Podcasts about infrastructure security agency

The Office of Personnel Management on Wednesday awarded its anticipated contract to modernize and consolidate federal human resources functions to Oracle, capping a process that's been over a year in the making. The nearly $400 million award puts Oracle in charge of a process to bring over 100 HR systems under one single platform that the agency is calling its Core Human Capital Management system. OPM says it believes the project will make significant reductions in the overall cost of HR platforms to taxpayers. “Historically, federal agencies have relied on fragmented, aging HR systems that are costly to maintain and difficult to scale,” OPM Director Scott Kupor said in a written statement included in a press release. He called the award “a foundational investment in the future of federal workforce management.” A final award comes over a year after an early effort to award such a contract failed to move forward. In May 2025, the Office of Personnel Management awarded a sole-source contract to Workday to facilitate the Trump administration's HR modernization efforts, arguing it was the only vendor that could do the job. But OPM abruptly canceled that award, and later launched open competition for such a contract. The Cybersecurity and Infrastructure Security Agency on Wednesday ordered federal agencies to prioritize vulnerabilities based on four criteria, as part of a push to “patch smarter, not harder.” Federal agencies should emphasize patches for vulnerabilities that affect a publicly exposed asset, allow an attacker to fully automate exploitation, give attackers the ability to take over control of a system or relate to evidence of active, real-world exploitation, CISA declared. CISA acting director Nick Andersen previewed the binding operational directive (BOD) Tuesday, framing it as a rethinking of vulnerability management more broadly. Andersen said in a statement: “This Directive provides clear definitions, timelines and criteria that enhances transparency, predictability and agencies' resource planning to execute more effective vulnerability remediation." BOD 26-04 sets forth timelines for how quickly agencies must fix a vulnerability based on how many of the four criteria it meets. If it meets all four, for example, agencies need to fix it within three days and carry out a “forensic triage” to assess whether their systems were compromised. The Daily Scoop Podcast is available every Monday-Friday afternoon. If you want to hear more of the latest from Washington, subscribe to The Daily Scoop Podcast  on Apple Podcasts, Soundcloud, Spotify and YouTube.

Agencies will soon get their first set of marching orders from President Donald Trump's executive order on artificial intelligence from earlier this week. The Cybersecurity and Infrastructure Security Agency is expected to issue at least one binding operational directive as soon as today to direct agencies to secure large language models. For more on the BOD and other changes expected from the AI EO, Federal News Network executive editor Jason Miller joins me now.See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

This Day in Legal History: The National Defense Act of 1916On this day in 1916, President Woodrow Wilson signed the National Defense Act, the law that quietly built the legal scaffolding for how the United States deploys soldiers, both abroad and at home, for the next century-plus. The Act roughly tripled the size of the regular Army, formally created the National Guard as a federalized reserve force out of the patchwork of state militias that had existed since the founding, and established the Reserve Officers' Training Corps at colleges and universities. The legal hook is the dual-status structure that the Act created and that we still use today: the National Guard belongs simultaneously to its state and to the federal government, normally takes orders from the governor, but can be “federalized” by the President under specific statutory authorities and pulled out of state command for federal missions. That structure has driven a long line of constitutional fights about the limits of presidential authority to call up the Guard, about whether and when the Insurrection Act applies, and about how the Posse Comitatus Act constrains the use of federal troops for domestic law enforcement. June 3 is not a day most people associate with American military law, but the 1916 statute is doing quiet work behind every modern headline about troops at a border, troops in a city, or troops in a hurricane.The Eleventh Circuit on Tuesday handed down a ruling that strips hip-hop group 2 Live Crew of the copyrights it thought it had successfully clawed back to five of its albums, including “As Nasty as They Wanna Be,” because one member's bankruptcy from the 1990s swept his future termination rights into the bankruptcy estate. Federal copyright law has a wonderfully democratic provision in Section 203: an author who signed away a copyright can, 35 years later, send a termination notice and take it back, regardless of what the original contract said. The catch the Eleventh Circuit identified is Section 541 of the Bankruptcy Code, which scoops up almost everything you own into the bankruptcy estate when you file — including, the court said, the right to send that termination notice years later, even though the right cannot be sold or contracted away in any other context. The practical consequence for 2 Live Crew is that member Mark Ross, who performed as Brother Marquis, had unwittingly transferred his future termination interests to his bankruptcy trustee when he filed Chapter 7 years earlier, so when the group's heirs and surviving members later tried to take the copyrights back from Lil' Joe Records in 2020, they were one vote short of the majority the statute requires. The case, Lil' Joe Records v. Christopher Won Jr. et al., No. 24-13978, is described in the opinion as “a question of first impression at the intersection of copyright and bankruptcy” — which is lawyer-speak for “we just made up the rule, and now it's the rule.” Expect every copyright-termination case where any author has ever filed for bankruptcy to cite this decision for the next decade.11th Circ. Reverses 2 Live Crew's Copyright Clawback Win | Law360President Trump on Tuesday quietly signed a finalized version of the AI cybersecurity executive order that he had abruptly scrapped during a planned signing ceremony on May 21, and the final version is notably narrower than the one that was on the table a month ago. The new order asks Treasury, the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency, and other federal agencies to design a voluntary framework under which developers of so-called frontier AI models — the largest and most general-purpose systems — would share their models with the federal government for up to 30 days before public release so the government can scan for security vulnerabilities. The legal posture is worth pausing on: this is a voluntary framework, not a regulation, which means it lives in the same constitutional space as a chamber-of-commerce best-practices document rather than as a binding rule subject to APA notice and comment. That structure is partly a workaround for the fact that there is no federal statute giving any agency authority to mandate pre-release safety testing of AI models, and partly a response to industry pressure: Trump explained on May 21 that he scrapped the earlier 90-day version because he thought it could be “a blocker” to U.S. leadership in AI. Whether developers actually opt in is the open question, and the order is structured so that participation will likely depend on a mix of national-security pressure, federal procurement leverage, and quiet diplomacy with the major labs. Expect the first real fight to be over what counts as a “frontier” model, and who decides.Finalized Trump Order Seeks Early Cyber Tests Of AI Models | Law360The U.S. Senate on Tuesday confirmed Katie Lane to be a federal district judge in Montana, making her the first judicial nominee of Trump's second term to be confirmed despite a “not qualified” rating from the American Bar Association's Standing Committee on the Federal Judiciary. The ABA's role here is informal but historically important: since 1953 the Standing Committee has rated federal judicial nominees as “well qualified,” “qualified,” or “not qualified” based on professional competence, integrity, and judicial temperament, and the rating has carried real weight with senators of both parties — until it didn't. The Trump administration formally cut ties with the ABA review process during the first term, on the theory that the ABA's ratings reflected an ideological bias against conservative nominees, and the second administration has been even more open about ignoring “not qualified” ratings as a matter of policy. The legal stakes of this are modest in any individual case — a “not qualified” judge serves the same lifetime appointment with the same constitutional power as a “well qualified” one — but cumulatively the practice changes the relationship between the bar and the bench in a way that is hard to undo, and it nudges the federal judiciary in a direction that depends almost entirely on the political branches' definitions of professional fitness. Lane, who is now confirmed, will join the District of Montana, a small but busy bench. Watch this space: there are several more nominees in the pipeline with similar ratings.US Senate confirms Trump judicial nominee deemed ‘not qualified' by ABA | Reuters This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit www.minimumcomp.com/subscribe

