Three House Democrats questioned the Department of Homeland Security on Monday over a reported Immigration and Customs Enforcement contract with a spyware provider that they warn potentially “threatens Americans’ freedom of movement and freedom of speech.”

Their letter follows publication of a notice that ICE had lifted a stop-work order on a $2 million deal with Israeli spyware company Paragon Solutions, a contract that the Biden administration had frozen one year ago pending a review of its compliance with a spyware executive order.

Paragon is the maker of Graphite, and advertises it as having more safeguards than competitors that have received more public and legal scrutiny, such as NSO Group’s Pegasus, a claim researchers have challenged. A report earlier this year found suspected deployments of Graphite in countries across the globe, with targets including journalists and activists. WhatsApp also notified users this year about a Paragon-linked campaign targeting them. The tool can infect phones without its target having to click on any malicious lure, then mine data from them.

“Given the Trump Administration’s disregard for constitutional rights and civil liberties in pursuit of rapid mass deportation, we are seriously concerned that ICE will abuse Graphite software to target immigrants, people of color, and individuals who express opposition to ICE’s repeated attacks on the rule of law,” the three congressional Democrats, two of whom serve as ranking members of House Oversight and Government Reform subcommittees, wrote Monday.

The trio behind the letter are Reps. Summer Lee of Pennsylvania, top Democrat on the Subcommittee on Federal Law Enforcement; Ohio Rep. Shontel Brown, ranking member of the Subcommittee on Cybersecurity, Information Technology and Government Innovation; and Rep. Yassamin Ansari of Arizona.

Their letter pointed to two Supreme Court rulings — Riley v. California from 2014 and Carpenter v. United States from 2018 — that addressed warrantless surveillance of cellular data. “Allowing ICE to utilize spyware raises serious questions about whether ICE will respect Fourth Amendment protections against warrantless search and seizure for people residing in the U.S.,” the lawmakers wrote.

The trio also asked for communications and documents about ICE’s use of spyware, as well as legal discussions about ICE using spyware and its compliance with the 2023 Biden executive order. They also sought a list of data surveillance targets.

ICE’s surveillance tactics have long drawn attention, but they’ve gained more attention in the Trump administration, which has sought to vastly expand the agency. ICE has conducted raids that have often swept in U.S. citizens. Other federal contracting records have pointed to ICE’s intentions to develop a 24/7 social media surveillance regime.

DHS and ICE did not immediately answer requests for comment about the Democrats’ letter. ICE has not provided answers about the contract in other media inquiries. 

404 Media is suing for information about the ICE contract.

The post House Dems seek info about ICE spyware contract, wary of potential abuses appeared first on CyberScoop.

Two executive orders President Donald Trump has signed in recent months could prove to have a more dramatic impact on cybersecurity than first thought, for better or for worse.

Overall, some of Trump’s executive orders have been more about sending a message than spurring lasting change, as there are limits to their powers. Specifically, some of the provisions of the two executive orders with cyber ramifications — one from March on state and local preparedness generally, and one from June explicitly on cybersecurity — are more puzzling to cyber experts than anything else, while others preserve policies of the prior administration which Trump has criticized in harsh terms. Yet others might fall short of the orders’ intentions, in practice.

But amid the flurry of personnel changes, budget cuts and other executive branch activity in the first half of 2025 under Trump, the full scope of the two cyber-related executive orders might have been somewhat overlooked. And the effects of some of those orders could soon begin coming to fruition as key top Trump cyber officials assume their posts.

The Foundation for Defense of Democracies’ Mark Montgomery said the executive orders were “more important” than he originally understood, noting that he “underestimated” the March order after examining it more closely. Some of the steps would be positive if fully implemented, such as the preparedness order’s call for the creation of a national resilience strategy, he said.

The Center for Democracy & Technology said the June order, which would unravel some elements of executive orders under presidents Joe Biden and Barack Obama, would have a negative effect on cybersecurity.

“Rolling back numerous provisions focused on improving cybersecurity and identity verification in the name of preventing fraud, waste, and abuse is like claiming we need safer roads while removing guardrails from bridges,” said the group’s president, Alexandra Reeve Givens. “The only beneficiaries of this step backward are hackers who want to break into federal systems, fraudsters who want to steal taxpayer money from insecure services, and legacy vendors who want to maintain lucrative contracts without implementing modern security protections.”

The big changes and the in-betweens

Perhaps the largest shift in either order is the deletion of a section of an executive order Biden signed in January on digital identity verification that was intended to fight cybercrime and fraud. In undoing the measures in that section, the White House asserted that it was removing mandates “that risked widespread abuse by enabling illegal immigrants to improperly access public benefits.”

