A year-long effort to strengthen cybersecurity and modernize tech at U.S. intelligence agencies has led to policy standards for using AI to bolster cyber defenses, a shared repository of all apps that have undergone a cybersecurity review and more, the Office of the Director of National Intelligence announced Thursday.

An unclassified summary of cyber and tech modernization work under the first year of DNI Tulsi Gabbard’s stewardship states that the office has expanded the automation of threat hunting across intelligence community networks. (The Cybersecurity and Infrastructure Security Agency conducts threat hunting across federal civilian agencies.)

The ODNI also has developed a zero-trust strategy that shifts “to a data-centric security model that protects information regardless of location or network,” according to the summary.

“Over the past year, we have taken meaningful steps to begin fulfilling that responsibility through the largest IC-wide technology investment and modernization effort in history,” Gabbard said in a news release. “President Trump’s Intelligence Community is moving faster and more decisively on cybersecurity modernization and investments in IT than ever before, delivering stronger defenses, greater efficiency, and real cost savings for the American people.”   

It constitutes the first significant cybersecurity announcement out of the office under Gabbard and the second Trump administration.

While the year-long effort began before the recent release of a national cyber strategy, the ODNI initiatives reflect many of its goals, including better protection of federal networks, advancing artificial intelligence for defensive purposes and going on offense against cyber adversaries.

The ODNI directed its National Counterintelligence and Security Center “to proactively combat foreign intelligence actors seeking to engage in cyber-attacks against U.S. interests,” according to the summary. 

The idea of an intelligence community repository of cybersecurity authorizations is to save both time and money, as it would allow agencies to capitalize on the testing of apps that other agencies have done without having to repeat them. 

On AI, the ODNI is “developing the policy framework, governance, and standards necessary to accelerate AI adoption for cybersecurity and other critical technology,” the summary states.

“Protecting our nation’s most sensitive information from those who seek to exploit it, while making sure our intelligence professionals have the tools and access they need to do their jobs, is not optional. It is essential to our national security,” Gabbard said. 

Gabbard’s appearance earlier this year during an FBI search of an elections office in Georgia has drawn congressional scrutiny, an appearance she has defended in part by citing her office’s role in coordinating and analyzing intelligence related to cybersecurity. Gabbard’s own personal cybersecurity practices prior to taking the job of DNI have also raised questions.

The post ODNI tackles AI, threat hunting, app cybersecurity in year-one tech review appeared first on CyberScoop.

SAN FRANCISCO — The Trump administration’s two-week old cyber strategy that aims to promote more proactive, offensive actions while bolstering federal networks and critical infrastructure, is a significant shift that’s already materializing in meaningful ways, a group of experts said Monday at the RSAC 2026 Conference. 

Despite the federal government’s absence from the industry’s largest annual gathering, and the long-anticipated document’s brevity, representatives from a major cybersecurity vendor, consulting, venture capital and law firm were quick to defend and evangelize the administration’s strategic actions in cyberspace. 

The freshly-released strategy puts the federal government on firm footing to move beyond deterrence and into action, said David Lashway, partner and global leader of cybersecurity and national security at Sidley Austin. 

“We are going to take offensive and defensive action with the most powerful cyber capability that the world’s ever seen, and hopefully will ever know,” he said. 

This doesn’t mean, as some industry observers have suggested, that the Trump administration is pushing private companies to hack back. 

The scale and whole of government response is the key difference between the latest federal cyber strategy and what administrations have called for over the past decade, Lashway said. 

Instead of relying on private lawyers to get a nationwide injunction and collaborate with dozens of governments for massive takedowns, or government agencies collaborating with private security companies on a limited basis, the strategy aims to mobilize “the massive infrastructure and capability of the United States in a more coordinated way,” he added. 

This strategic pivot won’t achieve all of its objectives immediately, but it’s already showing signs of impact, according to Lashway. “It’s been different since they issued the strategy,” he said. “We’ve already noticed a difference.”

Wendi Whitmore, chief security intelligence officer at Palo Alto Networks, said she’s also seen more collaboration in the private sector.

“While there’s no doubt challenges related to current staffing and the dynamic environment going on with the government, I have never before seen as much action and cooperation as we are seeing today, and that’s from every government agency that we’re working with,” Whitmore said. 

“There is certainly a tremendous shift in the level of discussion that we get from the government today,” she added. “It’s a very proactive, kind of muscular dialogue that’s different from what I’ve previously seen.”

Experts said that earlier concerns about triggering backlash and worsening already fragile systems had kept the federal government from taking certain actions, but that caution is now being reconsidered.

“The government’s going to start punching people in the face,” said Jamil Jaffer, venture partner and strategic advisor at Paladin Capital Group. 

Trump administration officials have told the private sector it wants their help and they need to be well defended, he added. “If we do live in glass houses, well, everyone’s going to need to start putting more glass up.”