*Content warning: divorce, conversion therapy, reorientation therapy, cyberstalking, stalking, emotional and psychological abuse, death threats, and criminal threats.Danny Cords is an organizational psychologist and victim advocate from Seattle. He began harnessing his voice and speaking out for others after leaving conversion therapy in his late teens. But his advocacy mission only intensified after being subjected to years of cyberstalking. He hopes to bring awareness and healing to victims all over the world, as well as legal change too. His related (and unrelated) work and efforts have been featured on the stage, television, radio, podcasts, and more. We are extremely grateful that Danny was willing to share all that came next in his personal, professional, legal, and media journeys.*Resources:  Danny Cords's website: https://www.dannycords.com/ End Tech-Enabled Abuse: endtab.org Organization for Social Media Safety: https://www.socialmediasafety.org/ *Sources: -Cybersecurity Awareness Month, Cybersecurity & Infrastructure Security Agency, www.cisa.gov/cybersecurity-awareness-month-Cybersecurity, RAND Corporation, www.rand.org/topics/cybersecurity.html-Stalking Fact Sheet, The Stalking Prevention, Awareness, & Resource Center, www.stalkingawareness.org/wp-content/uploads/2019/01/SPARC_StalkngFactSheet_2018_FINAL.pdfFor additional resources and a list of non-profit organizations that can help, please visit http://www.somethingwaswrong.com/resourcesFollow What Came Next: Podcast: https://podcasts.apple.com/us/podcast/what-came-next/id1674051643 Instagram: https://www.instagram.com/whatcamenext_podcast/ SWW S25 E24 BTS and Q & A Part 2 *Content Warning: friendship betrayal, infidelity, stalking, domestic violence, institutional betrayal, institutional trauma, and murder. Free + Confidential Resources + Safety Tips: somethingwaswrong.com/resources   SWW Sticker Shop!: https://brokencyclemedia.com/sticker-shop SWW S25 Theme Song & Artwork: The S25 cover art is by the Amazing Sara Stewart instagram.com/okaynotgreat/ The S25 theme song is a cover of Glad Rag's U Think U from their album Wonder Under, performed by the incredible Abayomi instagram.com/Abayomithesinger. The S25 theme song cover was produced by Janice “JP” Pacheco instagram.com/jtooswavy/ at The Grill Studios in Emeryville, CA instagram.com/thegrillstudios/ Follow Something Was Wrong: Website: somethingwaswrong.com  IG: instagram.com/somethingwaswrongpodcast TikTok: tiktok.com/@somethingwaswrongpodcast  Follow Tiffany Reese: Website: tiffanyreese.me  IG: instagram.com/lookieboo Follow What Came Next: Podcast: https://podcasts.apple.com/us/podcast/what-came-next/id1674051643 Instagram: https://www.instagram.com/whatcamenext_podcast/ Follow Amy B. Chesler: Amy on IG: instagram.com/amybchesler Working For Justice: https://amzn.to/4eqWb3U Follow Lauren: Lauren on TikTok: tiktok.com/@okfineillmakeatiktok Lxrry Media on Instagram: instagram.com/lxrymedia *Sources: -“The Gabby Petito Foundation,” gabbypetitofoundation.org/

In this episode, we'll introduce you to Ernest Wong, S&T's Technical Lead for Position, Navigation, Timing and Space Systems. He and host Brittany Greco discuss vital efforts underway at S&T to facilitate and secure the increasing amounts of infrastructure and technology being deployed into space. You'll hear about: (DHS Audio by Science & Technology Directorate/Released) How S&T and the Cybersecurity and Infrastructure Security Agency are working together to secure critical infrastructure in orbit and beyond—someday as far away as the surface of the moon. What S&T is doing to identify emerging risks and trends in space systems, helping anticipate threats before they impact the homeland. Real-world impacts that cyberattacks on space assets have on critical infrastructure on the ground, including power outages affecting millions across the U.S. What's on the horizon for space (hint: data centers).

Congressional Democrats want answers from the Cybersecurity and Infrastructure Security Agency https://cyberscoop.com/cisa-credential-leak-congress-demands-answers/ on GitHub in an incident that the security researcher who discovered it called one of the worst leaks he's ever seen. Other security professionals also voiced concern Tuesday about the leak and the potential for abuse by any malicious parties who got a hold of the information. Security firm GitGuardian said it discovered a public GitHub repository last week that exposed credentials for privileged AWS GovCloud accounts and internal CISA systems dating back to November. The repository, apparently maintained by a contractor, was named “Private-CISA.” Krebs on Security first reported the incident. A GitGuardian researcher said his main fear upon verifying the leak was real “is that a state actor will get the data and might be able to do bad stuff.” State-based attackers who obtained the credentials “might be able to gain persistence,” the researcher said, calling it worse than an attacker destroying a database or having an intruder gain access to a government system. The Office of Personnel Management would get a better handle on the federal biotechnology workforce under a pair of bills from a bipartisan House duo. Introduced Wednesday, the Federal Biotechnology Workforce Assessment Act directs OPM to coordinate with agency heads on defining the federal biotech workforce, in addition to assessing current and future needs for those “bio-literate” federal employees. The bill from Reps. Ro Khanna, D-Calif., and Rich McCormick, R-Ga., shared first with FedScoop, is aimed at ensuring the federal government workforce keeps the country a step ahead of China in the biotech space. Priority No. 1 for OPM's assessment is identifying the total number of biotech positions required at federal agencies. The legislation is focused specifically on the departments of Agriculture, Commerce, Defense, Energy, Health and Human Services, Homeland Security, Interior, State, and Treasury, as well as the Environmental Protection Agency, the National Science Foundation, NASA, and the offices of the Director of National Intelligence and the U.S. Trade Representative.

All active-duty Marines and reservists must complete a new Basic AI Course before the end of the calendar year, according to a new directive. The announcement comes amid a broader push by the Marine Corps, and the Defense Department writ large, to accelerate the adoption of artificial intelligence capabilities for warfighting and back-office functions. One of the strategic goals outlined in the Corps' AI implementation plan, released last year, is to develop an “AI competent workforce.” “Emerging and disruptive technologies (EDT) offer the potential for Marines to gain a decisive advantage but also create the possibility of an adversary exploiting these technologies more effectively. Among these EDTs, artificial intelligence (AI) stands out as the first among equals, demanding our immediate and focused attention,” officials wrote in the new MARADMIN message, which was approved by Lt. Gen. Benjamin Watson, deputy commandant for training and education. The Corps is now implementing a “broad educational framework” with a goal of ensuring that “AI-trained Marines are supported by informed peers and leaders” across the service, according to the announcement. The Basic AI Course, which officials estimate will take 45 minutes for service members to complete after logging into the MCELE system, is designed to give troops a “foundational understanding” of artificial intelligence, including key concepts and use cases, such as how AI can support decision-making. Sean Plankey, most recently the nominee for director of the Cybersecurity and Infrastructure Security Agency, is joining defense technology company UFORCE as its U.S. chief executive officer. The London-based company created out of nine Ukrainian-based firms announced Plankey's move Monday less than a month after he withdrew his nomination amid difficulties overcoming objections from senators who had placed a hold on it. Plankey's a cyber veteran of the first Trump administration but also had been serving as senior adviser on the Coast Guard at the Homeland Security Department, retiring from the Coast Guard this year. UFORCE makes combat drones for air, land and sea and plans to have its first U.S.-made unmanned surface vessels hitting the water by this summer. The startup reportedly brought its valuation to $1 billion earlier this year. “The United States and its allies are looking for defense technology partners that can move quickly, innovate continuously and deliver systems already proven across theaters of combat,” Plankey said in a statement. “UFORCE is uniquely positioned to meet that demand and we will do that by manufacturing these capabilities in America.” CISA has gone without a permanent director for the entirety of the second Trump administration, and the president has yet to put forward a nominee for the position since Plankey's withdrawal last month.

