The Secret Service said Tuesday that it disrupted a network of electronic devices in the New York City area that posed imminent telecommunications-based threats to U.S. government officials and potentially the United Nations General Assembly meeting currently underway.

The range of threats included enabling encrypted communications between threat groups and criminals, or disabling cell towers and conducting denial-of-service attacks to shut down cell communications in the region. Matt McCool, special agent in charge of the Secret Service’s New York field office, said the agency’s early analysis of the network indicated “cellular communications between foreign actors and individuals that are known to federal law enforcement.”

In all, the agency said it discovered more than 300 servers and 100,000 SIM cards spread across multiple sites within 35 miles of the U.N. meeting. The Secret Service announcement came the same day President Donald Trump was scheduled to deliver a speech to the General Assembly.

“The potential for disruption to our country’s telecommunications posed by this network of devices cannot be overstated,” U.S. Secret Service Director Sean Curran said in a news release.

McCool said in a video statement that the investigation was ongoing, but the threat the network posed had been neutralized.

“These devices allowed anonymous, encrypted communications between potential threat actors and criminal enterprises, enabling criminal organizations to operate undetected,” he said. “This network had the potential to disable cell phone towers and essentially shut down the cellular network in New York City.

“We will continue working toward identifying those responsible and their intent, including whether their plan was to disrupt the U.N. General Assembly and communications of government and emergency personnel during the official visit of world leaders in and around New York City,” McCool continued.

News outlets briefed on the operation reported that the network anonymously conveyed assassination threats against senior U.S. officials, that the agency had never seen such an extensive operation, that the investigation uncovered empty electronic safehouses rented around the area and that hackers, terrorists, spies and human traffickers could’ve made use of the network. The investigation reportedly began in response to swatting and bomb threats against U.S. officials.

Other participants in the investigation were the Department of Homeland Security’s Homeland Security Investigations, the Department of Justice, the Office of the Director of National Intelligence and the New York Police Department.

Some cybersecurity professionals reacted skeptically to elements of the Secret Service announcement.

“Super weird framing by the Secret Service,” Marcus Hutchins, the researcher known for stopping the 2017 WannaCry ransomware attack, wrote on BlueSky. “They found a SIM card farm, which is typically used by criminals to anonymously send calls and texts. They issued a press release claiming ‘it could have shut down the entire NY cell network during the UN general assembly’ which is some serious FUD,” he said, using the acronym for “fear, uncertainty and doubt.”

He added: “it’s possible they found an actual plot to cause widespread destruction, but way more likely they found some generic cybercrime service and have absolutely no clue what it’s for.”

Johns Hopkins cryptography expert Matthew Green wrote on the same social media platform that “I no longer know what we can trust from the Secret Service, especially when a ‘Trump speech’ is involved, and the mechanics of this thing are a little bizarre.”

Updated 9/23/25: to include reaction from cybersecurity professionals.

The post Secret Service says it dismantled extensive telecom threat in NYC area appeared first on CyberScoop.

Hackers are increasingly adopting the techniques of the Chinese group that successfully infiltrated major telecommunications providers in attacks that made headlines last year by looking for unconventional weak spots, an AT&T executive said Monday.

AT&T was one of the major providers to fall victim to the sweeping campaign from the group, known as Salt Typhoon, but the company has since said it evicted the hackers from its networks.

“We’re seeing adversaries really change the way they’re doing things, very similar to what Salt Typhoon did,” Rich Baich, chief information security officer at AT&T, said at the Google Cloud Cyber Defense Summit.

There were three things that stood out about the way Salt Typhoon approached its campaign, he said. One was hunting for weak points in the company’s ability to find and track malicious activity on physical devices like phones or laptops, known as endpoint detection and response (EDR).

“Traditionally as practitioners, we focused on putting endpoint detection on our devices to help us provide a certain level of protection” Baich said. “Salt Typhoon’s approach was a little bit different. They said, ‘Well, what about all the other platforms that traditionally don’t have an EDR?’ And those platforms then can be utilized in many fashions, carrying out different types of actions.”

