The Trump administration wants your voter data.

Since President Donald Trump took office in January, the Department of Justice has made an ambitious effort to collect sensitive voter data from all 50 states, including information that one election expert described as “the holy trinity” of identity theft: Social Security numbers, driver’s license numbers and dates of birth.

In states where Trump’s party or allies control the levers of government, this information is handed over willingly. In states where they do not, the DOJ has formally asked, then threatened and then sued states that refuse. The department has also claimed many of these reluctant states are failing to properly maintain their voter registration rolls, and has pushed states to more aggressively remove potentially ineligible voters.

This week, Democrats in the House and Senate introduced new legislation that seeks to defang those efforts by raising the legal bar for states to purge voters based on several factors, such as inactivity or changing residency within the same state.

The Voter Purge Protection Act, introduced by Sen. Alex Padilla, D-Calif., and Rep. Joyce Beatty, D-Ohio, would amend the National Voter Registration Act to make it more difficult for states to kick large numbers of voters off their rolls for actions that Democrats — and many election officials — say are common, overwhelmingly benign and not indicative of voter fraud.

Padilla told reporters that the legislation would help ensure “that Americans cannot be stripped of their right to vote without proof that a voter has either passed away or has permanently moved out of their state.”

Voters targeted for removal must also be notified by election officials “so that there’s no surprise when they show up to vote on election day that their name is not on the list and it’s too late to address whatever the issue may or may not be,” Padilla said.

Beatty pointed to her home state, where Republican Secretary of State Frank LaRose removed more than 155,000 voters from active voter rolls in 2024, as an example where federal protections are needed. The primary factor for purging those voters were records showing they had not cast a ballot in an election for the past four years.

She claimed more than half of the voters who stand to be affected by similar purges in 2025 and 2026 are registered in counties where demographic minorities make up a majority of voters.

“Let me be clear: voting is not use-it-or-lose the right, because too often these so-called voter purges have silenced voices, people of color, people of low income communities, and even our seniors who have waited and fought for the right to vote,” Beatty said.

Meanwhile, a comprehensive post-election audit conducted by LaRose’s office in 2024 identified and referred 597 “apparent noncitizens” on state voter rolls to the state Attorney General for further review, out of 8 million state voters. Critically, 459 of those registered voters never cast an actual ballot, and similar audits performed by LaRose in 2019, 2021 and 2022 found that such people made up similarly miniscule percentages of all active registered voters in the state. Last month, his office put out a press release touting an additional 78 “apparent noncitizens” registered, 69 of whom had no evidence of voting.

“States have the responsibility to keep accurate voter rolls and ensure election integrity,” LaRose added. “In order to meet that responsibility, we need more access to data from the federal government. I will continue to push until we have the resources we need to do our jobs to the standard Ohioans deserve.”

As any state election official will tell you, voter registration lists are never static — every day, people die, get married (or divorced), take on different names, become naturalized citizens or experience a range of other life events that can impact their registration status or result in outdated information. Further, it’s not typically viewed as unusual or a sign of fraud when voters sparingly make use of their registration to vote, though most election experts endorse some level of database maintenance to remove inactive voters.  

But it is often these discrepancies that get highlighted by Trump and state allies as evidence of unacceptably messy voter rolls that justify stricter removal policies.

And there are election officials — mostly in Republican-controlled states — who have embraced the philosophy that even small numbers of questionable registrations or voter fraud must be aggressively stamped out or it will lead to American voters losing faith in their democracy. LaRose and Georgia Republican Secretary of State Brad Raffensperger have long championed a similar approach to voter maintenance, and have called for Congress to pass laws making it easier for states to remove voters during election years.

“List maintenance is about election security and voter confidence,” Raffensperger said last month while announcing that approximately 146,000 Georgia voters would be moved to inactive voter rolls, including 80,754 voters who had moved to another county within the state. “We want every Georgian to have full faith in the system, knowing that our elections are free, fair — and fast.”

Critics have pointed out that states already have numerous, effective means for preventing mass voter registration or fraud that have been borne out by post-election audits finding very low instances of fraud, and that overly harsh policies around list maintenance can and do end up disenfranchising far more eligible voters than bad actors. Further, they argue against removing large numbers of voters without a robust follow-up process from states to give affected voters an opportunity to appeal or address any discrepancies that may affect their registration.

The bill has 22 Democratic co-sponsors in the Senate and 24 in the House but is unlikely to gain serious consideration under a Republican-controlled Congress, where most GOP members have long believed voter fraud is rampant and are broadly supportive of state and federal efforts to remove voters based on those same factors.

Asked by CyberScoop how Democrats would navigate that reality, Padilla said the legislation was part of a broader overall effort to push back on these efforts at all levels of constitutional governance. That includes states fighting to protect their constitutional role as administrators of elections when denying data requests from the federal government, within the court system as states and voting rights groups fight in court to block the administration’s use of the SAVE database as a pretext for voter removal, and through public awareness and politics.

Teeing up legislation to prevent states from potentially disenfranchising voters from spurious purges, he said, is part of asserting Congress’ constitutional role in a much broader fight about the way elections are run.

“We’re pushing back on it at every turn and calling attention to it, so that voters understand what they may be facing and make all the necessary preparations so that their right to vote is not denied, whether it’s in next year’s midterm elections or even other regular or special elections before then,” Padilla said.

The post Dems introduce bill to halt mass voter roll purges  appeared first on CyberScoop.

A top Senate Democrat introduced legislation Thursday to extend and rename an expired information-sharing law, and make it retroactive to cover the lapse that began Oct. 1.

