Illinois Rep. Delia Ramirez is taking over as the top Democrat on the House Homeland Security panel’s cybersecurity subcommittee, replacing former Rep. Eric Swalwell after his resignation.

Committee Democrats approved the change Tuesday at a meeting prior to a “shadow hearing” without the GOP majority, focused on protecting elections from Trump administration interference.

Ramirez first won election to Congress in 2022 and was reelected in 2024. She has served as the vice ranking member of the committee since 2023. She is now the ranking member of the Subcommittee on Cybersecurity and Infrastructure Protection.

She has leveled criticisms during committee hearings about the Trump administration’s personnel cutbacks at the Cybersecurity and Infrastructure Security Agency, and was critical of how data was secured under the administration’s Department of Government Efficiency initiative led by Elon Musk.

“Under a Musk and Trump presidency, it’s clear that the security of Americans’ information is not a priority. I mean, a private civilian with no security clearance bullied his way into the Treasury, set up private servers, and stole sensitive information from an agency. If that isn’t a national security crisis, a cybersecurity  crisis –then I don’t know what is,” Ramirez said at an early 2025 hearing. “The true threat to our homeland security is ‘fElon’ Musk, Trump, and their blatant misuse of power to steal information and coerce employees to leave agencies.”

She cosponsored legislation last year meant to strengthen the cybersecurity workforce by promoting measures to help workers from underrepresented and disadvantaged communities to join the field.

But she also had criticisms of U.S. cybersecurity under the Biden administration, including of Microsoft’s role in the SolarWinds breach.

In a statement about her appointment Tuesday, Ramirez took aim at at Trump, Vice President JD Vance, Department of Homeland Security Secretary Markwayne Mullin and White House homeland security adviser Stephen Miller.

“It’s clear that the security of our communities’ information, federal networks, and critical infrastructure have not been priorities” under them, she said. “Between the security failures of DOGE, the abuses of immigrant families’ data, and the decimation of CISA’s workforce and resources, Republicans have demonstrated a lack of interest in safeguarding our nation’s cybersecurity and our residents’ civil rights and privacy. In neglecting necessary oversight, Republicans have deregulated emerging technologies, allowed bad actors to profit from violations of our civil rights, and consented to the weaponization of government systems. It is more critical than ever that we assert our Congressional authority and disrupt the blatant corruption making us all less safe.”

Swalwell left the position following his resignation from Congress as a representative from California amid allegations of sexual misconduct.

Her ascension completes a full leadership turnover for the subcommittee. Rep. Andy Ogles, R-Tenn., took over the gavel late last year after former chairman Andrew Garbarino, R-N.Y., took over as chairman of the full committee.

The subcommittee is set to hold a hearing Wednesday on CISA and its role as the sector risk management agency for a number of critical infrastructure sectors.

Updated 4/28/26: to include comment from Ramirez.

The post Rep. Delia Ramirez takes over as top House cybersecurity Dem appeared first on CyberScoop.

The Trump administration is rescinding a Biden-era memo that was intended to help agencies buy secure software, with the current Office of Management and Budget saying it relied on “unproven and burdensome” processes.

A former Biden administration official said the move is “the first major policy step back that I have seen in the administration on a cybersecurity front.”

At issue is the 2022 OMB memo titled “Enhancing the Security of the Software Supply Chain through Secure Software Development Practices,” M-22-18. The administration rescinded the memo Friday.

That memo led to the creation of a common “Secure Software Development Attestation Form” for government agencies that contractors had to use to vouch that their software adheres to a set of security practices. Agencies couldn’t buy from software vendors that couldn’t attest to the security of their products.

“Each agency head is ultimately responsible for assuring the security of software and hardware that is permitted to operate on the agency’s network,” OMB Director Russell Vought wrote in a brief memo Friday to agency heads. “There is no universal, one-size-fits-all method of achieving that result. Each agency should validate provider security utilizing secure development principles and based on a comprehensive risk assessment.”

Nick Leiserson, who served as assistant national cyber director for cyber policy and programs under Biden’s Office of the National Cyber Director, told CyberScoop that rescinding the 2022 memo was a step backward because the memo was meant to use government purchasing power to influence the market, and its repeal “is not good for the security of government systems and for the software that’s used throughout the whole U.S. economy.”

The memo stemmed from the first Biden administration executive order, a response to the major SolarWinds breach that led to agencies being penetrated by alleged Russian hackers, among other notable cyber incidents.

Rescinding it leaves nothing in its place, said Leiserson, now senior vice president for policy at the Institute for Security and Technology, at a time of rising exploitation of software vulnerabilities.

Friday’s decision doesn’t ban everything from the 2022 memo. Vought said agencies could use the common attestation form if they choose; agencies must “maintain a complete inventory of software and hardware and develop software and hardware assurance policies and processes that match their risk determinations and mission needs”; and that agencies could adopt contract terms that require software makers to provide a list of software ingredients, known as a software bill of materials, upon request.

Lieserson disputed the idea that the 2022 memo was burdensome, based on government estimates that the common form would consume three hours and 20 minutes of paperwork. And Leiserson said rescinding it goes against the Trump administration’s goal of deconflicting a tangle of cybersecurity rules: In the place of one common form for all contractors, agency-by-agency forms will increase the regulatory burden.

The Trump administration had previously signaled a desire to roll back other cybersecurity directions for agencies from President Joe Biden.

The post OMB rescinds ‘burdensome’ Biden-era secure software memo appeared first on CyberScoop.

The Securities and Exchange Commission on Thursday dropped its case against SolarWinds and its chief information security officer over its handling of an alleged Russian cyberespionage campaign uncovered in 2020, an incident that penetrated at least nine federal agencies and hundreds of companies.

The SEC’s decision brings to a halt one of the more divisive steps under the Biden administration to hold companies’ feet to the fire over their security failings, a groundbreaking suit that a judge last year dismissed in significant measure.

It comes the same day the Federal Communications Commission rescinded Biden-era cyber regulations the FCC wrote in response to another major cyberespionage campaign that saw alleged Chinese hackers infiltrate telecommunications carriers.

Two years ago the SEC took action against SolarWinds and its CISO, Tim Brown, over claims that it didn’t adequately disclose the Sunburst attack that began in 2019, as well as over other security assertions the company made.

The SEC litigation notice Thursday didn’t explain why it had dropped the case. An SEC spokesperson declined to comment beyond the notice.

A SolarWinds spokesperson said the company welcomed the SEC decision. The mere threat of SEC action two years ago had panicked some cyber executives who said it could create a chilling effect to disclose cyber information.

“We fought with conviction, arguing that the facts demonstrated our team acted appropriately — this outcome is a welcome vindication of that position,” the spokesperson said in a statement about how it was “delighted” on behalf of the company and Brown. “We hope this resolution eases the concerns many CISOs have voiced about this case and the potential chilling effect it threatened to impose on their work. With the case now resolved, we look forward to focusing without distraction on delivering exceptional value to our customers through our market-leading software and solutions, emphasizing security and innovation at every step.”

The post SEC drops case against SolarWinds tied to monumental breach appeared first on CyberScoop.