The federal government's lead agency for domestic cybersecurity and infrastructure protection matters has only completed its first week of being fully back up and running after not being funded for 11 weeks. David DiMolfetta, cyber reporter at NextGov/FCW, has covered how the Cybersecurity and Infrastructure Security Agency has operated through a period that followed losses of nearly one-third of its workforce under this Trump administration. David joins our Ross Wilkers for this episode to lay out CISA's path forward with funding in place, plus what the agency's stakeholders in the private and public sectors should watch out for amid the catchup. David then breaks down NextGov/FCW's recent reporting on two major storylines on artificial intelligence policy coming out of the White House that has direct implications for industry. The second half of their conversation is all about a deep dive article David put together on where industry fits, or may not fit, into the government's offensive cyber approach. CISA resources ‘more limited than I would like' amid shutdown, top official says IBM security executive emerges as possible contender to lead CISA Plankey withdraws nomination to lead CISA Trump admin floats policy language limiting contractor say on agency uses of technology White House is drafting plans to permit federal Anthropic use Operational technology providers are feeling ‘annoyance' at exclusion from Anthropic's Mythos rollout, sources say Anthropic's Glasswing initiative raises questions for US cyber operations US push to counter hackers draws industry deeper into offensive cyber debate US lists offensive cyberattacks in counterterrorism strategy Trump admin will push for ‘long-term' reauthorization of key cyber data-sharing law

The Cybersecurity and Infrastructure Security Agency is urging water, power and other critical infrastructure organizations to prepare to operate without internet and other technology services. That's the overarching goal of a new initiative unveiled by CISA this week. The agency says organizations need to be prepared to operate through IT outages and other challenges during a geopolitical crisis. For more, Federal News Network Justin Doubleday joins me. See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

The Cybersecurity and Infrastructure Security Agency is urging critical infrastructure owners and operators to plan for delivering essential services under emergency conditions – potentially for months at a time. The federal government's top cybersecurity agency warned that state-sponsored hackers, particularly two Chinese groups known as Salt Typhoon and Volt Typhoon, continue to threaten critical sectors like electricity, water, and internet. The agency is now working with the private sector to protect operational technology – the systems that control the heavy machinery and equipment that powers most critical infrastructure – from attacks that enter through business IT systems or third-party vendor products. The initiative — known as CI Fortify – will include CISA conducting targeted technical assessments of critical infrastructure entities and aims to create plans that “allow for safe operations for weeks to months while isolated” from IT networks and third-party tools. Leonel Garciga left his role as the Army's chief information officer last week, the service announced Tuesday. His departure from the job had been anticipated. Garciga, a Navy veteran who has served in the federal government across intelligence, information technology and engineering sectors for nearly three decades, was selected as the Army's CIO in July 2023. He stepped down as CIO on May 1 during a ceremony that highlighted his “many accomplishments advancing the Army's digital transformation, cybersecurity, and data strategies,” according to a social media post from his former office. As the Army's CIO, Garciga was responsible for ushering the service through a tumultuous time in the digital domain amid heightened cybersecurity risks, AI advancement, and the military's push to access and streamline its own vast data repositories. The Daily Scoop Podcast is available every Monday-Friday afternoon. If you want to hear more of the latest from Washington, subscribe to The Daily Scoop Podcast  on Apple Podcasts, Soundcloud, Spotify and YouTube.

The Cybersecurity and Infrastructure Security Agency, along with U.S. government partners, released a guide to help organizations integrate Zero Trust principles into operational technology systems. The guide, titled 'Adapting Zero Trust Principles to Operational Technology,' addresses increased cybersecurity risks due to interconnected OT systems and provides insights on implementing Zero Trust without disrupting critical operations. Key focus areas include security segmentation, supply chain risk management, and identity access management. The guide aims to enhance cybersecurity resilience and reduce exposure to threats.Learn more on this news by visiting us at: https://greyjournal.net/news/ Hosted on Acast. See acast.com/privacy for more information.

President Trump's pick to lead the Cybersecurity and Infrastructure Security Agency is withdrawing from consideration. Sean Plankey was first nominated to serve as CISA director last March. But after a long wait in the Senate, Plankey says he needs to step back, leaving the cyber agency without a permanent director for the foreseeable future. For more, Federal News Network's Justin Doubleday joins me...See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

The Cybersecurity and Infrastructure Security Agency will not offer internships to CyberCorps Scholarship for Service students this summer due to the government shutdown. It's the second year in a row CISA has withdrawn the internships. But the Office of Personnel Management is rolling out new cybersecurity job opportunities this week. For more, Federal News Network's Justin Doubleday joins me.See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

Annual Security Symposium. Visit: https://ceri.as/2026 Artificial intelligence is rapidly transforming both the opportunities and risks within cybersecurity, creating a new landscape that today's students and researchers will soon inherit and shape. This keynote explores how AI is evolving from a supporting tool to a decision-making system, fundamentally changing how cyber threats are created, detected, and managed. It will examine emerging risks such as deepfakes, model manipulation, and systemic dependencies on shared technologies, while also addressing the growing role of regulation and the challenges of governing systems that are powerful yet often opaque. Most importantly, the session will highlight where the greatest opportunities lie—at the intersection of AI, cybersecurity, and policy—and how the next generation of professionals can play a defining role in building secure, resilient, and trustworthy systems for the future.  About the speaker: Brian J. Peretti is a career member of the Senior Executive Service at the United States Department of the Treasury. In his final position, he served as Treasury's Chief Technology Officer and Deputy Chief Artificial Intelligence (AI) Officer in the Office of Chief Information Officer.As Treasury's Chief Technology Officer, Mr. Peretti establishes, leads, and manages a comprehensive, multi-year strategic and long-range planning process that promotes the vision for IT and ensures consistent progress toward accomplishing the CIO's vision, while identifying and leveraging common technology solutions to support business processes and work methods and/or to improve effectiveness of current technologies while also developing appropriate policy for emerging technology such as Artificial Intelligence, Machine Learning, Biometrics and Quantum Computing. As Treasury's Deputy Chief AI Officer, Mr. Peretti supported Treasury's Chief AI Officer in advancing the Department's deployment of this emerging technology. In this capacity, he oversaw the publication of Treasury's report, Managing Artificial Intelligence-Specific Cybersecurity Risks in the Financial Services Sector, and directed the subsequent lines of effort. Additionally, serving in this position has seen him designated as the Executive Officer for the Department's AI Governance Board as well as the Department's representative to the Office of the Director of National Intelligence's CAIO Council. In addition, Mr. Peretti leads the development of domestic and international operational resilience policy, including cyber, as part of Treasury's Sector Risk Management Agency responsibility for the financial services sector. In this role, he spearheads Treasury's efforts to increase multi-directional sharing of cyber threat and vulnerability information. He also serves as the United States's designated subject matter expert at the Group of 7 Cyber Expert Group (G-7 CEG). Mr. Peretti has served at the Treasury for over 22 years with increasing levels of responsibility, including being named the Senior Career Official Executing the Duties of the Assistant Secretary for Financial Institutions during the transition from the Obama to the Trump Administration. Based on his expertise in critical infrastructure protection and operational resilience, he was detailed to the Department of Homeland Security, Cybersecurity and Infrastructure Security Agency's National Risk Management Center during the intial response to the COVID-19 pandemic and served as the first Senior Advisor for Security and the Economy. He also speadheaded DHS response to the SolarWinds cyber incident. A sought-after speaker and presenter, Mr. Peretti has been the recipient of numerous awards and honors throughout his career. Most recently, he received the 12th Annual Billington CyberSecurity Leadership Award at the 2023 Annual Billington CyberSecurity Summit. Prior to joining the Treasury, Mr. Peretti was an associate in Shook, Hardy & Bacon's Corporate Banking and Finance Section in Washington, D.C., and was the General Counsel for the Wright Patman Congressional Federal Credit Union. He has authored numerous publications related to financial sector operations, including payment systems. Mr. Peretti received his bachelor's degree from Rider University (cum laude) in 1989, and his law degree from American University's Washington College of Law (cum laude) in 1992.

