A top Senate Democrat introduced legislation Thursday to extend and rename an expired information-sharing law, and make it retroactive to cover the lapse that began Oct. 1.

Michigan Sen. Gary Peters, the ranking member of the Homeland Security and Governmental Affairs Committee, introduced the Protecting America from Cyber Threats (PACT) Act, to replace the expired Cybersecurity and Information Sharing Act of 2015 (CISA 2015) that has provided liability protections for organizations that share cyber threat data with each other and the federal government. Industry groups and cyber professionals have called those protections vital, sometimes describing the 2015 law as the most successful cyber legislation ever passed.

The 2015 law shares an acronym with the Cybersecurity and Infrastructure Security Agency, which some Republicans — including the chairman of Peters’ panel, Rand Paul of Kentucky — have accused of engaging in social media censorship. As CISA 2015 has lapsed and Peters has tried to renew it, “some people think that’s a reauthorization of the agency,” Peters told reporters Thursday in explaining the new bill name.

“There are some of my Republican colleagues who have concerns about CISA as the agency, and I remind them, this is not about the agency,” he said. “It’s about … cybersecurity protections and the ability to have liability protections and to be able to share information. I’ve often heard the chair conflate the two, and I have to continually remind him.”

A House bill also would establish a different name.

Paul has objected to Peters’ attempts on the floor to extend CISA 2015. A shorter-term extension of the law was included in the House-passed continuing resolution to keep the government open, but that bill didn’t advance in the Senate, prompting a shutdown.

Peters’ latest bill, like earlier legislation he co-sponsored with Sen. Mike Rounds, R-S.D., would extend CISA 2015 for 10 years. He rejected the idea of trying to get a shorter-term extension until a longer-term extension could be passed.

“One thing that is very clear from all of the stakeholders is that they need long-term certainty when it comes to these protections, that you can’t operate with just a few-week-patch and then another few-week–patch,” Peters said. “That’s no way to run a business. That’s no way to run a sophisticated cybersecurity operation.”

Michael Daniel, leader of the Cyber Threat Alliance made up of cybersecurity companies, told CyberScoop that his organization hasn’t been affected by the lapse yet, but that’s partially because it’s an organization that was set up with the long term in mind, with a formalized structure that included information-sharing requirements  for members.

The lapse might also not immediately affect other organizations, he said, comparing it to the risks of the government shutdown underway.

“An hour-long lapse doesn’t really do very much, but the longer it goes on, the more you have time for organizations to say, ‘Well, maybe we need to reconsider what we’re doing, maybe we need to think about it differently,’” Daniel said. “The longer it goes on, you start having questions about, ‘Maybe this thing won’t get reauthorized down the road.’ And once you start questioning the long-term prospects, that’s when people start making changes in their behavior.”

Peters said he’s heard from organizations becoming increasingly nervous about the expiration, but didn’t want to comment on whether any had stopped sharing because that’s “sensitive information, important information, and our adversaries should know as little about what’s happening as possible.”

Peters said he wouldn’t comment on his deliberations with Paul, or comment on Paul’s motives for objecting to his floor maneuvers. Paul cancelled a planned markup of his own version of CISA 2015 renewal legislation in September that included language on free-speech guarantees under CISA the agency, with a spokesperson saying Democrats had requested more time and were “not negotiating in good faith.”

Peters told reporters that claim was “absolutely false … the problem is not on our end.”

The revised Peters legislation doesn’t touch on the topic of free speech. Democrats and Republicans have blamed one another for the government shutdown.

“Firstly, this authority will be turned back on when Democrats, including the bill sponsor, vote to reopen the government,” said Gabrielle Lipsky, a spokesperson for Paul. “The Senator has made it clear that a longer-term reauthorization will need robust free speech protections included.”

Peters said he had spoken to Senate Majority Leader John Thune, R-S.D., about getting the bill through Senate procedures. He and Rounds have both been speaking with colleagues to gain backing. The Trump administration also has been lobbying senators to support a CISA 2015 reauthorization.

“I’m confident that if this bill gets to the floor for a vote, it will not only pass, it will pass overwhelmingly,” he said. “And that’s what we’re working to do.”

The post Sen. Peters tries another approach to extend expired cyber threat information-sharing law appeared first on CyberScoop.

Voting rights groups are asking a court to block an ongoing Trump administration effort to merge disparate federal and state voter data into a massive citizenship and voter fraud database.

Last week, the League of Women Voters, the Electronic Privacy Information Center (EPIC) and five individuals sued the federal government in D.C. District Court, saying it was ignoring decades of federal privacy law to create enormous “national data banks” of personal information on Americans.

On Tuesday, the coalition, represented by Democracy Forward Foundation, Citizens for Responsibility and Ethics in Washington (CREW), and Fair Elections Center, asked the court for an emergency injunction to halt the Trump administration’s efforts to transform the Systematic Alien Verification for Entitlements into an immense technological tool to track potential noncitizens registered to vote. Until this year, SAVE was an incomplete and limited federal database meant to track immigrants seeking federal benefits.

“This administration’s attempt to manipulate federal data systems to unlawfully target its own citizens and purge voters is one of the most serious threats to free and fair elections in decades,” Celina Stewart, CEO of the League of Women Voters, said in a statement. “The League is asking the court to act swiftly to stop this abuse of power before it disenfranchises lawful voters. Every citizen deserves privacy, fairness, and the freedom to vote without fear of government interference.”

In an Oct. 7 court filing, the groups said an immediate injunction was needed to prevent permanent privacy harms due to the “illegal and secretive consolidation of millions of Americans’ sensitive personal data across government agencies into centralized data systems” through SAVE.

“While Plaintiffs’ Complaint challenges a broader set of Defendants’ unlawful data consolidation, Plaintiffs here seek emergency relief concerning one particularly harmful and urgent facet of Defendants’ conduct: their overhaul of the Systematic Alien Verification for Entitlements (“SAVE”) system,” the groups wrote.

In addition to SAVE, the lawsuit also claims the existence of “at least one other Interagency Data System that consolidates other data sources from around the government that might have information concerning immigrants into a centralized ‘data lake’ housed at” U.S. Citizenship Immigration Services.

Federal agencies collect massive amounts of data on Americans as part of their work, but the groups argue the 1974 Privacy Act and other privacy laws were explicitly designed to prevent the kind of large, centralized federal datasets on Americans the administration is putting together. Subsequent legislative updates in 1988 amended the Privacy Act to specifically prohibit the use of “computer matching programs” that compare data across different agencies without informing Congress or publicizing the written agreements between agencies.

“For decades, these protections have guarded against improper data pooling across federal agencies, preventing the government from building a potentially dangerous tool for surveilling and investigating Americans without guardrails,” the voting groups wrote. “Until now.”

As CyberScoop reported earlier this year, USCIS, along with the Department of Government Efficiency (DOGE), began merging SAVE data with other major federal data streams — including federal Social Security data — while removing fees and building in the technical capacity for states to conduct easier, bulk searches of voters against the database. The Department of Justice has sought voter data from all 50 states, with some cooperating and others refusing. Last month, the administration sued six states to force them to hand over voter data that would be used in SAVE.

Less than a week before the suit was filed, the Social Security Administration released a redacted copy of its information-sharing agreement with the Department of Homeland Security, which claims that “personnel have been directed to comply, to the maximum extent possible and permissible under law … taking into account federal statutory requirements, including the Privacy Act of 1974 … as well as other laws, rules, regulations, policies, and requirements regarding verification, information sharing, and confidentiality.”

Administration officials say the overhaul is needed to crack down on instances of noncitizen voting and other forms of voter fraud, but such fraud is exceedingly rare outside a handful of isolated cases, as numerous academic studies and post-election audits have proven.

DOGE officials were singled out in the lawsuit for particularly egregious violations, accused of embarking on a “months-long campaign to access, collect and consolidate vast troves of personal data about millions of U.S. citizens and residents stored at multiple federal agencies.”

An executive order from the Trump administration earlier this year sought to explicitly empower the DOGE administrator, along with DHS, to “review” state voter registration lists and other records to identify noncitizen voters. That order is still the subject of ongoing lawsuits challenging its legality.

In this case, the plaintiffs claim the need for emergency relief is urgent as the Trump administration is simultaneously challenging the accuracy of state voter rolls in courts across the country, while “encouraging and enabling states to use unreliable [Social Security Administration] citizenship data pooled in the overhauled SAVE system to begin purging voter rolls ahead of fast-approaching November elections and to open criminal investigations of alleged non-citizen voting.”

“Both the ongoing misuse of Plaintiffs’ sensitive SSA data through the overhauled SAVE system, and the increased risk of cybertheft and additional misuse, qualify as irreparable injuries,” the filing states.

The post Voting groups ask court for immediate halt to Trump admin’s SAVE database overhaul appeared first on CyberScoop.

Sen. Marsha Blackburn, R-Tenn., endorsed an aggressive effort by U.S. policymakers to help governments and businesses adapt to a future where quantum computers can break most standard forms of encryption. She also confirmed key details of a White House initiative on quantum technology previously reported by CyberScoop, while also promoting her own legislation on quantum migration and related strategies.