Jaffer expects the Trump administration to prevent and respond to intrusions aggressively and publicly. “Half the problem with deterrence today is we don’t actually practice real deterrence when it comes to the cyber domain. We don’t punch people back,” he said. 

The dynamic and proper response, to him, is akin to a child responding to a bully at school. 

“If you get hit in the face, punch them back in the face,” Jaffer said. “Do it publicly. Everyone sees it. Less people come after you.”

The post Experts insist Trump administration’s cyber strategy is already paying off appeared first on CyberScoop.

National Cyber Director Sean Cairncross said Tuesday that the Trump administration isn’t aspiring to enlist the private sector to conduct offensive cyber operations, but instead to help the government by keeping them abreast of the threats they’re facing.

The recently-released national cyber strategy talks about incentivizing companies to disrupt the networks of adversaries.

“I’m not talking about the private sector, industry or companies engaging in a cyber offensive campaign,” Cairncross said at an event hosted by Auburn University’s McCrary Institute. “What I’m talking about are the technical capabilities, the ability of our private sector to illuminate the battlefield from what they’re seeing, to inform and share information so that the USG [U.S. government] can respond to get ahead of things.”

The idea of enabling U.S. companies to undertake disruptive or offensive campaigns against malicious hackers, or to at least aid in U.S. government offensive operations, has regained currency in some GOP circles in recent years. Some companies have shown an interest in doing so, especially if laws are changed to make it more viable.

That trend coincides with growing calls from Trump administration officials — and now the release of the cybersecurity strategy — to go on the offense against hackers, although Cairncross emphasized again that the strategy pillar to “shape adversary behavior” isn’t just about conducting cyber offensive campaigns, but to use other government mechanisms to put pressure on hackers, be they legal or diplomatic.

The government can go about shaping the “risk calculus” “in a more agile fashion” with private sector help, he said.

There’s an enormous amount of capability on the private sector side, and now we have a spear from the United States government… we are looking for real partnership,” Cairncross said.

One way the U.S. government has sought to bring the fight to cyber adversaries is the FBI’s “joint sequenced operations,” used to degrade their capabilities. Speaking at the same event, the head of the bureau’s cyber division said the private sector was key to those operations as well.

“Every one of the joint sequenced operations that the FBI conducts to remove that capacity and capability that I talked about — from the Russians, from the Chinese, from the Iranians and others — happens because a victim came forward and engaged the FBI,” said Brett Leatherman.

“One takeaway for everybody here is ‘What is your game plan in the event of a breach to engage your local FBI field office?’” he asked. “I would proffer there’s very little liability in doing so, and we’re happy to have conversations with your outside or inside counsel, but there’s a tremendous amount to be gained by doing that.”

The post Trump administration isn’t pushing companies to conduct cyber offense, national cyber director says appeared first on CyberScoop.

The Trump administration is plotting an interagency body to confront malign hackers, pilot programs to secure critical infrastructure across states and other steps tied to its freshly-released cyber strategy, National Cyber Director Sean Cairncross said Monday.

The “interagency cell” will bring together agencies like the Justice Department, the Department of State, the FBI and the Pentagon, which will make it clear that going on cyber offense isn’t just about attacking enemies in cyberspace, Cairncross said.

“Sure, that’s part of it, but that’s not all of it,” he said at an event hosted by USTelecom. It will include diplomatic efforts, arrests and more, he said. “As President Trump has made clear, he expects results, and he’s empowered the team under him to go get them.”

A series of pilot programs will be catered to specific critical infrastructure industries in specific states, such as water in Texas and beef in South Dakota, Cairncross said. Different sectors operate at more or less mature levels, he said.

“One of the things that we are working to do is to align those sectors and prioritize those sectors in a way that makes sense,” he said.

Cairncross said the administration wants to share information with industry better, and will be looking as well at revising regulations in some instances. One of those instances is the Securities and Exchange Commission’s 2023 incident disclosure rule, which drew some of the most vehement industry opposition under the Biden administration’s’ pursuit of cyber regulations. The idea is to make sure they “make sense for industry,” Cairncross said.

But the administration also will have things it seeks from the private sector. That will include bringing together CEOs and sending the message to them that “you need to dedicate some real resources,” he said.

Cairncross has spoken before about wanting to establish an academy to address education and training in a nation with persistent cybersecurity job openings, but there’s more attached to it, he said.

The effort, which Cairncross said the administration would release details on soon, will also include a foundry (which “will be able to scale with private capital new innovation, and deploy it more quickly”) and an accelerator (“so when there’s preceded financing on on projects to really ramp that up and be able to scale as well and overcome some of the procurement hurdles that are often based in in this space”).

Cairncross said at a second event Monday that another forthcoming step was a law enforcement pilot program to better share information with state and local governments.

