Federal cyber officials aren’t seeing a significant change in attacks tied to Iran since the conflict there began, at least not yet, but they are on the lookout for any uptick and are focusing on the Stryker attack in particular.

Terry Kalka — director of the Defense Industrial Base Collaborative Information Sharing Environment at The Defense Department’s Cyber Crime Center — said Thursday that “there’s some basic indicators, there’s some known” tactics, techniques and procedures, but “we’re not seeing a tremendous amount of impact yet.”

That sentiment aligns with what the acting director of the Cybersecurity and Infrastructure Security Agency, Nick Andersen, told reporters on Tuesday: “We still are seeing a steady state. We have not seen an increase or any rise of threat actor activity.”

But both men said they’re monitoring to see if that changes. “We are very much on the alert for, if not Iran, Iran-influenced actors,” Kalka told CyberScoop at the Elastic Public Sector Summit.

On Thursday, CISA issued recommendations tied to this month’s cyberattack on medical device maker Stryker, the most eye-catching cyber activity with Iran links after an Iranian hacking group known as Handala claimed credit for the attack.

CISA urged organizations to improve their defenses of endpoint management systems after the attack caused global disruptions to Stryker’s Microsoft environment. CISA made several recommendations , including to set up safeguards in Microsoft’s Intune endpoint management tool.

Stryker has contracts with the Defense Department.

“We’re all paying attention to the Stryker incident that broke last week, because there are implications there for communications technology and private information or corporate information that, even if it’s not defense Information, getting access to someone’s email and understanding the infrastructure of the company is very, very useful,” Kalka said.

Andersen said CISA has been in touch with Stryker, as has the FBI. On Thursday, it was reported that the FBI and the Justice Department took down two websites linked to Handala.

Andersen said the agency’s approach doesn’t change much because of the conflict, however.

“We just can’t take our eyes off of the fact that other adversaries continue to make maneuvers in this space,” he said at an event hosted by Auburn University’s McCrary Institute. “Cybercriminal groups continue to make moves within this space. It was not just about one nation-state at one particular point in time. We see persistent motivation across the board for people to be able to take advantage of cyber weaknesses across critical infrastructure and our traditional IT environments.”

CISA has furloughed hundreds of employees as Congress continues a standoff over funding for the Department of Homeland Security over the Trump administration’s immigration enforcement approach.

The post Feds keep eyes peeled for Iran cyberattacks, respond to Stryker breach appeared first on CyberScoop.

National Cyber Director Sean Cairncross said Tuesday that the Trump administration isn’t aspiring to enlist the private sector to conduct offensive cyber operations, but instead to help the government by keeping them abreast of the threats they’re facing.

The recently-released national cyber strategy talks about incentivizing companies to disrupt the networks of adversaries.

“I’m not talking about the private sector, industry or companies engaging in a cyber offensive campaign,” Cairncross said at an event hosted by Auburn University’s McCrary Institute. “What I’m talking about are the technical capabilities, the ability of our private sector to illuminate the battlefield from what they’re seeing, to inform and share information so that the USG [U.S. government] can respond to get ahead of things.”

The idea of enabling U.S. companies to undertake disruptive or offensive campaigns against malicious hackers, or to at least aid in U.S. government offensive operations, has regained currency in some GOP circles in recent years. Some companies have shown an interest in doing so, especially if laws are changed to make it more viable.

That trend coincides with growing calls from Trump administration officials — and now the release of the cybersecurity strategy — to go on the offense against hackers, although Cairncross emphasized again that the strategy pillar to “shape adversary behavior” isn’t just about conducting cyber offensive campaigns, but to use other government mechanisms to put pressure on hackers, be they legal or diplomatic.

The government can go about shaping the “risk calculus” “in a more agile fashion” with private sector help, he said.

There’s an enormous amount of capability on the private sector side, and now we have a spear from the United States government… we are looking for real partnership,” Cairncross said.

One way the U.S. government has sought to bring the fight to cyber adversaries is the FBI’s “joint sequenced operations,” used to degrade their capabilities. Speaking at the same event, the head of the bureau’s cyber division said the private sector was key to those operations as well.

“Every one of the joint sequenced operations that the FBI conducts to remove that capacity and capability that I talked about — from the Russians, from the Chinese, from the Iranians and others — happens because a victim came forward and engaged the FBI,” said Brett Leatherman.

“One takeaway for everybody here is ‘What is your game plan in the event of a breach to engage your local FBI field office?’” he asked. “I would proffer there’s very little liability in doing so, and we’re happy to have conversations with your outside or inside counsel, but there’s a tremendous amount to be gained by doing that.”

The post Trump administration isn’t pushing companies to conduct cyber offense, national cyber director says appeared first on CyberScoop.

“Decimated.” 

“Amateur hour.”

“Pretty much fallen apart.”

“It’s really hard to find something positive to say right now.”

It’s been a little more than one year into the second Trump administration, and there’s a large consensus, if not total unanimity, among those who have worked with and for the Cybersecurity and Infrastructure Security Agency: It has suffered significantly during that time. 

CISA has lost roughly a third of its personnel and shuttered entire divisions. Observers across the political spectrum told CyberScoop for this story that even on its core missions, like coordinating with industry and protecting federal networks, the agency is significantly diminished.

Many sources that spoke with CyberScoop did so under the condition of anonymity, in order to be more candid or avoid retribution. They told CyberScoop that CISA’s biggest problems, and their consequences, include:

• Trump’s ire over the 2020 election results has led to the agency being deprioritized within the administration. Congress has yet to approve the administration’s permanent pick to lead the agency, Sean Plankey, and lawmakers have failed to do other things to strengthen it. 
• CISA’s capabilities have been significantly diminished by the loss of personnel, expertise and programs. 
• In the absence of a permanent leader, Acting Director Madhu Gottumukkala has struggled to lead the agency. “I don’t think anybody would argue he’s doing a great job,” one industry source said.
• Organizations that previously turned to CISA for help now seek alternatives, like industry alliances, outside consultants or government-to-government partnerships.