After slashing IT spending across civilian federal agencies last year, the White House's fiscal 2027 budget calls for a return to pre-Trump levels and then some. Though the proposal from President Donald Trump is just a starting point for haggling in Congress over what will ultimately be spent, the summary document released Friday projects $75.7 billion in federal civilian IT spending, up from $67.9 billion in fiscal 2026 and $75.1 billion in fiscal 2025. It doesn't include the Department of Defense's IT budget request, which in fiscal 2026 was a whopping $66.1 billion on its own. Despite the upward trend for overall spending on tech, OMB's budget request calls for a small decrease in funding for cybersecurity across all civilian agencies — falling from about $12.5 billion this year to $12.2 billion for 2027. This trend tracks with the Trump administration's decision to cut the Cybersecurity and Infrastructure Security Agency's budget by $707 million. The largest IT investments are slated for the Department of Veterans Affairs ($12.2 billion), the Department of Homeland Security ($11.7 billion) and the Department of Health and Human Services ($9.5 billion). The General Services Administration is lobbying once again to rely on the transfer of unobligated appropriations from other agencies to support projects under the Technology Modernization Fund.The Trump administration included a provision in its fiscal 2027 budget justification for GSA “to collect up to $100 million in funding that would otherwise be unavailable for obligation from other agencies and bring that funding into the TMF.” The proposed funding mechanism comes after GSA included similar but broader language in its fiscal 2026 justification, calling for “both currently available funding and unobligated balances of expired discretionary funds from other agencies [to] be transferred into the TMF.” Ultimately, the appropriations laws passed by Congress for 2026 included a pair of statutes that allowed for those transfers to happen with limits — though it's unclear how or if GSA has used the authority. It also gave the TMF a $5 million plus-up and extended the fund's authorization through the end of fiscal 2026. The Daily Scoop Podcast is available every Monday-Friday afternoon. If you want to hear more of the latest from Washington, subscribe to The Daily Scoop Podcast  on Apple Podcasts, Soundcloud, Spotify and YouTube.

Recently, the New Civil Liberties Alliance (NCLA) reached a major settlement concluding the landmark Missouri v. Biden lawsuit against government-induced social media censorship.I sat down with Mark Chenoweth, president and chief legal officer of the NCLA, to discuss what this settlement actually means.The 10-year consent decree blocks the surgeon general, the Centers for Disease Control and Prevention, and the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency from pressuring social media companies to censor speech.“The federal government has now admitted that it was engaged in a very systematic operation of social media censorship,” Chenoweth says.So what does this mean exactly? What legal precedent does this set? What happens after the 10-year mark ends?And why a consent decree at all? Why was the lawsuit settled?We also discuss several other important cases that the NCLA has currently pending at the Supreme Court. One of them, Powell v. SEC, seeks to put an end to what Chenoweth calls the SEC's “gag rule.”Views expressed in this video are opinions of the host and the guest, and do not necessarily reflect the views of The Epoch Times.

It's Wednesday, April 1st, A.D. 2026. This is The Worldview in 5 Minutes heard on 140 radio stations and at www.TheWorldview.com.  I'm Adam McManus. (Adam@TheWorldview.com) By Jonathan Clark and Timothy Reed Muslim Nigerians killed 53 people on Palm Sunday Muslim gunmen in Nigeria killed 53 people in a predominantly Christian area on Palm Sunday, reports the Baptist Press. The attackers arrived in a van, killing men, women, and children and wounding dozens more.  A local Christian told Morning Star News, “We saw the terrorists coming down from their vehicle with guns. … Within seconds from alighting from their vehicle, we heard gunshots. They were shooting at anyone in sight. Many have been killed, and I feel so heartbroken.” Daniel Okoh, president of the Christian Association of Nigeria, said, “Nigerians are tired of mourning. Nigerians are tired of statements. Nigerians want to see action. Those responsible for this atrocity must be found, arrested and made to face justice; swiftly and decisively. Anything less will only deepen the sense that life in our country is no longer protected.” Please pray for our persecuted brothers and sisters in Christ in Nigeria.  YouGov retracts British religious study YouGov retracted it's “Quiet Revival” study last week. The 2024 study suggested a rise in church attendance in Britain, especially among young people. However, after an investigation, YouGov said the survey sample was faulty.  The U.K.-based Bible Society commissioned the study. The organization noted, “YouGov's error does not mean that all of the findings were wrong. It means that we cannot reliably support those findings on the basis of this survey.” YouGov plans to conduct new research with the Bible Society on religiosity in the United Kingdom. U.S. Army raises recruitment age to 42 The U.S. Army has raised its max recruitment age from 35 to 42. This comes as the United States has had trouble meeting its recruitment standards in recent years.  Part of the reason for the change? American youth are not ready to fight in the military.  ABC News reports that, “The Pentagon has estimated that only 23% of young Americans (between the ages of 17 and 24) are eligible to serve. Much of this is due to academic performance on the military's SAT-style entrance test, obesity, and criminal records.” Judge rules against Biden's COVID-era censorship U.S. District Judge Terry Doughty has ruled in favor of the State of Missouri in the Missouri vs. Biden free speech case.  The case centered around the Biden administration's censorship of free speech and silencing of opposition through Big Tech platforms.   The judge ruled that the U.S. Surgeon General, the Centers for Disease Control, and the Cybersecurity and Infrastructure Security Agency are barred from threatening social media companies with retaliation for not censoring what they deem to be misinformation.  Trump to Planned Parenthood: No more Title X grants! The Trump administration announced this is the last year that Planned Parenthood will receive Title X grants from the federal government.  White House spokesman Kush Desai told The Daily Wire, “The administration has issued the fifth and final year of Title X grants that were locked in place during the Biden presidency. … Title X funds cannot be used for abortions by law and … the Administration remains committed to realigning the Title X program with the President's pro-life and pro-family agenda going forward.” However, pro-life leaders are criticizing the administration for the additional year of funding to the abortion giant.  NBA player cut for expressing Christian beliefs A professional basketball team cut one of their players on Monday for expressing his Christian beliefs. Jaden Ivey played in the NBA for the Chicago Bulls. He recently described Homosexual Pride Month as a celebration of unrighteousness.  Listen. IVEY: “The world can proclaim LGBTQ, right? They proclaim Pride Month and the NBA. They show it to the world. They say, ‘Come join us for Pride Month to celebrate unrighteousness.'” The Chicago Bulls described Ivey's conduct as “detrimental to the team.”  Send a polite, yet firm 2-sentence letter of complaint. Coach Billy Donovan, 1901 W. Madison Street, Chicago, IL 60612. Isaiah 5:20 says, “Woe to those who call evil good, and good evil; who put darkness for light, and light for darkness.” Basketball invented by Christian chaplain in 1891 And finally, men's college basketball teams are competing for the national championship in the March Madness tournament.  What many do not know about the popular sport is that it was invented by a Christian named James Naismith.  He was a Christian chaplain and sports coach. Naismith invented basketball in 1891 while serving at the YMCA International Training School in Massachusetts. He started the sport in order to evangelize young men.   Basketball spread as far as China by 1895 thanks to YMCA missionaries.  Naismith said his goal was to “win men for the Master through the gym.” In Matthew 4:19, Jesus said, “Follow Me, and I will make you fishers of men.”  Close And that's The Worldview on this Wednesday, April 1st, in the year of our Lord 2026. Follow us on X or subscribe for free by Spotify, Amazon Music, or by iTunes or email to our unique Christian newscast at www.TheWorldview.com.  Plus, you can get the Generations app through Google Play or The App Store. I'm Adam McManus (Adam@TheWorldview.com). Seize the day for Jesus Christ.