Michigan Sen. Gary Peters, the ranking member of the Homeland Security and Governmental Affairs Committee, introduced the Protecting America from Cyber Threats (PACT) Act, to replace the expired Cybersecurity and Information Sharing Act of 2015 (CISA 2015) that has provided liability protections for organizations that share cyber threat data with each other and the federal government. Industry groups and cyber professionals have called those protections vital, sometimes describing the 2015 law as the most successful cyber legislation ever passed.

The 2015 law shares an acronym with the Cybersecurity and Infrastructure Security Agency, which some Republicans — including the chairman of Peters’ panel, Rand Paul of Kentucky — have accused of engaging in social media censorship. As CISA 2015 has lapsed and Peters has tried to renew it, “some people think that’s a reauthorization of the agency,” Peters told reporters Thursday in explaining the new bill name.

“There are some of my Republican colleagues who have concerns about CISA as the agency, and I remind them, this is not about the agency,” he said. “It’s about … cybersecurity protections and the ability to have liability protections and to be able to share information. I’ve often heard the chair conflate the two, and I have to continually remind him.”

A House bill also would establish a different name.

Paul has objected to Peters’ attempts on the floor to extend CISA 2015. A shorter-term extension of the law was included in the House-passed continuing resolution to keep the government open, but that bill didn’t advance in the Senate, prompting a shutdown.

Peters’ latest bill, like earlier legislation he co-sponsored with Sen. Mike Rounds, R-S.D., would extend CISA 2015 for 10 years. He rejected the idea of trying to get a shorter-term extension until a longer-term extension could be passed.

“One thing that is very clear from all of the stakeholders is that they need long-term certainty when it comes to these protections, that you can’t operate with just a few-week-patch and then another few-week–patch,” Peters said. “That’s no way to run a business. That’s no way to run a sophisticated cybersecurity operation.”

Michael Daniel, leader of the Cyber Threat Alliance made up of cybersecurity companies, told CyberScoop that his organization hasn’t been affected by the lapse yet, but that’s partially because it’s an organization that was set up with the long term in mind, with a formalized structure that included information-sharing requirements  for members.

The lapse might also not immediately affect other organizations, he said, comparing it to the risks of the government shutdown underway.

“An hour-long lapse doesn’t really do very much, but the longer it goes on, the more you have time for organizations to say, ‘Well, maybe we need to reconsider what we’re doing, maybe we need to think about it differently,’” Daniel said. “The longer it goes on, you start having questions about, ‘Maybe this thing won’t get reauthorized down the road.’ And once you start questioning the long-term prospects, that’s when people start making changes in their behavior.”

Peters said he’s heard from organizations becoming increasingly nervous about the expiration, but didn’t want to comment on whether any had stopped sharing because that’s “sensitive information, important information, and our adversaries should know as little about what’s happening as possible.”

Peters said he wouldn’t comment on his deliberations with Paul, or comment on Paul’s motives for objecting to his floor maneuvers. Paul cancelled a planned markup of his own version of CISA 2015 renewal legislation in September that included language on free-speech guarantees under CISA the agency, with a spokesperson saying Democrats had requested more time and were “not negotiating in good faith.”

Peters told reporters that claim was “absolutely false … the problem is not on our end.”

The revised Peters legislation doesn’t touch on the topic of free speech. Democrats and Republicans have blamed one another for the government shutdown.

“Firstly, this authority will be turned back on when Democrats, including the bill sponsor, vote to reopen the government,” said Gabrielle Lipsky, a spokesperson for Paul. “The Senator has made it clear that a longer-term reauthorization will need robust free speech protections included.”

Peters said he had spoken to Senate Majority Leader John Thune, R-S.D., about getting the bill through Senate procedures. He and Rounds have both been speaking with colleagues to gain backing. The Trump administration also has been lobbying senators to support a CISA 2015 reauthorization.

“I’m confident that if this bill gets to the floor for a vote, it will not only pass, it will pass overwhelmingly,” he said. “And that’s what we’re working to do.”

The post Sen. Peters tries another approach to extend expired cyber threat information-sharing law appeared first on CyberScoop.

The Cybersecurity and Infrastructure Security Agency doesn’t have any plans in place for continuing a threat information-sharing program should a 2015 law that laid the groundwork for its creation expire Wednesday, according to a new watchdog report.

The inspector general report points to yet more potential complications for threat data exchanges between industry and the government should the 2015 Cybersecurity Information Sharing Act, known as CISA 2015, lapse. Already, private-sector groups and cyber professionals have been sounding alarms about what would happen if the law’s legal safeguards disappear — something that’s now almost certain to happen after Tuesday’s expiration deadline is set to transpire without action from Congress.

The IG report takes a look at the Automated Indicator Sharing (AIS) program that the Department of Homeland Security established in the year after passage of CISA 2015. The voluntary program was designed to allow the exchange of machine-readable cyber threat indicators (CTIs), like malicious IP addresses, and defensive measures (DMs), defined as activity that protects information systems against cyber threats.

According to the IG, CISA (the agency) has not finalized plans for continued use of the program in the event of the expiration of the 2015 law.

“Without finalizing this plan, CISA could be hindered in how it shares information on cyber threats, which would reduce its ability to protect the Nation’s critical infrastructure from cyber threats,” the report, dated Sept. 26, states.

While creation of the AIS program was one of the most direct outcomes of the passage of CISA 2015, many industry groups do not consider it the most important impact of the law, instead focusing on the legal protections it provides. Still, the IG report details how much activity the AIS program is involved in: 10 million cyber threat indicators shared in 2024.

That figure also points to weaknesses within the program, however, according to the IG. The 10 million indicators is a big jump from the prior calendar year, when the number was 1 million.

