Illinois Rep. Delia Ramirez is taking over as the top Democrat on the House Homeland Security panel’s cybersecurity subcommittee, replacing former Rep. Eric Swalwell after his resignation.

Committee Democrats approved the change Tuesday at a meeting prior to a “shadow hearing” without the GOP majority, focused on protecting elections from Trump administration interference.

Ramirez first won election to Congress in 2022 and was reelected in 2024. She has served as the vice ranking member of the committee since 2023. She is now the ranking member of the Subcommittee on Cybersecurity and Infrastructure Protection.

She has leveled criticisms during committee hearings about the Trump administration’s personnel cutbacks at the Cybersecurity and Infrastructure Security Agency, and was critical of how data was secured under the administration’s Department of Government Efficiency initiative led by Elon Musk.

“Under a Musk and Trump presidency, it’s clear that the security of Americans’ information is not a priority. I mean, a private civilian with no security clearance bullied his way into the Treasury, set up private servers, and stole sensitive information from an agency. If that isn’t a national security crisis, a cybersecurity  crisis –then I don’t know what is,” Ramirez said at an early 2025 hearing. “The true threat to our homeland security is ‘fElon’ Musk, Trump, and their blatant misuse of power to steal information and coerce employees to leave agencies.”

She cosponsored legislation last year meant to strengthen the cybersecurity workforce by promoting measures to help workers from underrepresented and disadvantaged communities to join the field.

But she also had criticisms of U.S. cybersecurity under the Biden administration, including of Microsoft’s role in the SolarWinds breach.

In a statement about her appointment Tuesday, Ramirez took aim at at Trump, Vice President JD Vance, Department of Homeland Security Secretary Markwayne Mullin and White House homeland security adviser Stephen Miller.

“It’s clear that the security of our communities’ information, federal networks, and critical infrastructure have not been priorities” under them, she said. “Between the security failures of DOGE, the abuses of immigrant families’ data, and the decimation of CISA’s workforce and resources, Republicans have demonstrated a lack of interest in safeguarding our nation’s cybersecurity and our residents’ civil rights and privacy. In neglecting necessary oversight, Republicans have deregulated emerging technologies, allowed bad actors to profit from violations of our civil rights, and consented to the weaponization of government systems. It is more critical than ever that we assert our Congressional authority and disrupt the blatant corruption making us all less safe.”

Swalwell left the position following his resignation from Congress as a representative from California amid allegations of sexual misconduct.

Her ascension completes a full leadership turnover for the subcommittee. Rep. Andy Ogles, R-Tenn., took over the gavel late last year after former chairman Andrew Garbarino, R-N.Y., took over as chairman of the full committee.

The subcommittee is set to hold a hearing Wednesday on CISA and its role as the sector risk management agency for a number of critical infrastructure sectors.

Updated 4/28/26: to include comment from Ramirez.

The post Rep. Delia Ramirez takes over as top House cybersecurity Dem appeared first on CyberScoop.

The U.S. government shouldn’t rigidly stick to traditional designations about which agency takes the lead on engaging with critical infrastructure sectors, the acting director of the Cybersecurity and Infrastructure Security Agency said Tuesday.

Sector risk management agency designations have long governed which agency is at the forefront of government efforts to protect each of the 16 critical infrastructure sectors, with CISA responsible for eight of them.

“When we look at our sector risk management agency construct, that’s important for a lot of reasons, It’s less important to abide by that strictly and say ‘CISA is the Sector Risk Management Agency for telecommunications,’” CISA’s Nick Andersen said at an event hosted by Auburn University’s McCrary Institute.

Rather, when responding to cyber incidents or undertaking other engagements with the private sector, the question should be who has the best relationship with a certain sector.

“We may have some owner-operators within a certain critical infrastructure sector that maybe the person they’re best positioned to receive resources from is us, or maybe it’s [Department of] Energy, or maybe it’s EPA, or maybe it’s FBI or NSA, or so forth and so on,” he said. “We just have to be comfortable with taking off those blinders and saying, ‘I don’t necessarily need to be in charge all the time no matter who I am. I just need to make sure that this owner-operator has the best partner teed up to lead that engagement.’”