The salient point of this podcast episode centers on the recent updates regarding cybersecurity vulnerabilities and significant environmental events. Specifically, the Cybersecurity and Infrastructure Security Agency (CISA) has added new entries to its list of known exploited vulnerabilities, which signals an urgent need for patch mitigation among federal agencies and all entities utilizing the affected products. Furthermore, the episode discusses the ongoing monitoring of Kilauea volcano, which remains at an alert level of “watch” with implications for aviation safety and public awareness. Severe storms in the Houston area have also led to widespread power outages, with restoration efforts actively underway. The episode concludes with an invitation to attend the IWC 2026 conference, emphasizing the importance of critical communications in times of crisis.Takeaways:* The Cybersecurity and Infrastructure Security Agency has recently updated its list of exploited vulnerabilities, necessitating immediate action from federal agencies and other affected entities.* The National Terrorism Advisory System currently indicates that there are no active advisories, suggesting a stable security situation across the nation at this time.* The United States Geological Survey has provided updates on the Kilauea volcano, maintaining a watch status due to ongoing volcanic activity and associated hazards for aviation.* Severe thunderstorms have resulted in significant power outages in the Houston area, with restoration efforts ongoing and customer impact being monitored closely by utility providers.* A water main break in Storey County, Nevada has prompted a boil water advisory for affected customers, with guidance to follow specific instructions until the advisory is lifted.* The upcoming IWC 2026 event in Las Vegas promises to gather key figures in critical communications, showcasing advancements in technology and providing essential networking opportunities for professionals.Sponsorhttps://go.emnmedia.com/IWCE2026SourcesDHS, NTAS — current advisory statusCISA, KEV Catalog (CSV) — entries include “Date Added: 2026-03-11”USGS / VolcanoHVO “Newest Volcano Notice Including Kilauea” — Daily Update (March 11, 2026)HVO photo/video chronology — March 10–11, 2026 activity contextNevadaStorey County Sheriff's Office — boil water notice guidance (official social post)KOLO — Storey County boil water notice (reporting / public guidance)2 News Nevada — USA Parkway water main break / boil water warning detailsTexasCenterPoint statement (syndicated) — “Less than 2.5% … impacted during midweek storms”Houston Chronicle — outage impacts and restoration reporting This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit emnetwork.substack.com/subscribe

The Homeland Security shutdown is delaying key public meetings over forthcoming cyber incident reporting regulations. The Cybersecurity and Infrastructure Security Agency had planned on holding the meetings this month. But much of CISA's operations have been curtailed by the shutdown. For more, Federal News Network's Justin Doubleday joins me.See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

The episode elucidates the ongoing river flood warnings across various regions of the Ohio Valley, as issued by the National Weather Service on March 4, 2026. It is imperative that individuals exercise caution by avoiding travel through inundated roadways to mitigate risks associated with minor to moderate flooding. Additionally, the episode highlights pertinent updates from the Cybersecurity and Infrastructure Security Agency regarding known exploited vulnerabilities, emphasizing the necessity for organizations to prioritize patch mitigation efforts as outlined in a federal update. Furthermore, recent travel advisory revisions from the U.S. State Department are discussed, particularly regarding embassy operations and security conditions in the Middle Eastern and Eastern Mediterranean regions, which may significantly impact mission planning and travel logistics. We conclude with a reminder of the importance of staying informed and prepared during such critical situations.Takeaways:* The National Weather Service has issued several flood warnings in the Ohio Valley, indicating potential minor to moderate flooding.* Recent updates from the CISA highlight the importance of patch mitigation for known vulnerabilities that remain operationally relevant.* The US State Department has provided travel advisories concerning security conditions in the Middle East and Eastern Mediterranean.* Emergency management professionals should remain cognizant of regional flood warnings impacting infrastructure and travel plans.* Indiana and Kentucky have issued flood warnings, with advisories for motorists to avoid flooded roadways and areas.* The discontinuation of boil water advisories indicates improvements in local water systems, particularly in Seminole County.SourcesCISA, CISA adds vulnerabilities to KEV catalog — federal remediation prioritization update (Mar 3, 2026)Travel advisoriesCyprus Travel Advisory — Level 3 / embassy operations & security context (Mar 3, 2026)Bahrain Travel Advisory — updated embassy operations context (Mar 2, 2026)Kuwait Travel Advisory — updated embassy operations context (Mar 2, 2026)Florida - Seminole County Utilities — precautionary boil water advisory discontinued (Mar 4, 2026)Indiana - NWS Indianapolis — warning text product (Flood Warnings; issued Mar 4, 2026)Kentucky - NWS Louisville — Flood Warning text product (issued Mar 4, 2026) This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit emnetwork.substack.com/subscribe

More than 70 Democrats in the House and Senate are pushing the Department of Homeland Security's inspector general to open a new investigation into the agency's “warrantless purchases of Americans' location data.” In a letter sent Tuesday, the lawmakers tasked IG Joseph Cuffari with investigating whether Immigration and Customs Enforcement is purchasing illegally obtained location data about Americans, how that data has been used, whether audits of employee access to uncover abuse are occurring and the policies governing data usage. “Location data is extremely sensitive, and can reveal someone's religion, their political views, medical conditions, addictions, and with whom they spend time,” the Democrats said. “It is for that reason that ordinarily, the government must obtain a warrant from a judge in order to demand such data from phone or technology companies.” The letter comes nearly three years after an initial IG report found that Customs and Border Protection, the Secret Service and ICE violated federal law through warrantless purchase and use of location data. As part of that 2023 report, the watchdog office said the DHS components did not adhere to established privacy policies, nor did they develop sufficient guardrails before procurement and use. The chief information officer at the Cybersecurity and Infrastructure Security Agency announced his departure Tuesday, ending his nearly five-year run at CISA. Robert Costello, an 18-year veteran of the Department of Homeland Security, posted about the move on LinkedIn.nCostello's tenure had recently grown turbulent, with conflicting accounts of whether the since-departed acting director of CISA, Madhu Gottumukkala, had tried to force him out. Costello last week received transfer orders for possible reassignment to another agency. “Serving as CIO at CISA has been one of the greatest privileges of my career,” he said. “Together, we strengthened our cybersecurity posture, modernized critical systems, and built capabilities that will endure. I am incredibly proud of what we accomplished as a team. The Daily Scoop Podcast is available every Monday-Friday afternoon. If you want to hear more of the latest from Washington, subscribe to The Daily Scoop Podcast  on Apple Podcasts, Soundcloud, Spotify and YouTube.