Blackburn, chair of the Senate Commerce, Science and Transportation Subcommittee on Consumer Protection, Technology, and Data, told audiences at a Wednesday event hosted by Politico that such an effort is needed to ensure that American technology is prepared well in advance for the shift and to counter potential threats from countries like Russia, China, Iran and North Korea.

Blackburn said lawmakers are asking questions about these countries such as, “What type of development are they doing? What kind of experimentation are they doing? And what is the expectation of those applications?”

“Now those are answers that we don’t know, so it is up to us to say, ‘how do we best prepare ourselves and how do we make certain that China is not going to lead this emerging tech space by 2049 — which is their goal — and how do we [combat] that?’” Blackburn said. 

When asked about reports that the White House was planning its own slate of executive actions, Blackburn confirmed elements of that push, saying Michael Kratsios, director of the White House Office of Science, Technology and Policy, and White House crypto and AI czar David Sacks are doing “a tremendous job.” Kratsios  is among the White House officials leading the federal quantum effort, in tandem with the Commerce Department and the Office of Management and Budget, sources told CyberScoop last month.

However, Blackburn did not provide a timeline for any formal rollout by the administration, and promoted legislation like the National Quantum Cybersecurity Migration Strategy Act she co-sponsored with Sen. Gary Peters, D-Mich., as a vehicle for speeding up federal quantum migration strategies.

That bill would mandate that federal agencies move at least one high-risk information system to quantum-resistant encryption by Jan 1, 2027.

“You look at agencies like the IRS … you look at [the Department of Defense] and some of the cyber implications and you say, ‘OK, this makes sense,’” Blackburn said. “So, what we are trying to do is push them to move forward and not say, ‘well, we’ll get around to that later.’”

She characterized the White House initiative as focused on strengthening the quantum workforce, increasing commercial sector involvement, and ensuring strong security and encryption is in place to deal with threats from China and other adversaries.

“That I feel is more of the definition of how the White House sees this as moving forward,” Blackburn said.

Blackburn is leading or co-sponsoring several other quantum-related bills on the Hill, including the Defense Quantum Acceleration Act, which would require DOD to develop a strategic quantum roadmap, the Quantum Sandbox for Near-Term Applications Act, which would create a sandbox environment for quantum computing experimentation housed within the National Institute for Standards and Technology, and the Advancing Quantum Manufacturing Act, which would create a federal institute for quantum manufacturing.

The post GOP senator confirms pending White House quantum push, touts legislative alternatives appeared first on CyberScoop.

The Department of Homeland Security estimated over the weekend that it would send home about two-thirds of employees at the Cybersecurity and Infrastructure Security Agency in the event of a government shutdown.

It’s the first time that the second Trump administration has released its contingency plan in response to what would happen if Congress doesn’t keep the government funded after Oct. 1 — something that looks likely at the moment. The furlough of two-thirds of CISA employees is also relatively close to the last time the Biden administration produced shutdown guidance in 2023.

According to the DHS document, 889 of CISA’s 2,540 personnel would keep working through a government funding lapse. That workforce estimate is from May, and could be smaller now. In 2023, DHS anticipated that it would keep 960 of its then-3,117 employees at work.

The Biden administration said that year that it would have had the ability to recall another 790 CISA employees if needed. The latest DHS guidance doesn’t include any information on recallable employees, and CISA didn’t immediately respond to a request for that figure Monday.

Furloughs of cyber personnel could have a whole host of potentially negative consequences, government officials and outside cyber experts have warned. Those consequences could be even worse as the Trump administration slashes the federal workforce, some say.

A temporary reduction could invite more attacks on the federal government; slow down patching, cyber projects and regulations; prompt permanent departures from workers disillusioned about the stability of federal cyber work; hinder cybercrime prosecutions; and freeze cyber vulnerability scans.

The latest CISA furlough estimates are “scary,” one cyber researcher wrote on the social media platform Bluesky. The White House has also instructed agencies to plan for mass firings in the event of a shutdown.

At other agencies, some federal cybersecurity-related personnel are likely to continue working during a federal funding lapse, because the law deems some government functions as “excepted,” such as those focused on missions like national security, law enforcement or protection of property and human safety. For example, at the Health and Human Services Department, the fiscal year 2026 contingency plan states that “HHS estimates that 387 staff (excluding those otherwise authorized by law) will be excepted for the protection of computer data.”

Unlike in past years, agencies are hosting contingency plans on their websites on a case-by-case basis, rather than on the website of the Office of Management and Budget. Some plans that have been published, such as those for the Department of Defense, don’t specify figures for cyber personnel.

Hundreds of thousands of federal workers could be furloughed, in total.

Two major cybersecurity laws, one providing legal protections for cyber threat data sharing and another providing state and local grants, are also set to expire in mere days. A House-passed continuing resolution would’ve temporarily extended them, but the legislation didn’t advance in the Senate.

The post Two-thirds of CISA personnel could be sent home under shutdown appeared first on CyberScoop.

Department of Government Efficiency practices at three federal agencies “violate statutory requirements, creating unprecedented privacy and cybersecurity risks,” according to a report that Senate Homeland Security and Governmental Affairs Committee Democrats published Thursday.

The report — drawn from a mix of media reports, legal filings, whistleblower disclosures to the committee and staff visits to the agencies — concludes that the Elon Musk-created DOGE is “operating outside federal law, with unchecked access to Americans’ personal data.” It focuses on DOGE activity at the General Services Administration (GSA), Office of Personnel Management (OPM) and Social Security Administration (SSA).

One previously unreported whistleblower claim is that at the SSA, a June internal risk assessment found that the chance of a data breach with “catastrophic adverse effect” stood between 35% and 65% after DOGE uploaded a computer database file known as Numident, containing personal sensitive information without additional protections against unauthorized access. The potential implications included “widespread PII [personally identifiable information] disclosure or loss of data” and “catastrophic damage to or loss of agency facilities and infrastructure with fatalities to individuals,” according to the assessment.

“DOGE isn’t making government more efficient — it’s putting Americans’ sensitive information in the hands of completely unqualified and untrustworthy individuals,” Michigan Sen. Gary Peters, the top Democrat on the committee, said in a news release. “They are bypassing cybersecurity protections, evading oversight, and putting Americans’ personal data at risk. We cannot allow this shadow operation to continue operating unchecked while millions of people face the threat of identity theft, economic disruption, and permanent harm. The Trump Administration and agency leadership must immediately put a stop to these reckless actions that risk causing unprecedented chaos in Americans’ daily lives.”

The report recommends stripping all DOGE access to sensitive personal information until agencies certify that the initiative is in compliance with federal security and privacy laws such as the Federal Information Security Management Act, and recommends that DOGE employees complete the same kind of cybersecurity training as other federal employees.

It describes the three agencies blocking access to specific offices or otherwise obstructing access. For example, it says that DOGE installed a Starlink network at GSA, but wouldn’t let staff view it. Starlink is the Musk-owned satellite internet service, and the report concludes that Starlink might have allowed DOGE staffers to circumvent agency IT oversight. Data sent over the network “could be an easy target for foreign adversaries,” the report states.

The report also expands upon an alleged attempt at SSA to create a “master database” that would pool data from multiple federal agencies. According to whistleblower disclosures, former SSA DOGE employee John Koval inquired about uploading agency data into a cloud environment to share with the Department of Homeland Security. He was “rebuffed,” the report states, but later worked at DHS and the Justice Department, where SSA data surfaced in some projects, raising further privacy concerns. 

It revisits concerns about DOGE staffer Edward “Big Balls” Coristine having access to sensitive agency data despite reports that he had been fired from an internship at a cybersecurity company for leaking company information to a competitor, and arrives at further conclusions about the risk posed by the ability of Coristine and others “to move highly sensitive SSA data into an unmonitored cloud environment.”

“It is highly likely that foreign adversaries, such as Russia, China, and Iran, who regularly attempt cyber attacks on the U.S. government and critical infrastructure, are already aware of this new DOGE cloud environment,” the report states.

Two of the agencies that were the subject of the report took issue with its conclusions.

“OPM takes its responsibility to safeguard federal personnel records seriously,” said a spokeswoman for the office, McLaurine Pinover. “This report recycles unfounded claims about so-called ‘DOGE teams’ that simply have never existed at OPM. Federal employees at OPM conduct their work in line with longstanding law, security, and compliance requirements.

“Instead of rehashing baseless allegations, Senate Democrats should focus their efforts on the real challenges facing the federal workforce,” she continued. “OPM remains committed to transparency, accountability, and delivering for the American people.”

The SSA pointed to Commissioner Frank Bisignano’s letter to Congress responding to questions about Numident security concerns. 

“Based on the agency’s thorough review, the Numident data and database — stored in a longstanding secure environment used by SSA — have not been accessed, leaked, hacked, or shared in any unauthorized fashion,” a SSA spokesperson wrote, adding, “The location referred to in the whistleblower allegation is actually a secured server in the agency’s cloud infrastructure which historically has housed this data and is continuously monitored and overseen — SSA’s standard practice.”