“What we need to think about is this: Do we need to have endpoint protection elsewhere, in different platforms?” Baich added. ”So that’s one: They’re going to the areas of least resistance and not spending time trying to combat traditional security controls.”

Another technique that’s growing in use since the Salt Typhoon attacks is “looking for things where we don’t have logs,” he said. Baich said attackers are “re-engineering and thinking of tradecraft techniques that allow them to circumvent known controls, and things that we may do today, but in certain parts of our networks, we may not have those things enabled.”

Lastly, Salt Typhoon and its mimics have been turning to what’s called “living off the land” attacks, where attackers rely on legitimate tools that already exist in a victim’s networks.

“Third thing that they are doing is using the actual administrative tools that we use to perform those functions, so [a lesson for potential victims is] making sure that those are locked down and you understand all the administrative tools that you have in your environment,” Baich said. “All of that is because they’re actually trying to be part of your network.”

The combination of those techniques, as well as a dedication to covering and wiping their tracks to avoid digital forensics probes, means that “we have to be much more efficient operators,” he said. “We have to think outside the box. It’s not just about just having the technology; it’s understanding how to use the technology and understanding how your technology can be used against us.”

Ironically, network defenders might be a victim of their own success, said Rob Joyce, the former cybersecurity director of the National Security Agency.

Defenses for the most-used technology in society today — from mobile phones to web browsers — have gotten very good, Joyce said at the same conference. Vulnerability management, patch management, threat intelligence — all have bolstered defenses, he said.

Because of that, “it just takes exploits chained together in multiple paths to get to success,” said Joyce, who now runs his own cybersecurity consulting firm.

“All of that has advanced us,” he said. “At the same time, we’ve evolved the attackers through that activity. I think by calling out some of the bad behavior, by highlighting the things that have worked or not worked, we’ve pushed people into new exploit methodology.”

The post Telecom exec: Salt Typhoon inspiring other hackers to use unconventional techniques appeared first on CyberScoop.

Major cyber intrusions by the Chinese hacking groups known as Salt Typhoon and Volt Typhoon have forced the FBI to change its methods of hunting sophisticated threats, a top FBI cyber official said Wednesday.

U.S. officials, allied governments and threat researchers have identified Salt Typhoon as the group behind the massive telecommunications hack revealed last fall but that could have been ongoing for years. Investigators have pointed at Volt Typhoon as a group that has infiltrated critical infrastructure to cause disruptions in the United States if China invades Taiwan and Americans intervene.

Those hacks were stealthier than in the past, and more patient, said Jason Bilnoski, deputy assistant director of the FBI’s cyber division. The Typhoons have focused on persistent access and gotten better at hiding their infiltration by using “living off the land” techniques that involve using legitimate tools within systems to camouflage their efforts, he said. That in turn has complicated FBI efforts to share indicators of compromise (IOCs).

“We’re having to now hunt as if they’re already on the network, and we’re hunting in ways we hadn’t before,” he said at the Billington Cybersecurity Summit. “They’re not dropping tools and malware that we used to see, and perhaps there’s not a lot of IOCs that we’d be able to share in certain situations.”

The hackers used to be “noisy,” with an emphasis on hitting a target quickly, stealing data and then escaping, Bilnoski said. But now for nation-backed attackers, “we’re watching exponential leaps” in tactics, techniques and procedures, he said.

Jermaine Roebuck, associate director for threat hunting at the Cybersecurity and Infrastructure Security Agency, said his agency is also seeing those kinds of changes in the level of stealth from sophisticated hackers, in addition to “a significant change” in their intentions and targeting.

“We saw a lot of espionage over the last several years, but here lately, there’s been a decided shift into computer network attack, prepositioning or disruption in terms of capabilities,” he said at the same conference.

