The Trump administration wants your voter data.
Since President Donald Trump took office in January, the Department of Justice has made an ambitious effort to collect sensitive voter data from all 50 states, including information that one election expert described as “the holy trinity” of identity theft: Social Security numbers, driver’s license numbers and dates of birth.
In states where Trump’s party or allies control the levers of government, this information is handed over willingly. In states where they do not, the DOJ has formally asked, then threatened and then sued states that refuse. The department has also claimed many of these reluctant states are failing to properly maintain their voter registration rolls, and has pushed states to more aggressively remove potentially ineligible voters.
This week, Democrats in the House and Senate introduced new legislation that seeks to defang those efforts by raising the legal bar for states to purge voters based on several factors, such as inactivity or changing residency within the same state.
The Voter Purge Protection Act, introduced by Sen. Alex Padilla, D-Calif., and Rep. Joyce Beatty, D-Ohio, would amend the National Voter Registration Act to make it more difficult for states to kick large numbers of voters off their rolls for actions that Democrats — and many election officials — say are common, overwhelmingly benign and not indicative of voter fraud.
Padilla told reporters that the legislation would help ensure “that Americans cannot be stripped of their right to vote without proof that a voter has either passed away or has permanently moved out of their state.”
Voters targeted for removal must also be notified by election officials “so that there’s no surprise when they show up to vote on election day that their name is not on the list and it’s too late to address whatever the issue may or may not be,” Padilla said.
Beatty pointed to her home state, where Republican Secretary of State Frank LaRose removed more than 155,000 voters from active voter rolls in 2024, as an example where federal protections are needed. The primary factor for purging those voters were records showing they had not cast a ballot in an election for the past four years.
She claimed more than half of the voters who stand to be affected by similar purges in 2025 and 2026 are registered in counties where demographic minorities make up a majority of voters.
“Let me be clear: voting is not use-it-or-lose the right, because too often these so-called voter purges have silenced voices, people of color, people of low income communities, and even our seniors who have waited and fought for the right to vote,” Beatty said.
Meanwhile, a comprehensive post-election audit conducted by LaRose’s office in 2024 identified and referred 597 “apparent noncitizens” on state voter rolls to the state Attorney General for further review, out of 8 million state voters. Critically, 459 of those registered voters never cast an actual ballot, and similar audits performed by LaRose in 2019, 2021 and 2022 found that such people made up similarly miniscule percentages of all active registered voters in the state. Last month, his office put out a press release touting an additional 78 “apparent noncitizens” registered, 69 of whom had no evidence of voting.
“States have the responsibility to keep accurate voter rolls and ensure election integrity,” LaRose added. “In order to meet that responsibility, we need more access to data from the federal government. I will continue to push until we have the resources we need to do our jobs to the standard Ohioans deserve.”
As any state election official will tell you, voter registration lists are never static — every day, people die, get married (or divorced), take on different names, become naturalized citizens or experience a range of other life events that can impact their registration status or result in outdated information. Further, it’s not typically viewed as unusual or a sign of fraud when voters sparingly make use of their registration to vote, though most election experts endorse some level of database maintenance to remove inactive voters.
But it is often these discrepancies that get highlighted by Trump and state allies as evidence of unacceptably messy voter rolls that justify stricter removal policies.
And there are election officials — mostly in Republican-controlled states — who have embraced the philosophy that even small numbers of questionable registrations or voter fraud must be aggressively stamped out or it will lead to American voters losing faith in their democracy. LaRose and Georgia Republican Secretary of State Brad Raffensperger have long championed a similar approach to voter maintenance, and have called for Congress to pass laws making it easier for states to remove voters during election years.
“List maintenance is about election security and voter confidence,” Raffensperger said last month while announcing that approximately 146,000 Georgia voters would be moved to inactive voter rolls, including 80,754 voters who had moved to another county within the state. “We want every Georgian to have full faith in the system, knowing that our elections are free, fair — and fast.”
Critics have pointed out that states already have numerous, effective means for preventing mass voter registration or fraud that have been borne out by post-election audits finding very low instances of fraud, and that overly harsh policies around list maintenance can and do end up disenfranchising far more eligible voters than bad actors. Further, they argue against removing large numbers of voters without a robust follow-up process from states to give affected voters an opportunity to appeal or address any discrepancies that may affect their registration.
The bill has 22 Democratic co-sponsors in the Senate and 24 in the House but is unlikely to gain serious consideration under a Republican-controlled Congress, where most GOP members have long believed voter fraud is rampant and are broadly supportive of state and federal efforts to remove voters based on those same factors.
Asked by CyberScoop how Democrats would navigate that reality, Padilla said the legislation was part of a broader overall effort to push back on these efforts at all levels of constitutional governance. That includes states fighting to protect their constitutional role as administrators of elections when denying data requests from the federal government, within the court system as states and voting rights groups fight in court to block the administration’s use of the SAVE database as a pretext for voter removal, and through public awareness and politics.
Teeing up legislation to prevent states from potentially disenfranchising voters from spurious purges, he said, is part of asserting Congress’ constitutional role in a much broader fight about the way elections are run.
“We’re pushing back on it at every turn and calling attention to it, so that voters understand what they may be facing and make all the necessary preparations so that their right to vote is not denied, whether it’s in next year’s midterm elections or even other regular or special elections before then,” Padilla said.
The post Dems introduce bill to halt mass voter roll purges appeared first on CyberScoop.
Voting rights groups are asking a court to block an ongoing Trump administration effort to merge disparate federal and state voter data into a massive citizenship and voter fraud database.
Last week, the League of Women Voters, the Electronic Privacy Information Center (EPIC) and five individuals sued the federal government in D.C. District Court, saying it was ignoring decades of federal privacy law to create enormous “national data banks” of personal information on Americans.
On Tuesday, the coalition, represented by Democracy Forward Foundation, Citizens for Responsibility and Ethics in Washington (CREW), and Fair Elections Center, asked the court for an emergency injunction to halt the Trump administration’s efforts to transform the Systematic Alien Verification for Entitlements into an immense technological tool to track potential noncitizens registered to vote. Until this year, SAVE was an incomplete and limited federal database meant to track immigrants seeking federal benefits.
“This administration’s attempt to manipulate federal data systems to unlawfully target its own citizens and purge voters is one of the most serious threats to free and fair elections in decades,” Celina Stewart, CEO of the League of Women Voters, said in a statement. “The League is asking the court to act swiftly to stop this abuse of power before it disenfranchises lawful voters. Every citizen deserves privacy, fairness, and the freedom to vote without fear of government interference.”