The SSA spokesperson emphasized there are no DOGE employees at SSA, only agency employees. 

The GSA did not immediately respond to Scoop News Group requests for comment on the Democratic report.

Miranda Nazzaro contributed reporting to this story.

The post Dem report concludes Department of Government Efficiency violates cybersecurity, privacy rules appeared first on CyberScoop.

The Trump administration is signaling to industry and allies that it is considering a broader set of actions related to quantum computing, both to improve the nation’s capacity to defend against future quantum-enabled hacks and ensure the United States promotes and maintains global dominance around a key national security technology.

The discussions include potentially taking significant executive action, such as one or more executive orders, a national plan similar to the AI Action Plan issued earlier this year, and a possible mandate for federal agencies to move up their timelines for migrating to post-quantum protections, multiple sources told CyberScoop.

None of the sources CyberScoop spoke with could provide a definitive timeline for an official rollout, but multiple executives in the quantum computing industry and former national security officials said the White House has signaled serious interest in taking bolder action to promote and shape the development of the technology. Some felt official announcements could come as soon as this week, while others cautioned the process could stretch into the coming months.

While quantum computers capable of breaking through classical encryption currently remain a theoretical threat, both government and industry have spent years planning for the day when the threats become real.

A major element of that plan has been slowly switching out older encryption algorithms in IT infrastructure for newer “post quantum” algorithms over the span of more than a decade.

One quantum executive, citing direct conversations with the government, said “everyone in the quantum industry from a policy standpoint” has been told some variation of the message “that the White House wants to do for quantum what they did for AI in July.”

A key component of one or perhaps multiple executive orders is language that would accelerate the deadline for federal agencies’ post-quantum migrations from 2035 to 2030.

The executive, speaking on condition of anonymity to avoid jeopardizing their relationship with the government, said the effort is being led by the White House’s Office of Science and Technology Policy (OSTP) and the Department of Commerce.

Commerce Deputy Secretary Paul Dabbar, a former Department of Energy official during President Donald Trump’s first term who co-founded and led his own quantum networking technology company during the Biden years, is “driving a lot of this,” the source said.

It’s not just industry that has received the message. A former official at the Department of Homeland Security who works with the Trump administration confirmed they had also been advised of upcoming action, and that officials at OSTP and the Office of Management and Budget have been particularly aggressive about moving forward.

“I did hear there was some forthcoming guidance for agencies, given the push with AI, but more specifically the need for government departments to be much more aggressive about what they’re doing, since the codebreaking capability of quantum is pretty significant for federal agencies,” said the official, who requested anonymity to discuss sensitive conversations with the federal government.

Multiple other former government officials and administration allies told CyberScoop that they have heard that the administration was preparing to take some kind of action around quantum computing in the near future.

An OMB official declined a request for comment from CyberScoop this week on the administration’s plans. The Department of Commerce did not respond to a similar request.

But White House officials have already teased bold action on quantum is in the works. In July, after the administration released its AI Action Plan, OSTP Director Michael Kratsios told an audience at a conference that “the president wrote me a letter the first week or two that I was in office that essentially gave me a charge for what I was supposed to do for the next three years.”

“He named three technologies in that letter: It was AI, quantum, and nuclear,” Kratsios said. “We had our big nuclear day a month-and-a-half ago. We had AI yesterday, so you can only assume — stay tuned.”

Pranav Gokhale, chief technology officer at Infleqtion, another quantum computing company, told CyberScoop he has heard similar rumors about an impending executive order focused at least in part on speeding up post-quantum migration efforts by federal agencies.

Part of the urgency reflects a desire to be aggressive in the face of uncertainty: no one knows quite when we will develop quantum computers capable of breaking encryption. There’s a running joke among experts and observers that quantum codebreaking is perpetually “five to 10 years away” from becoming reality.

Most experts — including cryptologists at the National Institute of Standards and Technology and the National Security Agency, which set encryption standards for the federal government and intelligence community — believe it is only a matter of time before such a breakthrough occurs. If that happens sooner than anticipated, the U.S. could be left unprepared.

Some national security officials pointed out that if governments in China, Russia or another country were to make a significant breakthrough on quantum codebreaking, there would be a powerful incentive to keep it secret for as long as possible to maintain an intelligence advantage.

Gokhale also said from the conversations he’s had, some in government and industry are pushing to make the safe and secure transition of cryptocurrencies to newer quantum-resistant encryption a priority, an issue that could be addressed by an executive order.

Discussions around prioritizing the migration of cryptocurrencies were confirmed by the first quantum executive that spoke with CyberScoop, though they said it’s less clear whether those ideas will ultimately make it into any White House executive order or formal plan. 

Bitcoin in particular may need a bespoke strategy to safely migrate, Gokhale said, citing a research study put out last year by the U.K.’s University of Kent that looked at the technical costs of upgrading Bitcoin assets to newer quantum-resistant encryption.

Given that cryptocurrencies are already lucrative targets for cybercriminals and foreign hackers from countries like North Korea, the industry is likely to be among the early targets of a quantum-enabled hack, and left more vulnerable by a slower rollout.

“The conclusion is that the Bitcoin upgrade to quantum-safe protocols needs to be started as soon as possible in order to guarantee its ongoing operations,” the Kent authors wrote.

Madison Alder contributed reporting to this story.

The post Trump administration planning expansion of U.S. quantum strategy appeared first on CyberScoop.

A top official at the Cybersecurity and Infrastructure Security Agency on Thursday rejected concerns that personnel and program cuts at CISA have hindered its work.

Nick Andersen, who just began serving as executive assistant director of cybersecurity at CISA this month, said he’s seen the agency function at a high level from both the outside and inside.

“There’s been an awful lot of reporting recently about CISA and the potential for degraded operational capabilities, and I’m telling you, nothing can be further from the truth,” he said at the Billington Cybersecurity Summit. “It is just a fantastic opportunity to see the high-level output and throughput that this team has.

“There is not a single instance where I can think of that somebody reaches out — whether it’s in our remit or not, we are connecting them with the right level of resources, and we are helping them to make themselves right, whether it’s incidents that we see affecting a state/local partner, small- or medium-sized businesses or the largest critical infrastructure owner/operators,” he continued.

The Trump administration has cut or plans to cut more than 1,000 personnel at the agency, a third of its total full-time employees, and has sought nearly half a billion dollars in funding reductions.

CISA’s shuttering of an array of programs has drawn widespread criticism from many in industry as well as from state and local governments who have partnered with the agency, not to mention concerns from Capitol Hill.

But Andersen said CISA has full support from President Donald Trump, who clashed with agency leadership in his first term, and Department of Homeland Security Secretary Kristi Noem.

“We have exceedingly strong relationships with” other government agencies and the private sector, Andersen touted. “The level of commitment within this team is second to none, and we’re just going to continue to hone and focus [on] that operational mission of what CISA should be delivering on. We’re going to continue to sort of separate out the fluff, but we are going to take every single dollar, every single resource, every single manpower hour to deliver an even sharper focus on those core capabilities in keeping with what President Trump identified as our administration priorities.”

Those priorities, Andersen said, include fortifying federal networks. “Raising the collective bar across the dot gov is a big one,” he said.

It also includes strengthening relationships with critical infrastructure owners and operators. “We want to be able to work very closely with our critical infrastructure partners on focused resilience efforts, be able to raise the bar in a sprint between now and 2027 as we prepare for the potential of China making good on its promise … to take Taiwan,” he said, so that “our critical infrastructure is not going to be held hostage.”

And it includes strengthening partnerships with other federal agencies as well as state and local governments, Andersen said.

The post CISA work not ‘degraded’ by Trump administration cuts, top agency official says appeared first on CyberScoop.

Rebecca Slaughter’s return-to-work orders have been put on hold for the second time this year, after the U.S. Supreme Court stepped in to block a lower court ruling that ordered her reinstatement at the Federal Trade Commission.

Last week a lower court ruled that Slaughter had been illegally fired by President Donald Trump, citing a 90-year-old Supreme Court precedent upholding the FTC’s independence from the executive branch and preventing presidents from firing commissioners for political reasons.

On Monday, Chief Justice John Roberts halted that order while the Supreme Court considers the case. Roberts provided no explanation for the Supreme Court’s reversal, but ordered the parties in the case to respond by Sept. 15.

Slaughter, who has remained vocal on FTC business and last week expressed her eagerness to return, has been through this once already. Earlier this year, she was briefly reinstated to the FTC by a lower court, only to have that order reversed by another court days later.

Alvaro Bedoya, the other Democratic FTC commissioner Trump purported to fire, has since resigned due to the financial difficulties tied to fighting his dismissal. He described the fight as a lose-lose situation:  He is no longer receiving a federal salary as commissioner, and is also prohibited by conflict-of-interest rules from accepting other employment in the meantime.

Bedoya has said that beyond the immediate fates of their jobs, the commissioners are ultimately fighting for an FTC that they believe works in the best interests of the public and is supported by Supreme Court precedent. He has argued the agency — which regulates and enforces against unfair or deceptive business practices, technology, data privacy and other issues — must be insulated from political pressure. 