“We’re looking for ways to streamline information sharing from the USG side,” Cairncross said at a Billington Cybersecurity event, using the acronym for “U.S. government.” “Often, ‘how’ we know things is extremely sensitive, ‘what’ we know is less so,” he said. The goal is “to figure out how to communicate that in a helpful, actionable way.”

Updated, 3/9/26: to include comments about law enforcement pilot program.

The post Sean Cairncross lays out what’s coming next for Trump’s cyber strategy appeared first on CyberScoop.

President Donald Trump released his administration’s cyber strategy Friday, promoting offense operations in cyberspace, securing federal networks and critical infrastructure, streamlining regulations, leveraging emerging technologies and strengthening the cybersecurity workforce.

Trump also signed an executive order Friday directing agencies to take action to combat cybercrime and fraud.

A little more than half of the five pages of strategy text of the long-anticipated document is preamble, and two of its seven pages are title and ending pages. Administration officials have said the strategy is deliberately high-level, and the White House promised more detailed guidance in the future.

The strategy “calls for unprecedented coordination across government and the private sector to invest in the best technologies and continue world-class innovation, and to make the most of America’s cyber capabilities for both offensive and defensive missions,” the White House said in a statement accompanying its release.

Each of the six “pillars” of the strategy offer some prescriptions.

“Shaping adversary behavior” calls for using U.S. government offensive and defensive capabilities in cyberspace, as well as incentivizing the private sector to disrupt adversary networks.

It also says Trump will “counter the spread of the surveillance state and authoritarian technologies that monitor and repress citizens,” even as administration critics argue that his administration has fostered surveillance and repression against U.S. citizens.

The shortest pillar, “promote common sense regulation,” decries rules that are only “costly checklists.” The Biden administration expanded cyber regulations, spurring some industry resistance. But the Trump pillar does talk about addressing liability, a point of emphasis for the prior administration as well.

“Modernize and secure federal networks” talks about using concepts and technologies like post-quantum cryptography, artificial intelligence, zero-trust and lowering barriers for vendors to sell tech to the government to meet those goals.

To “secure critical infrastructure,” the strategy calls for fortifying not just owners and operators but also the supply chain, in part by focusing on U.S.-made rather than adversary-made products.

“We will deny our adversaries initial access, and in the event of an incident, we must be able to recover quickly,” the strategy reads. “We will galvanize the role of state, local, Tribal, and territorial authorities as a complement to— not a substitute for — our national cybersecurity efforts.” Some critics of the administration’s cybersecurity actions have contended that it has shifted the burden to state and local governments too much.

AI usage makes up the bulk of the pillar entitled “sustain superiority in critical and emerging technologies,” in addition to reflecting earlier parts of the strategy on the topics of quantum cryptography and privacy protection. That includes the protection of data centers, the subject of localized fights across the country over their location and resource costs.

The final pillar says the United States must “build talent and capability,” after a year of the administration cutting a significant number of cyber positions in the federal government. “We will eliminate roadblocks that prevent industry, academia, government, and the military from aligning incentives and building a highly skilled cyber workforce,” it states.

Some positive reviews rolled in about the strategy despite the late-Friday afternoon release, traditionally the time of week when an administration looks to publish news it hopes will garner little attention.

“As new and more sophisticated threats emerge, America needed a new national cyber strategy that captures the urgency of this moment,” USTelecom President and CEO Jonathan Spalter said in a news release. “The President’s strategy rightly recognizes that harnessing America’s unique mix of private-sector innovation with public-sector capacity is the best deterrence.”

Frank Cilluffo, Director of the McCrary Institute for Cyber and Critical Infrastructure Security at Auburn University, was struck by the focus on deterrence: “This unified strategy determining a direction on offensive and defensive cyber operations and collaboration couldn’t be more timely.”

The Business Software Alliance cheered the call for streamlining cyber regulations, in particular.

A number of cyber vendors took note of the passages on AI. “Redirecting resources from paperwork to AI-powered security capabilities is the only way to keep pace with modern threats and adversaries who operate at great speed,” said Bill Wright, global head of government affairs at Elastic. “This strategy appears to recognize that fundamental truth.”

Not all the reviews were flattering, however, including from the top Democrat on the House Homeland Security Committee, Bennie Thompson, who said the strategy’s “underachieving” was the only thing impressive about it.

“What little ‘substance’ does exist in this pamphlet is a mishmash of vague platitudes, a long catalogue of ‘we will’ statements that may or may not match the Administration’s current behavior, and, mercifully, an apparent extension of some Biden-era policies,” he said. “Completely lacking is even the most basic blueprint for how the Administration will go about achieving any of its cybersecurity goals — an objective possibly hamstrung by the hemorrhage in cyber talent across all Federal agencies since Trump took office.”

The executive order Trump signed Friday coincides with the release of the strategy but there’s little overlap between the subject matter; the strategy makes one mention of cybercrime.

The order directs the attorney general to prioritize prosecution of cybercrime and fraud, orders agencies to review tools that they could use to counter international criminal organizations and  gives the Department of Homeland Security marching orders to improve training, in addition to other steps, according to a fact sheet.