The goal is to avoid another “Guam situation,” where “everybody was racing to Guam the last couple of years like kids chasing a soccer ball,” Andersen said. Guam was the site of critical infrastructure attacks on U.S. military bases that Microsoft pinned on the Chinese hacking group Volt Typhoon in 2023.

An attack on the telecommunications sector from another “Typhoon” group, Salt Typhoon, prompted questions about whether CISA’s hands are too full with all of its sector risk management agency responsibilities. House Homeland Security Chairman Andrew Garbarino, R-N.Y., raised concerns last year about how CISA handled its sector risk management agency role for the telecommunications sector after the Salt Typhoon campaign was uncovered.

The post CISA official advises agencies not to get too hung up on who takes lead in critical infrastructure sectors appeared first on CyberScoop.

“Decimated.” 

“Amateur hour.”

“Pretty much fallen apart.”

“It’s really hard to find something positive to say right now.”

It’s been a little more than one year into the second Trump administration, and there’s a large consensus, if not total unanimity, among those who have worked with and for the Cybersecurity and Infrastructure Security Agency: It has suffered significantly during that time. 

CISA has lost roughly a third of its personnel and shuttered entire divisions. Observers across the political spectrum told CyberScoop for this story that even on its core missions, like coordinating with industry and protecting federal networks, the agency is significantly diminished.

Many sources that spoke with CyberScoop did so under the condition of anonymity, in order to be more candid or avoid retribution. They told CyberScoop that CISA’s biggest problems, and their consequences, include:

• Trump’s ire over the 2020 election results has led to the agency being deprioritized within the administration. Congress has yet to approve the administration’s permanent pick to lead the agency, Sean Plankey, and lawmakers have failed to do other things to strengthen it. 
• CISA’s capabilities have been significantly diminished by the loss of personnel, expertise and programs. 
• In the absence of a permanent leader, Acting Director Madhu Gottumukkala has struggled to lead the agency. “I don’t think anybody would argue he’s doing a great job,” one industry source said.
• Organizations that previously turned to CISA for help now seek alternatives, like industry alliances, outside consultants or government-to-government partnerships.

Where to assign blame varied from source to source. Most criticized both the administration and Congress, though some faulted one more than the other.

Some see bright spots in CISA under the current administration. And while many are pessimistic about the agency’s future, others expressed optimism.

But the first year reviews are not glowing.

“Year one was a tough year for the agency,” said House Homeland Security Committee Chairman Andrew Garbarino, R-N.Y. He noted that a “lot of the best and brightest have left the agency,” though he expressed optimism about Plankey’s ability to turn CISA around. “The amount of cyberattacks that our nation is seeing every day, both on the private side and on the federal government side — you want your best people there fighting against it, and if they’re somewhere else, it definitely leaves us all vulnerable.”

Said Mississippi Rep. Bennie Thompson, the top Democrat on Garbarino’s panel: “It’s tough to have a robust entity when you cut the money…we are weaker because of CISA’s lack of manpower.”

When priorities shifted

Trump has harbored animosity toward CISA since 2020, when it contradicted his false claims related to widespread electoral fraud. He and his allies built on that animosity, recommending in Project 2025 that the agency be dismantled, divided by its core responsibilities, and farmed out to other federal agencies. 

“There was uniquely a target on its back,” said one CISA official who left in 2025. That hostility came from some Republicans in Congress, especially Kentucky Sen. Rand Paul, who chairs the Senate Homeland Security and Governmental Affairs Committee.

Said Thompson: “CISA wasn’t politicized for the most part, until the Trump administration came along and accused them of somehow contributing to his [election] loss.”

CISA has lost substantial personnel, including veterans and whole teams. Some employees were transferred to other divisions in the Department of Homeland Security. Election security was quickly cut. Two information sharing and analysis centers (ISACs) that serve state and local governments lost funding. A division coordinating with foreign governments, businesses and state and local governments was effectively closed.

The agency has lost senior leaders in programs like counter-ransomware initiatives, threat hunting and secure software development. Contracts for things like detecting threats in critical infrastructure networks, tracking vulnerabilities and collaborating with industry teetered, albeit sometimes only temporarily. 

DHS has unraveled multiple programs in which CISA plays a key role, such as by dismissing members of the Cyber Safety Review Board and disbanding the Critical Infrastructure Partnership Advisory Council. Congress has lurched between letting both a key state and local cyber grant program and a cyber threat information sharing law lapse and temporarily re-upping them.