Where to assign blame varied from source to source. Most criticized both the administration and Congress, though some faulted one more than the other.

Some see bright spots in CISA under the current administration. And while many are pessimistic about the agency’s future, others expressed optimism.

But the first year reviews are not glowing.

“Year one was a tough year for the agency,” said House Homeland Security Committee Chairman Andrew Garbarino, R-N.Y. He noted that a “lot of the best and brightest have left the agency,” though he expressed optimism about Plankey’s ability to turn CISA around. “The amount of cyberattacks that our nation is seeing every day, both on the private side and on the federal government side — you want your best people there fighting against it, and if they’re somewhere else, it definitely leaves us all vulnerable.”

Said Mississippi Rep. Bennie Thompson, the top Democrat on Garbarino’s panel: “It’s tough to have a robust entity when you cut the money…we are weaker because of CISA’s lack of manpower.”

When priorities shifted

Trump has harbored animosity toward CISA since 2020, when it contradicted his false claims related to widespread electoral fraud. He and his allies built on that animosity, recommending in Project 2025 that the agency be dismantled, divided by its core responsibilities, and farmed out to other federal agencies. 

“There was uniquely a target on its back,” said one CISA official who left in 2025. That hostility came from some Republicans in Congress, especially Kentucky Sen. Rand Paul, who chairs the Senate Homeland Security and Governmental Affairs Committee.

Said Thompson: “CISA wasn’t politicized for the most part, until the Trump administration came along and accused them of somehow contributing to his [election] loss.”

CISA has lost substantial personnel, including veterans and whole teams. Some employees were transferred to other divisions in the Department of Homeland Security. Election security was quickly cut. Two information sharing and analysis centers (ISACs) that serve state and local governments lost funding. A division coordinating with foreign governments, businesses and state and local governments was effectively closed.

The agency has lost senior leaders in programs like counter-ransomware initiatives, threat hunting and secure software development. Contracts for things like detecting threats in critical infrastructure networks, tracking vulnerabilities and collaborating with industry teetered, albeit sometimes only temporarily. 

DHS has unraveled multiple programs in which CISA plays a key role, such as by dismissing members of the Cyber Safety Review Board and disbanding the Critical Infrastructure Partnership Advisory Council. Congress has lurched between letting both a key state and local cyber grant program and a cyber threat information sharing law lapse and temporarily re-upping them.

The departures and program changes likely haven’t ended, either. 

“It’s not a very harmonious place right now,” said one industry source. “I hear from people that are looking to leave.” Former CISA employees say those who remain either believe strongly in the mission, or are simply keeping their heads down until retirement from federal service.

“People I talk to say the morale is really low,” said James Lewis, distinguished fellow with the tech policy program at the Center for European Policy Analysis think tank.

CISA and DHS officials routinely say the changes are designed to get the agency “back on mission.” Lewis, industry officials and others say CISA probably never needed to get involved in combatting misinformation and disinformation, roles that rankled some conservatives, but the agency largely halted that work prior to Trump returning to office.

Some saw duplication and redundancy at CISA as legitimate problems. “I did see overlap between who was actually doing policy and who was actually doing the operational work,” said Ari Schwartz, managing director of cybersecurity services at the law firm Venable and a former Obama administration cybersecurity official.

It was not that long ago when CISA experienced quick budget growth, particularly after its establishment in 2018.

“As with any organization, the first few years are growth years and after a while, the agency needed to reevaluate how it was operating and meeting its statutory authorities,” said Kate DiEmidio, who formerly served as the agency’s director of legislative affairs and acting chief external affairs officer. “There was a need for the agency to refocus.”

Even among those who saw the need for change at CISA, though, many saw the Trump administration as going way too far. “CISA needed surgery,” Lewis said, but “what it needed was surgery with a scalpel, not a sledgehammer.” He added, “Not only is the White House hostile to CISA, but cybersecurity isn’t a priority for them.”

A question of capacity

The cuts have created real-world consequences for cybersecurity coordination. Former officials and industry partners describe broken relationships, unanswered requests for help and serious questions about whether CISA can handle a major crisis. The coordination and engagement that defined the agency’s approach have largely diminished.

The end result is that “they’ve dismantled all of those capabilities in units within government,” said Caitlin Durkovich, a former DHS official in the Obama administration and White House official in the Biden administration. She recently started a firm with former top CISA official Jeff Greene that offers services CISA has scaled back, such as security assessments.

“It’s been really hard to watch,” Greene said, how CISA has been working with the private sector and local governments on “developing a level of trust that is weakening or gone.”

One industry source said they used to meet regularly with top officials, but now can’t get a response. “We’ve got really good engagement elsewhere in government. We really would like the opportunity to do the same thing with CISA,” they said. “Some of the trust that had been built up has been eroded.”

Thompson said the biggest losses have been in election security and secure-by-design, areas where his staff says personnel has been “decimated.”

Said another industry source: “I do feel like that when people, if organizations, want to reach out to CISA, it’s not clear who’s there… If we got into a major conflict, let’s say, with China, and they start triggering Volt Typhoon-related malware, are we organized and ready to roll? I don’t think so.”

Another former CISA official described the current situation as a “lack of capacity,” especially when it comes to coordinating with state and local governments and others on a regional basis.

“A bunch of regions are really grappling with the loss of really key personnel who were the ones that were establishing and maintaining these relationships, and really trying to build the trust between the agency and the private sector, and especially in critical infrastructure,” they said. “Not having as many people to help do that national coordinating function that CISA is supposed to do is a real issue.”

They also said there are fewer people working in “flagship programs” like secure-by-design and developing regulations for the landmark Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA). “People are overstretched,” they said. “They’re not doing all the things that they could or should be doing, or want to be doing, and I think that you see evidence of that with talk from the private sector and their inability to to reach people and to get help “

Schwartz said he worries about when “an incident happens, do they have the people to go in, go to the states, go locally, and really do the work that’s needed, as they did in the past? Because they’ve lost some of that ability.”