In an online post last week, Slaughter said her top priority was reinstating the FTC’s Click to Cancel rule, a Biden-era regulation that would have forced companies to provide a simple and straightforward means to cancel their paid subscriptions.

Roberts’ order does not specify how the Supreme Court intends to rule on the case. Legal experts and former FTC officials have said it’s no secret that the Trump administration is looking for the court’s conservative majority to overturn Humphrey’s Executor v. the United States, which was unanimously upheld by the Supreme Court in 1935.

The high court’s decision this week to reverse the D.C. District Court of Appeals ruling is also notable because the court voted 2-1 that Slaughter — not the government — deserved the benefit of the doubt while the case was being adjudicated, citing unambiguously clear and binding legal precedent that had not yet been overturned.

That the Supreme Court overturned it anyway suggests they may agree with D.C. Appeals court Judge Neomi Rao, who wrote in her dissent that forcing FTC staff to acknowledge Slaughter’s legitimacy in the face of presidential orders “directly interferes with the President’s supervision of the Executive Branch and therefore goes beyond the power of the federal courts.”

If the Supreme Court does ultimately side with the administration, it would track with what observers such as Berin Szóka, a technology lawyer and president of the think tank TechFreedom, predicted earlier this year. Szóka, who has supported Slaughter and Bedoya’s efforts, wrote in March that “the fired Democratic FTC Commissioners may win early battles in their lawsuits but, in all likelihood, will ultimately lose at the Supreme Court — unfortunately.”

Roberts and the Supreme Court’s conservative majority have “made clear it will not apply Humphrey’s, if it remains good law at all, to today’s more powerful FTC,” Szóka wrote.

The post Supreme Court blocks FTC commissioner Slaughter’s reinstatement appeared first on CyberScoop.

For the second time, a court has ruled that President Donald Trump’s attempted firing of Federal Trade Commission members Rebecca Slaughter and Alvaro Bedoya was illegal and ordered the agency to reinstate the commissioners.

By law, the FTC governs by a bipartisan 3-2 split, with the president’s party getting an extra seat and controlling the chair. But earlier this year, Trump attempted to fire just Bedoya and Slaughter, leaving only Republican-appointed members on the commission.

A district court temporarily reinstated Slaughter but that decision was reversed in another court ruling just days later. Bedoya eventually resigned his position, citing financial difficulties. 

Now, the District Court of Appeals for the District of Columbia has ruled 2-1 that the attempted firings ran afoul of the law, this time saying the government was likely to lose its case on the merits. 

In their opinion, Judges Cornelia Pillard and Patricia Millett specifically cited the precedent set by the Supreme Court in Humphrey’s Executor v. United States, a 1935 case in which justices unanimously ruled that FTC commissioners could only be fired for specific cause.

That precedent, the judges wrote, remains the law of the land until the Supreme Court says otherwise.  

“The government has no likelihood of success on appeal given controlling and directly on point Supreme Court precedent,” Pillard and Millett wrote. “Specifically, ninety years ago, a unanimous Supreme Court upheld the constitutionality of the Federal Trade Commission Act’s for-cause removal protection for Federal Trade Commissioners.”

After Trump’s attempted firings in March, Slaughter and Bedoya quickly challenged the legality of the move in court, saying they were fired “not because they were inefficient, neglectful of their duties, or engaged in malfeasance, but simply because their ‘continued service on the FTC is’ supposedly ‘inconsistent with [his] Administration’s priorities.’”

While Humphrey’s Executor remains the law of the land, the administration and some former officials have argued that the FTC now plays a far more important policy role in the executive branch than it did in 1935, when the court cited the “quasi-legislative” and “quasi-judicial” functions of the agency.

The current Supreme Court, they argue, does not share the same views, pointing to a 2020 case where the court majority suggested that the conclusions about the FTC’s role in Humphrey’s Executor “has not withstood the test of time.”

“No administration until now has wanted to push the limits on that but the current administration has made clear they think it’s wrongly decided,” one former FTC official, who requested anonymity to speak candidly, told CyberScoop in March.

The DC District Court of Appeals said the government “acknowledges that Humphrey’s Executor ‘remains binding on this Court’” but argues that the court should disregard that precedent.”

“Over the ensuing decades — and fully informed of the substantial executive power exercised by the Commission — the Supreme Court has repeatedly and expressly left Humphrey’s Executor in place, and so precluded Presidents from removing Commissioners at will,” Pillard and Millett wrote.

Millett and Pillard argued that the FTC in 1935 had the same core authorities and mission as it does today: to promulgate rules and regulations, investigate violations of federal law, issue subpoenas and enforce violations.

The “present-day Commission exercises the same powers that the Court understood it to have in 1935 when Humphrey’s Executor was decided,” they added, and “bucking such precedent is not within this court’s job description.”

The D.C. District Court likely won’t have the last word. The administration continues to appeal and most observers expect the matter to ultimately reach the Supreme Court. In the meantime, Slaughter said she intends to return to her job this week.

“Amid the efforts by the Trump admin to illegally abolish independent agencies, [including] the Federal Reserve, I’m glad the court has recognized that he is not above the law,” Slaughter wrote on X Tuesday after the decision. “I’m eager to get back first thing tomorrow to the work I was entrusted to do on behalf of the American people.”

In a dissent, Judge Neomi Rao referred to the FTC as a “so-called independent agency” and disagreed with the court majority, saying she believed the government would ultimately prevail on the merits.

The circuit court “need not definitively determine whether Slaughter’s removal was lawful” because in previous cases this year where officials fired by the president were reinstated by courts, the Supreme Court has intervened on the administration’s behalf — at least while the cases are winding through the court system.

By forcing FTC staff to ignore the president’s directive and treat Slaughter as commissioner in good standing, the district court’s decision “directly interferes with the President’s supervision of the Executive Branch and therefore goes beyond the power of the federal courts,” Rao wrote.

The post Court rules ‘fired’ FTC commissioners be reinstated — again appeared first on CyberScoop.

Election officials should brace for direct attacks from the Trump administration and its state GOP allies on the integrity of U.S. elections — and plan for the possibility that federal agencies once charged with protecting elections will leverage their authorities to interfere in the process, a voting rights nonprofit warned.

In a report released Wednesday, researchers at the Brennan Center for Justice say the Trump administration’s actions suggest that the White House is preparing for an unprecedented federal intervention in the way elections are administered ahead of 2026 and 2028.

Those interventions include attempts to enact state-level bans or restrictions on mail-in voting, the use of lawsuits or criminal charges against election officials who don’t follow President Donald Trump’s orders, pushing mass state voter roll purges based on potentially inaccurate citizenship data, the deployment of the military in American cities and towns to  intimidate voters and state officials, and the potential decertification or seizure of voting machines.

The scenarios are all based on actions the administration has already taken this year or in its first term, statements made by Trump and his aides, lawsuits filed by the Department of Justice and supporting efforts from Republican-led state legislatures.

Lawrence Norden, vice president for the elections and government program at the Brennan Center and one of the report’s authors, told CyberScoop that the document is targeted at three audiences who will be on the front lines in Trump’s war for control over elections: state election officials, policymakers and the public at large.

In 2020, the public was subjected to a deluge of false and unproven claims around election fraud, dead voters and hacked voting machines. While those claims had limited effect influencing voters outside of Trump’s orbit, many federal officials — including Chris Krebs, his own nominee for cybersecurity and election security chief — contradicted his claims of mass fraud. This April, Trump ordered the Justice Department to investigate Krebs for his statements about the 2020 election.

This year, the Department of Homeland Security hired Marci McCarthy and Heather Honey, who both actively tried to overturn the results of the 2020 election. McCarthy is now the top public affairs official at CISA, while Honey was recently named to a position overseeing election security efforts at DHS. Other agencies, like the FBI and the DOJ, have shifted from supporting state elections to investigating and suing election offices over their voter registration practices.

Whatever the administration ends up doing, Norden said it would be wise to plan ahead for different possibilities.

“One of the most effective ways to defeat misleading or false information is to call it out ahead of time, so when it comes to [dubious] reports we might see from government agencies, better to call it out now and say that this is part of a concerted effort and there are reasons not to trust it,” Norden said.

Meanwhile, he said policymakers at the state level “need to be planning and preparing for the next steps” to protect their constitutional rights while running upcoming elections.

“So being ready to have the backs of their election officials, being ready for politicized investigations that may come, being ready for efforts to interfere in the ability of election officials to run their elections according to state law, they need to be preparing for that now,” Norden said.

Trump uses public doubt and skepticism as policy fuel

One possibility floated in the report is the administration moving to decertify voting machines used in some or most states through the Election Assistance Commission. Last week, Trump argued against mail-in ballots and “voting machines,” claiming an executive order that limited their use would soon be issued. The EAC is responsible for overseeing the labs that test and certify voting machines nationwide to ensure they are secure and meet the necessary standards.

While the White House later walked back the possibility of an executive order, the administration has already attempted to compel the EAC to alter voter registration forms to require proof of citizenship and withhold federal funding to states that do not cooperate with federal agencies on election-related matters. A federal judge has nullified parts of that order. 