The departures and program changes likely haven’t ended, either. 

“It’s not a very harmonious place right now,” said one industry source. “I hear from people that are looking to leave.” Former CISA employees say those who remain either believe strongly in the mission, or are simply keeping their heads down until retirement from federal service.

“People I talk to say the morale is really low,” said James Lewis, distinguished fellow with the tech policy program at the Center for European Policy Analysis think tank.

CISA and DHS officials routinely say the changes are designed to get the agency “back on mission.” Lewis, industry officials and others say CISA probably never needed to get involved in combatting misinformation and disinformation, roles that rankled some conservatives, but the agency largely halted that work prior to Trump returning to office.

Some saw duplication and redundancy at CISA as legitimate problems. “I did see overlap between who was actually doing policy and who was actually doing the operational work,” said Ari Schwartz, managing director of cybersecurity services at the law firm Venable and a former Obama administration cybersecurity official.

It was not that long ago when CISA experienced quick budget growth, particularly after its establishment in 2018.

“As with any organization, the first few years are growth years and after a while, the agency needed to reevaluate how it was operating and meeting its statutory authorities,” said Kate DiEmidio, who formerly served as the agency’s director of legislative affairs and acting chief external affairs officer. “There was a need for the agency to refocus.”

Even among those who saw the need for change at CISA, though, many saw the Trump administration as going way too far. “CISA needed surgery,” Lewis said, but “what it needed was surgery with a scalpel, not a sledgehammer.” He added, “Not only is the White House hostile to CISA, but cybersecurity isn’t a priority for them.”

A question of capacity

The cuts have created real-world consequences for cybersecurity coordination. Former officials and industry partners describe broken relationships, unanswered requests for help and serious questions about whether CISA can handle a major crisis. The coordination and engagement that defined the agency’s approach have largely diminished.

The end result is that “they’ve dismantled all of those capabilities in units within government,” said Caitlin Durkovich, a former DHS official in the Obama administration and White House official in the Biden administration. She recently started a firm with former top CISA official Jeff Greene that offers services CISA has scaled back, such as security assessments.

“It’s been really hard to watch,” Greene said, how CISA has been working with the private sector and local governments on “developing a level of trust that is weakening or gone.”

One industry source said they used to meet regularly with top officials, but now can’t get a response. “We’ve got really good engagement elsewhere in government. We really would like the opportunity to do the same thing with CISA,” they said. “Some of the trust that had been built up has been eroded.”

Thompson said the biggest losses have been in election security and secure-by-design, areas where his staff says personnel has been “decimated.”

Said another industry source: “I do feel like that when people, if organizations, want to reach out to CISA, it’s not clear who’s there… If we got into a major conflict, let’s say, with China, and they start triggering Volt Typhoon-related malware, are we organized and ready to roll? I don’t think so.”

Another former CISA official described the current situation as a “lack of capacity,” especially when it comes to coordinating with state and local governments and others on a regional basis.

“A bunch of regions are really grappling with the loss of really key personnel who were the ones that were establishing and maintaining these relationships, and really trying to build the trust between the agency and the private sector, and especially in critical infrastructure,” they said. “Not having as many people to help do that national coordinating function that CISA is supposed to do is a real issue.”

They also said there are fewer people working in “flagship programs” like secure-by-design and developing regulations for the landmark Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA). “People are overstretched,” they said. “They’re not doing all the things that they could or should be doing, or want to be doing, and I think that you see evidence of that with talk from the private sector and their inability to to reach people and to get help “

Schwartz said he worries about when “an incident happens, do they have the people to go in, go to the states, go locally, and really do the work that’s needed, as they did in the past? Because they’ve lost some of that ability.”

Lewis said that “overall, the impression is it’s a much weaker entity than it was a year ago.”

“Their power was in their ability to act as a focal point, to coordinate, to bring people together, and just the publication of vulnerabilities and some of the things they were starting to get into in the previous administration were big steps forward that’s been diminished because they don’t have the people now,” he said. “So a smaller organization, that’s just not going to be as powerful.”

State and local governments say they’ve lost critical connections with CISA, saying they’ve had to turn to one another to fill the gaps.