One critic, speaking on condition of anonymity to discuss the changes candidly, said “there’s not a single true statement or phrase or word in” the White House’s claim. The National Security Council did not respond to requests for comment on the order.

Some, though, such as Nick Leiserson of the Institute for Security and Technology, observed that the digital identities language in the Biden order was among the “weakest” in the document, since it only talked about how agencies should “consider” ways to accept digital identities.

The biggest prospective change in the March order was a stated shift for state and local governments to handle disaster preparedness, including for cyberattacks, a notion that drew intense criticism from cyber experts at the time who said states don’t have the resources to defend themselves against Chinese hackers alone. But that shift could have bigger ripples than originally realized.

Errol Weiss, chief security officer at the Health-ISAC, an organization devoted to exchanging threat information in the health sector, said that as the Cybersecurity and Infrastructure Security Agency has scaled back the free services it offers like vulnerability scanning, states would hypothetically have to step into that gap to aid entities like the ones Weiss serves. “If that service goes away, and pieces of it probably already have, there’s going to be a gap there,” he said.

Some of the changes from the March order might only be realized now that the Senate has confirmed Sean Cairncross as national cyber director, or after the Senate takes action on Sean Plankey to lead CISA, said Jim Lewis, a fellow at the Center for European Policy Analysis.

For instance: The order directs a review of critical infrastructure policy documents, including National Security Memorandum 22, a rewrite of a decade-old directive meant to foster better threat information sharing and respond to changing threats. There are already signs the administration plans to move away from that memorandum, a development that a Union of Concerned Scientists analyst said was worrisome, but critics of the memo such as Montgomery said a do-over could be a good thing.

Most of the other biggest potential changes, however, are in the June order. This is a partial list:

• It eliminates a requirement under the January Biden order that government vendors provide certifications about the security of their software development to CISA for review. “I just don’t think that you can play the whole, ‘We care about cyber,’ and, ‘Oh, by the way, this incredible accountability control? We rolled that back,’” said Jake Williams, director of research and development at Hunter Strategy.
• It removes another January Biden order requirement that the National Institute of Standards and Technology develop new guidance on minimum cybersecurity practices, thought to be among that order’s “most ambitious prescriptions.”
• It would move CISA in the direction of implementing a “no-knock” or “no-notice” approach to hunting threats within federal agencies, Leiserson noted.
• It strikes language saying that the internet data routing rules known as Border Gateway Protocol are “vulnerable to attack and misconfiguration,” something Williams said might ease pressure on internet service providers to make improvements. “The ISPs know it’s going to cost them a ton to address the issue,” he said.
• It erases a requirement from the Biden order that contained no deadline, but said that federal systems must deploy phishing-resistant multi-factor authentication. 
• It deletes requirements for pilot projects stemming from the Defense Advanced Research Projects Agency-led Artificial Intelligence Cyber Challenge. DARPA recently completed its 2025 challenge, awarding prize money at this year’s DEF CON cybersecurity conference.
• It says that “agencies’ policies must align investments and priorities to improve network visibility and security controls to reduce cyber risks,” a change security adviser and New York University adjunct professor Alex Sharpe praised.

Some of the changes led to analysts concluding, alternatively, a continuation or rollback of directives from the January Biden executive order on things like federal agency email encryption or post-quantum cryptography.

The head-scratchers and the mysteries

Some of the moves in the June order perplexed analysts.

One was specifying that cyber sanctions must be limited, in the words of a White House fact sheet, “to foreign malicious actors, preventing misuse against domestic political opponents and clarifying that sanctions do not apply to election-related activities.” The Congressional Research Service could find no indication that cyber sanctions had been used domestically, and said the executive order appears to match prior policy.

Another is the removal of the NIST guidance on minimum cybersecurity practices. “If you’re trying to deregulate, why kill the effort to harmonize the standards?” Sharpe asked. 

Yet another is deletion of a line from the January Biden order to the importance of open-source software. “This is a bit puzzling, as open source software does underlie almost all software, including federal systems,” Leiserson wrote (emphasis his).

Multiple sources told CyberScoop it’s unclear who wrote the June order and whom they consulted with in doing so. One source said some agency personnel complained about the lack of interagency vetting of the document. Another said Alexei Bulazel, the NSC director of cyber, appeared to have no role in it.

Another open question is how much force will be put behind implementing the June order.

It loosens the strictness with which agencies must carry out the directives it lays out, at least compared with the January Biden order. It gives the national cyber director a more prominent role in coordination, Leiserson said. And it gives CISA new jobs.