Such certifications are technically voluntary on the part of voting machine manufacturers, but states and localities have overwhelmingly treated them as industry standard when purchasing their machines. Depending on the timing, the mass decertification of certain systems ahead of an election could inject chaos among states, which cannot easily or quickly buy, replace, and test new voting equipment.

For states that do count votes using decertified machines, it could lead the public and political leaders to question the legitimacy of future results. This may give the Trump administration more support to sow doubt and challenge how states run their elections, the type of ballots they accept and how they process vote counts.

The perception of voting impropriety in any future messaging from the Trump administration, even if it is false, is a key issue states will also have to contend with. All politicians use repetition in their political messaging, but for Trump, it is especially crucial to how he communicates, regardless of the actual facts.

Stacy Rosenberg, an associate teaching professor at Carnegie Mellon’s public policy school, told CyberScoop that Trump’s rhetorical style requires aggressive repetition around simple themes — like mass noncitizen voting and poorly maintained voter rolls —, because they help create the political will for the administration and its allies to take more extreme actions that couldn’t otherwise be justified based on law or precedent.

“The attempt to have federalized voting is not something we typically see in the United States, so when elections are questioned, there may be people who say, ‘well, it’s justified for the federal government to come in and make changes,’” Rosenberg said. “We’ll have to see how the courts handle that. It doesn’t really fall into the domain of an executive order, so I think the question is: what can they do that the courts will allow?” 

Norden said that while it’s clear the president doesn’t have the kind of direct authority over state-run elections he’s claiming, he does have the power to “both mislead and to intimidate people, whether it’s election officials or voters.”

“The good news is that if we see them for what they are, those are limited powers,” Norden said. “As long as the states step up and defend their elections, as long as voters come out and vote, that’s not enough to undermine elections. But we have to see what’s happening for [that defense] to be effective.”

In terms of counter messaging on the part of states, Rosenberg said much will rest on how courts respond to federal challenges, but from a strategy perspective “the number one thing [election officials] have to know is, you’re going to be called fake news.”

The Trump White House has “continued that line of attack through his first term to his present day. The way they want to control the message by saying everyone else’s message is false is a persistent strategy,” she said.

Pointing to the administration’s previous efforts to strong-arm universities and law firms, Rosenberg noted that while no one was left unscathed, those who fared best tended to confront Trump head-on rather than try to accommodate him.

“I think all you can do is stand your ground, file your lawsuits or counter lawsuits as you need to, but I think you need to continue to do the ethical hard work that you’ve done prior to the administration,” she said.

The post Trump administration setting the stage for elections power grab, voting rights group warns appeared first on CyberScoop.

Two executive orders President Donald Trump has signed in recent months could prove to have a more dramatic impact on cybersecurity than first thought, for better or for worse.

Overall, some of Trump’s executive orders have been more about sending a message than spurring lasting change, as there are limits to their powers. Specifically, some of the provisions of the two executive orders with cyber ramifications — one from March on state and local preparedness generally, and one from June explicitly on cybersecurity — are more puzzling to cyber experts than anything else, while others preserve policies of the prior administration which Trump has criticized in harsh terms. Yet others might fall short of the orders’ intentions, in practice.

But amid the flurry of personnel changes, budget cuts and other executive branch activity in the first half of 2025 under Trump, the full scope of the two cyber-related executive orders might have been somewhat overlooked. And the effects of some of those orders could soon begin coming to fruition as key top Trump cyber officials assume their posts.

The Foundation for Defense of Democracies’ Mark Montgomery said the executive orders were “more important” than he originally understood, noting that he “underestimated” the March order after examining it more closely. Some of the steps would be positive if fully implemented, such as the preparedness order’s call for the creation of a national resilience strategy, he said.

The Center for Democracy & Technology said the June order, which would unravel some elements of executive orders under presidents Joe Biden and Barack Obama, would have a negative effect on cybersecurity.

“Rolling back numerous provisions focused on improving cybersecurity and identity verification in the name of preventing fraud, waste, and abuse is like claiming we need safer roads while removing guardrails from bridges,” said the group’s president, Alexandra Reeve Givens. “The only beneficiaries of this step backward are hackers who want to break into federal systems, fraudsters who want to steal taxpayer money from insecure services, and legacy vendors who want to maintain lucrative contracts without implementing modern security protections.”

The big changes and the in-betweens

Perhaps the largest shift in either order is the deletion of a section of an executive order Biden signed in January on digital identity verification that was intended to fight cybercrime and fraud. In undoing the measures in that section, the White House asserted that it was removing mandates “that risked widespread abuse by enabling illegal immigrants to improperly access public benefits.”

One critic, speaking on condition of anonymity to discuss the changes candidly, said “there’s not a single true statement or phrase or word in” the White House’s claim. The National Security Council did not respond to requests for comment on the order.

Some, though, such as Nick Leiserson of the Institute for Security and Technology, observed that the digital identities language in the Biden order was among the “weakest” in the document, since it only talked about how agencies should “consider” ways to accept digital identities.

The biggest prospective change in the March order was a stated shift for state and local governments to handle disaster preparedness, including for cyberattacks, a notion that drew intense criticism from cyber experts at the time who said states don’t have the resources to defend themselves against Chinese hackers alone. But that shift could have bigger ripples than originally realized.

Errol Weiss, chief security officer at the Health-ISAC, an organization devoted to exchanging threat information in the health sector, said that as the Cybersecurity and Infrastructure Security Agency has scaled back the free services it offers like vulnerability scanning, states would hypothetically have to step into that gap to aid entities like the ones Weiss serves. “If that service goes away, and pieces of it probably already have, there’s going to be a gap there,” he said.

Some of the changes from the March order might only be realized now that the Senate has confirmed Sean Cairncross as national cyber director, or after the Senate takes action on Sean Plankey to lead CISA, said Jim Lewis, a fellow at the Center for European Policy Analysis.

For instance: The order directs a review of critical infrastructure policy documents, including National Security Memorandum 22, a rewrite of a decade-old directive meant to foster better threat information sharing and respond to changing threats. There are already signs the administration plans to move away from that memorandum, a development that a Union of Concerned Scientists analyst said was worrisome, but critics of the memo such as Montgomery said a do-over could be a good thing.

Most of the other biggest potential changes, however, are in the June order. This is a partial list:

• It eliminates a requirement under the January Biden order that government vendors provide certifications about the security of their software development to CISA for review. “I just don’t think that you can play the whole, ‘We care about cyber,’ and, ‘Oh, by the way, this incredible accountability control? We rolled that back,’” said Jake Williams, director of research and development at Hunter Strategy.
• It removes another January Biden order requirement that the National Institute of Standards and Technology develop new guidance on minimum cybersecurity practices, thought to be among that order’s “most ambitious prescriptions.”
• It would move CISA in the direction of implementing a “no-knock” or “no-notice” approach to hunting threats within federal agencies, Leiserson noted.
• It strikes language saying that the internet data routing rules known as Border Gateway Protocol are “vulnerable to attack and misconfiguration,” something Williams said might ease pressure on internet service providers to make improvements. “The ISPs know it’s going to cost them a ton to address the issue,” he said.
• It erases a requirement from the Biden order that contained no deadline, but said that federal systems must deploy phishing-resistant multi-factor authentication. 
• It deletes requirements for pilot projects stemming from the Defense Advanced Research Projects Agency-led Artificial Intelligence Cyber Challenge. DARPA recently completed its 2025 challenge, awarding prize money at this year’s DEF CON cybersecurity conference.
• It says that “agencies’ policies must align investments and priorities to improve network visibility and security controls to reduce cyber risks,” a change security adviser and New York University adjunct professor Alex Sharpe praised.

Some of the changes led to analysts concluding, alternatively, a continuation or rollback of directives from the January Biden executive order on things like federal agency email encryption or post-quantum cryptography.

The head-scratchers and the mysteries

Some of the moves in the June order perplexed analysts.

One was specifying that cyber sanctions must be limited, in the words of a White House fact sheet, “to foreign malicious actors, preventing misuse against domestic political opponents and clarifying that sanctions do not apply to election-related activities.” The Congressional Research Service could find no indication that cyber sanctions had been used domestically, and said the executive order appears to match prior policy.

Another is the removal of the NIST guidance on minimum cybersecurity practices. “If you’re trying to deregulate, why kill the effort to harmonize the standards?” Sharpe asked. 

Yet another is deletion of a line from the January Biden order to the importance of open-source software. “This is a bit puzzling, as open source software does underlie almost all software, including federal systems,” Leiserson wrote (emphasis his).

Multiple sources told CyberScoop it’s unclear who wrote the June order and whom they consulted with in doing so. One source said some agency personnel complained about the lack of interagency vetting of the document. Another said Alexei Bulazel, the NSC director of cyber, appeared to have no role in it.

Another open question is how much force will be put behind implementing the June order.

It loosens the strictness with which agencies must carry out the directives it lays out, at least compared with the January Biden order. It gives the national cyber director a more prominent role in coordination, Leiserson said. And it gives CISA new jobs.