“We’re asking states to do a job they’re not resourced to do, while weakening the one federal agency designed to help them,” said Errol Weiss, chief security officer at the Health-ISAC. “This is precisely where you do need a strong, centralized federal security function. We already have a national shortage of cybersecurity experts, and you can’t just replicate that expertise 50 times over.”

Overall, Weiss said industry partners have felt the lack of outreach from the agency. “Fewer touchpoints, fewer briefings, fewer problem‑solving calls,” he told CyberScoop, adding that there’s “a growing perception that CISA is being hollowed out where it matters most to industry: stakeholder engagement, collaborative forums, and operational support during incidents.”

Rob Knake, a former top Biden administration official, recently said that “CISA as an organization has pretty much fallen apart.”

Leadership in limbo

One near-universal sentiment is that as Sean Plankey’s leadership nomination drags in the Senate, the agency is worse off.

“We need to start this year off right, and we’re already in February and can’t get Plankey confirmed,” Garbarino said. “There’s nothing better than having a Senate-confirmed person running the show.”

The acting director has also faced criticism beyond the operational issues. Gottumukkala, who served as South Dakota’s chief information officer under Kristi Noem before she became DHS secretary, has faced fire from both parties for his stewardship.

A string of embarrassing stories have emerged about Gottumukkala, from the tale of him failing a polygraph test and seeking to oust those who administered it; to his reported attempted ouster of veteran agency CIO Robert Costello; to his reported uploading of sensitive contract data to ChatGPT. DHS has defended Gottumukkala amid those revelations.

Reading stories like that, “It just sounds like amateur hour,” said one former CISA employee.

“I don’t think he’s up to the task. I believe that he’s not the best person, and I think he is just somebody the secretary likes, because they both are from South Dakota.” Thompson said. “I don’t know anybody before this administration who would be in sensitive areas and not have passed minimal standards like the polygraph.”

The ChatGPT story drew concern from the right by Senate Judiciary Chairman Chuck Grassley, R-Iowa, as well as from conservative figure Laura Loomer (the latter of whose remarks were racially tinged). Others were more perturbed by the lie detector story.

“When you have security issues with someone in a leadership position, you should find another place for them to go,” said a former Trump administration national security official. “There are plenty of competent people in DHS, in CISA, who could hold things together until Sean Plankey gets there. There are lots of serious things CISA needs to be working on right now. This is a drag on that. It’s not a place where you want any type of friction at the top.”

Garbarino was more generous, noting Gottumukkala’s technical background. DiEmidio also noted Gottumukkala’s technical skills. But Garbarino and Nevada Rep. Mark Amodei, the GOP chairman of the House Appropriations Subcommittee on Homeland Security, have been seeking CISA’s organizational plans to no avail.

“I don’t think he’s intentionally lying to us by saying there’s no reorg plan,” Garbarino said. “But there’s got to be some reasoning behind all these moves, moving the people around, or layoffs or whatever. I want to give him the benefit of the doubt that he is the technical guy that has been given a non-technical job to do.”

Schwartz and some others largely blame Congress for CISA’s current woes, since they haven’t approved Plankey as a full-time, permanent leader. “A lot of the issue is the fact that just doesn’t have the leadership to be able to participate in senior-level discussions,” he said.

What’s left to build on

Despite myriad complaints, many observers still see value in the current iteration of CISA. Some are hopeful about its ability to rebound, too.

CISA says it’s still devoted to its missions. The agency published a 2025 year-in-review about its accomplishments.

“CISA remains steadfast in its mission to safeguard the systems Americans rely on by strengthening federal network defenses, empowering businesses, and fortifying critical infrastructure nationwide,” Gottumukkala said in a statement to CyberScoop.

Moving forward, “we will deepen collaboration with trusted partners, prioritize highly skilled technical professionals, and direct resources for maximum impact—accelerating innovation, operational coordination, and workforce right-sizing to reduce long-term risks while maintaining strong industry partnerships and cost efficiency,” he said. “The CISA leadership and workforce remains committed to this mission despite a small minority who are upset that accountability and reform have come to the agency.”

It’s a message Gottumukkala recently delivered to Congress. “He tried to give the impression that we haven’t lost any capacity,” Thompson said. “I wasn’t impressed.”

Others said CISA is still carrying out many of its old tasks, such as issuing public alerts on vulnerabilities and threats.