The high-stakes dispute between Anthropic and the U.S. military led to a sweeping decision Friday by President Donald Trump to remove the AI startup's technology from all federal agencies. Already, several agencies are taking action. The General Services Administration, Department of State, and Department of Health and Human Services immediately indicated in public statements, comments, or internal emails that they were moving to boot Anthropic. The fallout is sure to continue as agencies untangle the Claude maker from their workflows. The clash centered on the Defense Department wanting Anthropic to remove stipulations that limited the military's use of the startup's technology in real-world operations, DefenseScoop previously reported. Anthropic CEO Dario Amodei said in a statement Thursday that the company could not accede to the request “in good conscience. Madhu Gottumukkala is out as acting director of the Cybersecurity and Infrastructure Security Agency, with current agency executive director for cybersecurity Nick Andersen replacing him as the interim leader. News of Gottumukkala's departure breaks one day after CyberScoop reported on widespread dismay with the agency's performance during the first year of the Trump administration, with significant criticism aimed at Gottumukkala's leadership on both sides of the aisle after a number of unflattering stories about his stewardship. “Madhu Gottumukkala has done a remarkable job in a thankless task of helping reform CISA back to its core statutory mission,” a Department of Homeland Security official told CyberScoop Thursday. “He tackled the woke, weaponized, and bloated bureaucracy that existed at CISA, wrangling contracts to save American taxpayer dollars.” Gottumukkala, served as chief information officer under then-South Dakota Gov. Kristi Noem, now secretary of DHS, before he was picked as deputy director of the agency. Sean Plankey's nomination to serve as full-time director of CISA has stalled, leaving Gottumukkala as the acting director in his place. Gottumukkala will take on a new role at DHS, as director of strategic implementation. The Daily Scoop Podcast is available every Monday-Friday afternoon. If you want to hear more of the latest from Washington, subscribe to The Daily Scoop Podcast  on Apple Podcasts, Soundcloud, Spotify and YouTube.

The acting director of the Cybersecurity and Infrastructure Security Agency for the past 10 months is out. Madhu Gottu-mukkala was transferred to another position at the Department of Homeland Security last week. His departure comes amid deep uncertainty at the cyber defense agency. For more, Federal News Network's Justin Doubleday joins me.See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

This week we are joined by Dr. Renée Burton, Vice President of Infoblox Threat Intel, discussing "Parked Domains and Direct Search: An Underreported Security Risk." Parked domains are no longer harmless ad pages — new research finds that in today's “direct search” or zero-click parking ecosystem, more than 90% of visits to certain parked lookalike domains lead to scams, malware, or deceptive content, often hidden behind layers of traffic distribution systems and device fingerprinting. The report details three previously unpublished domain portfolio actors who weaponize typosquatting, DNS manipulation — including rare “double fast flux” techniques highlighted in a 2025 advisory from Cybersecurity and Infrastructure Security Agency — and even misconfigured name server records to evade detection and funnel real users toward malicious advertisers. Beyond malvertising, some parked lookalike domains collect misdirected email, fuel business email compromise, and exploit outdated links — including those surfaced by generative AI — underscoring how a simple typo can expose users and enterprises to significant risk. The research can be found here: Parked Domains Become Weapons with Direct Search Advertising Learn more about your ad choices. Visit megaphone.fm/adchoices

This week we are joined by Dr. Renée Burton, Vice President of Infoblox Threat Intel, discussing "Parked Domains and Direct Search: An Underreported Security Risk." Parked domains are no longer harmless ad pages — new research finds that in today's “direct search” or zero-click parking ecosystem, more than 90% of visits to certain parked lookalike domains lead to scams, malware, or deceptive content, often hidden behind layers of traffic distribution systems and device fingerprinting. The report details three previously unpublished domain portfolio actors who weaponize typosquatting, DNS manipulation — including rare “double fast flux” techniques highlighted in a 2025 advisory from Cybersecurity and Infrastructure Security Agency — and even misconfigured name server records to evade detection and funnel real users toward malicious advertisers. Beyond malvertising, some parked lookalike domains collect misdirected email, fuel business email compromise, and exploit outdated links — including those surfaced by generative AI — underscoring how a simple typo can expose users and enterprises to significant risk. The research can be found here: Parked Domains Become Weapons with Direct Search Advertising Learn more about your ad choices. Visit megaphone.fm/adchoices

There is a question that sounds almost embarrassingly simple. After a vulnerability is discovered in a piece of widely used software — something like Log4Shell, which shook the security world and left hundreds of thousands of organizations exposed overnight — the question organizations scrambled to answer was this: where is this code, and what does it touch? Most couldn't answer it. Not the Fortune 500 companies. Not the government agencies. Not the critical infrastructure operators. Not the hospitals or the banks or the utilities. They had built and bought mountains of software over years and decades, and when the moment came to understand what was actually inside it, they were effectively blind. That gap is exactly what Daniel Bardenstein set out to close when he co-founded Manifest Cyber in 2023. And in a conversation on ITSPmagazine's Brand Highlight series, he made a case for technology transparency that is hard to argue with — not because it's technically complex, but because the analogy he draws is so strikingly obvious once you hear it. "If you want to buy a house, you get to go inside the house, do the home inspection," he said. "You want to buy food from the grocery store — you can look at the ingredients. Even our clothes tell you what they're made of, how to care for them, and where they're from." But software? The technology running hospital MRI machines, weapon systems, financial infrastructure, water delivery? No transparency required. No ingredient label. No inspection rights. Just trust. That trust, as Log4Shell demonstrated, is a vulnerability in itself. Bardenstein came to this problem with credentials that few founders in the space can claim. Before starting Manifest, he spent four and a half years in the US government leading large-scale cyber programs and serving as technology strategy lead at CISA — the Cybersecurity and Infrastructure Security Agency. He saw firsthand how defenders are perpetually at a disadvantage, operating without the basic visibility they need to do their jobs. His mission became building the tools to change that. The problem, he's quick to point out, has not improved in the years since Log4Shell. Software supply chain attacks have multiplied — XZ Utils, NPM Polyfill, and others following the same pattern: trusted software becomes the attack vector, and it spreads fast. Meanwhile, most security teams are still operating with SCA tools that generate noisy, overwhelming alerts and vendor risk programs built on Excel spreadsheets and questionnaires rather than actual empirical data about the security of what they're buying. "Security teams have a false sense of security," Bardenstein said. The gap between what organizations think they know and what they actually know about their software supply chains remains dangerously wide. Manifest Cyber addresses this across the full lifecycle. For organizations that build software, the platform maps every open source dependency, assesses it for risk, and ensures developers can write more secure code without losing velocity. For organizations that buy software — which is everyone — it finds risks before procurement, then continuously monitors every third party component so that when something breaks, they know the blast radius in seconds, not weeks. The timing matters. Regulation is catching up to the problem. The EU AI Act, the Cyber Resilience Act, and a growing body of global policy are beginning to demand exactly the kind of software supply chain transparency that Manifest is built to provide. Organizations that wait to build this capability will find themselves scrambling to comply — those that build it in now will have it as a competitive advantage. The ingredient label for software has always been missing. Manifest Cyber is writing it. ________________________________________________________________ Marco Ciappelli interviews Daniel Bardenstein, CEO & Co-Founder of Manifest Cyber, for ITSPmagazine's Brand Highlight series. HOST Marco Ciappelli — Co-Founder & CMO, ITSPmagazine | Journalist, Writer & Branding Advisor