In an Oct. 7 court filing, the groups said an immediate injunction was needed to prevent permanent privacy harms due to the “illegal and secretive consolidation of millions of Americans’ sensitive personal data across government agencies into centralized data systems” through SAVE.
“While Plaintiffs’ Complaint challenges a broader set of Defendants’ unlawful data consolidation, Plaintiffs here seek emergency relief concerning one particularly harmful and urgent facet of Defendants’ conduct: their overhaul of the Systematic Alien Verification for Entitlements (“SAVE”) system,” the groups wrote.
In addition to SAVE, the lawsuit also claims the existence of “at least one other Interagency Data System that consolidates other data sources from around the government that might have information concerning immigrants into a centralized ‘data lake’ housed at” U.S. Citizenship Immigration Services.
Federal agencies collect massive amounts of data on Americans as part of their work, but the groups argue the 1974 Privacy Act and other privacy laws were explicitly designed to prevent the kind of large, centralized federal datasets on Americans the administration is putting together. Subsequent legislative updates in 1988 amended the Privacy Act to specifically prohibit the use of “computer matching programs” that compare data across different agencies without informing Congress or publicizing the written agreements between agencies.
“For decades, these protections have guarded against improper data pooling across federal agencies, preventing the government from building a potentially dangerous tool for surveilling and investigating Americans without guardrails,” the voting groups wrote. “Until now.”
As CyberScoop reported earlier this year, USCIS, along with the Department of Government Efficiency (DOGE), began merging SAVE data with other major federal data streams — including federal Social Security data — while removing fees and building in the technical capacity for states to conduct easier, bulk searches of voters against the database. The Department of Justice has sought voter data from all 50 states, with some cooperating and others refusing. Last month, the administration sued six states to force them to hand over voter data that would be used in SAVE.
Less than a week before the suit was filed, the Social Security Administration released a redacted copy of its information-sharing agreement with the Department of Homeland Security, which claims that “personnel have been directed to comply, to the maximum extent possible and permissible under law … taking into account federal statutory requirements, including the Privacy Act of 1974 … as well as other laws, rules, regulations, policies, and requirements regarding verification, information sharing, and confidentiality.”
Administration officials say the overhaul is needed to crack down on instances of noncitizen voting and other forms of voter fraud, but such fraud is exceedingly rare outside a handful of isolated cases, as numerous academic studies and post-election audits have proven.
DOGE officials were singled out in the lawsuit for particularly egregious violations, accused of embarking on a “months-long campaign to access, collect and consolidate vast troves of personal data about millions of U.S. citizens and residents stored at multiple federal agencies.”
An executive order from the Trump administration earlier this year sought to explicitly empower the DOGE administrator, along with DHS, to “review” state voter registration lists and other records to identify noncitizen voters. That order is still the subject of ongoing lawsuits challenging its legality.
In this case, the plaintiffs claim the need for emergency relief is urgent as the Trump administration is simultaneously challenging the accuracy of state voter rolls in courts across the country, while “encouraging and enabling states to use unreliable [Social Security Administration] citizenship data pooled in the overhauled SAVE system to begin purging voter rolls ahead of fast-approaching November elections and to open criminal investigations of alleged non-citizen voting.”
“Both the ongoing misuse of Plaintiffs’ sensitive SSA data through the overhauled SAVE system, and the increased risk of cybertheft and additional misuse, qualify as irreparable injuries,” the filing states.
The post Voting groups ask court for immediate halt to Trump admin’s SAVE database overhaul appeared first on CyberScoop.
Encryption lives on in Europe. For now.
The German government has said it will oppose a piece of European Union legislation later this month that would subject phones and other devices to mass scanning — prior to encryption — by the government for evidence of child sexual abuse material.
Federal Minister of Justice Stefanie Hubig was one of several officials from the ruling Christian Democratic Union party to reiterate over the past 24 hours that Germany’s position hasn’t changed.
“Mass scanning of private messages must be taboo in a constitutional state,” Hubig said, according to a statement on X from the Ministry of Justice and Consumer Protection Wednesday. “Germany will not agree to such proposals at the EU level.”
Another CDU member, Jens Spahn, told German journalist Phillip Eckstein of ARD-Hauptstadtstudio that those sentiments are widely held within the party.
“We, as the CDU/CSU parliamentary group, are against the random monitoring of chats,” Spahn said, according to a machine-translated transcript. “That would be like opening all letters as a precaution and checking whether there’s anything illegal in them. That’s not possible, and we won’t allow that.”
The statements came after a week where tech experts and privacy activists in Europe publicly warned that Germany — which had opposed the measure since its introduction in 2022 and operated as a key swing vote — was preparing to back the measure in an upcoming Oct. 14 vote.
The German government did not respond to requests for comment from CyberScoop earlier this week, and other parties have said efforts to communicate with German officials about their intentions were met with “silence” and “stonewalling.”
The prospect of having all digital messages — and possibly other content like audio and video — scanned before encryption would defeat the very purpose of encryption and create an untenable situation, according to Meredith Whittaker, CEO of encrypted messaging app Signal. Whittaker threatened that her organization was prepared to pull out of Europe over the proposal.
Germany’s about-face likely won’t mark the end of this dispute. Western governments in the U.S. and Europe have been seeking to place limits on encrypted communications for decades, arguing that end-to-end encryption with no means of access for law enforcement makes it harder to investigate horrific crimes like pedophilia, terrorism and cybercrime.
Earlier this year, Apple pulled its own end-to-end encryption feature in the U.K. after British national security officials sent the company a letter demanding access to encrypted iCloud data for law enforcement and national security investigations.
There are indications that criminal suspects are increasingly turning to encrypted communications to hide evidence of their criminality. But privacy advocates have pointed out that strong encryption also protects many law-abiding citizens from potential government repression.
The post German government says it will oppose EU mass-scanning proposal appeared first on CyberScoop.
GitHub will implement local publishing with mandatory 2FA, granular tokens that expire after seven days, and trusted publishing.
The post GitHub Boosting Security in Response to NPM Supply Chain Attacks appeared first on SecurityWeek.
Researchers say a Russian group sanctioned by the European Union and wanted by the U.S. government is behind an influence operation targeting upcoming elections in Moldova.
In a report released Tuesday, researchers at the Atlantic Council’s Digital Forensic Research Lab said that REST Media — an online news outlet launched in June whose posts have quickly amassed millions of views on social media — is actually the work of Rybar, a known Russian disinformation outfit connected to other documented influence campaigns against Western countries and Russian-foes like Ukraine.