“Since President Trump took office — and strengthened by his Executive Order in June — CISA has taken decisive action to bolster America’s cybersecurity, focusing on critical protections against foreign cyber threats and advancing secure technology practices,” said Marci McCarthy, director of public affairs for CISA.

California Rep. Eric Swalwell, the top Democrat on the House Homeland Security Committee’s cyber subpanel, told CyberScoop he was skeptical about what the June executive order signalled about Trump’s commitment to cybersecurity.

“The President talks tough on cybersecurity, but it’s all for show,” he said in a statement. “He signed the law creating CISA and grew its budget, but also rolled back key Biden-era protections, abandoned supply chain efforts, and drove out cyber experts. CISA has lost a third of its workforce, and his FY 2026 budget slashes its funding …

“Even if his cyber and AI goals are sincere, he’s gutted the staff needed to meet them,” Swalwell continued. “He’s also made the government less secure by giving unvetted allies access to sensitive data. His actions don’t match his words.”

Montgomery said there was a contradiction between the June order giving more responsibilities to agencies like NIST while the administration was proposing around a 20% cut to that agency, and the March order shifting responsibilities to state and local governments without giving them the resources to handle it.

A WilmerHale analysis said that as the administration shapes cyber policy, the June order “signals what that approach is likely to be: removing requirements perceived as barriers to private sector growth and expansion while preserving key requirements that protect the U.S. government’s own systems against cyber threats posed by China and other hostile foreign actors.”

For all of the changes it could make, analysts agreed the June order does continue a fair number of Biden administration policies, like commitments to the Cyber Trust Mark labeling initiative, space cybersecurity policy and requirements for defense contractors to protect sensitive information.

Some of those proposals didn’t get very far before the changeover from Biden to Trump. But it might be easier for the Trump administration to achieve its goals.

“It’s hard to say the car is going in the wrong direction when they haven’t started the engine,” Lewis said. “These people don’t have the same problem, this current team, because they’re stripping stuff back. They’re saying, ‘We’re gonna do less.” So it’s easier to do less.”

The post The overlooked changes that two Trump executive orders could bring to cybersecurity appeared first on CyberScoop.

Sean Cairncross took his post this week as national cyber director at what many agree is a “pivotal” time for the office, giving him a chance to shape its future role in the bureaucracy, tackle difficult policy issues, shore up industry relations and take on key threats.

The former White House official, Republican National Committee leader and head of a federal foreign aid agency became just the third Senate-confirmed national cyber director at an office (ONCD) that’s only four years old. He’s the first person President Donald Trump has assigned to the position after the legislation establishing it became law at the end of his first term.

Two people — House Homeland Security Chairman Andrew Garbarino, R-N.Y., and Adam Meyers, senior vice president of counter adversary operations at CrowdStrike — specifically used the word “pivotal” to describe this moment for Cairncross and his office, while others said as much in other ways.

“It’s a new organization, and with any new organization, you’ve got to build up the muscle memory of how ONCD fits into the interagency process and what it means to set a unified national cybersecurity agenda, the language the director was using in his nomination hearing,” Nicholas Leiserson, a former assistant national cyber director under President Joe Biden who worked on the legislation to create the office as a Hill staffer, told CyberScoop. “We need to make sure that ONCD is the center of the policymaking apparatus. … That is going to be critical to his success.”

Brian Harrell, a former infrastructure protection official at the Deparment of Homeland Security and the Cybersecurity and Infrastructure Security Agency in Trump’s first term, said that with personnel reductions at CISA and change elsewhere, Cairncross has a big opportunity.

“ONCD must be seen as the air traffic controller on all things cyber moving forward,” he said via email. “Given the agency rebuild happening at CISA, and new leadership at FBI and NSA cyber, now is the time to build influence and patch struggling relationships. Add to this, a private sector that is unsure where to turn to during a crisis … Sean must be seen as a convener and facilitator to get the President the right information to make key decisions.”

On the policy front, Leiserson, now senior vice president for policy at the Institute for Security and Technology, said Cairncross has a great opportunity to work through the thicket of federal cybersecurity regulations and disentangle them in a harmonization effort that began under Biden and has bipartisan support. Some seasoned staffers who worked on the issue then remain in the federal government, Leiserson said.

Garbarino also brought up harmonization in a written statement as an issue he wants to see Cairncross address, along with leading the charge renewing the 2015 threat data sharing law known as the Cybersecurity Information Sharing Act, set to expire next month. Jason Oxman, president of the Information Technology Industry Council, said in a press release congratulating Cairncross that renewal of that law was “essential to help ONCD achieve its cybersecurity mission.”