“Although the number of CTIs and DMs increased in 2024, CISA continues to rely on a small number of partners to share information,” the report states. “CISA officials attributed recent increases in shared CTIs and DMs to a private-sector partner’s significant contribution. In 2024, this private-sector partner added more than 4 million CTIs and DMs to each of the Federal and public collections — accounting for 89 percent of the public collection and 83 percent of the Federal collection.”

The report doesn’t identify that private-sector partner. An earlier report attributed a steep drop in the sharing of cyber threat indicators to an unnamed federal partner withdrawing from the program.

“CISA’s overreliance on information shared by specific participants may lead to inconsistent results and prevent long-term program growth if top contributing partners stop participating,” the report reads.

There were only 18 federal participants in 2024 in all, and 87 non-federal participants. That’s an increase from last year in both cases, but a fall from the 2020 peak of 304 total participants. Some of those participants, though, are industry-specific information sharing and analysis centers that might include hundreds of organizations.

CISA’s response to the IG’s findings left the program’s future uncertain should the 2015 law expire, according to the report.

“Program officials stated that although CISA continues to be committed to sharing CTIs and DMs in an automated, unclassified machine-readable format such as AIS, the decision on whether to maintain the capability will be based on available resources and leadership’s priorities,” the report states. “CISA officials said if the Act were to expire, they would analyze the value of AIS, including the average operational cost of $1 million per month and a likely reduction in CTI and DM volume, to determine whether resources could be redirected from other agency priorities to support AIS.”

CISA referred requests for comment to the agency’s response contained within the report.

“It is important for readers of this report to understand that automated threat intelligence and information sharing with our global partners and stakeholders remains a priority for CISA, and that there are no immediate or near-term plans to discontinue the Automated Information Sharing [sic] service, regardless of the status of the Cybersecurity Act of 2015,” reads the response from Madhu Gottumukkala, the acting director of CISA. “Subject to available appropriations, CISA remains authorized to operate Automated Information Sharing irrespective of the possible sunset of the Cybersecurity Information Sharing Act of 2015 on September 30, 2025, and CISA will continue to modernize and evolve Automated Information Sharing to meet the needs of its partners and stakeholders.”

The post Watchdog: Cyber threat information-sharing program’s future uncertain with expected expiration of 2015 law appeared first on CyberScoop.

A House panel advanced legislation Wednesday that would reauthorize a major cyber threat information sharing law and a big-dollar state and local cyber grant program before they’re set to expire at the end of this month.

Trump administration officials and nominees, as well as cybersecurity organizations and experts, have voiced support for renewing them both as they near their respective lapses. Expiration of the information sharing law in particular has led industry groups and others to warn about dangerous ramifications about the collapse of cyber threat data exchanges.

At the House Homeland Security Committee markup, the panel also approved bills addressing pipeline cybersecurity and terrorists’ use of generative artificial intelligence.

The 2015 Cybersecurity and Information Sharing Act has provided legal protections to the private sector to share threat data with the federal government and between companies and organizations. The Widespread Information Management for the Welfare of Infrastructure and Government Act, which the panel approved 25-0, would reauthorize it for another 10 years, with updates.

“Reauthorizing this law and ensuring the relevance of this framework before it expires is essential for retaining our cyber resilience,” said Rep. Andrew Garbarino, N.Y., the chair of the committee and lead sponsor of the re-up legislation. The original legislation, he said, “changed the cybersecurity landscape forever, and for the better.”

The bill encourages the use of secure AI to improve technical capabilities, updates legal definitions to capture newer hacking tactics and seeks to preserve and strengthen existing privacy protections, he said.

The top Democrat on the committee, Bennie Thompson of Mississippi, said the committee should have approved a simpler reauthorization to give lawmakers and affected parties more time to take a look at the legislation’s changes to the 2015 law, but he supported moving the bill forward.

Garbarino said he had a good conversation Tuesday evening with his Senate counterpart, Homeland Security and Governmental Affairs Committee Chairman Rand Paul, R-Ky., about the path forward on the legislation.

Paul and other GOP lawmakers have said they want renewal of the 2015 law to include language prohibiting the Cybersecurity and Infrastructure Security Agency — which plays a large role in carrying out the law — from censoring speech, despite past responses from agency officials that they have not censored anyone. Garbarino’s bill doesn’t contain any provisions about that.

The panel voted 22-1 to approve the Protecting Information by Local Leaders for Agency Resilience Act, which would extend the State and Local Cybersecurity Grant Program for another 10 years. The program has doled out $1 billion.

“Many local governments have a long way to go to be prepared for cyberattacks from adversaries like the Chinese Communist Party,” said the bill’s sponsor, Rep. Andy Ogles, R-Tenn. He said that while “I usually want Washington to do less,” the federal government might have to foot the bill later anyway if it doesn’t help state and local governments shore up their defenses.

It would provide 60% of funds to state, local and tribal governments that are eligible, or 70% for those applying together. It would direct a federal outreach effort to smaller communities, and stress defense for both information technology and operational technology, Ogles said. Appropriators would still need to dedicate funding to the program, even if President Donald Trump signs it into law.

A coalition of tech and cybersecurity groups wrote to congressional leaders Tuesday urging them to extend the program, listing examples of how the grant program has defended against specific cyberattacks across the nation. “Without continued funding, hard-won progress will stall, and communities across the country will be left vulnerable — handing our adversaries a dangerous advantage,” their letter reads.

Paul hasn’t publicly indicated his plans for the expiring grant program. The two bills would provide new names for the things they are authorizing: WIMWIG replacing 2015 CISA, and PILLAR replacing the grant program.