The targeting has changed as organizations, including government agencies, have shifted to the cloud. “Well, guess what?” he asked. “The actors are going toward the cloud” in response.

They’ve also focused on “edge devices,” like devices that supply virtual private network connections or other services provided by managed service providers, Roebuck said. Organizations have less insight into the attacks those devices and providers are facing than more direct intrusions, he said.

The post China’s ‘Typhoons’ changing the way FBI hunts sophisticated threats appeared first on CyberScoop.

A notorious Chinese hacking campaign against telecommunications companies has now reached into a variety of additional sectors across the globe, including government, transportation, lodging and military targets, according to an alert U.S. and world cybersecurity agencies published Wednesday.

The alert is an effort to give technical details to potential victims of the campaign from the People’s Republic of China-backed group commonly known as Salt Typhoon, the alleged culprit behind what has been called the most serious telecom breach in U.S. history. Those intrusions may have begun years ago and that first came to light last fall, accompanied by revelations that the hackers targeted U.S. presidential candidates.

“By exposing the tactics used by PRC state-sponsored actors and providing actionable guidance, we are helping organizations strengthen their defenses and protect the systems that underpin our national and economic security,” Madhu Gottumukkala, acting director of the Cybersecurity and Infrastructure Security Agency, said in a news release.

In comments to The Wall Street Journal and Washington Post on Wednesday, the FBI said the scope of the Salt Typhoon campaign includes hitting more than 80 countries and 200 American organizations, beyond the previous nine identified telecom company victims.

The alert also names Chinese companies identified as being part of the campaign. Its recommendations include patching known vulnerabilities that have been actively exploited and securing “edge” devices that the hackers have used to get into networks, such as routers. 

Government agencies participating in the alert hailed from Australia, Canada, Czech Republic, Finland, Germany, Italy, the Netherlands, New Zealand, Poland, Spain and the United Kingdom. U.S. agencies besides the FBI and CISA that collaborated on it included the National Security Agency and the Department of Defense’s Cyber Crime Center.

“The advisory outlines how Chinese state-sponsored actors are exploiting vulnerabilities in routers used by telecommunications providers and other infrastructure operators,” according to the news release. “These actors often take steps to evade detection and maintain persistent access, particularly across telecommunications, transportation, lodging, and military networks.”

Telecommunications networks are a valuable target for hackers because they can serve as a hub into other communications. But targeting the other sectors mentioned in the alert can round out the intel profile for the attackers, said John Hultquist, chief analyst at Google Threat Intelligence Group​​.

“In addition to targeting telecommunications, reported targeting of hospitality and transportation by this actor could be used to closely surveil individuals,” he said in a written statement. “Information from these sectors can be used to develop a full picture of who someone is talking to, where they are, and where they are going.”

The post Salt Typhoon hacking campaign goes beyond previously disclosed targets, world cyber agencies say appeared first on CyberScoop.

A federal court has upheld the Federal Communications Commission’s authority to impose stricter data breach notification regulations on the telecom sector, including requirements that the industry notifies customers when their personally identifiable information is exposed in a hack.

In a 2-1 decision, the U.S. Sixth Circuit Court of Appeals concluded that the FCC did not overstep its statutory authority last year when it updated existing data breach notification requirements to require telecoms to report on any customer PII lost during a data breach.

In its opinion, the majority wrote that “based on the statutory text, context, and structure, [existing law] gives the FCC the authority to impose reporting requirements in the event of a data breach of customer PII.”

In 2024, the FCC under the Biden administration updated federal regulations on the telecom sector when reporting on the impact of a data breach.

Under previous rules, telecoms were only required to report to the government when a breach exposed customer proprietary network information, which includes any customer information concerning the quantity, technical configuration, type, destination, location and amount of use of a telecommunication service.

The 2024 order concluded that telecoms are also responsible for safeguarding customer PII — a customer’s name, address, date of birth, etc. — along with “any information that is linked or reasonably linkable to an individual or device.” 