REST’s content — spread through its website and social media sites like Telegram, X and TikTok — often hammered Moldova’s pro-EU party, the Party of Action and Solidarity, with claims of electoral corruption, vote selling and other forms of misconduct. The site also sought to explicitly cast Moldova’s anti-disinformation efforts as a form of government censorship.
While REST publishes anonymously-bylined articles on its website meant to mimic news reporting, most of its reach has come from TikTok, which accounts for the overwhelming majority of the 3.1 million views its content has received online.
“The actual scope and reach of REST’s campaign likely extends beyond what is documented in this investigation,” wrote researchers Jakub Kubś and Eto Buziashvili.
The researchers provide technical evidence that they say shows unavoidable connection and overlap between the online and cloud-based infrastructure hosting REST and online assets from previously known Rybar operations.
For instance, the site shares “identical” server configurations, file transfer protocol settings and control panel software as Rybar’s mapping platform, while a forensic review of REST’s asset metadata found a number of file paths that explicitly reference Rybar.
“These operational security lapses appear to indicate that at least some REST content follows the same production workflow as Rybar,” Kubś and Buziashvili wrote.
Analysis of the domain for REST’s website found it was registered June 20 “through a chain of privacy-focused services that collectively create multiple layers of anonymization.” The registration was processed out by Sarek Oy, a Finland-based domain registrar company with a history of involvement with pirated websites that was denied formal accreditation by international bodies like ICANN.
The listed domain registrant for REST’s website, 1337 (or “LEET”) Services LLC, appears to be a play on common hacker slang, and DFIRLab said the company is tied to a notorious VPN service based in St. Kitts and Nevis in the Caribbean that is known for helping clients hide their identities.
Efforts to reach the site’s operators were not successful. REST’s website, which is still active, contains no information about the identities of editorial staff, regularly publishes stories with anonymous bylines and does not appear to provide any means for readers to contact the publication, though there is a section for readers to leak sensitive documents and apply for employment.
Kubś and Buziashvili said the new research demonstrates that REST “is more than just another clone in Russian’s information operations ecosystem.”
“It provides granular detail on how actors, such as Rybar, adapt, regenerate, and cloak themselves to continue their efforts to influence,” the authors wrote. “From shared FTP configurations to sloppy metadata, the evidence points to REST being part of a broader strategy to outlast sanctions through proxy brands and technical obfuscation.”
It also underscores “that such influence efforts” from Russia are not siloed “but cross-pollinated across regions, platforms, and political contexts, seeding disinformation that resonates well beyond Moldovan borders.”
REST is the latest in a string of information operations targeting Moldova’s elections that have been traced back to the Russian government over the past year, according to Western governments and independent researchers who track state-backed disinformation campaigns.
A risk assessment from the Foreign Information Manipulation and Interference Information Sharing and Analysis Center on Sept. 9 identifies what it described as “persistent Russian-led hybrid threats, including information warfare, illicit financing, cyberattacks, and proxy mobilisation, aimed at undermining the Moldovan government’s pro-EU agenda and boosting pro-Russian actors.”
The assessment pointed to Moldova’s fragmented media landscape — “where banned pro-Russian outlets evade restrictions via mirror websites, apps, and social media platforms such as Telegram and TikTok” — as a vulnerability that is being exploited by Russian actors, alongside the country’s limited regulatory resources and gaps in online political ad regulation. Russian-directed influence activities in Moldova have “evolved significantly” from funding real-life protests and other forms of paid mobilization to “increasingly technology driven operations,” including social media and newer technologies like artificial intelligence.
But such mobilization may still be part of Russia’s plans. Earlier this week, Moldovan authorities carried out 250 raids and detained dozens of individuals that they claimed were part of a Russian-orchestrated plot to incite riots and destabilize the country ahead of next week’s elections.
The goal is to create a society that feels besieged from all sides — facing not only external pressure from Russia abroad but also internal political strife that can prevent a unified front.
“This intersection of external manipulation and internal fragmentation heightens political polarisation, risks disengaging the traditionally pro-European diaspora, and fosters growing public apathy and disillusionment, outcomes that directly threaten electoral integrity and democratic resilience,” the assessment concluded.
It also comes as the U.S. federal government has — often loudly and proudly — moved away from any systemic effort to fight or limit the spread of disinformation domestically and abroad.
The State Department under Secretary Marco Rubio earlier this year shut down the Global Engagement Center, which was created by Congress and functioned as the federal government’s primary diplomatic arm for engaging with other countries on disinformation issues.
In a Sept. 17 statement, State Department principal deputy spokesperson Tommy Pigott confirmed that the department had “ceased all Frameworks to Counter Foreign State Information Manipulation and any associated instruments implemented by the former administration.”
Pigott added that the decision to shutter the office, which focused mostly on foreign disinformation campaigns waged by autocrats abroad, aligns with an executive order on free speech and freedom of expression issued shortly after Trump took office.
“Through free speech, the United States will counter genuine malign propaganda from adversaries that threaten our national security, while protecting Americans’ right to exchange ideas,” Pigott said.
In addition to the State Department, the Trump administration has shut down the foreign influence task force at the FBI and fired officials and eliminated disinformation research at the Cybersecurity and Infrastructure Security Agency.
The Foreign Malign Influence Center, a key office housed within the Office of the Director of National Intelligence, was responsible for piecing together intelligence around burgeoning foreign influence operations targeting U.S. elections and notifying policymakers and the public. According to sources familiar with the matter, the center’s work has largely ground to a halt under Director of National Intelligence Tulsi Gabbard, who is planning to eliminate the center as part of a larger intelligence reorganization plan.
Lindsay Gorman, a former White House official under the Biden administration, told CyberScoop earlier this year that the U.S. needs a way to coordinate with democratic allies and provide effective interventions when their elections and digital infrastructure are being targeted by intelligence services in Russia, China and other adversarial nations.
One way to fight back, Gorman said, is to have “eyes and ears on the ground” on those countries and “to expose covert campaigns for what they are,” something that outfits like the State Department’s Global Engagement Center were explicitly designed to do.
The post Researchers say media outlet targeting Moldova is a Russian cutout appeared first on CyberScoop.
The packages were injected with malicious code to harvest secrets, dump them to a public repository, and make private repositories public.
The post Shai-Hulud Supply Chain Attack: Worm Used to Steal Secrets, 180+ NPM Packages Hit appeared first on SecurityWeek.
Designed to intercept cryptocurrency transactions, the malicious code reached 10% of cloud environments.
The post Highly Popular NPM Packages Poisoned in New Supply Chain Attack appeared first on SecurityWeek.