The House Homeland Security Committee also voted 21-0 to advance the Generative AI Terrorism Risk Assessment Act, which would require the Department of Homeland Security to conduct annual assessments on how terrorist groups use artificial intelligence to carry out terrorist activity, such as seeking to radicalize potential recruits.

“Known terrorist organizations like ISIS or Al Qaeda or others have gone so far as to have AI workshops to train members on its use,” said the bill’s sponsor, Rep. August Pfluger, R-Texas.

And the committee voted 22-0 to approve the Pipeline Security Act that would codify the Transportation Security Administration’s pipeline security office into law and specify its responsibilities, including on cybersecurity. TSA wrote cybersecurity regulations in response to the 2021 Colonial Pipeline hack.

“We don’t just risk our national security, we risk supply chain disruptions that will create a ripple effect throughout our communities” if we fail to protect our pipelines, said the bill’s sponsor, Rep. Julie Johnson, D-Texas.

The post House panel approves cyber information sharing, grant legislation as expiration deadlines loom appeared first on CyberScoop.

Google says it is starting a cyber “disruption unit,” a development that arrives in a potentially shifting U.S. landscape toward more offensive-oriented approaches in cyberspace.

But the contours of that larger shift are still unclear, and whether or to what extent it’s even possible. While there’s some momentum in policymaking and industry circles to put a greater emphasis on more aggressive strategies and tactics to respond to cyberattacks, there are also major barriers.

Sandra Joyce, vice president of Google Threat Intelligence Group, said at a conference Tuesday that more details of the disruption unit would be forthcoming in future months, but the company was looking for “legal and ethical disruption” options as part of the unit’s work.

“What we’re doing in the Google Threat Intelligence Group is intelligence-led proactive identification of opportunities where we can actually take down some type of campaign or operation,” she said at the Center for Cybersecurity Policy and Law event, where she called for partners in the project. “We have to get from a reactive position to a proactive one … if we’re going to make a difference right now.”

The boundaries in the cyber domain between actions considered “cyber offense” and those meant to deter cyberattacks are often unclear. The tradeoff between “active defense” vs. “hacking back” is a common dividing line. On the less aggressive end, “active defense” can include tactics like setting up honeypots designed to lure and trick attackers. At the more extreme end, “hacking back” would typically involve actions that attempt to  deliberately destroy an attacker’s systems or networks.  Disruption operations might fall between the two, like Microsoft taking down botnet infrastructure in court or the Justice Department seizing stolen cryptocurrency from hackers.

Trump administration officials and some in Congress have been advocating for the U.S. government to go on offense in cyberspace, saying that foreign hackers and criminals aren’t suffering sufficient consequences. Much-criticized legislation to authorize private sector “hacking back” has long stalled in Congress, but some have recently pushed a version of the idea where the president would give “letters of marque” like those for early-U.S. sea privateers to companies authorizing them to legally conduct offensive cyber operations currently forbidden under U.S. law.

The private sector has some catching up to do if there’s to be a worthy field of firms able to focus on offense, experts say.

John Keefe, a former National Security Council official from 2022 to 2024 and National Security Agency official before that, said there had been government talks about a “narrow” letters of marque approach “with the private sector companies that we thought had the capabilities.” The concept was centered on ransomware, Russia and rules of the road for those companies to operate. “It wasn’t going to be the Wild West,” said Keefe, now founder of Ex Astris Scientia, speaking like others in this story at Tuesday’s conference.

The companies with an emphasis on offense largely have only one customer — and that’s governments, said Joe McCaffrey, chief information security officer at defense tech company Anduril Industries. “It’s a really tough business to be in,” he said. “If you develop an exploit, you get to sell to one person legally, and then it gets burned, and you’re back again.”

By their nature, offensive cyber operations in the federal government are already very time- and manpower-intensive, said Brandon Wales, a former top official at the Cybersecurity and Infrastructure Security Agency and now vice president of cybersecurity at SentinelOne. Private sector companies could make their mark by innovating ways to speed up and expand the number of those operations, he said.

Overall, among the options of companies that could do more offensive work, the “industry doesn’t exist yet, but I think it’s coming,” said Andrew McClure, managing director at Forgepoint Capital.

Certainly Congress would have to clarify what companies are able to do legally as well, Wales said.

But that’s just the industry side. There’s plenty more to weigh when stepping up offense.

“However we start, we need to make sure that we are having the ability to measure impact,” said Megan Stifel, chief strategy officer for the Institute for Security and Technology. “Is this working? How do we know?”

If there was a consensus at the conference it’s that the United States — be it the government or private sector — needs to do more to deter adversaries in cyberspace by going after them more in cyberspace.

One knock on that idea has been that the United States can least afford to get into a cyber shooting match, since it’s more reliant on tech than other nations and an escalation would hurt the U.S. the most by presenting more vulnerable targets for enemies. But Dmitri Alperovitch, chairman of the Silverado Policy Accelerator, said that idea was wrong for a couple reasons, among them that other nations have become just as reliant on tech, too.

And “the very idea that in this current bleak state of affairs, engaging in cyber offense is escalatory, I propose to you, is laughable,” he said. “After all, what are our adversaries going to escalate to in response? Ransom more of our hospitals, penetrate more of our water and electric utilities, steal even more of our IP and financial assets?”

Alperovitch continued: “Not only is engaging in thoughtful and careful cyber offense not escalatory, but not doing so is.”

The post Google previews cyber ‘disruption unit’ as U.S. government, industry weigh going heavier on offense appeared first on CyberScoop.