“There’s still some good reporting coming out,” Greene said. “But what I can’t know is the volume of what they can put out versus what they used to be able to put out.”

Weiss said “CISA still has tremendous value in areas only the federal government can truly provide: national‑level visibility, cross‑sector coordination and the ability to marshal resources across agencies in a crisis.” But it’s not clear whether CISA can rise to the occasion like it did during the 2024 Change Healthcare crisis.

“All of this means it’s more important than ever for the private sector to take the initiative,” he said. “Critical infrastructure owners and operators cannot assume the federal government will have the capacity to step in the way it once did.”

Weiss and others also said that CISA has refocused on federal networks, but others, such as Lewis, said it’s also diminished there. “That’s their primary mission, and they don’t have the policies or the bodies to do that,” Lewis said.

Garbarino and a number of industry sources say they’re encouraged by the idea that the Trump administration could write less onerous regulations for CIRCIA, with an earlier draft drawing bipartisan and industry criticism.

A Senate-confirmed leader could further brighten the agency’s prospects, many agree. “They still have some good talent there. It’s not totally that we’ve lost everything there,” Schwartz said. “If you have leadership in there, then you can build it up.”

DiEmidio said some of the staff changes have made sense. Election security had more people than other sectors that needed the help, she said. 

“In some ways, I think the external attention to CISA’s mission in the media and with Congress was completely focused on one or two things, and the focus on the things that really matter, and the good work that CISA is doing got overshadowed,” she said. For the agency’s cybersecurity division and other cyber teams, “there were several incidents over the summer where those teams were incredible. They were working evenings, weekends.”

But many agree that rebuilding CISA’s workforce will be difficult.

The Trump administration has deliberately made working for the federal government challenging as a matter of policy. Russell Vought, head of the Office of Management and Budget, said before the election that the goal was to put federal workers “in trauma.” Morale at CISA has been particularly bad, they say. Periodic DHS shutdowns haven’t helped.

On the plus side for CISA, it’s a bad labor market, Lewis said.

Some of what CISA needs to do going forward is about managing expectations, said DiEmidio.

“What I would want to make sure is that CISA has a hiring plan in place to start hiring, especially in those key technical positions at all levels,” she said. “ I think you have to have an understanding that people are going to rotate in and out of government. Not everyone wants to stay in government long term and that’s okay.”

But there are some worries about CISA recruiting going forward. “Just the way they handle the departures, for a lot of folks, I don’t think it gives a lot of encouragement to individuals that ‘Hey, this is a great place to work,’” said one former DHS official.

The post Across party lines and industry, the verdict is the same: CISA is in trouble appeared first on CyberScoop.

The acting head of the Cybersecurity and Infrastructure Security Agency faced pointed questions from lawmakers Wednesday over CISA personnel decisions and staffing levels.

Members of the House Homeland Security Committee asked Madhu Gottumukkala about a reported attempt to fire the agency’s chief information officer, efforts to push out a large number of staff and whether CISA had enough people to do the job.

Gottumukkala at times sidestepped the questions, with the probing coming from both sides of the aisle. However,  Democrats exhibited deeper worries about the agency’s workforce and its ability to do its job.

Cutbacks at CISA after employees were “bullied into quitting” — among other methods of reducing CISA’s size — have “weakened our defenses and left our critical systems and infrastructure more exposed, and the American people more vulnerable,” said Rep. James Walkinshaw, D-Va.

Said Chairman Andrew Garbarino, R-N.Y.: “This committee supports the administration’s goal of aligning department [of Homeland Security] resources towards urgent homeland security priorities. At the same time, workforce continuity, clear leadership and mission readiness are essential to effective cyber defenses.”

The extent of those CISA personnel reductions was something lawmakers wanted Gottumukkala to be exact about in his answers.

The top Democrat on the panel, Mississippi’s Bennie Thompson, entered a chart into the hearing record that showed the number of personnel had fallen from 3,387 before President Donald Trump’s inauguration to 2,389 by the middle of December, or a loss of 998 people. Those figures aligned closely with the numbers Gottumukkala gave in testimony.

Under questioning from Thompson, Gottumukkala said CISA’s attrition rate was 7.5% last year, a figure he said was lower than most agencies. Gottumukkala said the agency has “the required staff” to do its work, but Thompson said he was still awaiting an expected letter from Gottumukkala on workforce needs and wanted a more precise number on current vacancies.