Election officials should brace for direct attacks from the Trump administration and its state GOP allies on the integrity of U.S. elections — and plan for the possibility that federal agencies once charged with protecting elections will leverage their authorities to interfere in the process, a voting rights nonprofit warned.
In a report released Wednesday, researchers at the Brennan Center for Justice say the Trump administration’s actions suggest that the White House is preparing for an unprecedented federal intervention in the way elections are administered ahead of 2026 and 2028.
Those interventions include attempts to enact state-level bans or restrictions on mail-in voting, the use of lawsuits or criminal charges against election officials who don’t follow President Donald Trump’s orders, pushing mass state voter roll purges based on potentially inaccurate citizenship data, the deployment of the military in American cities and towns to intimidate voters and state officials, and the potential decertification or seizure of voting machines.
The scenarios are all based on actions the administration has already taken this year or in its first term, statements made by Trump and his aides, lawsuits filed by the Department of Justice and supporting efforts from Republican-led state legislatures.
Lawrence Norden, vice president for the elections and government program at the Brennan Center and one of the report’s authors, told CyberScoop that the document is targeted at three audiences who will be on the front lines in Trump’s war for control over elections: state election officials, policymakers and the public at large.
In 2020, the public was subjected to a deluge of false and unproven claims around election fraud, dead voters and hacked voting machines. While those claims had limited effect influencing voters outside of Trump’s orbit, many federal officials — including Chris Krebs, his own nominee for cybersecurity and election security chief — contradicted his claims of mass fraud. This April, Trump ordered the Justice Department to investigate Krebs for his statements about the 2020 election.
This year, the Department of Homeland Security hired Marci McCarthy and Heather Honey, who both actively tried to overturn the results of the 2020 election. McCarthy is now the top public affairs official at CISA, while Honey was recently named to a position overseeing election security efforts at DHS. Other agencies, like the FBI and the DOJ, have shifted from supporting state elections to investigating and suing election offices over their voter registration practices.
Whatever the administration ends up doing, Norden said it would be wise to plan ahead for different possibilities.
“One of the most effective ways to defeat misleading or false information is to call it out ahead of time, so when it comes to [dubious] reports we might see from government agencies, better to call it out now and say that this is part of a concerted effort and there are reasons not to trust it,” Norden said.
Meanwhile, he said policymakers at the state level “need to be planning and preparing for the next steps” to protect their constitutional rights while running upcoming elections.
“So being ready to have the backs of their election officials, being ready for politicized investigations that may come, being ready for efforts to interfere in the ability of election officials to run their elections according to state law, they need to be preparing for that now,” Norden said.
One possibility floated in the report is the administration moving to decertify voting machines used in some or most states through the Election Assistance Commission. Last week, Trump argued against mail-in ballots and “voting machines,” claiming an executive order that limited their use would soon be issued. The EAC is responsible for overseeing the labs that test and certify voting machines nationwide to ensure they are secure and meet the necessary standards.
While the White House later walked back the possibility of an executive order, the administration has already attempted to compel the EAC to alter voter registration forms to require proof of citizenship and withhold federal funding to states that do not cooperate with federal agencies on election-related matters. A federal judge has nullified parts of that order.
Such certifications are technically voluntary on the part of voting machine manufacturers, but states and localities have overwhelmingly treated them as industry standard when purchasing their machines. Depending on the timing, the mass decertification of certain systems ahead of an election could inject chaos among states, which cannot easily or quickly buy, replace, and test new voting equipment.
For states that do count votes using decertified machines, it could lead the public and political leaders to question the legitimacy of future results. This may give the Trump administration more support to sow doubt and challenge how states run their elections, the type of ballots they accept and how they process vote counts.
The perception of voting impropriety in any future messaging from the Trump administration, even if it is false, is a key issue states will also have to contend with. All politicians use repetition in their political messaging, but for Trump, it is especially crucial to how he communicates, regardless of the actual facts.
Stacy Rosenberg, an associate teaching professor at Carnegie Mellon’s public policy school, told CyberScoop that Trump’s rhetorical style requires aggressive repetition around simple themes — like mass noncitizen voting and poorly maintained voter rolls —, because they help create the political will for the administration and its allies to take more extreme actions that couldn’t otherwise be justified based on law or precedent.
“The attempt to have federalized voting is not something we typically see in the United States, so when elections are questioned, there may be people who say, ‘well, it’s justified for the federal government to come in and make changes,’” Rosenberg said. “We’ll have to see how the courts handle that. It doesn’t really fall into the domain of an executive order, so I think the question is: what can they do that the courts will allow?”
Norden said that while it’s clear the president doesn’t have the kind of direct authority over state-run elections he’s claiming, he does have the power to “both mislead and to intimidate people, whether it’s election officials or voters.”
“The good news is that if we see them for what they are, those are limited powers,” Norden said. “As long as the states step up and defend their elections, as long as voters come out and vote, that’s not enough to undermine elections. But we have to see what’s happening for [that defense] to be effective.”
In terms of counter messaging on the part of states, Rosenberg said much will rest on how courts respond to federal challenges, but from a strategy perspective “the number one thing [election officials] have to know is, you’re going to be called fake news.”
The Trump White House has “continued that line of attack through his first term to his present day. The way they want to control the message by saying everyone else’s message is false is a persistent strategy,” she said.
Pointing to the administration’s previous efforts to strong-arm universities and law firms, Rosenberg noted that while no one was left unscathed, those who fared best tended to confront Trump head-on rather than try to accommodate him.
“I think all you can do is stand your ground, file your lawsuits or counter lawsuits as you need to, but I think you need to continue to do the ethical hard work that you’ve done prior to the administration,” she said.
The post Trump administration setting the stage for elections power grab, voting rights group warns appeared first on CyberScoop.
In a sweeping announcement about a forthcoming executive order, President Donald Trump argued Monday that states are ultimately subservient to the White House when it comes to setting election policy.
“Remember, the states are merely an agent for the federal government in counting and tabulating the votes,” Trump wrote on Truth Social Monday morning. “They must do what the federal government, as represented by the President of the United States, tells them, FOR THE GOOD OF OUR COUNTRY, to do.”
Trump also claimed the executive order would end mail-in voting, falsely claiming that other countries stopped the practice due to fraud, as well as “very expensive and SERIOUSLY CONTROVERSIAL voting machines.”
It’s not clear which voting machines Trump was referencing. The president’s allies and friendly media outlets like Fox News and NewsMax were successfully sued by Smartmatic and Dominion for billions of dollars after the 2020 election for falsely claiming that their voting machines were rigged to elect Democratic President Joe Biden.