Sen. Ron Wyden on Monday urged Supreme Court Chief Justice John Roberts to seek an independent review of federal court cybersecurity following the latest major hack,  accusing the judiciary of “incompetence” and “covering up” its “negligence” over digital defenses.

Wyden, D-Ore., wrote his letter in response to news this month that hackers had reportedly breached and stolen sealed case data from federal district courts dating back to at least July, exploiting vulnerabilities left unfixed for five years. Alleged Russian hackers were behind both the attack and another past major intrusion, and may have lurked in the systems for years.

“The federal judiciary’s current approach to information technology is a severe threat to our national security,” Wyden said. “The courts have been entrusted with some of our nation’s most confidential and sensitive information, including national security documents that could reveal sources and methods to our adversaries, and sealed criminal charging and investigative documents that could enable suspects to flee from justice or target witnesses. Yet, you continue to refuse to require the federal courts to meet mandatory cybersecurity requirements and allow them to routinely ignore basic cybersecurity best practices.”

That, Wyden said, means someone from the outside must conduct a review, naming the National Academy of Sciences as the organization Roberts should choose.

The Administrative Office of the U.S. Courts said on Aug. 7 that it was taking steps to improve cybersecurity “in response to recent escalated cyberattacks of a sophisticated and persistent nature on its case management system,” but was vague about specific changes. In that statement the office touted its collaboration with Congress and federal agencies about cyber defenses.

But Wyden said in his letter the judiciary “stonewalls” congressional oversight. He cited another intrusion in 2020, revealed by then-House Judiciary Chair Jerrold Nadler, D-N.Y., by “three hostile foreign actors,” where Wyden said the judiciary still hasn’t said what happened.

“There is no legitimate need to keep Congress or the public in the dark about that incident so many years later,” Wyden wrote. “I strongly suspect that the judiciary is covering up its own negligence and incompetence which resulted in the security vulnerabilities that the hackers exploited.”

Wyden especially faulted the courts for its slow, under-reliance on strong multifactor authentication, saying the variety the judiciary adopted was not phishing-resistant.

“The glacial speed with which the federal judiciary adopted this inferior cyberdefense, years after government agencies and businesses have migrated to superior solutions, highlights the fact that the judiciary’s cybersecurity problems are not technical, but rather, are the result of incompetence and the total absence of accountability,” he said.

The press office for the Supreme Court did not immediately respond to a request for comment on Wyden’s letter.

The post Blistering Wyden letter seeks review of federal court cybersecurity, citing ‘incompetence,’ ‘negligence’ appeared first on CyberScoop.

Expiration of a 2015 law at the end of September could dramatically reduce cyber threat information sharing within industry, as well as between companies and the federal government, almost to the point of eliminating it, some experts and industry officials warn.

The Cybersecurity Information Sharing Act, also known as CISA 2015, is due to end next month unless Congress extends it. Leaders of both of the House and Senate panels with the responsibility for reauthorizing it say they intend to act on legislation next month, but the law still stands to expire soon without a quick bicameral deal.

The original 2015 law provided legal safeguards for organizations to share threat data with other organizations and the federal government.

“We can expect, roughly, potentially, if this expires, maybe an 80 to 90% reduction in cyber threat information flows, like raw flows,” Emily Park, a Democratic staffer on the Senate Homeland Security and Governmental Affairs Committee, said at an event last month. “But that doesn’t say anything about the break in trust that will occur as well, because at its core, CISA 2015, as an authority, is about trust, and being able to trust the businesses and organizations around you, and being able to trust the federal government that it will use the information you share with it.”

That estimate — 80 to 90% — is on the high side of warnings issued by policymakers and others, and some reject the notion that the sky is catastrophically falling should it lapse. Additionally, some of the organizations warning about the fallout from the law’s lapse benefit from its provisions. But there’s near-unanimity that expiration of the law could largely shift decisions about cyber threat info sharing from organizations’ chief information security officers to the legal department.

“If you think about it from the company’s perspective, what a lapse would do would be to cause the ability to share information — to move the decision from the CISO to the general counsel’s office,”  said Amy Shuart, vice president of technology and innovation at Business Roundtable, which considered the issue important enough to fly in CISOs from member companies to meet with lawmakers this summer and persuade them to act. “And any good general counsel is going to say, ‘I used to have authority here that protects us from antitrust. We don’t have it anymore. Now I’ve got concerns.’ So we do anticipate that if this was to lapse, the vast majority of private sector information sharing would shut down just due to legal risk.”

A common expectation among watchers is that Congress is likely to pass a short-term extension that would be attached to an annual spending bill known as a continuing resolution before the end of the current fiscal year, which also is tied to the end of September. But that still gives lawmakers a short window, and even if a short-term extension passes, Hill appropriators are likely to be impatient about a long-term extension and unwilling to aid any extension past the end of December.

Senate Homeland Security and Governmental Affairs Chairman Rand Paul, R-Ky., said last month that he intends to hold a markup of CISA 2015 extension legislation in September. A critic of the Cybersecurity and Infrastructure Security Agency over allegations that it pushed social media outlets to censor election security and COVID-19 data — allegations that then-CISA leaders denied — Paul said he wants to include language in any extension prohibiting the agency known as CISA from censorship.

The new leader of the House Homeland Security Committee, Andrew Garbarino, R-N.Y., also has said reauthorization is a priority, but wants to make other changes to the law as well.

“Reauthorizing the Cybersecurity and Information Sharing Act is essential as the deadline nears and as threats evolve,” Garbarino said in a statement to CyberScoop. “The House Committee on Homeland Security plans to mark up our legislative text for its reauthorization shortly after Congress returns from recess in September. In a 10-year extension, I will preserve the privacy protections in the law, and I aim to provide enhanced clarity to certain pre-existing provisions to better address the evolving threat landscape.”