Gottumukkala also wouldn’t say whether the agency had carried out a study to determine whether its staffing was sufficient. In response to questions from Garbarino, Gottumukkala said there were no further planned organizational changes at CISA.

“We recognize that a disciplined mission requires the right workforce — not a larger one, but a more capable and skilled one,” Gottumukkala said in his opening remarks.

Democrats pressed Gottumukkala repeatedly on whether any CISA personnel had been reassigned to working on immigration enforcement, something he said hadn’t happened during his time at the agency, contradicting published reports to the country and a claim from Gottumukkala that Democrats said was false. The chart Thompson referenced showed 65 employees being reassigned out of CISA.

At times, GOP lawmakers gave Gottumukkala backing on CISA personnel numbers. Rep. Andy Ogles, who chairs the panel’s cybersecurity subcommittee, said, “You’re doing more with less, and you’re doing it more efficiently.” Republican appropriators recently released a homeland security funding bill that would cut CISA’s budget from nearly $3 billion to $2.6 billion.

Responding to a report that Gottumukkala had tried to force out Robert Costello, the agency’s CIO, Gottumukkala said individual agency personnel “decisions are not made in vacuum. It is a leadership-level [decision] at the highest levels, and we work according to how we see the roles fit.” 

Garbarino told reporters after the hearing that “ I don’t know whose decision it is making that personnel [move], but it was stopped, which is probably a good thing.”

Asked about a news story that he failed a counterintelligence polygraph test, Gottumukkala said that “I do not accept the premise of that characterization,” and any answer would have to be discussed in a closed hearing. Garbarino said he hoped an investigation into the polygraph incident would be settled soon.

Democrats repeatedly expressed frustration about Gottumukkala’s testimony. “You’ve managed to answer none of my questions,” Walkinshaw said.

Gottumukkala wouldn’t take questions from reporters after the hearing.

The post Lawmakers probe CISA leader over staffing decisions appeared first on CyberScoop.

With a little more than a month left before a foundational cyber threat information sharing law expires for a second time, Congress might have to do another short-term extension as negotiations on a longer deal aren’t yet bearing fruit, a key lawmaker said Tuesday.

House Homeland Security Chairman Andrew Garbarino, R-N.Y., said the problem with a long-term extension of the Cybersecurity Information Sharing Act of 2015, which provides legal protections to companies to share cyber threat data with the federal government and other companies, is that there are three different views about how to approach it.

The Trump administration and some in the Senate want a clean, 10-year reauthorization of the law, which Congress extended last month until Jan. 30 as part of the legislation that ended the government shutdown, after the information sharing law lapsed in October. But a reauthorization without any changes could run into House opposition, Garbarino said.

“I don’t know if I can get that passed in the House, with concerns from the Freedom Caucus,” he said at an event hosted by Auburn University’s McCrary Institute. The Freedom Caucus has had criticism of the Cybersecurity and Infrastructure Security Agency that is integral to implementing the 2015 law.

Senate Homeland Security and Governmental Affairs Committee Chairman Rand Paul, R-Ky., also has a version of the bill that focuses largely on language he said is needed to defend free speech. And Garbarino’s version takes yet another approach to tweaking the law.

“Unfortunately, I don’t think we’re close enough with the discussions on the Senate to get it to figure out which bill will pass and what will get done,” Garbarino said. That leaves another extension tied to any funding bill that replaces the legislation currently funding the government, which also runs through Jan. 30.

Garbarino said his committee also is working on other issues, like deconflicting federal cybersecurity regulations, the cyber workforce and responding to the Chinese hacking group Salt Typhoon breaching telecommunications networks.

A report on “regulatory harmonization” has been underway at the committee, he said. But that doesn’t mean he wants to roll all the rules back. Asked about the Federal Communications Commission voting to get rid of Biden administration-era rules put into place in response to the Salt Typhoon breach, Garbarino said, “I’m not sure I would’ve voted to get rid of some of the protections or the rules, but it wasn’t my vote.”

The committee has been probing the government’s response to Salt Typhoon, and recently sent another set of questions in the past two or three months after not getting satisfactory answers the first time, Garbarino said.

“We are working closely with the China Select Committee as to what legislatively we could move if there’s something,” he said. “We’re not there yet.” 

