for installing an unsecured Internet line in his office amid the fallout. Hegseth has limited press engagements and faces congressional testimony next week. The investigation, requested by Senate Armed Services leaders, could release unclassified findings to the public. A recent cyber attack targeting smartphones of U.S. officials and professionals in politics, tech and journalism has raised alarms among cybersecurity experts. Investigators at Iverify linked the unusual crashes to a zero click hack likely by Chinese hackers that allowed access to phones without user interaction. Victims had ties to fields of interest to China's government. Experts say smartphones, often less protected than other systems, are becoming key targets for espionage. Devices belonging to Donald Trump's campaign and top aides were also reportedly targeted. Lawmakers fear Chinese state owned firms could exploit their tech presence in global networks. The US Is responding with new initiatives like a cyber trust mark for secure connected devices. Still, officials warn that even the most secure device is vulnerable if users ignore basic precautions. Cyber lapses like misconfigured apps or unsecured connections remain a serious national security risk. A new Mirai botnet variant is exploiting a command injection flaw in TBK DVR models to hijack them for cyber attacks. Discovered by researcher netsec fish in April 2024, the vulnerability allows shell command execution via a crafted post request. Kaspersky has confirmed active exploitation using this method, with the botnet dropping ARM32 malware to connect infected DVRs to a command and control server. These compromised devices are then used for DDoS attacks and malicious traffic routing. Around 50,000 DVRs remain exposed, primarily in China, India and several other countries. The devices have been rebranded under multiple names, complicating patch management. It's unclear if TBK Vision has issued a fixed A major supply chain attack has compromised 17 popular Gluestack native Aria packages on NPM, affecting over 1 million weekly downloads. NPM, short for Node Package Manager, is the default package Manager for Node JS, a popular JavaScript runtime. The attack began on June 6. Inserting obfuscated remote access Trojan code. The malware connects to a command and control server and can execute shell commands, upload files, and hijack Python paths to silently run malicious binaries. Cybersecurity firm Akito discovered the attack and linked it to the same group behind recent NPM compromises. Affected packages span across UI components used in React native apps. Despite attempts to contact gluestack, there was initially no response. Gluestack has now revoked the access token used in the attack and deprecated the compromise packages, redirecting users to safe versions. A new wave of cyberattacks is exploiting vulnerabilities and fortigate security appliances to deploy Keelin ransomware across critical infrastructure. The campaign marks a shift in ransomware tactics targeting network security devices rather than traditional phishing methods. Threat actors are exploiting vulnerabilities to gain initial access and maintain persistence inside enterprise networks. Keelin, also known as Agenda Ransomware, is a sophisticated ransomware as a service operation featuring strong encryption and evasion capabilities. The malware uses advanced obfuscation and anti analysis techniques to avoid detection. Security researchers warn that these attacks bypass perimeter defenses, giving attackers privileged access to internal systems. This evolution highlights the growing threat to network infrastructure, increasing the risk of operational disruption, regulatory penalties and reputational damage. Analysts stress the urgent need for organizations to patch vulnerabilities and strengthen defenses against infrastructure based ransomware attacks. A US Court has sentenced Nigerian national Kingsley Ukelu Utulu to over five years in prison for his role in a hacking and fraud scheme targeting US tax preparation companies. Since at least 2019. Utulu and Co conspirators stole personal data from tax firms in Texas and New York to file fraudulent tax returns, seeking $8.4 million and successfully obtaining $2.5 million. They also used stolen identities to fraudulently claim $819,000 through the Small Business Administration's disaster loan program. Uthulu was extradited from the UK and must pay over $3.6 million in restitution and forfeit $290,000. The case is linked to others who face similar charges for participating in the same cybercrime ring. US Authorities continue to pursue justice against international cybercriminals exploiting financial and government systems. Coming up after the break, my conversation with Tim Starks from cyberscoop discussing Sean Cairncross's journey toward confirmation as the next National Cyber Director. And Fire Stick flicks spark a full on legal blitz. Stay with us.
[13:02]
Tim Starks
Foreign.