“Since President Trump took office — and strengthened by his Executive Order in June — CISA has taken decisive action to bolster America’s cybersecurity, focusing on critical protections against foreign cyber threats and advancing secure technology practices,” said Marci McCarthy, director of public affairs for CISA.

California Rep. Eric Swalwell, the top Democrat on the House Homeland Security Committee’s cyber subpanel, told CyberScoop he was skeptical about what the June executive order signalled about Trump’s commitment to cybersecurity.

“The President talks tough on cybersecurity, but it’s all for show,” he said in a statement. “He signed the law creating CISA and grew its budget, but also rolled back key Biden-era protections, abandoned supply chain efforts, and drove out cyber experts. CISA has lost a third of its workforce, and his FY 2026 budget slashes its funding …

“Even if his cyber and AI goals are sincere, he’s gutted the staff needed to meet them,” Swalwell continued. “He’s also made the government less secure by giving unvetted allies access to sensitive data. His actions don’t match his words.”

Montgomery said there was a contradiction between the June order giving more responsibilities to agencies like NIST while the administration was proposing around a 20% cut to that agency, and the March order shifting responsibilities to state and local governments without giving them the resources to handle it.

A WilmerHale analysis said that as the administration shapes cyber policy, the June order “signals what that approach is likely to be: removing requirements perceived as barriers to private sector growth and expansion while preserving key requirements that protect the U.S. government’s own systems against cyber threats posed by China and other hostile foreign actors.”

For all of the changes it could make, analysts agreed the June order does continue a fair number of Biden administration policies, like commitments to the Cyber Trust Mark labeling initiative, space cybersecurity policy and requirements for defense contractors to protect sensitive information.

Some of those proposals didn’t get very far before the changeover from Biden to Trump. But it might be easier for the Trump administration to achieve its goals.

“It’s hard to say the car is going in the wrong direction when they haven’t started the engine,” Lewis said. “These people don’t have the same problem, this current team, because they’re stripping stuff back. They’re saying, ‘We’re gonna do less.” So it’s easier to do less.”

The post The overlooked changes that two Trump executive orders could bring to cybersecurity appeared first on CyberScoop.

Federal analysts are still sizing up what the Chinese hackers known as Volt Typhoon, who penetrated U.S. critical infrastructure to maintain access within those networks, might have intended by setting up shop there, a Cybersecurity and Infrastructure Security Agency official said Thursday.

“We still don’t actually know what the result of that is going to be,” said Steve Casapulla, acting chief strategy officer at CISA. “They are in those systems. They are in those systems on the island of Guam, as has been talked about publicly. So what [are] the resulting impacts going to be from a threat perspective? That’s the stuff we’re looking really hard at.”

Casapulla made his remarks at a Washington, D.C. event hosted by Auburn University’s McCrary Institute for Cyber and Critical Infrastructure Security. 

Some believe that Chinese penetration of U.S. telecommunications networks by another Chinese hacking group, Salt Typhoon, have overshadowed the machinations of Volt Typhoon, which could eventually have a bigger impact. U.S. officials have warned that China could be prepositioning in critical infrastructure should conflict break out between the United States and Beijing.

Other federal officials have said Volt Typhoon might not have been as successful at maintaining their access as they hoped.

Casapulla said CISA is looking at how to mitigate the threat as well as determining the end goal of the hackers.

“Is it to merely disrupt a few cranes at a port? That could be one thing. But what about if it were all the ports?” he asked. “What about if it were all cargo management systems so they don’t have to do anything physical? They can just shut down a database and limit our ability to track cargo that moves on and off of ships, effectively shutting down the ports and the entire transportation system that way.

“Those are the kind of second-, third-order effects that I also worry about,” Caspulla said.

When he testified before Congress at a hearing last month on his nomination to become national cyber director, Sean Cairncross said Volt Typhoon hacking “has potentially life-and-death consequences.” Other Trump administration officials also have sounded the alarm about the hacking group.

It was also a point of concern in the prior administration under President Joe Biden.

The post Feds still trying to crack Volt Typhoon hackers’ intentions, goals appeared first on CyberScoop.

As the Trump administration has sought to muscle through changes to election laws and rules across the country, Democrats in Congress have steadily escalated their concerns about the potential for disenfranchisement.

At a public forum Wednesday held by Democratic lawmakers focused on elections and voter suppression, Sen. Alex Padilla, D-Calif., ranking member on the Senate Committee on Rules and Administration, issued a blunt charge at the White House and its Republican allies.

“Their goal is to amplify their false narrative of insecure elections to justify their power grabs and to make it harder to register to vote, to stay on the polls and to actually cast your ballot,” Padilla said.

Padilla was one of several Democrats and witnesses who accused Republicans — who did not participate in the forum — of inflating concerns about noncitizen voting to justify legal and legislative challenges to swaths of votes, sometimes based on minor paperwork errors that took place decades ago.

One of the Democrats’ key witnesses was Allison Riggs, the Democratic North Carolina State Supreme Court Justice who had her narrow, 734-vote victory last year challenged in court by her Republican opponent Jefferson Griffin.

Griffin and state GOP officials ultimately challenged 65,000 votes in four counties as illegal, including those belonging to people who didn’t have driver’s licenses or Social Security numbers on file and overseas voters. The challenge involved only voters in four Democratic-leaning counties, and only for Riggs’ race. It did not challenge those voters’ choices for the U.S. presidential and North Carolina gubernatorial elections.

A winding court battle saw Riggs spend more than $2 million in court costs to prove that her tabulated lead — which survived two recounts — was legitimate. While a federal court eventually intervened to declare Riggs the winner, she told lawmakers that “we came perilously close to watching our systems of rules-based elections crumble before our eyes” as state courts initially validated Griffin’s argument.

“Our state appellate courts were willing to give credence to the argument that the rules of an election could be changed after the election, to change the election outcome,” Riggs said.

She said she sees the legal battle over voter eligibility in her race as a blueprint for how similar challenges could be made in future elections.

“The precedent in my case is at the district level,” Riggs said. “We were prepared for it to go all the way [to the Supreme Court.] I think it is still likely [to happen again] absent our collective willingness to recognize this threat and take the appropriate steps.”

Janessa Goldbeck, CEO of the Vet Voice Foundation, which runs one of the largest voter outreach programs for military veterans and families, said many of the North Carolina voters who had their ballots flagged as suspicious in lawsuits from Griffin’s campaign and the Trump Department of Justice were members of the military serving overseas who followed state laws.

Riggs noted that her own parents were among the group of voters who had their eligibility questioned in Griffin’s legal challenge, emphasizing that her father initially registered decades ago using his military ID and has shown a valid ID during every election he’s voted in.

“President Trump has publicly attacked these ballots and pushed conspiracy theories about them,” Goldbeck said, in addition to disparaging those who registered through laws like the Uniformed and Overseas Citizens Absentee Voting Act as taking advantage of a “voting loophole.” 

She also said current legislation being considered by Congress, like the SAVE Act, would require military voters and their families to register to vote in person using a passport, something that would be impossible for many people deployed overseas. 

Some observers have worried the Trump administration and GOP may be seeking to redefine how certain classes of voters and ballots are considered and handled by states and courts, chiefly by shifting the burden of proof away from the government and onto individual voters when it comes to validating citizenship.

The Trump administration and Republicans have justified such changes as necessary to ensure American elections aren’t tainted by noncitizen voting. Experts and post-election audits largely refute those charges, but GOP boosters have argued that even one noncitizen voting in a U.S. election is too many. 

In particular, they’ve pointed to the administration’s changes to the Systemic Aliens Verification for Entitlements (SAVE) database managed by the U.S. Citizenship and Immigration Services. Those changes include allowing states to search using Social Security numbers and to conduct “bulk” queries that can be matched against various state and federal databases.

Just how USCIS and state election officials use this information when identifying voters for potential removal from state voter rolls remains to be seen — and experts say the amount of time and assistance states provide to help voters cure any paperwork problems will be critical. A brief by the Fair Elections Center this week questioned the accuracy of using Social Security numbers to validate citizenship information of voters, noting the Social Security Administration didn’t even start requiring such information for applicants until 1972.

According to VoteBeat, David Jennings, the technology and policy lead for SAVE at USCIS, reportedly told state officials at an Oklahoma conference that the agency doesn’t share SAVE data with Immigrations and Customs Enforcement or other agencies. He described SAVE as a “tool” for states to use when making decisions around a voter’s registration status, not the sole criteria.

The administration is also suing states, sending them information requests and working with cooperative ones to build a massive query system across state data streams that experts say is likely to sweep in far more eligible voters and ballots than noncitizens registered to vote.

Justin Levitt, a professor at Loyola Law School in Los Angeles, described these data requests as “either illegal or [an] attempt to effectuate illegal acts” that violate the U.S. Privacy Act of 1972, which prohibits federal agencies from collecting and sharing large amounts of personal information on Americans.

Meanwhile, policy blueprints like Project 2025 propose “in plain view, a monstrous abuse of DOJ authority, pursuing faceless persecutions of elections officials” that mirrors the White House’s ongoing efforts to impose its will on state and local election rules, Levitt said.While most judges are pushing back, and election officials are largely standing firm in most states, Levitt worries that they will have to carry out their duties securing U.S. elections “despite, not alongside, our federal government.”