The expanded regulations were quickly challenged in court by trade groups representing telecommunications firms, including the Ohio Telecom Association, the Texas Association of Business and USTelecom.

In a consolidated case before the Sixth Circuit, the groups argued  that the FCC lacked authority under the two laws they cited to include customer PII in data breach reporting requirements. They further argued that the 2024 order violated the Congressional Review Act, as Congress had formally moved to block a larger set of FCC Net Neutrality rules in 2016 that included a similar section on data breach notification.

In its decision, the court’s majority disagreed with the telecom group’s argument that the FCC lacked the legal power to regulate poor data privacy practices or to make rules that go beyond information specified by Congress in the Communications Act.

But the court concluded that Congress clearly intended for the federal government, and specifically the FCC, to regulate telecoms’ data privacy. Laws like the Federal Trade Commission Act not only give the FTC similar authority to regulate inadequate data privacy among other industries, they also specifically exempt telecommunications carriers because that industry’s data privacy regulation falls under FCC jurisdiction.

“Contrary to Petitioners’ assertions, this is not a situation in which an agency has “claim[ed] to discover in a long-extant statute an unheralded power to regulate ‘a significant portion of the American economy,’” the majority wrote. “Rather, it is part of the FCC’s longstanding, flexible, and incremental application of [existing law] to data regulation in the evolving environment of data collection and retention.”

Former FCC officials and legal experts told CyberScoop that while the ultimate fate of the regulation is still uncertain, the Sixth Circuit’s decision is a clear win for the agency’s authority to regulate cybersecurity and data privacy.

In an interview with CyberScoop, Loyaan Egal, former chief of the FCC’s enforcement bureau, said he believes “most people thought this new expansion of data breach notification requirements was more than likely probably going to be rejected by the court, and surprisingly it wasn’t.”

Telecom groups could appeal the ruling to the Supreme Court. Current FCC Chair Brendan Carr was one of two commissioners to vote against the data breach notification rules last year. However, after taking the gavel this year, Carr has not moved to rescind the rules, and the FCC continues to vigorously defend their validity in court.

Over the past year, policymakers have been dealing with fallout from Chinese hackers that have systematically compromised U.S. telecommunications infrastructure.

Several sources told CyberScoop that the emergence of the Salt Typhoon and Volt Typhoon campaigns over the past year, as well as the revelation that hacking groups maintained access to telecom networks by exploiting widespread cybersecurity vulnerabilities, may have upended attempts to kill cybersecurity-related regulations like the FCC data breach rules.

Rick Halm, a cybersecurity attorney at law firm Clark Hill, said the FCC’s authority to regulate cybersecurity and data privacy has to be viewed through the lens of the persistent threats the sector is facing from hackers and foreign spies.

“I see this ruling against the backdrop of the looming national cybersecurity threat of Chinese infiltration of critical infrastructure in preparation to inflict damage if an actual conflict erupts,” Halm said.

Chevron’s dead, but cybersecurity regulations live on

In reaching its conclusion, the court cited Loper Bright Enterprises vs. Raimondo — a  2024 Supreme Court case that said, courts, not federal agencies, have the authority to interpret congressional laws — at least 15 times.

When the Supreme Court ended the practice of automatically deferring to agencies’ interpretations of laws, many worried the shift could jeopardize the legality of cybersecurity regulations. That’s because many rules, like the FCC’s data breach regulations, depend on applying old laws to new technologies, which might not meet stricter legal scrutiny. 

But in this instance, the Sixth Circuit used its independent authority to agree with the  FCC: regulating how firms handle and protect PII is a core part of the agency’s responsibilities.

Peter Hyun, a former chief of staff and acting enforcement chief at the FCC, told CyberScoop that “as a substantive matter, this was a clear signal that the FCC did not overreach here.”