“President Trump is unleashing every available tool to stop foreign-backed criminal networks that exploit vulnerable Americans through cyber-enabled fraud and extortion,” the fact sheet states.

The post The long-awaited Trump cyber strategy has arrived appeared first on CyberScoop.

The dominant narrative has framed the Jan. 3 Caracas power outage during the mission to capture Venezuelan leader Nicolás Maduro as a “precision cyberattack.” But publicly available information points to a more complicated picture: videos, photographs, and accounts published from Caracas show significant physical damage to at least three Venezuelan substations. Experts who reviewed that material say the observed kinetic damage could, on its own, account for the outages—raising questions about how much of the outage can be confidently attributed to cyber activity alone.

These experts say Operation Absolute Resolve appears to have involved more than a stand-alone “cyber blackout,” despite the framing of many early accounts. In their view, cyber operations may have played some role, but the visible physical attacks alone could plausibly explain the outages—and that kinetic dimension is largely absent from the dominant narrative.

Retired Rear Adm. Mark Montgomery, a former director of operations at US Indo-Pacific Command and now a senior cybersecurity expert at the Foundation for the Defense of Democracies, described the outage to CyberScoop as part of “a campaign that likely took months to source cyber targets, days to work kinetic targets, and then integrated them into a single campaign plan that took a night.”

How the outage is framed matters because it can shape accountability, influence how governments and utilities prioritize grid security, and affect perceptions of offensive cyber capabilities. If the episode is widely presented as a “cyber-only” success without clear, corroborated evidence, it may encourage outsized conclusions about what cyber tools can accomplish on their own. Over time, that framing can steer policy and spending toward the wrong lessons—emphasizing digital defenses while giving less attention to physical vulnerabilities that may be just as consequential.

How ‘cyber blackout’ became the headline

Immediate coverage of the operation largely treated cyber as the decisive cause of the outage. Much of that framing traced back to a cryptic line from President Donald Trump  at a post-operation press conference: “It was dark, the lights of Caracas were largely turned off due to a certain expertise [emphasis added] that we have, it was dark, and it was deadly.” (Later Trump suggested that the lights were turned out in Caracas by a “discombobulator.”)

The cyber narrative gained further momentum when Chairman of the Joint Chiefs of Staff Gen. Dan Caine said at the same press conference that US Cyber Command and Space Command provided “layering effects” for the operation. One widely cited report went further, citing anonymous “people briefed on the matter” to assert that a US cyberattack caused the blackout without offering forensic evidence, technical details, or independent corroboration.

Neither the Pentagon nor Cyber Command has yet to publicly confirm that a cyberattack caused the grid outage. US Cyber Command referred CyberScoop to the Department of War, which did not respond to our queries.

The grid damage is visible, not virtual

While cyber attribution largely rested on anonymous sourcing and inference, the evidence of physical damage was public, visual, and documented shortly after the attack.

Beginning on Jan. 5, publicly shared videos and photos appeared to show extensive physical damage at substations in Caracas owned by the government’s energy utility company, Corpoelec. The images included apparent bullet impacts, destroyed equipment, blown doors, and oil leaks at the Panamericana 69 kV and Escuela Militar 4.8 kV sites. In Venezuelan government statements, officials attributed the incidents to an attack and said the damage took multiple transmission lines out of service, including the OAM-Vega Caricuao-Panamericana 1 and 2 (69 kV) and Junquito-Panamericana 1 and 2 (69 kV). Electric grid security experts who reviewed the footage told CyberScoop it appeared credible and consistent with the kind of damage that could contribute to localized outages.

Local journalists noted physical attacks on these facilities, as well as a third substation at Fuerte Tiuna, a military installation in Caracas. Videos showing damage to the Fuerte Tiuna substation—some with fires still burning—were uploaded to YouTube on Jan. 12.  AirWars, a not-for-profit group that describes itself as a civilian harm watchdog in conflict-affected nations, confirmed the geolocation of the affected substations and said “heavy weapons and explosive munitions” were used, though it reported no civilian harm.

The Venezuelan government did not respond to CyberScoop’s requests for comment, but it said in a press release that the damage was caused by “missiles.” Several experts with military or electric-sector cybersecurity backgrounds told CyberScoop that, based on what’s visible in the videos, the damage appears consistent with a kinetic attack—most likely carried out via helicopters and planes.

“There were obviously pretty large .50-caliber bullet holes in the walls,” Earl Shockley, president and CEO of INPOWERD, a military veteran and cybersecurity expert who worked for forty years as a power-grid operations engineer, told CyberScoop after viewing one of the videos.

“That’s a kinetic attack,” FDD’s Montgomery told CyberScoop after watching video of the Fuerte Tiuna substation incident.

Across interviews, grid operators, cybersecurity specialists, and military experts independently reached the same conclusion: the visible physical damage alone was enough to cause the outages observed.