In this week's Security Sprint, Dave and Andy covered the following topics:Opening:• Tribal-ISAC and WaterISAC events!• Check out our newest webpage and our new blog post, kicking off this new Gate 15 blog series!• AI Threat Landscape: Fact vs. Fiction As We Start 2026• AI Threats Resilience, a new Gate 15 service page outlines a suite of AI threat informed workshops and tabletop exercises designed to help organizations understand AI driven risks, clarify ownership of AI exposure and rehearse response to AI enabled incidents. • TLP: CLEAR – WaterISAC Top Actions to Enhance Your Utility's Cybersecurity • (TLP:CLEAR) WaterISAC – TOP ACTIONS to Enhance Your Utility's Physical Security • Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) – Cybersecurity and Infrastructure Security Agency – 18 Feb 2026: CISA posted an update stating that due to a lapse in DHS appropriations it may be unable to hold scheduled CIRCIA Town Halls and will not conduct meetings during any lapse in appropriations. Main Topics:Cyber Resilience: An Incident Doesn't Have to Be a Crisis Binary Defense, 19 Feb 2026. This blog reframes security operations around limiting business impact instead of chasing security perfection, noting that incidents are inevitable in complex enterprises and that the true differentiator is whether they escalate into crises. • The ENISA Cybersecurity Exercise Methodology ENISA | 16 Feb 2026 & ENISA publishes Cybersecurity Exercise Methodology to guide and standardize EU cybersecurity exercises) • Information Sharing – U.S. Legal and Regulatory Guidance – Health ISAC – 18 Feb 2026• Businesses urged to ‘lock the door' on cyber criminals as new government campaign launches – UK Government, 19 Feb 2026Violence & Extremism • Man Targets DHS Building With Stolen Ambulance In Attempted Arson Attack Source: The Daily Wire, 19 Feb 2026 • Armed man shot and killed after "unauthorized entry" into Mar-a-Lago perimeter, Secret Service says — CBS News, 22 Feb 2026• Mar-a-Lago Gunman Was Reportedly ‘Fixated' on Epstein Files and Believed There Was a Trump Government Cover-Up • USCP Officers Stop & Arrest Man with Loaded Shotgun Outside the U.S. Capitol — United States Capitol Police — 17 Feb 2026• FBI Albany, in Coordination with Nevada and New York Law Enforcement Partners, Investigating Vehicle Ramming at Electrical Substation in Nevada — FBI, 20 Feb 2026Quick Hits:• Launched: 9th Annual Dragos OT Cybersecurity Year in Review Dragos — 17 Feb 2026 • Significant Rise in Ransomware Attacks Targeting Industrial Organizations)• 3 Threat Groups Started Targeting ICS/OT in 2025: Dragos • CISA: Recently patched RoundCube flaws now exploited in attacks — BleepingComputer, 23 Feb 2026• CISA Adds Two Known Exploited Vulnerabilities to Catalog (RoundCube)• Government of Canada Alerts & Advisories: Roundcube security advisory (AV25-309) - Update 1 • CISA: BeyondTrust RCE flaw now exploited in ransomware attacks — Bleeping Computer, 20 Feb 2026 • 90% of Ransomware Incidents Exploit Firewalls • Ransomware Groups Shift Targets Mid-Sized Businesses Enterprise Defenses Harden, Research Shows • Searchlight Cyber Report: Ransomware Groups Claimed Record Number of Victims in 2025 with 30% Annual Increase — Searchlight Cyber — 17 Feb 2026• Securin 2025 Ransomware Report Finds AI Accelerating, Not Replacing, Human-Led Attacks • Record Number of Ransomware Victims and Groups in 2025 • Arctic Wolf Threat Report Highlights 11x Growth in Data Extortion Incidents and Continued Dominance of Ransomware Arctic Wolf | 17 Feb 2026 • 2026 Unit 42 Global Incident Response Report — Attacks Now 4x Faster Palo Alto Networks | 17 Feb 2026 • Blizzard slams Northeast with heavy snow and powerful winds • East Coast Blizzard Halts Travel, Cancels 8,000 Flights • El Nino is brewing: Here's what it means for U.S. weather in 2026

U.S. Immigration and Customs Enforcement's top official rejected claims from lawmakers Tuesday that the Department of Homeland Security component is building a database for protesters. The alleged detractor database has been referenced in several reports by think tanks, letters to DHS officials from lawmakers and in interviews with border czar Tom Homan. During Tuesday's House Homeland Security Committee hearing, Rep. Lou Correa, D-Calif., cited a well-circulated clip of an ICE agent in Portland, Maine, telling a person videotaping that she would be added to a “nice little database.” “I can't speak for that individual,” said Todd Lyons, who serves as acting director of ICE. “But I can assure you that there is no database that's tracking United States citizens.” Despite Lyons' pushback on the database claims, skepticism is persistent as stakeholders point to reports to the contrary. FedScoop reached out to DHS for clarification. Tricia McLaughlin, the agency's assistant security for public affairs, reaffirmed that there is no database of domestic terrorists run by DHS. “We do of course monitor and investigate and refer all threats, assaults and obstruction of our officers to the appropriate law enforcement,” McLaughlin said in an email. “Obstructing and assaulting law enforcement is a felony and a federal crime.” A recent attempt at a destructive cyberattack on Poland's power grid has prompted the Cybersecurity and Infrastructure Security Agency to publish a warning for U.S. critical infrastructure owners and operators. Tuesday's alert follows a Jan. 30 report from Poland's Computer Emergency Response Team concluded the December attack overlapped significantly with infrastructure used by a Russian government-linked hacking group, and that it targeted 30 wind and photovoltaic farms, among others. CISA said its warning was meant to “amplify” that Polish report. In particular, CISA said the attack highlighted the threats to operational technology and industrial control systems, most commonly used in the energy and manufacturing sectors. And CISA's alert continues a recent agency focus on securing edge devices like routers or firewalls, after a binding operational directive last week to federal agencies to strip unsupported products from their systems. “The malicious cyber activity highlights the need for critical infrastructure entities with vulnerable edge devices to act now to strengthen their cybersecurity posture against cyber threat activities targeting OT and ICS,” the alert reads. CISA urged owners and operators to review the Polish report, as well as security guidance from other U.S. agencies. The Daily Scoop Podcast is available every Monday-Friday afternoon. If you want to hear more of the latest from Washington, subscribe to The Daily Scoop Podcast  on Apple Podcasts, Soundcloud, Spotify and YouTube.

Senator Ron Wyden is pledging to keep his hold on the nominee to lead the Cybersecurity and Infrastructure Security Agency. Wyden says he will continue to object to Sean Plankey's nomination until CISA releases a 2022 report on security flaws in the U.S. telecommunications system. Wyden previously held up Plankey's nomination for much of last year over the same issue. See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

The Office of Personnel Management finalized a new classification Thursday for career federal workers in policy-related roles that will effectively make them easier to terminate. The new “Schedule Policy/Career” creates an administrative category for nonpolitical “career” federal employees who work in roles that are defined as influencing policy. Workers added to that classification will be converted to “at-will” employees and will no longer be eligible for adverse action procedures or the ability to appeal terminations. Roughly 50,000 employees will be subject to the change, per an estimate in the final rule. Despite the administration's assertion that the new schedule is for “accountability” and will not be subject to political loyalty tests, federal employee advocates have long argued the policy is a thinly veiled attempt to strip career employees of safeguards in an effort to replace them with workers who are politically aligned with the president. The announcement from OPM on Thursday stated that the final rule explicitly does not allow discrimination based on politics, prohibits use of the new schedule to reshape the workforce or conduct mass layoffs, and would protect whistleblowers. OPM also stated that it would take on a role to review agency actions to ensure they are compliant. A Cybersecurity and Infrastructure Security Agency order published Thursday directs federal agencies to stop using “edge devices” like firewalls and routers that their manufacturers no longer support. It's a stab at tackling one of the most persistent and difficult-to-manage avenues of attack for hackers, a vector that has factored into some of the most consequential and most common types of exploits in recent years. New edge-device vulnerabilities surface frequently. Under the binding operational directive CISA released Thursday, federal civilian executive branch (FCEB) agencies must inventory edge devices in their systems that vendors no longer support within three months, and replace those on a dedicated list with supported devices within one year. To aid agencies in following the directive, CISA is producing a list of end-of-service edge devices. CISA developed the directive in conjunction with the Office of Management and Budget, and puts a bit more muscle behind a decade-old OMB circular on agencies phasing out unsupported technologies. Despite being called “binding operational directives,” CISA has no authority to mandate that agencies carry out the orders — although agencies have demonstrated they usually seek to follow them, and there are ways that CISA can work to ensure compliance. The private sector pays attention to CISA's directives even though they don't apply to companies. The Daily Scoop Podcast is available every Monday-Friday afternoon. If you want to hear more of the latest from Washington, subscribe to The Daily Scoop Podcast  on Apple Podcasts, Soundcloud, Spotify and YouTube.