[13:10]
Dave Bittner
Hey everybody, Dave here. I've talked about Delete Me before and I'm still using it because it still works. It's been a few months now and I'm just as impressed today as I was when I signed up. Delete Me keeps finding and removing my personal information from data broker sites and they keep me updated with detailed reports so I know exactly what's been taken down. I'm genuinely relieved. Knowing my privacy isn't something I have to worry about every day. The Delete Me team handles everything. It's the set it and forget it piece of mind. And it's not just for individuals. Deleteme also offers solutions for businesses helping companies protect their employees personal information and reduce exposure to social engineering and phishing threats. And right now, our listeners get a special deal. 20% off your DeleteMe plan. Just go to JoinDeleteMe.com N2K and use promo code N2K at checkout. That's JoinDeleteMe.com N2k code N2K. And now a word from our sponsor, Threat Locker. Keeping your system secure shouldn't mean constantly reacting to threats. Threat Locker helps you take A different approach by giving you full control over what software can run in your environment. If it's not approved, it doesn't run. Simple as that. It's a way to stop ransomware and other attacks before they start without adding extra complexity to your day. See how ThreatLocker can help you lock down your environment at www.threatlocker.com. it is my pleasure to welcome back to the show Tim Starks. He is a senior reporter at cyberscoop. Tim, welcome back.
[15:15]
Tim Starks
Hi there, Dave.
[15:17]
Dave Bittner
There are two of your articles that I want to highlight in our time together here today. The first I want to touch on. You were there when Sean Cairncross was getting grilled, his aspirations to be national cyber director. Tell us about that.
[15:37]
Tim Starks
Yeah, I think he was grilled in some. I know you used that phrase loosely, but there was one topic that I think he got grilled on. The rest of the questioning was relatively friendly, relatively open to the idea of Sean Cairn cross. The subject he got grilled on was the cuts at cisa. You know, that he's obviously coming there and talking about how important cybersecurity is, and he's, you know, touting himself for the job. And lawmakers naturally ask, well, okay, if cyber's so important, how are you going to be ultimately presiding over these gigantic $495 million cuts to CISA? In one sense, it's a fair question to ask him. In another sense, it's not because he's obviously not directly responsible for CISA's budget. But, you know, he specifically mentioned the authority he has with OMB to set budget guidance. That's something that is an authority that has been used by past people who have run this office. So he does have some say in that budget. And he more or less sidestepped the question. There are a couple different ways he kind of answered around, around the edges of it, saying, you know, well, we're going to look at the most efficient way to do things, form follows function, a lot of cyber defenses in the private sector. But he never directly said this is okay because. Or he never said this is wrong because. So I think that's a topic I grilled on. And they touched on the sort of things that you might expect, bigger picture vision, the threats that he's most worried about, that kind of thing.
[17:03]
Dave Bittner
Yeah. What about his, I guess, comparative lack of cyber experience? How much did he get questioned about that?
[17:10]
Tim Starks
He got one question on that, but he answered it rather extensively. I don't get the impression it was an answer that the lawmakers found unsatisfactory. He pointed out that he has management experience, which I think is true. He does have. He talked about running operations with thousands of people and billions of dollars. He talked about surrounding himself with smart people. I think the answer that was maybe a little less credible is that he said, I've dealt with cyber on the user end of things.
[17:40]
Dave Bittner
Well, haven't we all?
[17:43]
Tim Starks
He can rightly say, oh, you know, I've dealt with the FBI intelligence community on attacks against organizations I was part of. Obviously he was part of the rnc and that was an organization that probably dealt with a fair share of cyber attacks. But I don't know if that, you know, that answer was a little less, that was a little weaker answer. You know, if you look at the people who endorsed him in a letter earlier this week, included a lot of industry officials, included a lot of past intelligence and cyber folk from administrations, mostly GOP administrations, but not entirely. They talked up his management piece. And I think that's an argument that he can point to and say, this is why I deserve the job. Those were people who were a little bit, those were people who were very cyber experts. We said, we're still endorsing from the job, didn't mention his lack of cyber experience. They seem to think the other parts of his resume were more important. And he came off as a serious guy. It seemed like he'd done his homework. He didn't, he didn't fumble any answers. You know, at the same hearing, there was a person who, who was, who was at fema. And even though there was the, the recent kerfuffle with the, with the story about the FEMA director not knowing when hurricane season was, this person failed the answer. So if you're looking at his credibility from that standpoint, he, he really did seem to me like someone who had, who was taking this very seriously and, and has studied up on the subject. Whatever, whatever information he lacked before he came off, he came off as someone who had a grasp, if not command of the issues.
[19:08]
Dave Bittner
Yeah. Was your sense that the folks who were doing the questioning came along satisfied that he's up for the job?
[19:17]
Tim Starks
Unclear. Gary Peters, who's the top Democrat on that committee. A couple reporters tried to ask him, how are you going to vote? And he said, basically, you'll find out when I vote. There's probably a little bit of snake bitten quality to Democrats having voted for some of these Republican nominees who they've later turned out to just really think are doing a terrible job. So I don't know. I don't know if he gets much of a benefit of the doubt from Democrats. You know, obviously he can get confirmed as long as he has Republicans on his side in the Senate. So it may not matter that much. But the answers that he gave on CISA's budget were not satisfactory to the senators who asked about it is what I would say. So we'll see how it goes. A little unclear if he won over anyone, but I don't think he hurt himself per se in the sense that he needs Republicans and there was no sign that Republicans were dumping shit.