Either way, Trump has lost dozens of lawsuits attempting to prove fraud, and reportedly nearly signed an executive order at the end of his last term ordering the Department of Defense to seize voting machines, purportedly to examine them for fraud.
A previous executive order from Trump this year, purporting to compel the bipartisan Election Assistance Commission to alter voter registration request forms to include a proof of citizenship section and deny forms to states or voters who don’t provide the information, was struck down by a judge as unconstitutional in April. The judge in the ruling remarked that “no statutory delegation of authority to the Executive Branch permits the President to short-circuit Congress’s deliberative process” on regulating elections via executive order.
The Constitution of the United States doesn’t say much about the role of the executive branch in elections.
States are mentioned prominently as the primary administrators, while Congress is empowered to make regulations. The president isn’t mentioned at all.
David Becker, executive director of the Center for Election Innovation and Research, told CyberScoop that Article 1, Section 4 of the Constitution “states unambiguously that the regulation of elections is the power of the states, and only Congress can change that.”
“The president plays literally no role in elections, and that’s by design of the founders,” he said. “Alexander Hamilton foresaw, and made clear in Federalist 59, that a democracy must diversify the power of elections in order to protect itself from an overzealous executive, and therefore power over elections would reside with the several states.”
The contention that the president of the United States had specific authority over states in elections was also waved away as nonsense by constitutional scholars.
“States are agents of the federal government? *lights syllabus on fire,*” wrote Elizabeth Joh, constitutional law professor at the University of California, Davis.
Voting machine security has been a fiercely debated topic in Washington D.C., and among states, particularly over the past two decades as the country has moved toward electronic voting machines.
Voting machines and the software they rely on do have vulnerabilities, but safeguards exist to detect large-scale hacking attempts like those Trump claims.
First, American elections are famously decentralized, with different states and localities relying on different machines, software and other products. That means a hacker would have to compromise multiple systems and companies to affect votes outside of a single county or state.
Second, voting machines, with few exceptions, are not connected to the internet. Many of the vulnerabilities a hacker would need to exploit the machine require direct, physical access. While this scenario doesn’t make a compromise impossible, experts say the chain-of-custody procedures that voting machines are subject to would make it extremely difficult to gain access to a significant number of voting machines.
Finally, 97% of U.S. voters vote on a machine with paper backups, which allow state officials to audit paper ballots to ensure they match the vote totals reported by the machine. Every post-election audit conducted by a state following the 2020 election confirmed the accuracy of the machine count.
The president’s post reinforces the idea that, after years of cooperation during past elections, the federal government and states are likely to have a contentious and adversarial relationship over the next two-to-four years.
In some states like Arizona, election officials have decried their crumbling relationship over the past year with the Cybersecurity and Infrastructure Security Agency, the federal government’s top civilian cyber agency. Under the Biden and first Trump administration, CISA played a robust, high-profile role providing cybersecurity support and technical expertise to states to harden defenses around voting machines and election infrastructure.
But the White House has fired or sidelined many CISA officials who worked on election security, and fired the regional advisers who provided assistance. Other federal agencies like the FBI and Department of Justice have disbanded task forces on election-related foreign influence operations, and have shifted much of their resourcing to investigating voter fraud.
The DOJ is suing or attempting to take legal action in multiple states, alleging that their voter registration systems are poorly maintained. Federal complaints have often focused on minor procedural errors made by states or localities to question the citizenship and eligibility of hundreds of thousands of voters.
The president’s announcement came the same day that conservative media outlet Newsmax informed the Securities and Exchange Commission it had agreed to a $67 million settlement with Dominion Voting Systems over false claims the network made in the wake of the 2020 election that their voting systems had been hacked or compromised to alter the outcome of the presidential election.
Fox News also paid $787 million to settle a lawsuit with Dominion, and Newsmax had already paid $40 million to another voting machine manufacturer, Smartmatic, to settle similar defamation charges.
In an article on the settlement, Newsmax remained defiant about its role in the 2020 election, claiming that they would have succeeded in proving the vote tallies were rigged if not for the courts rigging proceedings against them.
“Despite its confidence in its reporting, Newsmax determined the Delaware court with Judge Eric Davis presiding would not provide a fair trial wherein the company could present standard libel defenses to a jury,” the outlet wrote.
Becker said Trump “has spread lies about our elections for years now, and every time he and his allies are offered an opportunity to back those statements up in court, with evidence subject to cross-examination, they’ve failed.”
“In defamation cases brought against Fox News, Rudy Giuliani, Kari Lake, and Mike Lindell, every defendant had an absolute right to defend their statements as true, and every defendant failed to present even a shred of evidence,” he added. “All either settled for vast amounts, conceded liability for defamation, or were found liable.”
The post Trump threatens executive order on elections, claims states must obey appeared first on CyberScoop.
As the Trump administration has sought to muscle through changes to election laws and rules across the country, Democrats in Congress have steadily escalated their concerns about the potential for disenfranchisement.
At a public forum Wednesday held by Democratic lawmakers focused on elections and voter suppression, Sen. Alex Padilla, D-Calif., ranking member on the Senate Committee on Rules and Administration, issued a blunt charge at the White House and its Republican allies.
“Their goal is to amplify their false narrative of insecure elections to justify their power grabs and to make it harder to register to vote, to stay on the polls and to actually cast your ballot,” Padilla said.
Padilla was one of several Democrats and witnesses who accused Republicans — who did not participate in the forum — of inflating concerns about noncitizen voting to justify legal and legislative challenges to swaths of votes, sometimes based on minor paperwork errors that took place decades ago.
One of the Democrats’ key witnesses was Allison Riggs, the Democratic North Carolina State Supreme Court Justice who had her narrow, 734-vote victory last year challenged in court by her Republican opponent Jefferson Griffin.
Griffin and state GOP officials ultimately challenged 65,000 votes in four counties as illegal, including those belonging to people who didn’t have driver’s licenses or Social Security numbers on file and overseas voters. The challenge involved only voters in four Democratic-leaning counties, and only for Riggs’ race. It did not challenge those voters’ choices for the U.S. presidential and North Carolina gubernatorial elections.
A winding court battle saw Riggs spend more than $2 million in court costs to prove that her tabulated lead — which survived two recounts — was legitimate. While a federal court eventually intervened to declare Riggs the winner, she told lawmakers that “we came perilously close to watching our systems of rules-based elections crumble before our eyes” as state courts initially validated Griffin’s argument.
“Our state appellate courts were willing to give credence to the argument that the rules of an election could be changed after the election, to change the election outcome,” Riggs said.
She said she sees the legal battle over voter eligibility in her race as a blueprint for how similar challenges could be made in future elections.