Lewis said that “overall, the impression is it’s a much weaker entity than it was a year ago.”

“Their power was in their ability to act as a focal point, to coordinate, to bring people together, and just the publication of vulnerabilities and some of the things they were starting to get into in the previous administration were big steps forward that’s been diminished because they don’t have the people now,” he said. “So a smaller organization, that’s just not going to be as powerful.”

State and local governments say they’ve lost critical connections with CISA, saying they’ve had to turn to one another to fill the gaps.

“We’re asking states to do a job they’re not resourced to do, while weakening the one federal agency designed to help them,” said Errol Weiss, chief security officer at the Health-ISAC. “This is precisely where you do need a strong, centralized federal security function. We already have a national shortage of cybersecurity experts, and you can’t just replicate that expertise 50 times over.”

Overall, Weiss said industry partners have felt the lack of outreach from the agency. “Fewer touchpoints, fewer briefings, fewer problem‑solving calls,” he told CyberScoop, adding that there’s “a growing perception that CISA is being hollowed out where it matters most to industry: stakeholder engagement, collaborative forums, and operational support during incidents.”

Rob Knake, a former top Biden administration official, recently said that “CISA as an organization has pretty much fallen apart.”

Leadership in limbo

One near-universal sentiment is that as Sean Plankey’s leadership nomination drags in the Senate, the agency is worse off.

“We need to start this year off right, and we’re already in February and can’t get Plankey confirmed,” Garbarino said. “There’s nothing better than having a Senate-confirmed person running the show.”

The acting director has also faced criticism beyond the operational issues. Gottumukkala, who served as South Dakota’s chief information officer under Kristi Noem before she became DHS secretary, has faced fire from both parties for his stewardship.

A string of embarrassing stories have emerged about Gottumukkala, from the tale of him failing a polygraph test and seeking to oust those who administered it; to his reported attempted ouster of veteran agency CIO Robert Costello; to his reported uploading of sensitive contract data to ChatGPT. DHS has defended Gottumukkala amid those revelations.

Reading stories like that, “It just sounds like amateur hour,” said one former CISA employee.

“I don’t think he’s up to the task. I believe that he’s not the best person, and I think he is just somebody the secretary likes, because they both are from South Dakota.” Thompson said. “I don’t know anybody before this administration who would be in sensitive areas and not have passed minimal standards like the polygraph.”

The ChatGPT story drew concern from the right by Senate Judiciary Chairman Chuck Grassley, R-Iowa, as well as from conservative figure Laura Loomer (the latter of whose remarks were racially tinged). Others were more perturbed by the lie detector story.

“When you have security issues with someone in a leadership position, you should find another place for them to go,” said a former Trump administration national security official. “There are plenty of competent people in DHS, in CISA, who could hold things together until Sean Plankey gets there. There are lots of serious things CISA needs to be working on right now. This is a drag on that. It’s not a place where you want any type of friction at the top.”

Garbarino was more generous, noting Gottumukkala’s technical background. DiEmidio also noted Gottumukkala’s technical skills. But Garbarino and Nevada Rep. Mark Amodei, the GOP chairman of the House Appropriations Subcommittee on Homeland Security, have been seeking CISA’s organizational plans to no avail.

“I don’t think he’s intentionally lying to us by saying there’s no reorg plan,” Garbarino said. “But there’s got to be some reasoning behind all these moves, moving the people around, or layoffs or whatever. I want to give him the benefit of the doubt that he is the technical guy that has been given a non-technical job to do.”

Schwartz and some others largely blame Congress for CISA’s current woes, since they haven’t approved Plankey as a full-time, permanent leader. “A lot of the issue is the fact that just doesn’t have the leadership to be able to participate in senior-level discussions,” he said.

What’s left to build on

Despite myriad complaints, many observers still see value in the current iteration of CISA. Some are hopeful about its ability to rebound, too.

CISA says it’s still devoted to its missions. The agency published a 2025 year-in-review about its accomplishments.

“CISA remains steadfast in its mission to safeguard the systems Americans rely on by strengthening federal network defenses, empowering businesses, and fortifying critical infrastructure nationwide,” Gottumukkala said in a statement to CyberScoop.

Moving forward, “we will deepen collaboration with trusted partners, prioritize highly skilled technical professionals, and direct resources for maximum impact—accelerating innovation, operational coordination, and workforce right-sizing to reduce long-term risks while maintaining strong industry partnerships and cost efficiency,” he said. “The CISA leadership and workforce remains committed to this mission despite a small minority who are upset that accountability and reform have come to the agency.”

It’s a message Gottumukkala recently delivered to Congress. “He tried to give the impression that we haven’t lost any capacity,” Thompson said. “I wasn’t impressed.”

Others said CISA is still carrying out many of its old tasks, such as issuing public alerts on vulnerabilities and threats.

“There’s still some good reporting coming out,” Greene said. “But what I can’t know is the volume of what they can put out versus what they used to be able to put out.”

Weiss said “CISA still has tremendous value in areas only the federal government can truly provide: national‑level visibility, cross‑sector coordination and the ability to marshal resources across agencies in a crisis.” But it’s not clear whether CISA can rise to the occasion like it did during the 2024 Change Healthcare crisis.

“All of this means it’s more important than ever for the private sector to take the initiative,” he said. “Critical infrastructure owners and operators cannot assume the federal government will have the capacity to step in the way it once did.”

Weiss and others also said that CISA has refocused on federal networks, but others, such as Lewis, said it’s also diminished there. “That’s their primary mission, and they don’t have the policies or the bodies to do that,” Lewis said.

Garbarino and a number of industry sources say they’re encouraged by the idea that the Trump administration could write less onerous regulations for CIRCIA, with an earlier draft drawing bipartisan and industry criticism.