[20:04]
Dave Bittner
Yeah. I want to shift here to another story. You wrote you had a scoop here. This was a letter that Representative Garbarino wrote about CISA's mobile app security program and he's taking issue with that program coming to an end.
[20:22]
Tim Starks
Yes, it's like I say, cyberscoop. It's in the name.
[20:27]
Dave Bittner
So we shouldn't be surprised when these scoops come one after the other, right?
[20:31]
Tim Starks
That's one way to look at it.
[20:33]
Dave Bittner
Yeah.
[20:33]
Tim Starks
Yeah.
[20:34]
Dave Bittner
So when the legislators are thinking to themselves, who should I give this scoop to?
[20:38]
Tim Starks
Wait, what's publication has scoop in their name?
[20:41]
Dave Bittner
Right. Yes. It's very smart of you all.
[20:44]
Tim Starks
Yes. Good marketing. So, yes, this is an example of where Republicans and the administration are not necessarily seeing eye to eye. There's been a lot of lockstep. I think one of the issues where there hasn't been lockstep is on cyber. The Republicans have, in a number of positions of power have been raising some doubts about what the administration wants to do on cyber. In this case, Andrew Garbarino, who's the top, top Republican on the cybersecurity subcommittee of House Homeland, had sent a letter to Christine Ohm saying, hey, you're ending this so called mobile app vetting program in June. I think that's maybe a bad idea. The program is used to help agencies in the federal civilian executive branch test out apps that they either create or third party apps. There was a clever bit of craftsmanship on this letter that I'll talk about in one second, but the gist is garbage. Thinks this is a good program. It's very helpful, especially in a time when salt typhoon affected the telecommunications sector and it was discovered in the executive branch first if accounts were to be believed. So the craftsmanship part that I found entertaining and interesting was it pointed to ice, the Immigration Custom Enforcement Agency having made use of this program. And I think we all know how near and dear ICE is to the administration. They're talking about plussing it up. They're obviously making thousands of arrests. So I think it was smart to say, hey, look, I's had some problems with some untrustworthy, risky apps. They turn to this program as part of the solution to that.
[22:26]
Dave Bittner
And he requested a briefing here. He's on a bit of a timeline.
[22:32]
Tim Starks
Yeah, he asked for one by June 13th. We will see if they get that. As I pointed out, Garbarino and others on the House Homeland Security Committee have said, hey, we're waiting for answers and briefings on CISA personnel cuts. That was a few weeks ago. They may have gotten an answer since then, but I have not heard that they have. So, yeah, he's asked for what that he also did bring up something that we, you know, you and I talked recently about the salt typhoon series that we did at cyberscoop, where one of the points that people made, it wasn't unanimous, but that some people brought up was, hey, CISA has so many sector Risk Management Agency responsibilities. They're the lead coordinator essentially for certain critical infrastructure sectors and working with the private sector on all sorts of security issues. CISA has eight of those out of the 16 sectors, I believe. And I think DHS broadly has, I think, part of at least 10. So one of the things people have suggested to me from my story was, hey, look, these agencies, the telecom sector doesn't seem to be getting the kind of attention it needs. The relationship is not as strong as it should be. And maybe one of the reasons is that is that CISA has too much going on on its plate. Maybe they gave short shrift to the telecom sector at a time when they shouldn't have. So as part of this letter, he also said, hey, you need to prioritize your review, Christine, of the idea of whether CISA should have these kinds of SMRA roles. And that would be something he wants as part of the briefing as well.
[24:03]
Dave Bittner
It's interesting to me. Well, my take, and I'm very curious to see if you agree with me, is that my impression is that with the answers I've seen Kristi Noem give when questioned about CISA and the funding and the future of the organization, they all come back to the, the beef that the Trump administration has with CISA going back to the 2016 election. And it just seems to me like that's this bump in the road that they just can't get past. Like it's, it doesn't seem to me an objective argument. It's an emotional one. Am I on base there?
[24:48]
Tim Starks
I think you are potentially on base. I think if you look at, let me suggest an alternative hypothesis here. If you look at the proposal that the Trump administration has for fiscal 2026 for CISA, and you look at some reporting in Axios that others have confirmed that not only are they proposing in the budget cutting more than 1,000 people, we're talking about approximately a third of the agency that if you look at it, they actually already have cut those numbers. And if you look at the numbers, they're not all coming out of the election security piece of things where the, where the administration, where the conservatives have been very fired up towards CISA about this, that's 14 people. 14.