Separate from the 2015 law, the Justice and Homeland Security departments have issued and updated legal guidance pertaining to cyber threat information sharing that sector-specific information sharing and analysis centers say undergird exchanges from company to company.

But a Supreme Court decision last year about federal regulatory authority could cast a shadow over that guidance should CISA 2015 expire, warned Michael Daniel, leader of the Cyber Threat Alliance. Furthermore, a failure from Congress to act could send a message to courts.

“A lack of congressional action to positively reauthorize private entities to monitor their networks, deploy defensive measures, and share information ‘notwithstanding any other provision of law’ introduces uncertainty about sharing information that could trigger certain criminal laws, such as the Computer Fraud and Abuse Act or the Stored Communications Act, or could violate antitrust laws when participating in collective cyber defense,” he recently wrote. “In short, the resulting uncertainty would reduce the amount of sharing that occurs, reintroduce friction into the system, and inhibit the ability to identify, detect, track, prepare for, or respond to cyber threats.”

Daniel told CyberScoop some of those discussions about expiration fallout are hypothetical at this point, but legal experts have told him they are realistic. 

Trump administration officials and nominees have said they support reauthorization of the 2015 law. There are links to its recent artificial intelligence action plan, which calls for establishment of an AI-ISAC.

“One of the things that we’ve heard the administration say loud and clear about their approach with the [AI] action plan is that they were thinking about what they could do within their existing authorities,” Shuart said. “CISA 2015 is an important existing authority for the action plan to be successful.”

Still, the future of the 2015 law is uncertain.

‘There’s a lot of people kind of searching around for how to do this. I really couldn’t say I know that there’s a consensus,” said Larry Clinton, president of the Internet Security Alliance. “I know that there are people working in multiple different committees — Homeland Security, Armed Services, Appropriations, Intel — who are trying to figure out how to do this. And that’s a good thing, because we want all that support. It’s also a troubling thing because we wind up with too many cooks in the kitchen, and it’s harder to get things done without a consensus on the specifics of what needs to be done, given the tight timeline.”

The post Here’s what could happen if CISA 2015 expires next month appeared first on CyberScoop.

The Senate voted to confirm Sean Cairncross as national cyber director Saturday, giving the Trump administration one of its top cyber officials after a more than five-month process.

The vote was 59-35.

President Donald Trump nominated Cairncross on Feb. 12. The Senate Homeland Security and Governmental Affairs Committee held a hearing on his nomination in early June, then voted to advance him that same month.

“I want to thank President Trump for this opportunity. It is an incredible honor to serve our country and this President as the National Cyber Director,” Cairncross said in a written statement. “As the cyber strategic environment continues to evolve, we must ensure our policy efforts and capabilities deliver results for our national security and the American people. The United States must dominate the cyber domain through strong collaboration across departments and agencies, as well as private industry. Under President Trump’s leadership, we will enter a new era of effective cybersecurity policy.”

At his hearing, Cairncross said he’d be focused on policy coordination. He fielded questions from senators about his lack of cyber experience, the biggest cyber threats, cuts to federal cybersecurity personnel and more.

Cairncross has held leadership positions inside and outside of government where there’s been a tenuous connection to cybersecurity. He served as CEO of the Millennium Challenge Corporation, a foreign aid agency, in the first Trump administration, along with roles in the White House. He’s also a former top official at the Republican National Committee.

Despite that, Cairncross has the vocal support of a number cyber experts and past government cyber officials

The Senate vote on Cairncross slots one more cyber leader into the Trump administration.  Alexei Bulazel has taken the job of top cyber official with the White House’s National Security Council, and Brett Leatherman is in the top cyber position at the FBI.

Trump has nominated Sean Plankey to serve as director of the Cybersecurity and Infrastructure Security Agency, and the Senate Homeland Security and Governmental Affairs Committee voted 9-6 last week to move his vote to the floor, although Sen. Ron Wyden, D-Ore., has placed a hold on the nomination pending the release of a telecommunications cybersecurity report.

Trump has displaced the joint head of U.S. Cyber Command and the National Security Agency, and hasn’t settled yet on who will take over.

There’s a backlog of Trump nominees that Cairncross got caught up in prior to the floor vote Saturday.

Updated, 8/3/25: to include statement from Cainrcross.

The post Senate confirms national cyber director pick Sean Cairncross appeared first on CyberScoop.

As the Trump administration has sought to muscle through changes to election laws and rules across the country, Democrats in Congress have steadily escalated their concerns about the potential for disenfranchisement.

At a public forum Wednesday held by Democratic lawmakers focused on elections and voter suppression, Sen. Alex Padilla, D-Calif., ranking member on the Senate Committee on Rules and Administration, issued a blunt charge at the White House and its Republican allies.

“Their goal is to amplify their false narrative of insecure elections to justify their power grabs and to make it harder to register to vote, to stay on the polls and to actually cast your ballot,” Padilla said.

Padilla was one of several Democrats and witnesses who accused Republicans — who did not participate in the forum — of inflating concerns about noncitizen voting to justify legal and legislative challenges to swaths of votes, sometimes based on minor paperwork errors that took place decades ago.

One of the Democrats’ key witnesses was Allison Riggs, the Democratic North Carolina State Supreme Court Justice who had her narrow, 734-vote victory last year challenged in court by her Republican opponent Jefferson Griffin.