A Senate-confirmed leader could further brighten the agency’s prospects, many agree. “They still have some good talent there. It’s not totally that we’ve lost everything there,” Schwartz said. “If you have leadership in there, then you can build it up.”

DiEmidio said some of the staff changes have made sense. Election security had more people than other sectors that needed the help, she said. 

“In some ways, I think the external attention to CISA’s mission in the media and with Congress was completely focused on one or two things, and the focus on the things that really matter, and the good work that CISA is doing got overshadowed,” she said. For the agency’s cybersecurity division and other cyber teams, “there were several incidents over the summer where those teams were incredible. They were working evenings, weekends.”

But many agree that rebuilding CISA’s workforce will be difficult.

The Trump administration has deliberately made working for the federal government challenging as a matter of policy. Russell Vought, head of the Office of Management and Budget, said before the election that the goal was to put federal workers “in trauma.” Morale at CISA has been particularly bad, they say. Periodic DHS shutdowns haven’t helped.

On the plus side for CISA, it’s a bad labor market, Lewis said.

Some of what CISA needs to do going forward is about managing expectations, said DiEmidio.

“What I would want to make sure is that CISA has a hiring plan in place to start hiring, especially in those key technical positions at all levels,” she said. “ I think you have to have an understanding that people are going to rotate in and out of government. Not everyone wants to stay in government long term and that’s okay.”

But there are some worries about CISA recruiting going forward. “Just the way they handle the departures, for a lot of folks, I don’t think it gives a lot of encouragement to individuals that ‘Hey, this is a great place to work,’” said one former DHS official.

The post Across party lines and industry, the verdict is the same: CISA is in trouble appeared first on CyberScoop.

A revised government-industry council devoted to critical infrastructure protection could be set up to have broader and more specific discussions on things like cybersecurity and threats to hardware and software that monitor and control industrial processes, known as operational technology (OT).

A top official at the Cybersecurity and Infrastructure Security Agency (CISA), Nick Andersen, said Tuesday he couldn’t share a timeline yet for the replacement of the Critical Infrastructure Partnership Advisory Council, which the Homeland Security Department disbanded to private sector dismay last year.

But he said the replacement, details of which CyberScoop was first to report, was trying to solve a number of problems with the original council (CIPAC).

“Old CIPAC never made any explicit focus on cybersecurity, that just wasn’t part of what was chartered back in the day when it was originally launched,” Andersen, executive assistant director for cybersecurity, told reporters at an event hosted by the Information Technology Industry Council (ITI).

“Additionally, it didn’t give us the opportunities for having focus groups to have conversations [about] like undersea cables, might be a good example. OT systems might be a good example,” he said. “OT had to nest itself under the IT Sector Coordinating Council in the past. There’s real opportunities for us to improve, opportunities for elements of the community that didn’t necessarily have opportunities to engage in a substantive way in the past, to give them a voice in the process.”

Further considerations, sources have told CyberScoop, include things like liability protections and how transparent the panel’s proceedings should be.

It was one of a number of topics discussed at the ITI event on the intersection of government, industry and cybersecurity.

Andersen told reporters he couldn’t provide a timeline for development of an artificial intelligence information sharing center (AI-ISAC), first proposed by the Trump administration as part of its AI Action Plan.

But he spoke at the event about pitfalls he hoped an AI-ISAC would avoid. Key, he said, would be to avoid having a government-established entity that ran parallel to, rather than in coordination with, industry efforts.

The administration wants to “take the opportunity to get that relationship right,” Andersen said.

The post What’s next for DHS’s forthcoming replacement critical infrastructure protection panel, AI information sharing appeared first on CyberScoop.

The Trump administration needs help from industry to reduce the cybersecurity regulatory burden and to back important cyber legislation on Capitol Hill, among other areas, National Cyber Director Sean Cairncross said Tuesday.

“You know your regulatory scheme better than I do: Where there’s friction, where there’s frustration with information sharing, what sort of information is shared, the process through which it’s shared,” he said. “It is helpful for us to hear that and have that feedback so that we can address it, engage it and try to make it better.”

The Trump administration is interested in being a partner with industry rather than a “scold,” Cairncross said at an Information Technology Industry Council event. The Biden administration sought to impose more cybersecurity rules on the private sector than prior administrations.

Cairncross also called on industry to help pass the Cybersecurity Information Sharing Act of 2015, which has expired and dealt with short-term extensions in recent months as Congress stalls on what to do with a law that provides legal protections to companies that share cyber threat data with the government and each other.

The Trump administration would like to see the law extended as-is for 10 years.

“What we need from industry is an echo chamber up on the Hill to help make that happen,” he said. “I can go tell people how important this is, or the White House can weigh in, and we have done that. But when the people who are actually affected by this start to weigh in with members, that has an even greater impact.”

Overall, Cairncross wants industry to “show up and engage,” he said, as the administration has done with its forthcoming cybersecurity strategy, something he said would be rolled out “sooner rather than later.”

“Reach out to us,” he urged. “We will certainly be reaching out how we have gone about this strategic piece of this. Just from the outset, we have had a heavy industry engagement side of this and looked for feedback and thoughts. It’s been extremely helpful, and hopefully it has been successful in sending the message that we want to, which is, we are here to do everything we can to partner with industry.”

The post Sean Cairncross’ cybersecurity agenda: less regulation, more cooperation appeared first on CyberScoop.

Congressional appropriators announced funding legislation this week that extends an expiring cyber threat information-sharing law and provides $2.6 billion for the Cybersecurity and Infrastructure Security Agency (CISA), including money for election security and directives on staffing levels.

The latest so-called “minibus” package of several spending bills to keep the government funded past a Jan. 30 deadline would extend the Cybersecurity and Information Sharing Act of 2015 through the end of the current fiscal year, Sept. 30. Industry and the Trump administration have been seeking a 10-year extension of a law that provides legal protections for sharing cyber threat data between companies and the government, but a deal on Capitol Hill has proven elusive.