The post Senate Democrats call Trump admin’s focus on state voter rolls a pretext for disenfranchisement appeared first on CyberScoop.

The Trump administration’s new AI Action Plan calls for companies and governments to lean into the technology when protecting critical infrastructure from cyberattacks.

But it also recognizes that these systems are themselves vulnerable to hacking and manipulation, and calls for industry adoption of “secure by design” technology design standards to limit their attack surfaces.

The White House plan, released Wednesday, calls for critical infrastructure owners — particularly those with “limited financial resources” — to deploy AI tools to protect their information and operational technologies.

“Fortunately, AI systems themselves can be excellent defensive tools,” the plan said. “With continued adoption of AI-enabled cyberdefensive tools, providers of critical infrastructure can stay ahead of emerging threats.”

Over the past year, large language models have shown increasing capacity to write code and conduct certain cybersecurity functions at a much faster rate than humans. But they also leave massive security holes in their code architectures and can be jailbroken or overtaken by other parties through prompt injection and data poisoning attacks, or leak sensitive data by accident.

As such, the administration’s plan builds on a previous initiative by the Cybersecurity and Infrastructure Security Agency under the Biden administration to promote “secure by design” principles for technology and AI vendors. That approach was praised in some quarters for bringing industry together to agree to a set of shared security principles. Others rolled their eyes at the entirely voluntary nature of the commitments, arguing that the approach amounted to a pinky promise from tech companies in lieu of regulation. 

The Trump plan states that “all use of AI in safety-critical or homeland security applications should entail the use of secure-by-design, robust, and resilient AI systems that are instrumented to detect performance shifts, and alert to potential malicious activities like data poisoning or adversarial example attacks.”

The plan also recommends the creation of a new AI-Information Sharing and Analysis Center (AI-ISAC) led by the Department of Homeland Security to share threat intelligence on AI-related threats.

“The U.S. government has a responsibility to ensure the AI systems it relies on — particularly for national security applications — are protected against spurious or malicious inputs,” the plan continues. “While much work has been done to advance the field of AI Assurance, promoting resilient and secure AI development and deployment should be a core activity of the U.S. government.”

The plan does not detail how the administration intends to define which entities or systems are “safety-critical” or constitute “homeland security applications.” Nor does it outline how companies or utilities of limited financial means would pay for and maintain AI defensive systems, which are not currently capable of autonomous cybersecurity work without significant human expertise and direction.

The plan proposes no new spending for the endeavor, and other sections are replete with mentions of the administration’s intentions to review and limit or reduce federal AI funding streams to states that don’t share the White House’s broader deregulatory approach.

Grace Gedye, an AI policy analyst for Consumer Reports, said “it’s unclear which state laws will be considered ‘burdensome’ and which federal funds are on the line.”

The plan also calls for the promotion and maturation of the federal government’s ability to respond to active cyber incidents involving AI systems. The National Institute of Standards and Technology will lead an effort to partner with industry and AI companies to build AI-specific guidance into incident response plans, and CISA will modify existing industry guidance to loop agency chief AI officers into discussions on active incidents.

Initial reactions to the plan included business-friendly groups cheering the administration’s deregulatory approach to AI and negative reactions from privacy and digital rights groups, who say the White House’s overall approach will push the AI industry further toward less-constrained, more dangerous and more exploitative models and applications.

Patrick Hedger, director of policy for NetChoice, a trade association for tech companies and online businesses, praised the plan, calling the difference between the Trump and Biden approaches to AI regulation “night and day.”

“The Biden administration did everything it could to command and control the fledgling but critical sector,” Hedger said. “That is a failed model, evident in the lack of a serious tech sector of any kind in the European Union and its tendency to rush to regulate anything that moves. The Trump AI Action Plan, by contrast, is focused on asking where the government can help the private sector, but otherwise, get out of the way.”

Samir Jain, vice president of policy at the Center for Democracy and Technology, said the plan had “some positive elements,” including “an increased focus on the security of AI systems.”

But ultimately, he called the plan “highly unbalanced, focusing too much on promoting the technology while largely failing to address the ways in which it could potentially harm people.”

Daniel Bardenstein, a former CISA official and cyber strategist who led the agency’s AI Bill of Materials initiative, questioned the lack of a larger framework in the action plan for how mass AI adoption will impact security, privacy and misuse by industry.

“The Action Plan talks about innovation, infrastructure, and diplomacy — but where’s the dedicated pillar for security and trust?” Bardenstein said. “That’s a fundamental blind spot.”

 The White House plan broadly mirrors a set of principles laid out by Vice President JD Vance in a February speech, when he started off saying he was “not here to talk about AI safety” and likened it to a discipline dedicated to preventing “a grown man or woman from accessing an opinion that the government thinks is misinformation.”  

In that speech, Vance made it clear the administration viewed unconstrained support for U.S.-based industry as a key bulwark against the threat of Chinese AI domination. Apart from some issues like ideological bias — where the White House plan takes steps to prevent “Woke AI” — the administration was not interested in tying the hands of industry with AI safety mandates.

That deregulatory posture could undermine any corresponding approach to encourage industry to make AI systems more secure.

“It’s important to remember that AI and privacy is more than one concern,” said Kris Bondi, CEO and co-founder of Mimoto, a startup providing AI-powered identity verification services. “AI has the ability to discover and utilize personal information without regard to impact on privacy or personal rights. Similarly, AI used in advanced cybersecurity technologies may be exploited.”

She noted that “security efforts that rely on surveillance are creating their own version of organizational risks,” and that many organizations will need to hire privacy and security professionals with a background in AI systems.

A separate section on the Federal Trade Commission, meanwhile, calls for a review of all agency investigations, orders, consent decrees and injunctions to ensure they don’t “burden AI innovation.”

That language, Gedye said, could be “interpreted to give free rein to AI developers to create harmful products without any regard for the consequences.” 

The post Trump AI plan pushes critical infrastructure to use AI for cyber defense appeared first on CyberScoop.

Data from sensors that detect threats in critical infrastructure networks is sitting unanalyzed after a government contract expired this weekend, raising risks for operational technology, a program leader at Lawrence Livermore National Laboratory told lawmakers Tuesday.

That news arrived at a hearing of a House Homeland Security subcommittee on Stuxnet, the malware that was discovered 15 years ago after it afflicted Iran’s nuclear centrifuges. The hearing focused on operational technology (OT), used to monitor and control physical processes in things like manufacturing or energy plants.

Amid a Department of Homeland Security review of contracts, the arrangement between the laboratory and DHS’s Cybersecurity and Infrastructure Security Agency to support the CyberSentry program expired Sunday, the laboratory program manager Nathaniel Gleason told lawmakers under questioning Tuesday. An agency official told CyberScoop later Tuesday that the program is still operational.

CyberSentry is a voluntary program for critical infrastructure owners and operators to monitor threats in both their IT and OT networks.

“We’re looking for threats that haven’t been seen before,” Gleason told California Rep. Eric Swalwell, the top Democrat on the Subcommittee on Cybersecurity and Infrastructure Protection. “We’re looking for threats that exist right now in our infrastructure. One of the great things about the CyberSentry program is that it takes the research and marries it with what is actually happening on the real networks. So we’re not just doing science projects. We’re deploying that technology out in the real world, detecting real threats.”

But the lab can’t legally analyze the data from the CyberSentry sensors without funding from government agencies, and funding agreements were still making their way through DHS processes before the contract expired this weekend, he said.

“One of the most important things is getting visibility into what’s happening on our OT networks,” Gleason said. “We don’t have enough of that. So losing this visibility through this program is a significant loss.”

Spokespeople for the lab did not immediately provide further details on the size or length of the contract. Other threat hunting contracts have also expired under the Trump administration. 

Chris Butera, CISA’s acting executive assistant director for cybersecurity, said in a statement to CyberScoop that the “CyberSentry program remains fully operational.”

“Through this program, CISA gains deeper insight into network activity of CyberSentry partners, which in turn helps us to disseminate actionable threat information that critical infrastructure owners and operators use to strengthen the security of their networks and to safeguard American interests, people, and our way of life,” Butera said. “CISA routinely reviews all agreements and contracts that support its programs in order to ensure mission alignment and responsible investment of taxpayer dollars. CISA’s ongoing review of its agreement with Lawrence Livermore National Laboratory has not impacted day-to-day operations of CyberSentry and we look forward to a continued partnership.”

Tatyana Bolton, executive director of the Operational Technology Cyber Coalition, told the subcommittee there aren’t enough federal OT cybersecurity resources in general.

“We must better resource OT security,” Bolton said. “From addressing the growing tech debt,  hiring cybersecurity experts, to procuring and building updated systems, OT owners and operators don’t have the necessary funding to defend their networks.”

Those owners and operators spend 99 cents of every dollar on physical security and 1 cent on cybersecurity, she said. Reauthorizing the State and Local Cybersecurity Grant Program, due to expire in September, would help with that, Bolton said.

The Trump administration has made large cuts in CISA’s budget since the president took office in January.