“In other words it is in its rightful lane, looking at the practices of these telecom carriers in order to ensure they were protecting customer information and PII,” he said.

However, other observers think future cybersecurity regulations will now face tougher standards.

“I think that this opinion is a warning shot to both the FCC and other federal agencies that you better be able to firmly tie any data privacy or cybersecurity rules directly to a clear statutory premise,” Halm said.

The court also determined that the agency did not violate the Congressional Review Act by proposing “substantially similar” regulation to data privacy regulations that had been formally blocked by Congress in 2016.

While the blocked 2016 order did include similar data breach notification requirements, the court determined it was “far more expansive, imposing a broad array of privacy rules on broadband Internet access services” than the FCC’s 2024 rule.

“The data breach notification requirements were a mere subset of the broader compendium of privacy rules in [the 2016] Order,” the majority wrote. “The 2024 Order, by contrast, addresses only data breach reporting requirements. The two rules are not substantially the same.”

The Sixth Circuit’s ruling appears to reaffirm “a narrower reading of the CRA than some companies would have liked,” Cobun Zweifel-Keegan, managing director at the International Association of Privacy Professionals, told CyberScoop.

The majority’s conclusion earned a rebuke from Judge Richard Griffin, who wrote in his dissent that “our interpretation of the [Congressional Review Act] ought to elevate the will of Congress over that of an administrative agency.”

The post Court upholds FCC data breach reporting rules on telecom sector appeared first on CyberScoop.

Federal analysts are still sizing up what the Chinese hackers known as Volt Typhoon, who penetrated U.S. critical infrastructure to maintain access within those networks, might have intended by setting up shop there, a Cybersecurity and Infrastructure Security Agency official said Thursday.

“We still don’t actually know what the result of that is going to be,” said Steve Casapulla, acting chief strategy officer at CISA. “They are in those systems. They are in those systems on the island of Guam, as has been talked about publicly. So what [are] the resulting impacts going to be from a threat perspective? That’s the stuff we’re looking really hard at.”

Casapulla made his remarks at a Washington, D.C. event hosted by Auburn University’s McCrary Institute for Cyber and Critical Infrastructure Security. 

Some believe that Chinese penetration of U.S. telecommunications networks by another Chinese hacking group, Salt Typhoon, have overshadowed the machinations of Volt Typhoon, which could eventually have a bigger impact. U.S. officials have warned that China could be prepositioning in critical infrastructure should conflict break out between the United States and Beijing.

Other federal officials have said Volt Typhoon might not have been as successful at maintaining their access as they hoped.

Casapulla said CISA is looking at how to mitigate the threat as well as determining the end goal of the hackers.

“Is it to merely disrupt a few cranes at a port? That could be one thing. But what about if it were all the ports?” he asked. “What about if it were all cargo management systems so they don’t have to do anything physical? They can just shut down a database and limit our ability to track cargo that moves on and off of ships, effectively shutting down the ports and the entire transportation system that way.

“Those are the kind of second-, third-order effects that I also worry about,” Caspulla said.

When he testified before Congress at a hearing last month on his nomination to become national cyber director, Sean Cairncross said Volt Typhoon hacking “has potentially life-and-death consequences.” Other Trump administration officials also have sounded the alarm about the hacking group.

It was also a point of concern in the prior administration under President Joe Biden.

The post Feds still trying to crack Volt Typhoon hackers’ intentions, goals appeared first on CyberScoop.

A Russian nation-state threat group has been spying on foreign diplomats, managing continuous access to their  communications and data in Moscow since at least 2024, according to Microsoft Threat Intelligence.

Secret Blizzard is gaining “adversary-in-the-middle” positions on Russian internet service providers and telecom networks by likely leveraging surveillance tools and deploying malware on targeted devices, researchers said in a report released Thursday. 

Microsoft’s discovery marks the first time its researchers have confirmed with high confidence that Secret Blizzard has capabilities at the ISP level, a degree of access that combines passive surveillance and an active intrusion. 