[25:31]
Dave Bittner
Right.
[25:31]
Tim Starks
14 out of 10. 83. And if you look at who they're proposing cutting or who have they actually have already cut, it's every kind of person. And they're not filling vacancies. Naturally. Those jobs are cyber jobs. They're not just jobs where you're like, oh, these people incidentally worked on misinformation. They didn't. So it might be more a justification for doing something that the argument they're making is look at how dangerous this so called censorship was when in fact they're just looking for a reason to cut the size of government overall. And this is sort of the face of that. This is the tip of the spear toward getting rid of a vast amount of the federal government.
[26:13]
Dave Bittner
Yeah. And I suppose, I mean, it could be my own failure in that, you know, Kristi Noem, when speaking about this, that is the thing I think she is most passionate about. So maybe I'm, you know, in my own mind I'm taking great measure of that because with the determination that she speaks with it and maybe that's not justified.
[26:32]
Tim Starks
No, I think, I think, I think that's the thing that, yeah, the things, when you bring up cisa, the first words out of her mouth is we're getting back on mission, we're not going to have this censorship that we had in the past. So I think that's definitely what she's most interested in CISA about. But I think there's also, I think it's possible that both hypotheses are true here. Right. That it's this idea that this agency is bad because it did something bad ever in their minds and. Or it's also an excuse to cut down the size of government.
[27:02]
Dave Bittner
Yeah. All right, well, Tim Starks is senior reporter at cyberscoop. We will have a link to both of these stories in our show notes. Tim, thank you so much for taking the time for us.
[27:11]
Tim Starks
Thank you, Dave.
[27:26]
Dave Bittner
Compliance regulations, third party risk, and customer security demands are all growing and changing fast. Is your manual GRC program actually slowing you down? If you've ever found yourself drowning in spreadsheets, chasing down screenshots, or wrangling manual processes just to keep your GRC program on track, you're not alone. But let's be clear. There is a better way. Banta's trust management platform takes the headache out of governance, risk and compliance. It automates the essentials from internal and third party risk to consumer trust, making your security posture stronger, yes, even helping to drive revenue. And this isn't just nice to have. According to a recent analysis from IDC, teams using Vanta saw a 129% boost in productivity. That's not a typo, that's real impact. So if you're ready to trade in chaos for clarity, check out Vanta and bring some serious efficiency to your GRC game. Vanta GRC how much easier trust can be? Get started@vanta.com cyber and finally, our Jolly Roger desk tells us millions of Brits are reportedly risking prison time for using hacked Amazon fire sticks to stream their favorite shows on the cheap. According to the Mirror, this national pastime of streaming Netflix, HBO and Disney for the price of a takeaway coffee may now come with a side of malware or a court date. These jailbroken devices, which disable Amazon's restrictions to allow third party apps, can expose users to shady software and hackers eager to swipe your personal information. Worse still, the money saved might be lining the pockets of a 21 billion pound black market empire. Sellers promote pirated bundles on Facebook and close deals via WhatsApp, that favored tool of modern pirates and high school group chats alike. Authorities aren't amused. Kieran Sharp of the Federation Against Copyright Theft warns users are breaking the law. And yes, some sellers have already done time because nothing ruins movie night like malware and a court date. And that's the Cyber Wire. For links to all of today's stories, check out our daily briefing@thecyberwire.com don't forget to check out the Grumpy Old Geeks podcast, where I contribute to a regular segment on Jason and Brian's show. Every week you can find Grumpy Old Geeks, where all the fine podcasts are listed. We'd love to hear from you. We're conducting our annual audience survey to learn more about our listeners. We're collecting your insights and until the end of August this year, there's a link in the show notes and we do hope you will check it out. N2K's senior producer is Alice Carruth. Our Cyberwire producer is Liz Stokes. We're mixed by Trey Hester with original music and sound design by Elliot Peltzman. Our executive producer is Jennifer Ibin. Peter Kilpe is our publisher and I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow.
[31:08]
Tim Starks
SA Foreign.
[31:39]
Dave Bittner
From our Sponsor Spy Cloud Identity is the new battleground and attackers are exploiting stolen identities to infiltrate your organization. Traditional defenses can't keep up. Spy Cloud's holistic identity threat protection helps security teams uncover and automatically remediate hidden exposures across your users from breaches, malware and phishing to neutralize identity based threats like account takeover, fraud and ransomware. Don't let invisible threats compromise your business. Get your free corporate Darknet exposure report@spycloud.com cyberwire and see what attackers already know. That's spycloud.com cyberwire.