An easy target, cyber or not

Experts note that cyber operations can sometimes produce kinetic effects—as they did in the highly complex US-Israeli operation known as Stuxnet—but they also say that taking down Caracas’s already fragile power grid would not necessarily have required that level of sophistication.

“All of us who are electric sector people, we’ve seen the videos,” Patrick Miller, president and CEO of Ampyx Cyber, told CyberScoop. “We’re all pretty much convinced that would definitely cause an outage. If you’re going to go in and shoot up the substations, why do you need cyber again?”

Miller said that temporarily disrupting the flow of power is a well-understood capability for any nation with the interest to do it–and that it often requires almost no precision or skill. “These are fragile systems, he said.

“This was not a hard cyber target,” Montgomery said. “It’s an easy cyber target. These are older systems that we have worked on before in other countries. They’re not unique. We’re not talking about taking down Idaho National Labs here. We’re talking about taking down a poorly defended, underfunded, under-resourced network.”

Ron Brash, operational technology and industrial control system expert, told CyberScoop, “These energy management systems are probably relatively easy to infiltrate either because they haven’t updated the software or updated what they need to update, and you can exploit the vulnerabilities, or because you buy insider access.” Moreover, he said, “There’s probably so much analog stuff in there from the 1960s.”

Cyber to blind, kinetic to break

Experts generally agree that physical damage likely disabled at least parts of the power grid. But they also think cyber activity may still have played an important supporting role in Operation Absolute Resolve—one that could have enabled or amplified the operation, even if it wouldn’t fully account for where the outages occurred or how long they lasted without accompanying physical damage.

Some experts say that it’s possible the US used cyber capabilities to briefly disrupt power transmission in specific areas—potentially to reduce Venezuelan defenders’ situational awareness as they moved toward Maduro’s compound. “You want to reduce situational awareness, blind the enemy, break their coordination, and enable yourself to maneuver where you need to be. And all of those things just played out with that operation,” Shockley said.

“If we shut down the radars, if we shut down the power grid, they don’t see what’s going on,” he said. “Then we do some kinetic damage to prevent them from bringing the grid back up quickly. That way, we have plenty of time to do what we need to do.”

“A cyberattack is reversible, so it’s temporary,” Montgomery said. “It’s possible that cyber was attempted to take down power stations and equipment before the missiles came in to take down the power stations and equipment,” he added. “You have missiles coming in and taking down power, so nothing works. And before that, you do cyber so that more of your missiles get through. It is kind of a layer to the attack.”

Vice Adm. Heidi Berg, commander of 10th Fleet/Fleet Cyber Command, hinted at such layering at the WEST conference in San Diego earlier this week.

Cyber-based surveillance may also have been used for months in advance, giving the US military visibility into the grid’s weak points and helping inform where kinetic strikes have the greatest effect. “It takes months to identify what the system does, what the software does, do we have access to their older systems,” and so forth, Montgomery said.

“If you monitor that system, you learn where the power flows go, you learn where the single points of failure are, you learn that if this thing blows up, man, I’m in trouble because I can’t get power from this area to that area,” Shockley said.

Trump said at the press briefing that the lights went out in Caracas, and some coverage interpreted that as widespread darkness across large parts of the city. That framing sits uneasily with the idea of narrowly targeted, area-specific disruption. At the same time, social media posts and news accounts from the incident did not indicate that a large portion of Caracas was plunged into darkness.

Valentina Aguana, a Venezuelan digital rights advocate and systems engineer now working in Spain, told CyberScoop that a widespread blackout “was never a thing for my team working in Venezuela. There were very few areas in which the power went down and it came back on in a few minutes,” which you would expect with a pure cyberattack. “All the areas that were left without power were left without power for a couple of hours,” she added, which experts say is consistent with a kinetic attack.

“I haven’t seen any real proof or even correlating proof that the outage was widespread,” Miller said, adding that he has an extensive network of electric system security contacts throughout South America.

What gets lost in a cyber-only framing

Given how quickly and widely videos, press releases, and other confirmation of physical damage to the Venezuelan substations circulated, it remains unclear why so many outlets gave little attention to the kinetic dimension of the outage.

Whatever the source of the omissions, recent reporting on Pentagon computer warfare doctrine has underscored that cyber operations are increasingly designed to shape battlefield conditions rather than function as stand-alone weapons, an approach that aligns with the expert assessments of the role of kinetic attacks in the Caracas operation.

However, continued accounts of what happened in Caracas that treat the sabotage as primarily “cyber” could skew risk assessments and preparedness—potentially leaving substations, transmission lines, and transformers less protected than they should be against the kind of real-world attacks that visible damage suggests are possible.

“This was a very complex thing, and it wasn’t just one thing; it wasn’t just a cyberattack,” Shockley said. “In my industry, we have regulations around how we’re supposed to protect our critical infrastructure, our substations, our power plants, our control centers. Physical security is a big thing that we do. We do physical security inspections, and we make recommendations.”