Griffin and state GOP officials ultimately challenged 65,000 votes in four counties as illegal, including those belonging to people who didn’t have driver’s licenses or Social Security numbers on file and overseas voters. The challenge involved only voters in four Democratic-leaning counties, and only for Riggs’ race. It did not challenge those voters’ choices for the U.S. presidential and North Carolina gubernatorial elections.

A winding court battle saw Riggs spend more than $2 million in court costs to prove that her tabulated lead — which survived two recounts — was legitimate. While a federal court eventually intervened to declare Riggs the winner, she told lawmakers that “we came perilously close to watching our systems of rules-based elections crumble before our eyes” as state courts initially validated Griffin’s argument.

“Our state appellate courts were willing to give credence to the argument that the rules of an election could be changed after the election, to change the election outcome,” Riggs said.

She said she sees the legal battle over voter eligibility in her race as a blueprint for how similar challenges could be made in future elections.

“The precedent in my case is at the district level,” Riggs said. “We were prepared for it to go all the way [to the Supreme Court.] I think it is still likely [to happen again] absent our collective willingness to recognize this threat and take the appropriate steps.”

Janessa Goldbeck, CEO of the Vet Voice Foundation, which runs one of the largest voter outreach programs for military veterans and families, said many of the North Carolina voters who had their ballots flagged as suspicious in lawsuits from Griffin’s campaign and the Trump Department of Justice were members of the military serving overseas who followed state laws.

Riggs noted that her own parents were among the group of voters who had their eligibility questioned in Griffin’s legal challenge, emphasizing that her father initially registered decades ago using his military ID and has shown a valid ID during every election he’s voted in.

“President Trump has publicly attacked these ballots and pushed conspiracy theories about them,” Goldbeck said, in addition to disparaging those who registered through laws like the Uniformed and Overseas Citizens Absentee Voting Act as taking advantage of a “voting loophole.” 

She also said current legislation being considered by Congress, like the SAVE Act, would require military voters and their families to register to vote in person using a passport, something that would be impossible for many people deployed overseas. 

Some observers have worried the Trump administration and GOP may be seeking to redefine how certain classes of voters and ballots are considered and handled by states and courts, chiefly by shifting the burden of proof away from the government and onto individual voters when it comes to validating citizenship.

The Trump administration and Republicans have justified such changes as necessary to ensure American elections aren’t tainted by noncitizen voting. Experts and post-election audits largely refute those charges, but GOP boosters have argued that even one noncitizen voting in a U.S. election is too many. 

In particular, they’ve pointed to the administration’s changes to the Systemic Aliens Verification for Entitlements (SAVE) database managed by the U.S. Citizenship and Immigration Services. Those changes include allowing states to search using Social Security numbers and to conduct “bulk” queries that can be matched against various state and federal databases.

Just how USCIS and state election officials use this information when identifying voters for potential removal from state voter rolls remains to be seen — and experts say the amount of time and assistance states provide to help voters cure any paperwork problems will be critical. A brief by the Fair Elections Center this week questioned the accuracy of using Social Security numbers to validate citizenship information of voters, noting the Social Security Administration didn’t even start requiring such information for applicants until 1972.

According to VoteBeat, David Jennings, the technology and policy lead for SAVE at USCIS, reportedly told state officials at an Oklahoma conference that the agency doesn’t share SAVE data with Immigrations and Customs Enforcement or other agencies. He described SAVE as a “tool” for states to use when making decisions around a voter’s registration status, not the sole criteria.

The administration is also suing states, sending them information requests and working with cooperative ones to build a massive query system across state data streams that experts say is likely to sweep in far more eligible voters and ballots than noncitizens registered to vote.

Justin Levitt, a professor at Loyola Law School in Los Angeles, described these data requests as “either illegal or [an] attempt to effectuate illegal acts” that violate the U.S. Privacy Act of 1972, which prohibits federal agencies from collecting and sharing large amounts of personal information on Americans.

Meanwhile, policy blueprints like Project 2025 propose “in plain view, a monstrous abuse of DOJ authority, pursuing faceless persecutions of elections officials” that mirrors the White House’s ongoing efforts to impose its will on state and local election rules, Levitt said.While most judges are pushing back, and election officials are largely standing firm in most states, Levitt worries that they will have to carry out their duties securing U.S. elections “despite, not alongside, our federal government.”

The post Senate Democrats call Trump admin’s focus on state voter rolls a pretext for disenfranchisement appeared first on CyberScoop.

As the Department of Homeland Security seeks to transform a federal database for immigrant benefits into a supercharged database to search for noncitizen voters, a trio of Democratic senators are pressing the department for more information.

Sens. Gary Peters, D-Mich., Alex Padilla, D-Calif., and Jeff Merkley, D-Ore., wrote to Homeland Security Secretary Kristi Noem on Tuesday posing a series of questions around the department’s overhaul of the Systemic Alien Verification for Entitlements (SAVE) database.

“States and nonpartisan voter advocacy organizations have expressed concerns with using the SAVE program as a standalone tool to determine voter eligibility without adequate safeguards,” the senators wrote. “In particular, there are concerns that data quality issues may cause state and local officials who rely on the program to receive false positives or incomplete results.”

The lawmakers’ comments echo many of the same concerns around SAVE that election officials and experts expressed to CyberScoop last month. For a variety of reasons — including SAVE’s clunky history, the fluid nature of immigration status and differing state data streams — the potential is high for the system to return false positives.

Further, the Trump administration has already attempted to force states to adopt White House policies around “proof of citizenship” requirements before sending them federal voter registration files. A federal judge ruled parts of that order were unconstitutional, and the administration is appealing. 