The package, announced Tuesday, also would extend the expiring State and Local Cybersecurity Grants Program through the end of fiscal 2026. Both laws temporarily expired during the government shutdown before being included in broader government funding legislation that extended them through Jan. 30. The House Homeland Security Committee has approved legislation on a long-term extension of the grants program, but the Senate hasn’t taken any action on it.

Also notably, the “minibus” — with funding for Labor and Health and Human Services; Education and related agencies; Defense; Homeland Security; and Transportation, Housing and Urban Development and related agencies — includes an extension until Sept. 30 for the Technology Modernization Fund, a program focused on upgrading old and vulnerable federal tech that likewise has had difficulties getting an extension.

The legislation that funds the Department of Homeland Security (DHS) would provide $2.6 billion for CISA. The agency’s budget coming into the Trump administration stood at approximately $3 billion, and President Donald Trump sought nearly half a billion dollars less than that for fiscal 2026.

Under the bill, $39.6 million would go to continuing election security programs, namely election security advisers in each CISA region across the country and the continuation of the Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC). Last spring, the organization that supports the EI-ISAC said it no longer was doing so after the Trump administration terminated funding, with DHS saying the EI-ISAC no longer aligns with its mission.

Despite going along with much of what Trump sought on the CISA budget total, the DHS funding bill gives the department a commandment on CISA staffing levels, which have been significantly reduced under the president.

“CISA shall maintain a workforce consistent with the personnel and FTE [full-time employee] funded by the pay and non-pay amounts provided in this Act,” according to a joint explanatory statement from appropriators. “CISA shall not reduce staffing in such a way that it lacks sufficient staff to effectively carry out its statutory missions, including cybersecurity and infrastructure security for the Federal Civilian Executive Branch agencies, SLTT [state, local, tribal and territorial] partners, Sector Risk Management Agencies, international partners, and other stakeholders.”

The House Appropriations Committee touted the DHS spending bill in a news release, saying that “from our borders and ports to aviation and cyber, we deliver the personnel, training, and technology to reinforce our security at every level.”

The fate of the minibus depends on a number of factors, among them the thin GOP House majority and rising Democratic opposition to funding for the Immigration and Customs Enforcement agency.

The post Congressional appropriators move to extend information-sharing law, fund CISA appeared first on CyberScoop.

The Department of Homeland Security is finalizing plans for a new body that would replace the functions of the Critical Infrastructure Partnership Advisory Council (CIPAC) and serve as a communications hub between industry and government to discuss ongoing threats to U.S. critical infrastructure, including from cyber attacks.

Under previous administrations, CIPAC served as a nerve center for federal agencies, industry and other stakeholders. While industry widely praised its utility, the council was one of many DHS advisory bodies that were shuttered last year by Secretary of Homeland Security Kristi Noem when President Donald Trump returned to office.

Now, according to multiple sources, a proposed regulation for a new replacement council is in the final stages of review and approval from Noem’s office.

The new body will be called the Alliance of National Councils for Homeland Operational Resilience, or “ANCHOR,” and will also serve as an umbrella organization for other federal sector risk management agencies. Its goal is to restart conversations and planning around infrastructure security that took place under the previous CIPAC, according to a former DHS official.

The official, who requested anonymity to discuss the administration’s plans, said all 15 federal sector coordinating councils have been briefed on ANCHOR. One of the primary differences between CIPAC and ANCHOR will be in structural authorities and liability protections.

CIPAC was essentially “an advisory council that could be chartered to create other advisory councils” that needed Secretary-level approval and contained rigid rules requiring separate  charters for every new council that was then stood up.

This created “a waterfall effect” of bureaucracy that made CIPAC a poor vehicle for holding broad conversations between not just DHS and industry, but all other federal sector risk management agencies and sector coordinating councils.

“What DHS strived to do was to create a new framework for engaging on threat conversations and pre-deliberative policy conversations impacting security outcomes with sectors and the private sector, without having to create all these waterfall advisory councils or new charters and all that stuff,” the official said.

Under CIPAC, conversations between government and industry were also “closed by default” to the public, with mandatory liability protections for every conversation and setting. Often, the most the government could do was issue a press release or cite comments under Chatham House Rule.

Under ANCHOR, there is expected to be wider latitude for DHS or other councils to open certain meetings to the public, or provide transcripts of conversations they hold with stakeholders.

However, the official emphasized that liability protections remain one of the last unresolved issues. The administration is still determining when those protections would or would not apply to ANCHOR-related discussions between government and industry and further changes could be made to assuage industry.

Other federal laws, such as the Cybersecurity and Information Sharing Act of 2015, only provide liability coverage for “one to one” conversations between a company and the government. CIPAC, by contrast, provided a liability shield for “one-to-many” engagements, where a company may engage with federal, state and local agencies as well as other companies and entities.

“That was a very understood and very counted-on liability shield for allowing senior officials, all the way up to the CEO of private sector companies, to really openly communicate with each other,” the official said.

Following publication, a DHS spokesperson in a statement did not dispute a description of ANCHOR provided by CyberScoop but called discussions of an imminent regulation release “premature.”

“We look forward to sharing more details once we have something to announce,” the spokesperson said.

This week, Adrienne Lotto of the American Public Power Association told Congress that liability protections in CIPAC were critical to fostering open dialogue between industry and government around cybersecurity and infrastructure protection.

She also signaled that a new advisory council was forthcoming, saying industry “was apprised by DHS that the administration’s proposed CIPAC replacement is ready for publication in the Federal Register” while encouraging the administration to finalize the plans “quickly.”

Even with some uncertainty around ANCHOR’s structure and liability protections, many industry executives are likely to embrace the return of information-sharing partnerships that they believe were vital to understanding the digital and physical threat landscape facing their sectors.

Last year, industry groups lamented the disbanding of CIPAC to members of Congress, prompting Rep. Andrew Garbarino, now chair of the Homeland Security Committee, to pledge he would “look into this and hopefully speak to the administration to try to fix this.”