Rep. Sheri Biggs, R-S.C., has picked up the baton on cyber workforce legislation sponsored by Garbarino’s predecessor as chairman, and Garbarino said he expects there to be some changes to the bill.

And two House Homeland subcommittees are holding a hearing Wednesday on artificial intelligence and cybersecurity.

“I’ll tell you right now, with our adversaries, the way they’re going to use AI, we can’t defend with human intervention alone,” Garbarino said. “AI is going to have to be part of our cyber defense.”

The post Key lawmaker says Congress likely to kick can down road on cyber information sharing law appeared first on CyberScoop.

Legislation to end the federal government shutdown includes a provision that would extend an expired cybersecurity information sharing law through the end of January.

Extension of the Cybersecurity Information Sharing Act of 2015 is something industry groups have coveted since even before its sunset at the end of September. Previous attempts to extend it fell short amid the political battle over government funding.

Businesses and cyber experts say the law’s legal protections are vital to sharing threat data between companies, and between industry and the government. Now, with the extension language in the continuing resolution bill that also includes three short-term appropriations bills, Congress is poised to restore it to life, at least temporarily.

The Senate voted 60-40 on Sunday night to advance the legislation. It still would have to get a successful House vote and a signature from President Donald Trump.

If that bill becomes law, the House and Senate would have a short window to advance a more permanent solution. The respective leaders of the House Homeland Security Committee, Rep. Andrew Garbarino, R-N.Y., and Senate Homeland Security and Governmental Affairs panel, Rand Paul, R-Ky., have introduced bills that would take significantly different approaches to amending and extending the 2015 law.

The Trump administration has pushed for a 10-year extension without any changes.

Cyber observers say that a long-term lapse of the 2015 law could have dire consequences. But there’s been little sign thus far that its expiration in October has slowed threat information sharing.

Paul could present a hurdle to the overall continuing resolution bill, still.

The post Cyber information sharing law would get extension under shutdown deal bill appeared first on CyberScoop.

A Commerce Department office should investigate Chinese government-connected products in more than a dozen emerging industries for security threats, a group of House GOP committee leaders said in a letter they released Wednesday.

In the missive, the lawmakers said the Office of Information and Communications Technology and Services has the power to both investigate and restrict those products in areas like artificial intelligence and energy generation.

China, they wrote, has already demonstrated that it views information technology as a battlefield with its cyberattacks on the United States.

“A compromised power grid, an infiltrated telecommunications network, or a manipulated industrial control system can pose as great a threat as a kinetic military strike,” the House members said. “The fusion of digital capabilities with critical infrastructure has whittled away geographic borders, as connected infrastructure or products can be controlled or updated by entities in another country.

“Without a concerted effort to create a secure technology ecosystem from the very beginning of each supply chain, our adversaries will continue to exploit our dependence on their technology to undermine U.S. economic and military stability,” they continued.

The lawmakers signing the letter were House Homeland Security Chairman Andrew Garbarino of New York; Committee on China Chairman John Moolenaar of Michigan; Foreign Affairs Chairman Brian Mast of Florida, Intelligence Chairman Rick Crawford of Arkansas; and Bill Huizenga of Michigan, who chairs the Foreign Affairs Subcommittee on South and Central Asia.

Some of the industries and companies on the lawmakers’ list have already drawn attention from the U.S. government, including from the Commerce Department. For instance, the departments of Commerce, Defense and Justice reportedly opened investigations last year into the router-manufacturer TP-Link of China. More than a half-dozen agencies are said to support a ban on TP-Link Systems of Irvine, Calif., spun off from the Chinese company.

TP-Link Systems disputes allegations that it poses a national security threat.

Other products mentioned in the GOP members’ letter include industrial control systems, robotics, cameras, chip design software, drones and tools necessary for semiconductor production.

The Commerce Department did not immediately respond to requests for comment on the GOP letter. The government shutdown has led some agencies to stop responding to emails.

The Trump administration is in the midst of a prolonged and wide-ranging battle over trade with Beijing, one that includes potential curbs on exports to China made with U.S. software and Nvidia’s most advanced chips. Chinese-made products and their potential impacts on cybersecurity have sparked widespread concerns.

The post House GOP leaders seek government probe, restrictions on Chinese-made tech appeared first on CyberScoop.