“The precedent in my case is at the district level,” Riggs said. “We were prepared for it to go all the way [to the Supreme Court.] I think it is still likely [to happen again] absent our collective willingness to recognize this threat and take the appropriate steps.”
Janessa Goldbeck, CEO of the Vet Voice Foundation, which runs one of the largest voter outreach programs for military veterans and families, said many of the North Carolina voters who had their ballots flagged as suspicious in lawsuits from Griffin’s campaign and the Trump Department of Justice were members of the military serving overseas who followed state laws.
Riggs noted that her own parents were among the group of voters who had their eligibility questioned in Griffin’s legal challenge, emphasizing that her father initially registered decades ago using his military ID and has shown a valid ID during every election he’s voted in.
“President Trump has publicly attacked these ballots and pushed conspiracy theories about them,” Goldbeck said, in addition to disparaging those who registered through laws like the Uniformed and Overseas Citizens Absentee Voting Act as taking advantage of a “voting loophole.”
She also said current legislation being considered by Congress, like the SAVE Act, would require military voters and their families to register to vote in person using a passport, something that would be impossible for many people deployed overseas.
Some observers have worried the Trump administration and GOP may be seeking to redefine how certain classes of voters and ballots are considered and handled by states and courts, chiefly by shifting the burden of proof away from the government and onto individual voters when it comes to validating citizenship.
The Trump administration and Republicans have justified such changes as necessary to ensure American elections aren’t tainted by noncitizen voting. Experts and post-election audits largely refute those charges, but GOP boosters have argued that even one noncitizen voting in a U.S. election is too many.
In particular, they’ve pointed to the administration’s changes to the Systemic Aliens Verification for Entitlements (SAVE) database managed by the U.S. Citizenship and Immigration Services. Those changes include allowing states to search using Social Security numbers and to conduct “bulk” queries that can be matched against various state and federal databases.
Just how USCIS and state election officials use this information when identifying voters for potential removal from state voter rolls remains to be seen — and experts say the amount of time and assistance states provide to help voters cure any paperwork problems will be critical. A brief by the Fair Elections Center this week questioned the accuracy of using Social Security numbers to validate citizenship information of voters, noting the Social Security Administration didn’t even start requiring such information for applicants until 1972.
According to VoteBeat, David Jennings, the technology and policy lead for SAVE at USCIS, reportedly told state officials at an Oklahoma conference that the agency doesn’t share SAVE data with Immigrations and Customs Enforcement or other agencies. He described SAVE as a “tool” for states to use when making decisions around a voter’s registration status, not the sole criteria.
The administration is also suing states, sending them information requests and working with cooperative ones to build a massive query system across state data streams that experts say is likely to sweep in far more eligible voters and ballots than noncitizens registered to vote.
Justin Levitt, a professor at Loyola Law School in Los Angeles, described these data requests as “either illegal or [an] attempt to effectuate illegal acts” that violate the U.S. Privacy Act of 1972, which prohibits federal agencies from collecting and sharing large amounts of personal information on Americans.
Meanwhile, policy blueprints like Project 2025 propose “in plain view, a monstrous abuse of DOJ authority, pursuing faceless persecutions of elections officials” that mirrors the White House’s ongoing efforts to impose its will on state and local election rules, Levitt said.While most judges are pushing back, and election officials are largely standing firm in most states, Levitt worries that they will have to carry out their duties securing U.S. elections “despite, not alongside, our federal government.”
The post Senate Democrats call Trump admin’s focus on state voter rolls a pretext for disenfranchisement appeared first on CyberScoop.
President Donald Trump’s pick to lead the Cybersecurity and Information Security Agency told senators Thursday that he would prioritize evicting China from the U.S. supply chain, and wouldn’t hesitate to ask for more money for the shrunken agency if he thought it needed it.
“If confirmed it will be a priority of mine to remove all Chinese intrusions, exploitations or infestation into the American supply chain,” Sean Plankey told Rick Scott, R-Fla., at his confirmation hearing before the Homeland Security and Governmental Affairs Committee. Scott had asked Plankey about reports of Chinese infiltration of U.S. energy infrastructure.
Should he be confirmed for the role, Plankey is set to arrive at an agency that has had its personnel and budget slashed significantly under Trump, a topic of concern for Democratic senators including the ranking member on the panel vetting him, Gary Peters of Michigan. Peters asked how he’d handle the smaller CISA he’s inherited while still having a range of legal obligations to fulfill.
“One of the ways I’ve found most effective when you come in to lead an organization is to allow the operators to operate,” Plankey said. “If that means we have to reorganize in some form or fashion, that’s what we’ll do, I’ll lead that charge. If that means we need a different level of funding than we currently have now, then I will approach [Department of Homeland Security Secretary Kristi Noem], ask for that funding, ask for that support.”
Under questioning from Sen. Richard Blumenthal, D-Conn., about whether he believed the 2020 election was rigged or stolen, Plankey, like other past Trump nominees, avoided answering “yes” or “no.”
At first he said he hadn’t reviewed any cybersecurity around the 2020 election. He then said, “My opinion on the election as an American private citizen probably isn’t relevant, but the Electoral College did confirm President Joe Biden.”
Blumenthal pressed him, saying his office was supposed to be above politics, and asked what Plankey would do if Trump came to him and falsely told him the 2026 or 2028 elections were rigged.
“That’s like a doctor who’s diagnosing someone over the television because they saw them on the news,” Plankey answered.
Chairman Rand Paul, R-Ky., rebutted Blumenthal, saying “CISA has nothing to do with the elections.” But Sen. Josh Hawley, R-Mo., later asked Plankey about CISA’s “important” role in protecting election infrastructure, and asked how he would make the line “clear” between past CISA disinformation work that Republicans have called censorship and cybersecurity protections.
Plankey answered that Trump has issued guidance on the protection of election security infrastructure like electronic voting machines, and it’s DHS’s job “to ensure that it is assessed prior to an election to make sure there are no adversarial actions or vulnerabilities in it,” something he’d focus on if Noem tasked CISA with the job.
Plankey said he would not engage in censorship — something his predecessors staunchly denied doing — because “cybersecurity is a big enough problem.” His focus would be on defending federal networks and critical infrastructure, he said. To improve federal cybersecurity, he said he favored “wholesale” revamps of federal IT rather than smaller fixes.
The Center for Democracy and Technology said after Plankey’s hearing it was concerned about how CISA would approach election security.