“It’s a shift, or a kind of movement, toward the evolution of simply watching traffic to actively modifying network traffic in order to get into those targeted systems,” Sherrod DeGrippo, director of threat intelligence strategy at Microsoft, told CyberScoop. 

Secret Blizzard — also known as Turla, Pensive Ursa or Waterbug — is affiliated with Center 16 of Russia’s Federal Security Service (FSB) and has been active for decades.

The Russian nation-state group is “the classic definition of what you think of when you think of advanced persistent threat: creative, persistent, well resourced, highly organized, able to execute projects, able to execute actions on objectives,” DeGrippo said. “Ultimately, I think that the key word is creative.”

Secret Blizzard is gaining initial access to embassy employee devices by redirecting them to a malicious domain that displays a certificate validation error after targeted victims access a state-aligned network through a captive portal, according to Microsoft.

The error prompts and tricks embassy employees into downloading root certificates falsely branded as Kaspersky Anti-Virus software, which deploy ApolloShadow malware. The custom malware turns off traffic encryption, tricks the devices to recognize malicious sites as legitimate and enables Secret Blizzard to maintain persistent access to diplomatic devices for espionage. 

“This is an excellent piece of social engineering because it plays on habit, it plays on urgency, it plays on emotions, which are the three holy trinity of social engineering,” DeGrippo said. 

“You see this pop-up that’s telling you you have a security issue, and it’s branded as a security vendor. We’ve been seeing that capability for decades,” she said. “Simply clicking through and not examining and thinking about that, especially when on a state-aligned, state-owned network in one of these surveillance-heavy countries where the government has deep technical and legal controls over those ISPs — that infrastructure is now part of your attack surface.”

Microsoft declined to say how many embassies have been impacted, but noted the group is active. Intrusions linked to this politically motivated espionage campaign allow Secret Blizzard to view the majority of the target’s browsing in plain text, including certain tokens and credentials, researchers said in the report.

“This seems relatively simple, but it’s only made so simple by the likely leveraging of a lawful intercept capability,” DeGrippo said. “Relying on local infrastructure in these high-risk environments — China, Russia, North Korea, Iran — in these surveillance-heavy countries, is of concern.” 

Microsoft previously observed Secret Blizzard using tools from other cybercriminal groups to compromise targets in Ukraine, showing how the group uses various attack vectors and means to infiltrate networks of geopolitical interest to Russia.

The post Russia-affiliated Secret Blizzard conducting ongoing espionage against embassies in Moscow appeared first on CyberScoop.

Sean Plankey’s path to leading the Cybersecurity and Infrastructure Security Agency might have one obstacle set to be cleared for removal.

With the Senate Homeland Security and Governmental Affairs Committee scheduled to hold a vote on his nomination for CISA director Wednesday, the next and final step for Plankey pending approval from the panel would be getting a full Senate vote — something Sen. Ron Wyden, D-Ore., has vowed to block until the agency publicly releases a report on telecommunications network vulnerabilities.

CISA said Tuesday that it would, in fact, release that report.

“CISA intends to release the U.S. Telecommunications Insecurity Report (2022) that was developed but never released under the Biden administration in 2022, with proper clearance,” Marci McCarthy, director of public affairs at the agency, said in an emailed statement. “CISA has worked with telecommunications providers before, during, and after Salt Typhoon — sharing timely threat intelligence, providing technical support and continues to have close collaboration with our federal partners to safeguard America’s communications infrastructure.”

The agency didn’t say when it would release the report, or what “proper clearance” entailed.

CISA’s statement came shortly after Senate passage of legislation — without objections from any senator — that would require the release of the report within 30 days of enactment. The House would still have to pass the bill to send it to President Donald Trump for a signature.

In a floor speech Monday, Wyden said “Congress and the American people deserve to read this report. It includes frankly shocking details about national security threats to our country’s phone system that require immediate action.