This story was updated July 22 with comments from CISA’s Chris Butera.

The post Contract lapse leaves critical infrastructure cybersecurity sensor data unanalyzed at national lab  appeared first on CyberScoop.

Arizona election officials say a hack targeting a statewide online portal for political candidates resulted in the defacement and replacement of multiple candidate photos with the late Iranian Ayatollah Ruhollah Khomeini.

While officials say the threat is contained and the vulnerability has been fixed, they also blasted the lack of support they’ve received from the federal government, claiming the Cybersecurity and Infrastructure Security Agency is no longer a reliable partner in election security under the Trump administration.

Michael Moore, the chief information security officer for Arizona’s Secretary of State, told CyberScoop that his office first became aware that something odd was happening on June 23, while many officials were at a conference. One user managing the candidate portal noticed that one of the candidate images uploaded to the site didn’t “make sense” because it appeared to be a picture of Khomeini. The next day they were notified that candidate profiles going back years had also been defaced with the same picture.

“My first call was to Arizona’s [Department of] Homeland Security,” Moore said. “We started troubleshooting, locked down that portion of the site, and started doing preventative measures to reduce our attack surface.” 

Moore said other important systems, such as the statewide voter registration database and its confidentiality system for domestic abuse survivors, are hosted on servers that are  segmented from other parts of the network. He said there is no evidence that the attackers “even attempted” to access state voter rolls.

Incident responders determined that the attacker was using the candidate portal to upload an image file containing a Base 64-encoded PowerShell script that attempted to take over the server.

Moore described the affected candidate portal as an older, legacy system that wasn’t designed for security. Unlike many other statewide systems, the candidate portal was explicitly created to accept uploads from the public.

Moore likened the situation to “a village that’s surrounded by a castle; we’ve got a moat, we’ve  got a drawbridge, we’ve got a portcullis and guards on the walls.”

“But when our village needs to do business,” he said, “we have doors and windows that are open and an adversary can just walk through … masquerading as a legitimate business.” 

The substance and timing of the hack point to someone with pro-Iranian interests. The incident took place the day after the U.S. bombed Iranian nuclear sites, and a Telegram message linked in the defacement promised revenge against Americans for President Donald Trump’s actions. 

Moore said they do not have definitive attribution for the attack at this time.

A deteriorating partnership

For years, CISA has coordinated election security between  states and the federal government, sharing intelligence on vulnerabilities or hacking campaigns, deploying cybersecurity experts, and assisting with active incidents.

Arizona, through its state DHS, contacted multiple federal agencies about the hack, including the FBI. But CISA was not part of that outreach.

In a scathing statement, Secretary of State Adrian Fontes, a Democrat who has long focused on election security, said that this once-fruitful partnership between CISA and states had been damaged as the agency has been “weakened and politicized” under the Trump administration.

“Up until 2024, CISA was a strong and reliable partner in our shared mission of securing American digital infrastructure, but since then the agency has been politicized and weakened by the current administration,” Fontes said.  

Fontes said he personally reached out in a letter to Homeland Security Secretary Kristi Noem months ago in an effort to establish a relationship but was “dismissed outright.”

“Given their recent conduct, and broader trends at the federal level, we’ve lost confidence in [CISA’s] capacity to collaborate in good faith or to prioritize national security over political theater,” he continued. “This is exactly the kind of division that foreign adversaries of Russia, China and Iran seek to exploit. Cybersecurity should never be a partisan issue. When trust breaks down between levels of government, we put our democratic system at risk.”

Since being sworn into power, President Donald Trump and his administration have taken an axe to CISA’s budget and workforce, eliminated regional offices, fired disinformation experts, and drastically reduced the agency’s once-robust support for securing state elections. 

Moore doubled down on Fontes’ sentiments, telling CyberScoop “it was easy and natural to work with CISA until 2024.” Under previous administrations he had a litany of CISA employees on speed dial, but “right now, in 2025, we have no [federal] cybersecurity advisors.”

“We will occasionally communicate with CISA at a regional level, but we don’t have that direct level of support” we used to, he said.

Outside of elections, he referenced the massive SharePoint vulnerability disclosed by Microsoft over the weekend as a prime example of CISA’s diminished capacity and willingness to coordinate national responses to major cyber threats.

“We’re effectively trying to recreate the federal government,” Moore said. “In the past, CISA would have led the charge [to coordinate around the SharePoint flaw]. I didn’t get an email from CISA until [Monday] morning warning about the event, and that’s too late. This started on Friday morning and the damage was done by Monday morning.”

A DHS spokesperson called Fontes’ criticism “misguided.”

“Here are the facts: In late June, the state requested assistance. On July 1st the Arizona Secretary of State posted a notice on their website and took their candidate portal offline for several days ahead of their primary special election,” the spokesperson said. “Since then CISA has been working with Arizona and has provided direct assistance to support their response efforts.”

A former senior DHS official told CyberScoop that “there does seem to be a loss of confidence among both private sector and state and local governments with regard to CISA” under the Trump administration.

In particular, the administration change has led to a “deemphasis of CISA in terms of being the primary federal civilian cyber response agency,” the former official continued. Additionally, the agency does not yet have a Senate-confirmed leader and “they’ve lost a lot of talent, mostly on the technical side, like engineering and the technical services division that’s hard to replace,” they added.

The official requested anonymity to speak candidly with CyberScoop about their interactions with DHS.

Further, the lack of action from the federal government on other critical matters related to the agency, like reauthorization of the expiring Cybersecurity Information Sharing Act, have “led stakeholders of CISA to question whether or not it is the same agency they could count on six or seven months ago.”

The official said they believe the administration is looking to change perceptions and expectations around CISA’s mission, as Trump, Noem and others have sharply criticized the agency for its election security work.

“My sense is this is exactly what they wanted, which was a reset of the relationship with CISA and the department, but also how it is perceived and acts in the interagency and beyond,” the official said.“When they say focus the core mission on cyber, to me that says programs of record like EINSTEIN and a lot of emphasis on things like [the Continuous Diagnostics and Mitigation program], resetting the relationship on infrastructure protection and providing more targeted resources for assessments, or cyber hygiene related initiatives,” they continued. “That has yet to make its way through the pipeline, though, and what you have now is kind of a half thought out plan.”

The post After website hack, Arizona election officials unload on Trump’s CISA appeared first on CyberScoop.

As the Department of Homeland Security seeks to transform a federal database for immigrant benefits into a supercharged database to search for noncitizen voters, a trio of Democratic senators are pressing the department for more information.

Sens. Gary Peters, D-Mich., Alex Padilla, D-Calif., and Jeff Merkley, D-Ore., wrote to Homeland Security Secretary Kristi Noem on Tuesday posing a series of questions around the department’s overhaul of the Systemic Alien Verification for Entitlements (SAVE) database.

“States and nonpartisan voter advocacy organizations have expressed concerns with using the SAVE program as a standalone tool to determine voter eligibility without adequate safeguards,” the senators wrote. “In particular, there are concerns that data quality issues may cause state and local officials who rely on the program to receive false positives or incomplete results.”

The lawmakers’ comments echo many of the same concerns around SAVE that election officials and experts expressed to CyberScoop last month. For a variety of reasons — including SAVE’s clunky history, the fluid nature of immigration status and differing state data streams — the potential is high for the system to return false positives.

Further, the Trump administration has already attempted to force states to adopt White House policies around “proof of citizenship” requirements before sending them federal voter registration files. A federal judge ruled parts of that order were unconstitutional, and the administration is appealing. 

One concerning scenario is that if the administration pushes states to use SAVE to update and maintain their voter rolls, many registered voters could be removed for lacking documentary proof of citizenship.

While a number of post-election audits and investigations have determined that noncitizen registration and voting is rare to nonexistent, it has also found that millions of eligible voters lack the kind of identification that the Trump administration is pushing.

The administration has been filing lawsuits and sending letters to states alleging that their voter registration policies are out of step with the Help America Vote Act, which provide funding to states for election security investments.

If successful, it could force millions of voters to obtain these credentials or lose their voting rights, all without the administration ever actually showing evidence that noncitizen voting is happening en masse.

The Democratic senators note that DHS and U.S. Citizenship and Immigration Service have not briefed Congress or state and local election officials about the changes, but they have held meetings with prominent election denier groups like the Election Integrity Network, according to reporting from Democracy Docket.

Much of the work on SAVE is happening outside of public view, with little transparency.. USCIS has declined or not responded to interview requests from reporters seeking additional details about the SAVE overhaul or how it will ensure accurate results.

“Public transparency and assurances that the Department is appropriately protecting citizens’ rights, including privacy, is extremely important,” the lawmakers wrote. “Unfortunately, DHS has not issued any of the routine and required documentation about the program’s operations and safeguards or issued any public notice or notice to Congress.”

The senators are requesting a briefing for the Senate Homeland Security and Governmental Affairs and Rules and Administration committees, while turning over any materials shared with groups like the Election Integrity Network.

The post Senate Democrats seek answers on Trump overhaul of immigrant database to find noncitizen voters appeared first on CyberScoop.