The post The Caracas operation suggests cyber was part of the plan – just not the whole operation appeared first on CyberScoop.

An international effort to create voluntary standards for the commercial cyber intrusion industry is wrestling with questions like who they should apply to, how to incentivize and measure compliance and what to do with companies with a checkered past.

The first round of the Pall Mall Process focused on a code of conduct for government use of commercial hacking tools. This year, participants are turning their attention to industry guidelines. At the DistrictCon conference in Washington D.C. Saturday, representatives from the government, industry and civil society organizations weighed some of the factors that will go into deciding those voluntary rules.

The discussion under Chatham House rules that forbids disclosure of the identity of the participants comes as nations look to use or regulate spyware or both, and as the Trump administration and Congress are considering a broader role for the private sector in stepping up cyber offense.

A foreign government representative at the event said the goal of the Pall Mall Process isn’t to eliminate commercial intrusion products that can help in legitimate pursuits like law enforcement, but to establish rules of the road for their responsible government use and purchase from responsible vendors.

“We do want that marketplace,” they said. “It’s not about trying to stop it.”

The scope of the industry guidelines was a big question for Saturday’s discussion. It included debates and speculation about who the rules would apply to: Would the rules include things like reconnaissance tools, and how would they draw the line between academic research and illegitimate goals?

Some participants were more focused on the incentives and disincentives for participation. It’s possible some vendors would reject the voluntary rules if they turned into nettlesome barriers to selling products to governments, some said.

“Right now I haven’t heard anything that makes me want to do any of this,” one said.

A different participant argued that while the rules could mean vendors might find it more profitable to do business with nations that don’t adhere to the guidelines, the upside is that they can stay in their field of work and make money without contributing to the persecution or even deaths of victims of their technology.

Another participant said streamlining the procurement process across governments could make the code of conduct more inviting, if it would allow vendors to do business with multiple nations simultaneously.

Another topic was how to handle companies that have been shady in the past, if they want to enlist with the code of conduct going forward. As the foreign government representative noted, the question is how to avoid the rules being used to “launder irresponsible behavior.”

One participant added for clear punishment for those who show disregard for the rules after subscribing to them. Another said that the rules shouldn’t have too high of a barrier, and they “can’t be punitive,” so as to invite those who misbehave back into the fold to steer them on a better path.

The standards could also address what kind of guidelines vendors should follow about keeping up with their customers and knowing whether they’re fostering abuse, and whether companies should have “responsibility for a kill switch,” as the foreign government representative phrased it.

While the rules wouldn’t be binding, they still could be used by governments to shun companies that don’t subscribe to them and do what they can to discourage others from buying from them, the foreign government representative said.

The post Industry, government, nonprofits weigh voluntary rules for commercial hacking tools appeared first on CyberScoop.

Amid budding sentiment in the Trump administration and Congress to expand offensive cyber operations, some lawmakers and experts are warning that the United States needs to get its defenses in order before going too far down that road.

A House Homeland Security subcommittee on Tuesday examined how to deter foreign cyberattacks, with an emphasis on the role U.S. attacks could play in countering them. One long-running concern about improving U.S. offense is how it might provoke further attacks.

“I’m concerned we’re putting the cart before the horse, when we have not had a hearing on why the [Cybersecurity and Infrastructure Security] Agency has lost one-third of its workforce in the last year,” the top Democrat on the full committee, Bennie Thompson of Mississippi, said. “We ought to be cautious about pursuing an approach involving the use of offensive cyber tools that could result in retaliation or escalation if we’re not in a position to help defend U.S. networks.”

Other panel Democrats invoked a sentiment from sports about the importance of defense over offense. “Both are still important,” Rep. James Walkinshaw, D-Va., said during the hearing of the Cybersecurity and Infrastructure Protection Subcommittee.

Emily Harding with the Center for Strategic and International Studies, a D.C.-based think tank, testified that as the United States takes steps toward a more aggressive posture in cyberspace, it also needs to fund important defensive upgrades for federal government networks.

The chair of the subcommittee, Andy Ogles, R-Tenn., said that while defense was important, “defense alone is not sufficient,” and that “deterrence in cyberspace doesn’t exist without operational cyber offensive capabilities.”

The private sector could have a bigger role to play in boosting the country’s offense, since cybersecurity companies, tech providers and other businesses often have the best vantage point on attacks as both victims and investigators, Ogles said.

But much of the kind of things companies could do to bolster offense “exists in legal and policy gray space,” he said. “Companies face uncertainty about liability, retaliation and regulatory risk.”

A hybrid approach with private sector companies supporting government offensive operations rather than directly carrying them out generated the broadest support at the hearing. Harding said Congress could provide legal protections to companies in those circumstances.