“CISA has refused to say what its plans are for the next election, and election officials across the country are flying blind,” said Tim Harper, senior policy analyst on elections and democracy for the group. “If CISA is abandoning them, election officials deserve to know so they can make plans to protect their cyber and physical infrastructure from nation-state hackers. Keeping them in the dark only helps bad actors.”
Plankey indicated support for the expiring State and Local Cybersecurity Grant Program, as well as the expiring 2015 Cybersecurity and Information Sharing Act, both of which are due to sunset in September.
Paul told reporters after the hearing that he planned to have a markup of a renewal of the 2015 information sharing law before the September deadline, with language added to explicitly prohibit the Cybersecurity and Infrastructure Security Agency from any censorship.
Plankey’s nomination next moves to a committee vote, following an 11-1 vote last month to advance the nomination of Sean Cairncross to become national cyber director. Plankey’s nomination would have another hurdle to overcome before a Senate floor vote, as Sen. Ron Wyden, D-Ore., has placed a hold on the Plankey pick in a bid to force the administration to release an unclassified report on U.S. phone network security.
“The Trump administration might not have been paying attention, so I’ll say it again: I will not lift my hold on Mr. Plankey’s nomination until this report is public. It’s ridiculous that CISA seems more concerned with covering up phone companies’ negligent cybersecurity than it is with protecting Americans from Chinese hackers,” Wyden said in a statement to CyberScoop. “Trump’s administration won’t act to shore up our dangerously insecure telecom system, it hasn’t gotten to the bottom of the Salt Typhoon hack, and it won’t even let Americans see an unclassified report on why it’s so important to put mandatory security rules in place for phone companies.”
The post Plankey vows to boot China from U.S. supply chain, advocate for CISA budget appeared first on CyberScoop.
In a congressional hearing on state voter registration practices Tuesday, Republicans on the House Administration Committee were united around common sentiments: It is too easy for citizens to register to vote and too easy for them to stay on voter rolls, states aren’t doing enough to remove ineligible voters, and it’s all led to the country’s elections being vulnerable to mass voter fraud and noncitizen voting.
There was little evidence presented to back up most of those claims.
Yet, the hearing focused on how states and the federal government could better review voter registration databases, with lawmakers hearing from two conservative nonprofit representatives and a North Carolina voter who was wrongly removed from the state’s voter rolls last year.
J. Christian Adams, a former Department of Justice official under George W. Bush who has since become president and general counsel of the conservative Public Interest Legal Foundation, told lawmakers that U.S. courts have interpreted the National Voter Registration Act’s requirements on voter list maintenance too loosely, by specifying only that states must make a “rational effort” to keep their voter lists updated and remove ineligible voters.
He claimed states like Michigan under Democratic Secretary of State Jocelyn Benson received an “A for effort in court” but deserve an “F for outcome.”
“Never mind if someone is registered multiple times, nevermind if a registration is missing the date of birth,” Adams said. “None of this matters under these court rulings; only whether a state makes a rational effort. Results don’t matter.”
Notably absent from Adams’s testimony was any claim or evidence that Michigan’s system for verifying citizenship has led to higher rates of voter fraud or noncitizen voting.
Justin Reimer, president and CEO of Restoring Integrity and Trust in Elections, is part of a growing chorus of Republicans who are calling for changes to the 1993 National Voter Registration Act to allow states to remove voters from voter rolls closer to elections. He also called for Congress to “exempt” noncitizen removal from any restrictions.
The hearing aligned with a larger push by the GOP and President Donald Trump to argue that state voter rolls are woefully out of date and that more stringent deregistration efforts are needed to ensure noncitizens aren’t voting en masse.
The administration has waged lawsuits and filed inquiries with multiple states in recent months alleging deficiencies in their voter registration maintenance. In North Carolina, Republican Judge Jefferson Griffin convinced several state courts, including the State Supreme Court, to hold tens of thousands of voter ballots for additional scrutiny and curing around identity, leaving voters just 15 days to cure any defects before their ballots were thrown out.
But most states do indeed conduct regular maintenance of their voter rolls, and numerous post-election audits — in some cases going back decades — conducted in Republican-leaning states like Ohio, Iowa and Georgia have failed to find more than a few dozen cases of noncitizens being registered to vote, while an even smaller fraction were found to have cast a ballot.
In a letter sent to House Administration Committee Chair Bryan Steil, R-Wis., Georgia Republican Secretary of State Brad Raffensperger urged the committee to use his state’s policies as a “blueprint” for national election laws, including Voter ID, banning ballot harvesting of mail-in and absentee votes, and robust use of tools like the Federal SAVE database to identify and purge voters suspected of being noncitizens.
One “federal barrier” cited by Raffensperger was a section of the National Voter Registration Act that prohibits states from conducting voter roll purges less than 90 days before an election. This “quiet period” was explicitly designed to prevent states from disenfranchising large numbers of voters right before an election — when relief from the courts could come too late.
But Raffensperger pressed Congress to lift those restrictions, saying the 90-day period “restricts us from conducting systematic list maintenance in federal election years precisely when clean voter rolls are most scrutinized.”
When states like Georgia use the SAVE system, most people flagged as “potential noncitizens” are actually eligible voters. They are often citizens who were misidentified due to minor paperwork errors by election offices years ago, or individuals who have since become citizens and are now legally permitted to vote.
A comprehensive audit of Georgia’s voter rolls by Raffensperger’s office last year found just 20 registered noncitizens out of 8.2 million registered voters. Of those 20, just nine ever cast an actual ballot in an election, with most of them prior to the implementation of citizenship verification requirements by the Georgia Department of Driver Services in 2012.
Rep. Joe Morelle, D-N.Y., ranking member of the committee, decried GOP efforts to increase voter roll purges, citing evidence that supposed noncitizen expulsions carried out by states historically disenfranchise more eligible voters. “The majority is more interested in promoting illegal and sloppy efforts to manipulate elections” than finding fraud, he said.
Mary Kay Heling, who has lived in North Carolina since 2016 and voted in prior elections, said she is one of 200,000 voters who had their ballots challenged last year by Judge Griffin, then a Republican candidate for the state’s Supreme Court.
Heling said she registered to vote using the last four digits of her Social Security number and voted in person on Election Day, but her ballot was flagged along with 200,000 other voters as potentially suspect. She said she was told by the State Board of Elections that there was a potential mismatch around her voter information, but never clarified the actual error.
While Griffin eventually dropped his lawsuit, the Department of Justice under Trump is now suing North Carolina to force those voters to prove their identity and citizenship or lose their voting privileges. The North Carolina State Board of Elections, which recently fired its executive director and replaced her with the general counsel for state Republican Speaker Sam Hayes, has said it is beginning the process of notifying voters.