USTelecom President and CEO Jonathan Spalter said enhancing the government’s relationship with the private sector, a subject Cairncross brought up in his confirmation hearing, was also vital. Dave DeWalt, CEO of NightDragon, a venture capital and advisory firm, said of Cairncross in a statement to CyberScoop: “I know that under his leadership, public-private partnership will continue to strengthen and secure our future.”

Those policy challenges, as well as the challenges of strengthening the national cyber director’s standing within the federal government and fortifying the public-private partnership, go hand-in-hand with the threats Cairncross will have to confront.

“The mission of the Office of the National Cyber Director has never been more critical: advancing a unified, strategic, and forward-leaning approach to the cyber threats facing our increasingly digital society,” Frank Cilluffo, director of the McCrary Institute for Cyber and Critical Infrastructure Security at Auburn University and a former member of the Cyberspace Solarium Commission that recommended that Congress create the office, said in a written statement.

Leiserson said threats like the Chinese hackers known as Salt Typhoon penetrating telecommunications networks surely would be at the forefront of Cairncross’s concerns — a threat Cairncross brought up at his confirmation hearing. Harrell mentioned the looming possibility of a Chinese attack on Taiwan.

Oxman raised the threats to U.S. critical infrastructure and the supply chain. CrowdStrike’s Meyers, in a statement to CyberScoop, said the pivotal moment of Cairncross’s confirmation comes as “threat actors weaponize AI and the threat landscape continues to evolve at machine speed.”

Cairncross comes into the job with far less cybersecurity experience than many who have held federal cyber leadership posts. And he comes in with other potential disadvantages, too. At his nomination hearing, Sen. Elissa Slotkin, D-Mich., pointed to deep budget cuts at CISA, telling Cairncross that “you will oversee the single biggest cut in federal cybersecurity dollars.”

But Leiserson said it was encouraging that Trump’s fiscal 2026 budget proposal would keep funding for the Office of the National Cyber Director pretty level.

There are other reasons to be optimistic about the view from federal leaders on the office, too, some pointed out. Cilluffo noted that the 59-35 vote for Cairncross in the Senate suggested some bipartisan support. Leiserson observed that Cairncross was one of the few nominees to escape the nominee backlog in the Senate before lawmakers went on recess.

As for his relative lack of cyber experience, Cairncross has talked about surrounding himself with the right people, Leiserson said.

“You want the unicorns who are incredibly politically astute and who have very deep cyber knowledge,” he said. “These people are hard to come by. We’ve had real cyber experts on the job. Now we’ve got someone who … is going to have an easy time navigating the West Wing. That is a skill set that is vital for running a White House organization, and shouldn’t be discounted.”

The post New National Cyber Director Cairncross faces challenges on policy, bureaucracy, threats appeared first on CyberScoop.

Federal analysts are still sizing up what the Chinese hackers known as Volt Typhoon, who penetrated U.S. critical infrastructure to maintain access within those networks, might have intended by setting up shop there, a Cybersecurity and Infrastructure Security Agency official said Thursday.

“We still don’t actually know what the result of that is going to be,” said Steve Casapulla, acting chief strategy officer at CISA. “They are in those systems. They are in those systems on the island of Guam, as has been talked about publicly. So what [are] the resulting impacts going to be from a threat perspective? That’s the stuff we’re looking really hard at.”

Casapulla made his remarks at a Washington, D.C. event hosted by Auburn University’s McCrary Institute for Cyber and Critical Infrastructure Security. 

Some believe that Chinese penetration of U.S. telecommunications networks by another Chinese hacking group, Salt Typhoon, have overshadowed the machinations of Volt Typhoon, which could eventually have a bigger impact. U.S. officials have warned that China could be prepositioning in critical infrastructure should conflict break out between the United States and Beijing.

Other federal officials have said Volt Typhoon might not have been as successful at maintaining their access as they hoped.

Casapulla said CISA is looking at how to mitigate the threat as well as determining the end goal of the hackers.

“Is it to merely disrupt a few cranes at a port? That could be one thing. But what about if it were all the ports?” he asked. “What about if it were all cargo management systems so they don’t have to do anything physical? They can just shut down a database and limit our ability to track cargo that moves on and off of ships, effectively shutting down the ports and the entire transportation system that way.

“Those are the kind of second-, third-order effects that I also worry about,” Caspulla said.

When he testified before Congress at a hearing last month on his nomination to become national cyber director, Sean Cairncross said Volt Typhoon hacking “has potentially life-and-death consequences.” Other Trump administration officials also have sounded the alarm about the hacking group.

It was also a point of concern in the prior administration under President Joe Biden.

The post Feds still trying to crack Volt Typhoon hackers’ intentions, goals appeared first on CyberScoop.