CISA should play a key role in coordinating any public and private sector offensive activity, said Drew Bagley, chief privacy officer at CrowdStrike.

“This committee can ensure that CISA is properly focused and resourced to perform this mission,” he said in written remarks. “From an oversight perspective, you can ensure it has authorities, talent and capabilities to maximize its impact.”

The post Hill warning: Don’t put cyber offense before defense appeared first on CyberScoop.

The Trump administration is aiming to release its six-part national cybersecurity strategy in January, according to multiple sources familiar with the document. The document, which is a mere five pages long, will possibly be followed by an executive order to implement the new strategy.

The administration has been soliciting feedback in recent days, which one source considered more of a “messaging” document than anything, with more important work to follow.

According to sources familiar with the strategy, the six “pillars” focus on cyber offense and deterrence; aligning regulations to make them more uniform; bolstering the cyber workforce; federal procurement; critical infrastructure protection; and emerging technologies.

An opening section of the draft offers a Trumpian call for a more muscular approach to cyberspace. Despite its short length — the Biden administration’s cybersecurity strategy was 35 pages long — it touches on a significant number of topics.

Those subjects include cybercrime, China, artificial intelligence, post-quantum cryptography and more.

National Cyber Director Sean Cairncross recently offered a preview of some of those themes and plans.

“As a top line matter, it’s going to be focused on shaping adversary behavior, introducing costs and consequences into this mix,” Cairncross said last month at the 2025 Aspen Cyber Summit. “It is becoming more aggressive every passing day, and as new technology is developed … and AI is folded into this next, it will become more aggressive.”

A source told CyberScoop the administration appeared genuinely interested in soliciting feedback on the strategy to incorporate or change.

The release date of the strategy is fluid. While the administration is targeting January, its publication might follow the broader national security strategy. Politico recently reported that the national security strategy had been delayed, but was still likely to be released this month.
Cairncross also recently talked about the broader approach of the strategy and what comes next.

“It will be setting the posture of the United States in this domain and things that we are driving toward, and we will have follow-on action items that will be in support of that strategy,” he said at the 2025 Meridian Summit.

The post Five-page draft Trump administration cyber strategy targeted for January release appeared first on CyberScoop.

The Trump administration’s top cyber officials have emphasized the urgent need to take aggressive action to deter increasingly brazen foreign cyberattacks. Trump himself, however, has repeatedly brushed aside the notion that foreign cyber activity is anything even really noteworthy.

When Trump’s team talks about foreign hacking, be it China’s alleged massive cyberespionage campaign against telecommunications companies or its efforts to take root in U.S. critical infrastructure, they insist the actions can’t be tolerated and must be deterred.

“We need to find some way to communicate that this is not acceptable,” Alexei Bulezel, senior director for cybersecurity at the National Security Council, said in May when asked about the groups thought to be behind those campaigns, Salt Typhoon and Volt Typhoon.

More recently, last month, National Cyber Director Sean Cairncross cast a wider net about foreign adversaries who want to “do us harm,” saying, “To date I don’t think the United States has done a tremendous job of sending the signal, in particular to China, that their behavior in this space is unacceptable.”

Trump, by contrast, has framed all that differently, to the point of dismissiveness.

Asked in June about Chinese hacking of U.S. telecoms, theft of intellectual property and more, Trump answered, “You don’t think we do that to them? We do. We do a lot of things. … That’s the way the world works. It’s a nasty world.”

Asked in August about whether he would discuss alleged Russian hacking of U.S. courts with Vladimir Putin, Trump replied, “I guess I could, are you surprised? … They hack in, that’s what they do. They’re good at it, we’re good at it, we’re actually better at it.”

The gulf between what Trump says about cyber compared to what his top deputies say provokes a variety of reactions from cyber experts and former officials. It sends mixed signals to adversaries, some say, while others say it might just reflect facts of life about today’s cyber environment or a president who doesn’t behave or think conventionally.

At the same time, Trump’s casual messaging about cyber may reflect a broader trend of nations increasingly treating cyber operations as a routine instrument of power.

A need for consistency?

A lack of consistency between the president and his personnel muddles a clear message to adversaries, and downplaying cyberattacks is unwise, said Christopher Painter, who served as the top State Department cyber official under President Obama.

“Either cyber and cyberattacks are a priority or they’re not, and it’s [a] problem if you communicate they’re not serious by saying, ‘Oh, we don’t care now,” said Painter, now a nonresident senior adviser at the Center for Strategic and International Studies. Cyberattacks are serious, he said, and “We need to say it, and we need to be consistent about it, and we need to make sure we take it seriously. So I am concerned that it undermines the narrative that I think we need.”

Trump downplayed foreign cyber activity during his first term, too, both publicly and privately, in the latter case shunting away an adviser while the president tried to watch a golf tournament by saying “You and your cyber … are going to get me in a war — with all your cyber s—t.” According to Painter, Trump often links the issue to Russian interference in the 2016 presidential election, a subject he resents because he believes it undermines the legitimacy of his presidency.