The former DHS official said they expected ANCHOR to be largely welcomed by many industries who have called for the restoration of CIPAC, even as they look to grapple with the Trump administration’s new approach.

“Everybody who wants to talk in groups is going to be excited because it’s back,” the official said. “Everybody that’s interested in the amount of risk that it opens up is going to want to see the details.”

1/15/2026: This story was updated Jan. 15 with a DHS statement sent to CyberScoop in response to questions about ANCHOR.

The post Sources: DHS finalizing replacement for disbanded critical infrastructure security council  appeared first on CyberScoop.

With a little more than a month left before a foundational cyber threat information sharing law expires for a second time, Congress might have to do another short-term extension as negotiations on a longer deal aren’t yet bearing fruit, a key lawmaker said Tuesday.

House Homeland Security Chairman Andrew Garbarino, R-N.Y., said the problem with a long-term extension of the Cybersecurity Information Sharing Act of 2015, which provides legal protections to companies to share cyber threat data with the federal government and other companies, is that there are three different views about how to approach it.

The Trump administration and some in the Senate want a clean, 10-year reauthorization of the law, which Congress extended last month until Jan. 30 as part of the legislation that ended the government shutdown, after the information sharing law lapsed in October. But a reauthorization without any changes could run into House opposition, Garbarino said.

“I don’t know if I can get that passed in the House, with concerns from the Freedom Caucus,” he said at an event hosted by Auburn University’s McCrary Institute. The Freedom Caucus has had criticism of the Cybersecurity and Infrastructure Security Agency that is integral to implementing the 2015 law.

Senate Homeland Security and Governmental Affairs Committee Chairman Rand Paul, R-Ky., also has a version of the bill that focuses largely on language he said is needed to defend free speech. And Garbarino’s version takes yet another approach to tweaking the law.

“Unfortunately, I don’t think we’re close enough with the discussions on the Senate to get it to figure out which bill will pass and what will get done,” Garbarino said. That leaves another extension tied to any funding bill that replaces the legislation currently funding the government, which also runs through Jan. 30.

Garbarino said his committee also is working on other issues, like deconflicting federal cybersecurity regulations, the cyber workforce and responding to the Chinese hacking group Salt Typhoon breaching telecommunications networks.

A report on “regulatory harmonization” has been underway at the committee, he said. But that doesn’t mean he wants to roll all the rules back. Asked about the Federal Communications Commission voting to get rid of Biden administration-era rules put into place in response to the Salt Typhoon breach, Garbarino said, “I’m not sure I would’ve voted to get rid of some of the protections or the rules, but it wasn’t my vote.”

The committee has been probing the government’s response to Salt Typhoon, and recently sent another set of questions in the past two or three months after not getting satisfactory answers the first time, Garbarino said.

“We are working closely with the China Select Committee as to what legislatively we could move if there’s something,” he said. “We’re not there yet.” 

Rep. Sheri Biggs, R-S.C., has picked up the baton on cyber workforce legislation sponsored by Garbarino’s predecessor as chairman, and Garbarino said he expects there to be some changes to the bill.

And two House Homeland subcommittees are holding a hearing Wednesday on artificial intelligence and cybersecurity.

“I’ll tell you right now, with our adversaries, the way they’re going to use AI, we can’t defend with human intervention alone,” Garbarino said. “AI is going to have to be part of our cyber defense.”

The post Key lawmaker says Congress likely to kick can down road on cyber information sharing law appeared first on CyberScoop.

Letting a cyber threat data sharing law expire could waste government efforts to find vulnerabilities, since companies would no longer be able to discuss these issues without fear of legal repercussions, a top senator said Tuesday.

Sen. Mike Rounds, R-S.D., made his remarks less than a week after the hotly contested legislation to end a government shutdown also temporarily extended the Cybersecurity Information Sharing Act of 2015 through the end of January. But the discussion from Rounds and another leading senator on the issue, Gary Peters, D-Mich., at the Aspen Cyber Summit also suggested the path forward to a permanent reauthorization is anything but clear.

Peters and Rounds are the sponsors of a bill to re-up the law, known as CISA 2015, for 10 years with no changes other than its name — the preferred route for the Trump administration.

Rounds, who chairs the Armed Services Subcommittee on Cybersecurity, said the law comes into play after U.S. Cyber Command teams go overseas to probe allies’ computer systems for flaws in what are called “hunt forward” missions, to the benefit of both that ally and the United States.

“We get that information, we share it with the companies or with the country where we found it so they can do the patches,” he said. “But then we also come back and we then make it available to all the other organizations so that they can patch it anyplace else in the world. It’s frustrating for the bad guys.”

Rounds told reporters afterward that the law’s legal protections for companies to share that data with one another are important for making use of that information.

“Once it comes back in and you have that patch now that it’s being made, they can talk to one another about how they’re patching it, or where else there might be risks and so forth associated with it  — because we find one, they might find more than one, or they might be aware of more than one,” he said.

Senate Homeland Security and Governmental Affairs Chairman Rand Paul, R-Ky., has wanted to pair renewal of the 2015 law with changes to an agency that has the same acronym, the Cybersecurity and Infrastructure Security Agency, to curtail what some conservatives saw as online censorship during the Biden administration.

Agency officials at the time denied the accusations, but either way, Peters — the top Democrat on Paul’s panel — said the agency unit that did the work Paul objected to no longer exists. Getting around Paul’s objections could be difficult if he persists, as he already has blocked it from being included in the annual defense policy bill, Peters said.

“The problem will be a standalone bill,” Peters said, because of the time it takes to advance one in the Senate. “We’re looking at every avenue we can to get that in.”

Rounds said there could be 90-plus supporters for their bill in the Senate if it got a standalone vote. One possibility is to package it with some other legislation that has broad support, but he doesn’t know if anything like that is in the works.

Republicans have tried to win over Paul, Rounds said.