“CISA’s multi-year cover-up of the phone companies’ negligent cybersecurity enabled foreign hackers to perpetrate one of the most serious cases of espionage — ever — against our country,” he continued. “Had this report been made public when it was first written in 2022, Congress would have had ample time to require mandatory cybersecurity standards for phone companies, in time to prevent the Salt Typhoon hacks.”

A spokesperson for Wyden said Tuesday that no one from the office has heard from CISA on its plans for the report “that I know of.”

The government’s response to Salt Typhoon, and the industry’s handling of its vulnerabilities, have drawn some outside criticism. Government agencies have rejected some of those complaints while acknowledging others.

The Senate Homeland Security and Governmental Affairs Committee held a hearing on the nomination of Plankey last week, where he talked about his priorities for the agency but also drew fire from a Democratic senator over his views on election manipulation in past and future races.

The post CISA says it will release telecom security report sought by Sen. Wyden to lift hold on Plankey nomination appeared first on CyberScoop.

It’s time for SpaceX to take strong action against scammers abusing the company’s Starlink internet service, Sen. Maggie Hassan said in a letter to CEO Elon Musk on Monday.

The New Hampshire Democrat cited evidence accumulating over the past two years that some Southeast Asian fraudsters scamming billions of dollars from U.S. citizens have leaned on Starlink due to its independence from national telecommunications networks, decentralized structure and the ability to use it on the go.

Media outlets and government officials have turned up Starlink equipment at scam compounds that are largely centered in Southeast Asia, and a United Nations Office on Drugs and Crime report last fall highlighted the trend. 

“While SpaceX has stated that it investigates and deactivates Starlink devices in various contexts, it seemingly has not publicly acknowledged the use of Starlink for scams originating in Southeast Asia — or publicly discussed actions the company has taken in response,” Hassan wrote. “Scam networks in Myanmar, Thailand, Cambodia, and Laos, however, have apparently continued to use Starlink despite service rules permitting SpaceX to terminate access for fraudulent activity.”

Scam compounds have been getting increased attention from Southeast Asian governments and nonprofit organizations in recent months, but there are also signs that the crackdowns aren’t keeping up with the industry’s evolution.

A human rights group last week reported data showing that the scammers’ use of Starlink has more than doubled since Thailand began cutting internet cables to cripple their operations.

SpaceX didn’t immediately respond to a request for comment Monday, and has not responded to past media questions about Southeast Asian scammers using Starlink.

Hassan wants to know whether SpaceX was aware of the scammers using Starlink and if so, when it first knew it, its policies for investigating and restricting the use of Starlink devices, what it’s done to work with law enforcement agencies on the problem and more. She sits on the Senate Homeland Security and Governmental Affairs Committee.

Much of the cybersecurity-related attention SpaceX has received this year is as a potential target of cyberattacks, particularly after White House security experts warned of the security risks of installing Starlink there and President Donald Trump said he would continue using the service. 

SpaceX has a web page dedicated to Starlink-related scams of another sort.

The post Sen. Hassan wants to hear from SpaceX about scammers abusing Starlink appeared first on CyberScoop.

President Donald Trump’s pick to lead the Cybersecurity and Information Security Agency told senators Thursday that he would prioritize evicting China from the U.S. supply chain, and wouldn’t hesitate to ask for more money for the shrunken agency if he thought it needed it.

“If confirmed it will be a priority of mine to remove all Chinese intrusions, exploitations or infestation into the American supply chain,” Sean Plankey told Rick Scott, R-Fla., at his confirmation hearing before the Homeland Security and Governmental Affairs Committee. Scott had asked Plankey about reports of Chinese infiltration of U.S. energy infrastructure.

Should he be confirmed for the role, Plankey is set to arrive at an agency that has had its personnel and budget slashed significantly under Trump, a topic of concern for Democratic senators including the ranking member on the panel vetting him, Gary Peters of Michigan. Peters asked how he’d handle the smaller CISA he’s inherited while still having a range of legal obligations to fulfill.