But Painter also noted Trump wasn’t the first to downplay any kind of foreign cyber activity, with former Director of National Intelligence James Clapper remarking about the 2015 Office of Personnel Management hack, “You have to kind of salute the Chinese for what they did. If we had the opportunity to do that, I don’t think we’d hesitate for a minute.”

Clapper also drew a line between the OPM breach, which he said was “passive intelligence collection activity” and a full-fledged cyberattack. There’s a long-lasting debate over whether cyberespionage constitutes a cyberattack.

Trump officials, too, have emphasized they’re more worried about the activity of Volt Typhoon, with its potential for disruption, than that of Salt Typhoon, which is more espionage-focused.

Some analysts acknowledge that Trump has a point when he dismisses cyberespionage as a fact of modern life rather than something that requires retaliation. “My own experience says that it’s extremely difficult, if not impossible, to deter espionage,” said Michael Daniel, who held the White House’s top cyber position under Obama and is now president of the Cyber Threat Alliance.

Any threat in an attempt to deter cyberespionage has to be credible to be effective, said Erica Lonergan, an assistant professor at Columbia University’s School of International and Public Affairs. And there are a few things working against the United States making credible threats.

“We do it, because we all do it, and everyone knows we do it,” she said. Next, the potential consequence has to be more harmful than the value of cyberespionage, which is extremely useful to have. “We’re not going to go to war over cyberespionage. No matter how many times a member of Congress calls it an act of war or not, we didn’t go to war over the spy balloon.”

Yet other analysts read Trump’s comments on foreign cyber activity differently. He might have an aggressive reaction to a more clearly damaging attack than the incidents he’s downplayed, said James Siebens, a fellow with Stimson Center’s Strategic Foresight Hub.

“If we were talking about a genuinely destructive cyberattack that cost people’s lives, I would imagine that there would be a fairly forceful response,” said Siebens, who recently co-authored a study on cyber deterrence. “My view is that President Trump was doing something that he often does, which is to state plainly things that make people uncomfortable, but are nonetheless observable and rooted in an important truth.”

Richard Harknett, director of the Center for Cyber Strategy and Policy at the University of Cincinnati, took Trump’s recent remarks as a comment more on the potency of U.S. capabilities compared to its adversaries.

“It wasn’t sort of a complacency, it was more confidence,” said Harknett, who served as the first scholar-in-residence at United States Cyber Command and National Security Agency beginning in 2016. Of course, he said, “The president tends to speak in confident terms regardless.”

Daniel said that some  contradictions between Trump and his cyber team are to be expected. Different officials are bound to have differences of opinion, including in the Trump administration, which has hardly been a “paragon of consistency” in its messaging to the world, he said. Daniel added that deterrence is a challenge for every administration; throughout history, the United States has often threatened not to tolerate certain actions, but then failed to respond when those actions occurred. 

Several experts said they were willing to give the administration time to iron out any potential contradictions. Harknett said it’s hard to read too much into public comments alone right now. More important, Harknett and others said, will be what the administration says in a forthcoming cyber strategy.

A global trend?

Trump is not the only world leader in recent months to speak about his nation’s cyber activity in a more casual manner. At the beginning of this month, Chinese President Xi Jinping and South Korean President Lee Jae Myung joked about the security of a cell phone gift that Xi gave his counterpart, which ended in Xi quipping, “You can check if there’s a backdoor.”

It was “weird for Xi, especially because the Chinese are loath to ever admit they do anything,” Painter said, even if he was joking.

The openness about cyber doesn’t end there, extending to a number of cases where nations that historically haven’t pointed the finger at other countries over alleged cyberattacks are more willing to do so by releasing technical analyses.

“We’re starting to see more non-Western countries, and notably China, making attributions back now,” said Allison Pytlak, director of the Cyber Program at the Stimson Center think tank and the co-author of the deterrence report with Siebens. Singapore recently made its first cyber attribution as well.

Trump officials have been touting offensive operations, which used to be a topic of very little public discussion. And other nations have been growing more open about cyber operations, from Japan’s recent active cyber defense legislation to Australia establishing its own Cyber Command last year.

‘There is more openness about cyber in general, the strategic level, in terms of leaders being willing to talk about cyberespionage, cyber offense,” Lonergan said. “No one talked about cyber offense in the U.S. government for years.”

That openness could turn out to be a good thing, Pytlak said. It could “spark debate” in the public about the very nature of cyber, about the differences between the harm espionage causes and the kind of national security threat other kinds of activity poses.

The post While White House demands deterrence, Trump shrugs appeared first on CyberScoop.

CJ Cox // We frequently get requests from customers asking us if we provide consultation defending their systems. The other day I got a question from a customer asking us […]

The post How to Build Super Secure Active Directory Infrastructure* appeared first on Black Hills Information Security, Inc..