“We visited with him. You don’t put pressure on a member,” Rounds said. “What you have to do is to find a way to get it to the floor, to where you can overcome it with a 60-vote margin. … That means literally weeks in the process, and that’s what Senator Paul has chosen as the route forward is, to hold it until we include what he wants. Unfortunately, what he wants probably would kill the bill in either the House or the Senate.”

Peters said his office has seen at least one case of the law’s temporary expiration in September having a negative impact.

“We had one company that we talked to that said that they went from reporting cyber attacks to CISA … being able to do it in 30 minutes to doing it in 24 hours,” Peters said. “24 hours is a lifetime.”

The post Information sharing law’s expiration could squander government vulnerability hunting efforts, senator says appeared first on CyberScoop.

Legislation to end the federal government shutdown includes a provision that would extend an expired cybersecurity information sharing law through the end of January.

Extension of the Cybersecurity Information Sharing Act of 2015 is something industry groups have coveted since even before its sunset at the end of September. Previous attempts to extend it fell short amid the political battle over government funding.

Businesses and cyber experts say the law’s legal protections are vital to sharing threat data between companies, and between industry and the government. Now, with the extension language in the continuing resolution bill that also includes three short-term appropriations bills, Congress is poised to restore it to life, at least temporarily.

The Senate voted 60-40 on Sunday night to advance the legislation. It still would have to get a successful House vote and a signature from President Donald Trump.

If that bill becomes law, the House and Senate would have a short window to advance a more permanent solution. The respective leaders of the House Homeland Security Committee, Rep. Andrew Garbarino, R-N.Y., and Senate Homeland Security and Governmental Affairs panel, Rand Paul, R-Ky., have introduced bills that would take significantly different approaches to amending and extending the 2015 law.

The Trump administration has pushed for a 10-year extension without any changes.

Cyber observers say that a long-term lapse of the 2015 law could have dire consequences. But there’s been little sign thus far that its expiration in October has slowed threat information sharing.

Paul could present a hurdle to the overall continuing resolution bill, still.

The post Cyber information sharing law would get extension under shutdown deal bill appeared first on CyberScoop.

On Sept. 30, 2025, the Cybersecurity Information Sharing Act (CISA 2015) officially expired, ending a decade-long framework that helped government and industry share cyber-threat data safely and consistently. For the first time in ten years, the United States lacks the statutory foundation that underpinned its public-private threat-intelligence ecosystem.

At a time when adversaries are exploiting automation, AI, and geopolitical distractions, this is not a procedural lapse. It represents an erosion of the trust, speed, and collaboration that underpin national resilience.

The law’s expiration has already produced tangible disruptions across the U.S. cyber-defense ecosystem. In the weeks since the law lapsed, federal agencies and private companies have scaled back the voluntary exchange of threat intelligence that once enabled near-real-time detection and coordinated mitigation of attacks.

Preliminary data from industry information-sharing groups and federal partners indicates that the volume of indicators of compromise shared through formal channels has declined by more than 70%.

Several sector-specific Information Sharing and Analysis Centers (ISACs) report 24-48-hour delays in the dissemination of alerts once handled automatically under the former framework.

The consequences are showing up across key sectors:

• Healthcare networks have seen a 12% increase in detected ransomware activity since early October, attributed in part to slower coordination on threat signatures.
• Energy and utilities operators are reporting longer response times when facing off with nation-state actors’ efforts to probe OT systems.
• Financial institutions note reduced visibility into cross-border fraud campaigns and business email compromise patterns that depend on rapid, shared intelligence.

Without the legal clarity and liability protections that CISA 2015 provided, organizations are already hesitating to report incidents or indicators, creating data silos at the precise moment we can’t afford them.

A critical framework gone dark

Enacted in 2015, CISA created the legal and operational bridge between the federal government and private industry for sharing threat indicators such as malware signatures, IP addresses, and attack tactics. It worked because it balanced two essential ingredients: Liability protection so companies could share data without fear of legal exposure, and privacy safeguards to ensure personal information was removed before data exchange.

This trust model enabled the rapid, bidirectional flow of cyber intelligence that protected hospitals, banks, utilities, and defense contractors from nation-state actors and criminal groups alike.

A legal and operational vacuum

Without CISA’s liability protections, we now have a two-fold problem: Government blindness and industry isolation. Federal entities lose visibility into threats originating in private networks, while companies no longer benefit from federally curated indicators and cross-sector analysis.

The result is a fragmented response landscape just as adversaries, particularly China-linked and Russia-linked groups, ramp up persistent intrusions into U.S. critical infrastructure.

Congressional efforts to restore the framework

Members of the U.S. Homeland Security and Governmental Affairs Committee have presented a potential viable path forward for us.

Senators Gary Peters (D-MI) and Mike Rounds (R-SD) introduced the “Protecting America from Cyber Threats Act” in an attempt to renew the critical cybersecurity provisions that expired at the end of September. Stakeholders across the technology sector are urging its swift passage. It would reauthorize the decade-old bipartisan law allowing companies to voluntarily share threat indicators, such as malware signatures, software vulnerabilities, and malicious IP addresses with the Department of Homeland Security.

This collaboration has been instrumental in preventing data breaches, safeguarding personal information, and strengthening the federal government’s ability to respond to cyberattacks from foreign adversaries and criminal networks.

The road ahead

The expiration of CISA 2015 is not purely bureaucratic oversight. It is a national security risk with global implications. Each day without reauthorization erodes the trust, coordination, and shared visibility that have underpinned the resilience of America’s most critical systems.

Cyber threats today are faster, smarter, and more interconnected than ever before. Artificial intelligence is amplifying offensive capabilities. Supply chains now span thousands of vendors across multiple continents, and adversaries are exploiting digital interdependence to create cascading effects that cross sectors and borders in seconds.

A 21st-century information-sharing law must recognize this new reality, one where we must consider machine-speed collaboration as the baseline, not the ceiling.