Heling said the process of proving her identity repeatedly to North Carolina officials was exhausting. She worried that “there are 200,000-plus more voters that are going to have to go through what I did,” adding that she will never truly be certain whether her vote will count in future elections.
“I will check before the next election, I will verify it again, but you should be able to register and not worry about this,” Heling said. “I will not be assured until I see it.”
The post House Republicans endorse stricter state and federal-led voter roll purges despite dearth of evidence on fraud appeared first on CyberScoop.
Arizona election officials say a hack targeting a statewide online portal for political candidates resulted in the defacement and replacement of multiple candidate photos with the late Iranian Ayatollah Ruhollah Khomeini.
While officials say the threat is contained and the vulnerability has been fixed, they also blasted the lack of support they’ve received from the federal government, claiming the Cybersecurity and Infrastructure Security Agency is no longer a reliable partner in election security under the Trump administration.
Michael Moore, the chief information security officer for Arizona’s Secretary of State, told CyberScoop that his office first became aware that something odd was happening on June 23, while many officials were at a conference. One user managing the candidate portal noticed that one of the candidate images uploaded to the site didn’t “make sense” because it appeared to be a picture of Khomeini. The next day they were notified that candidate profiles going back years had also been defaced with the same picture.
“My first call was to Arizona’s [Department of] Homeland Security,” Moore said. “We started troubleshooting, locked down that portion of the site, and started doing preventative measures to reduce our attack surface.”
Moore said other important systems, such as the statewide voter registration database and its confidentiality system for domestic abuse survivors, are hosted on servers that are segmented from other parts of the network. He said there is no evidence that the attackers “even attempted” to access state voter rolls.
Incident responders determined that the attacker was using the candidate portal to upload an image file containing a Base 64-encoded PowerShell script that attempted to take over the server.
Moore described the affected candidate portal as an older, legacy system that wasn’t designed for security. Unlike many other statewide systems, the candidate portal was explicitly created to accept uploads from the public.
Moore likened the situation to “a village that’s surrounded by a castle; we’ve got a moat, we’ve got a drawbridge, we’ve got a portcullis and guards on the walls.”
“But when our village needs to do business,” he said, “we have doors and windows that are open and an adversary can just walk through … masquerading as a legitimate business.”
The substance and timing of the hack point to someone with pro-Iranian interests. The incident took place the day after the U.S. bombed Iranian nuclear sites, and a Telegram message linked in the defacement promised revenge against Americans for President Donald Trump’s actions.
Moore said they do not have definitive attribution for the attack at this time.
For years, CISA has coordinated election security between states and the federal government, sharing intelligence on vulnerabilities or hacking campaigns, deploying cybersecurity experts, and assisting with active incidents.
Arizona, through its state DHS, contacted multiple federal agencies about the hack, including the FBI. But CISA was not part of that outreach.
In a scathing statement, Secretary of State Adrian Fontes, a Democrat who has long focused on election security, said that this once-fruitful partnership between CISA and states had been damaged as the agency has been “weakened and politicized” under the Trump administration.
“Up until 2024, CISA was a strong and reliable partner in our shared mission of securing American digital infrastructure, but since then the agency has been politicized and weakened by the current administration,” Fontes said.
Fontes said he personally reached out in a letter to Homeland Security Secretary Kristi Noem months ago in an effort to establish a relationship but was “dismissed outright.”
“Given their recent conduct, and broader trends at the federal level, we’ve lost confidence in [CISA’s] capacity to collaborate in good faith or to prioritize national security over political theater,” he continued. “This is exactly the kind of division that foreign adversaries of Russia, China and Iran seek to exploit. Cybersecurity should never be a partisan issue. When trust breaks down between levels of government, we put our democratic system at risk.”
Since being sworn into power, President Donald Trump and his administration have taken an axe to CISA’s budget and workforce, eliminated regional offices, fired disinformation experts, and drastically reduced the agency’s once-robust support for securing state elections.
Moore doubled down on Fontes’ sentiments, telling CyberScoop “it was easy and natural to work with CISA until 2024.” Under previous administrations he had a litany of CISA employees on speed dial, but “right now, in 2025, we have no [federal] cybersecurity advisors.”
“We will occasionally communicate with CISA at a regional level, but we don’t have that direct level of support” we used to, he said.
Outside of elections, he referenced the massive SharePoint vulnerability disclosed by Microsoft over the weekend as a prime example of CISA’s diminished capacity and willingness to coordinate national responses to major cyber threats.
“We’re effectively trying to recreate the federal government,” Moore said. “In the past, CISA would have led the charge [to coordinate around the SharePoint flaw]. I didn’t get an email from CISA until [Monday] morning warning about the event, and that’s too late. This started on Friday morning and the damage was done by Monday morning.”
A DHS spokesperson called Fontes’ criticism “misguided.”
“Here are the facts: In late June, the state requested assistance. On July 1st the Arizona Secretary of State posted a notice on their website and took their candidate portal offline for several days ahead of their primary special election,” the spokesperson said. “Since then CISA has been working with Arizona and has provided direct assistance to support their response efforts.”
A former senior DHS official told CyberScoop that “there does seem to be a loss of confidence among both private sector and state and local governments with regard to CISA” under the Trump administration.
In particular, the administration change has led to a “deemphasis of CISA in terms of being the primary federal civilian cyber response agency,” the former official continued. Additionally, the agency does not yet have a Senate-confirmed leader and “they’ve lost a lot of talent, mostly on the technical side, like engineering and the technical services division that’s hard to replace,” they added.
The official requested anonymity to speak candidly with CyberScoop about their interactions with DHS.
Further, the lack of action from the federal government on other critical matters related to the agency, like reauthorization of the expiring Cybersecurity Information Sharing Act, have “led stakeholders of CISA to question whether or not it is the same agency they could count on six or seven months ago.”
The official said they believe the administration is looking to change perceptions and expectations around CISA’s mission, as Trump, Noem and others have sharply criticized the agency for its election security work.
“My sense is this is exactly what they wanted, which was a reset of the relationship with CISA and the department, but also how it is perceived and acts in the interagency and beyond,” the official said.“When they say focus the core mission on cyber, to me that says programs of record like EINSTEIN and a lot of emphasis on things like [the Continuous Diagnostics and Mitigation program], resetting the relationship on infrastructure protection and providing more targeted resources for assessments, or cyber hygiene related initiatives,” they continued. “That has yet to make its way through the pipeline, though, and what you have now is kind of a half thought out plan.”
The post After website hack, Arizona election officials unload on Trump’s CISA appeared first on CyberScoop.
Login