One concerning scenario is that if the administration pushes states to use SAVE to update and maintain their voter rolls, many registered voters could be removed for lacking documentary proof of citizenship.

While a number of post-election audits and investigations have determined that noncitizen registration and voting is rare to nonexistent, it has also found that millions of eligible voters lack the kind of identification that the Trump administration is pushing.

The administration has been filing lawsuits and sending letters to states alleging that their voter registration policies are out of step with the Help America Vote Act, which provide funding to states for election security investments.

If successful, it could force millions of voters to obtain these credentials or lose their voting rights, all without the administration ever actually showing evidence that noncitizen voting is happening en masse.

The Democratic senators note that DHS and U.S. Citizenship and Immigration Service have not briefed Congress or state and local election officials about the changes, but they have held meetings with prominent election denier groups like the Election Integrity Network, according to reporting from Democracy Docket.

Much of the work on SAVE is happening outside of public view, with little transparency.. USCIS has declined or not responded to interview requests from reporters seeking additional details about the SAVE overhaul or how it will ensure accurate results.

“Public transparency and assurances that the Department is appropriately protecting citizens’ rights, including privacy, is extremely important,” the lawmakers wrote. “Unfortunately, DHS has not issued any of the routine and required documentation about the program’s operations and safeguards or issued any public notice or notice to Congress.”

The senators are requesting a briefing for the Senate Homeland Security and Governmental Affairs and Rules and Administration committees, while turning over any materials shared with groups like the Election Integrity Network.

The post Senate Democrats seek answers on Trump overhaul of immigrant database to find noncitizen voters appeared first on CyberScoop.

Former White House national security adviser Mike Waltz brushed aside criticisms Tuesday that he put sensitive military operations at risk by holding discussions about military strikes in a Signal group chat, claiming the app’s use was authorized by the federal government’s top civilian cyber agency.

In a Senate Foreign Relations Committee hearing, Waltz — who has been nominated to represent the U.S. at the United Nations — was pressed about his short tenure as President Donald Trump’s top national security official. In particular, he was grilled by Sen. Chris Coons, D-Del., for his use of the end-to-end encrypted messaging application Signal to coordinate with other officials over airstrikes on Houthi rebels.

While much of the initial attention was focused on Waltz adding journalist Jeffrey Goldberg to the chat, national security experts were also aghast by  government officials at the highest levels coordinating highly sensitive military operations using a free application.

The incident is widely viewed as contributing to Waltz’s departure just months after leaving Congress to take the role, and his subsequent shuffling to a new nomination at the U.N.

Coons referenced Waltz’s long background of public and military service, arguing he should have known better.

“In your role in the Army, in the House, as national security adviser, you have long handled classified and highly sensitive information. We both know Signal is not an appropriate, secure means of communicating highly sensitive information,” Coons said.

But Waltz was defiant in his response, not only insisting that classified information wasn’t involved — the chats involved detailed descriptions of targets, timing, aircraft and munitions that would be used — but that his use of Signal had been “driven by and recommended by the Cybersecurity [and] Infrastructure Security Agency.”

“The use of Signal is not only … authorized; it was recommended in the Biden-era CISA guidance,” he said.

Waltz was referencing a piece of 2024 guidance put out by CISA on mobile security. He later read from a portion of the guidance, which recommended using “only end-to-end encrypted communication” and to “adopt a free messaging application to secure communications that guarantees end to end encryption, particularly if you are a highly targeted individual, such as Signal or other apps.”

CISA is the federal government’s top civilian cyber agency, but has no legal authority over U.S. military or Department of Defense operations. It’s not clear why Waltz believed that voluntary guidance from the agency — which was directed to the broader public following news that the Chinese hacking group Salt Typhoon had penetrated U.S. telecommunications infrastructure — would cover sensitive military operations overseen by the White House and DOD.

A request for comment sent to CISA was not returned at press time.

Waltz further claimed that the incident was subject to investigations by the White House and DOD. While the DOD investigation is still ongoing, he said the White House review cleared him of any wrongdoing, concluding that “the use of Signal was not only authorized, it’s still authorized and highly recommended.”

Signal is considered the gold standard for end-to-end encrypted communication apps, and cybersecurity experts broadly endorse its use for a range of parties and scenarios. But the highest levels of the U.S. government and military are exceptionally valuable targets that are routinely targeted by the most advanced hacking groups and foreign intelligence services around the globe. Further, additional reporting identified that Waltz was relying on an insecure third-party clone of Signal called TeleMessage.

The DOD has multiple classified systems and Secure Compartmentalized Information Facilities (SCIFs) that are designed to secure classified or sensitive military discussions.

Coons retorted that he was “hoping to hear from you that you had some sense of regret over sharing what was very sensitive, timely information about a military strike on a commercially available app,” arguing that there have been “no consequences” for the incident.

In response to questions submitted to the White House about the investigation into Waltz and current policy on the use of Signal, spokesperson Anna Kelly responded:
“As we have said many times, Signal is an approved app for government use and is loaded on government phones. Mike Waltz will make an outstanding US Ambassador to the United Nations.”

Sen. Tim Kaine, D-Va., questioned how Waltz could claim no classified information was shared when there are separate ongoing investigations by DOD and Air Force into Secretary of Defense Pete Hegseth for his role in the chat.

“They certainly haven’t reached any conclusion that classified information wasn’t shared,” Kaine said. “Am I wrong about that?”

Waltz said he couldn’t comment on ongoing investigations but echoed previous congressional testimony from Hegseth that no names, targets, locations, units, routes, sources or methods were shared in the chats.

The post Waltz brushes off SignalGate questions, points finger at CISA  appeared first on CyberScoop.