Reauthorization should go beyond simply restoring the past. It should establish a modernized framework that:

• Enables real-time, automated data exchange between trusted partners across sectors.
• Incentivizes responsible sharing through updated liability protections and privacy standards.
• Integrates AI-driven analytics to surface and contextualize threats faster than human analysts can react.
• Expands international cooperation so allies and partners can jointly defend the global digital economy.

The principles that made the original CISA successful—trust, transparency, and accountability—must guide its renewal. Policymakers, CISOs, and researchers must work from the same playbook to ensure that actionable intelligence moves as quickly as the threats themselves.

Because in cybersecurity, no single actor can stand alone, and visibility, trust, and collaboration remain our strongest defenses. Anything less leaves us exposed.

Michael Centrella is the head of public policy at SecurityScorecard and a former assistant director at the U.S. Secret Service. 

The post CISA’s expiration leaves a dangerous void in US cyber collaboration appeared first on CyberScoop.

At this very moment, nation-state actors and opportunistic criminals are looking for any way to target Americans and undermine our national security. 

Their battlefield of choice is cyberspace.

Cybersecurity is the preeminent challenge of our time, and threats to our networks impact far more than just our data––they impact the resilience of our communities, the continuity of our economy, and the security of our homeland. 

Widespread cyber intrusions by Salt Typhoon and Volt Typhoon continue to demonstrate the Chinese Communist Party’s unrelenting quest to steal intellectual property, surveil government officials, and pre-position themselves in our nation’s critical infrastructure to disrupt our way of life at a time of their choosing. Russia, Iran, and North Korea are also probing for vulnerabilities to exploit in our networks.

Any cyberattack can cascade across the essential services that Americans rely on every day—from our airports and hospitals to water treatment facilities, internet providers, and financial systems. Making America cyber strong is not a challenge for one agency or one sector. It is a whole-of-society mission.

As chairman of the House Committee on Homeland Security, I will work with the Trump administration to ensure our nation’s risk advisor, the Cybersecurity and Infrastructure Security Agency (CISA), succeeds in its core mission of protecting federal civilian networks and the critical infrastructure that supports our daily lives. 

The private sector owns or operates most of this infrastructure, and it is no surprise that cyberattacks against these services rose more than 30 percent from 2023 to 2024. Addressing these heightened threats requires more than reactive measures. It demands a proactive cybersecurity posture built on continuous collaboration between the government and industry. 

The Trump administration and Congress must ensure the private sector has a true seat at the table as we chart a course for long-term cyber resilience. Priorities should include preserving strong information sharing, reducing the duplicative and conflicting government compliance standards on businesses, bolstering the cyber workforce, supporting our state, local, tribal, and territorial government entities, and safely harnessing emerging technologies to enhance the capabilities of our cyber defenders. 

These solutions require urgency, but as Cybersecurity Awareness Month comes to a close, the government shutdown has also allowed for important cybersecurity tools to lapse. This lapse is undermining the important public-private sector relationship that underpins our collective defense. 

For the last decade, the Cybersecurity Information Sharing Act of 2015 provided an essential foundation for this partnership. The law enables industry to have honest and sensitive conversations with the federal government, and each other, about the threats facing our networks. This framework also protects the privacy and civil liberties of American citizens when cyber threat information is shared. There has been a tangible impact from these authorities: without this law, we would not know about threat actors, such as Salt Typhoon, compromising our privately-owned critical infrastructure systems. Senate Democrats must pass the House Republican clean continuing resolution to reopen the government and extend this critical authority. Then we must find a longer-term solution to preserve this cybersecurity tool while ensuring it remains relevant to the threat landscape.  

As America’s cyber professionals face heightened threats, they also face increased federal compliance standards. According to testimony before the House Committee on Homeland Security, which I now chair, “bank Chief Information Security Officers now spend 30-50 percent of their time on compliance and examiner management. The cyber teams they oversee spend as much as 70 percent of their time on those same functions.” 

Our cyber regulatory regime should incentivize meaningful security improvements and facilitate actionable information sharing. It cannot be designed in a way that drains resources or slows the ability of companies to respond to fast-moving threats. This year, the average cost of a data breach in the United States reached $10 million, roughly double that of the global average. The exorbitant cost is, in part, due to U.S. cyber regulatory costs.

Congress, in partnership with CISA and the National Cyber Director, must help harmonize duplicative and vague cybersecurity regulations across the federal government so cyber professionals spend less time on paperwork and more time doing what they do best: defending our networks.

Keeping our cyber defenders focused on our networks is vital, especially considering we already face a gap of 500,000 skilled professionals in our current workforce. Closing this gap and building a pipeline of highly skilled professionals across both public and private sectors is essential to meeting the nation’s security needs.

Where that gap persists, artificial intelligence (AI) can serve as a force multiplier for our cyber defenders. We have already seen how AI can significantly enhance threat hunting, response times, and pattern recognition in our networks. But adversaries, like China, are also investing heavily in AI to enhance their own offensive cyber operations, including attempts to compromise or weaponize AI models. That reality makes it crucial that security and safety considerations are built into every stage of AI’s development, deployment, and use.

At the same time, the federal government must avoid reactive and scattershot regulation as our nation’s AI innovators work to win the global AI race. It is important for Congress, the Department of Homeland Security, interagency partners, and the private sector to work together to ensure that we don’t fall behind our adversaries in AI innovation while safeguarding our national security and civil liberties.

Accomplishing any of these goals will depend on mutual trust and collective effort. With a new administration dedicated to restoring accountability in government, we must seize this opportunity to help rebuild Americans’ confidence in the federal cybersecurity and resilience mission.

Cybersecurity remains vital for the safety, security, and prosperity of the American people. We must decide the future of our national cyber defense before our adversaries decide it for us. 

Rep. Andrew Garbarino has represented New York’s Second Congressional District in Congress since 2021. He serves as chairman of the House Homeland Security Committee, and also serves on the House Ethics and House Financial Services Committees.

The post Government and industry must work together to secure America’s cyber future appeared first on CyberScoop.