“One of the ways I’ve found most effective when you come in to lead an organization is to allow the operators to operate,” Plankey said. “If that means we have to reorganize in some form or fashion, that’s what we’ll do, I’ll lead that charge. If that means we need a different level of funding than we currently have now, then I will approach [Department of Homeland Security Secretary Kristi Noem], ask for that funding, ask for that support.”

Under questioning from Sen. Richard Blumenthal, D-Conn., about whether he believed the 2020 election was rigged or stolen, Plankey, like other past Trump nominees, avoided answering “yes” or “no.” 

At first he said he hadn’t reviewed any cybersecurity around the 2020 election. He then said, “My opinion on the election as an American private citizen probably isn’t relevant, but the Electoral College did confirm President Joe Biden.” 

Blumenthal pressed him, saying his office was supposed to be above politics, and asked what Plankey would do if Trump came to him and falsely told him the 2026 or 2028 elections were rigged. 

“That’s like a doctor who’s diagnosing someone over the television because they saw them on the news,” Plankey answered.

Chairman Rand Paul, R-Ky., rebutted Blumenthal, saying “CISA has nothing to do with the elections.” But Sen. Josh Hawley, R-Mo., later asked Plankey about CISA’s “important” role in protecting election infrastructure, and asked how he would make the line “clear” between past CISA disinformation work that Republicans have called censorship and cybersecurity protections.

Plankey answered that Trump has issued guidance on the protection of election security infrastructure like electronic voting machines, and it’s DHS’s job “to ensure that it is assessed prior to an election to make sure there are no adversarial actions or vulnerabilities in it,” something he’d focus on if Noem tasked CISA with the job.

Plankey said he would not engage in censorship — something his predecessors staunchly denied doing — because “cybersecurity is a big enough problem.” His focus would be on defending federal networks and critical infrastructure, he said. To improve federal cybersecurity, he said he favored “wholesale” revamps of federal IT rather than smaller fixes.

The Center for Democracy and Technology said after Plankey’s hearing it was concerned about how CISA would approach election security.

“CISA has refused to say what its plans are for the next election, and election officials across the country are flying blind,” said Tim Harper, senior policy analyst on elections and democracy for the group. “If CISA is abandoning them, election officials deserve to know so they can make plans to protect their cyber and physical infrastructure from nation-state hackers. Keeping them in the dark only helps bad actors.”

Plankey indicated support for the expiring State and Local Cybersecurity Grant Program, as well as the expiring 2015 Cybersecurity and Information Sharing Act, both of which are due to sunset in September.

Paul told reporters after the hearing that he planned to have a markup of a renewal of the 2015 information sharing law before the September deadline, with language added to explicitly prohibit the Cybersecurity and Infrastructure Security Agency from any censorship.

Plankey’s nomination next moves to a committee vote, following an 11-1 vote last month to advance the nomination of Sean Cairncross to become national cyber director. Plankey’s nomination would have another hurdle to overcome before a Senate floor vote, as Sen. Ron Wyden, D-Ore., has placed a hold on the Plankey pick in a bid to force the administration to release an unclassified report on U.S. phone network security.

“The Trump administration might not have been paying attention, so I’ll say it again: I will not lift my hold on Mr. Plankey’s nomination until this report is public. It’s ridiculous that CISA seems more concerned with covering up phone companies’ negligent cybersecurity than it is with protecting Americans from Chinese hackers,” Wyden said in a statement to CyberScoop. “Trump’s administration won’t act to shore up our dangerously insecure telecom system, it hasn’t gotten to the bottom of the Salt Typhoon hack, and it won’t even let Americans see an unclassified report on why it’s so important to put mandatory security rules in place for phone companies.”

The post Plankey vows to boot China from U.S. supply chain, advocate for CISA budget appeared first on CyberScoop.