After leaving her role performing the duties of the chief information officer for the Department of Defense last month, Katie Arrington has taken a new position as CIO at quantum computing company IonQ. Arrington will step into the role Jan. 19, reporting to the company's COO and CFO Inder Singh, IonQ announced Wednesday. Kirsten Davies was nominated by President Donald Trump in May 2025 to be the Defense Department CIO, and it took most of the remainder of 2025 for the Senate to confirm her into the role. She was sworn in just before the Christmas holiday, at which point Arrington stepped away from her service to the Pentagon. In joining IonQ, Arrington will serve on the company's executive team. As CIO, Arrington will continue to support the U.S. military from a different vantage, leading modernization and security of IonQ's enterprise systems in support of its mission to deliver quantum capabilities to American warfighters. Before rejoining the Pentagon a year ago, then as deputy CIO for cybersecurity, Arrington had a previous stint as CISO in the Office of the Undersecretary of Defense for Acquisition and Sustainment, where she was largely responsible for the development of the Cybersecurity Maturity Model Certification (CMMC) program. Now: President Donald Trump re-nominated Sean Plankey to lead the Cybersecurity and Infrastructure Security Agency on Tuesday, after Plankey's bid for the position ended last year stuck in the Senate. It's not clear whether or how Plankey's resubmitted nomination will overcome the hurdles that left many observers convinced his chance of becoming CISA director had likely ended, but it does definitively signal that the Trump administration still wants Plankey to have the job. Plankey's nomination was included in a batch sent to the Senate announced on Tuesday. CISA spent all of 2025 under Trump without a permanent director. Trump nominated Plankey, who held a couple cybersecurity roles in the first Trump administration, to lead CISA in March. He got a Senate Homeland Security and Governmental Affairs Committee hearing in July, then won approval from that panel that same month. But Sen. Rick Scott, R-Fla., had placed a hold on Plankey's nomination over a Coast Guard contract that the Homeland Security Department had canceled in part. While he awaited confirmation, Plankey had been serving as a senior adviser to the secretary for the Coast Guard. A spokesperson for Scott did not immediately respond to a request for comment. North Carolina's GOP Senate delegation also had placed holds on DHS nominees related to disaster aid to their state. Sen. Thom Tillis, R-N.C., said last week that the holds would remain until Secretary Kristi Noem appeared before the Senate Judiciary Committee. A White House official had denied reports that Plankey's nomination was all but over last year. “President Trump has been clear that he wants all of his nominees confirmed as quickly as possible, including Sean Plankey, who will play a key role in ensuring a strong cyber defense infrastructure,” the official told CyberScoop. Asked Wednesday at the Surface Navy Association national symposium about what he was doing to convince senators to lift their holds, Plankey answered, “The administration, the White House has to say that this is a priority of us.” The Daily Scoop Podcast is available every Monday-Friday afternoon. If you want to hear more of the latest from Washington, subscribe to The Daily Scoop Podcast  on Apple Podcasts, Soundcloud, Spotify and YouTube.

It's been nearly a full year since the Cybersecurity and Infrastructure Security Agency has had a Senate-confirmed director. Cyber experts say the leadership void is preventing CISA from moving forward on key cybersecurity issues. For more, Federal News Network's Justin Doubleday is here.See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

Microsoft and the US Cybersecurity and Infrastructure Security Agency have issued an urgent call to patch a Windows vulnerability, CVE-2026-20805, which is currently being exploited and allows attackers to leak memory addresses that could lead to code execution. CISA has added the flaw to its Known Exploited Vulnerabilities catalog, requiring federal agencies to apply the fix by February 3. The vulnerability is part of a January security update that addresses 112 Microsoft issues, including a Secure Boot certificate expiration problem and an elevation of privilege flaw in Agere Modem drivers. Security experts recommend immediate patching and reviewing Secure Boot certificates to maintain protection.Learn more on this news by visiting us at: https://greyjournal.net/news/ Hosted on Acast. See acast.com/privacy for more information.

The Cybersecurity and Infrastructure Security Agency doesn't want to leave companies hanging when they reach out with a bold new innovation or tech development. So CISA this month unveiled its “Industry Engagement Platform,” where people can sign up to communicate directly with agency officials. For more on the new platform, Federal News Network's Justin Doubleday spoke with the chief information officer at CISA, Bob Costello.See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

One of the most important cybersecurity laws in the country quietly expired last October with no sign of reauthorization on the horizon. Instead, the conflation between the 2015 Cybersecurity Information Sharing Act and the Cybersecurity and Infrastructure Security Agency has led to a political standstill that will only have negative impacts on American cybersecurity. What implications will not reauthorizing CISA 2015 have on national security? And how much risk are we taking on by letting protections for information sharing between the private sector and the government lapse?In this episode, Shane Tews is joined by Caitlin Clarke, Cristin Flynn Goodwin, and James Andrew Lewis. In this conversation, they unpack how confusion between the 2015 information-sharing law and the Cybersecurity and Infrastructure Security Agency (CISA) makes Americans vulnerable to foreign cyberattacks, how rescinded liability and FOIA protections are already slowing down cyber defense, and why speed matters more than ever as AI accelerates malicious actors.

Rep. Marjorie Taylor Greene of Georgia announced Friday she will resign from Congress and that her last day will be in January. CBS News' Nikole Killion has the latest. Chris Krebs, former director of the Cybersecurity and Infrastructure Security Agency, joins "CBS Mornings" to discuss his new Masterclass and share ways people can protect themselves from online scams, identity theft and deepfakes. Consumers are expected to spend more than $1 trillion this year on holiday shopping, according to the National Retail Federation. In an exclusive interview, Gap Inc.​​ CEO Richard Dickson talks about how he's preparing for the road ahead as shoppers remain anxious about the economy. Beloved father-son triathletes Jeff and Johnny Agar are getting back in the saddle months after Jeff faced a near-fatal diagnosis. In June, at just 62 years old, Jeff underwent triple bypass surgery. David Begnaud has more on the story for his series "Beg-Knows America." Gotham FC players Rose LaVelle and Emily Sonnett join "CBS Mornings" to talk about their tense NWSL championship game against the Washington Spirit, and LaVelle's game-winning goal in the 80th minute that secured the trophy on Saturday. Solo diners are fleeing to the Bayonet seafood restaurant in Birmingham, Alabama, as the restaurant caters to the "party of one." CBS News' Jan Crawford scored a seat at the joint, and spoke to chef Rob McDaniel about the experience for our series "The Dish." To learn more about listener data and our privacy practices visit: https://www.audacyinc.com/privacy-policy Learn more about your ad choices. Visit https://podcastchoices.com/adchoices

In this week's Security Sprint, Dave and Andy covered the following topics:Warm Open:• Happy Birthday to CISA! The Cybersecurity and Infrastructure Security Agency turned seven on Sunday. • Government funding bill temporarily revives cybersecurity information-sharing law• The Gate 15 Interview EP 64: Cody Barrow, CEO, EclecticlQ. “Nothing in cyber happens without a reason.”• Faith-Based (U.S.): FB-ISAO Newsletter, v7, Issue 10Main Topics:Cybersecurity!• OWASP Top Ten. Welcome to the 8th installment of the OWASP Top Ten! • ASD: Annual Cyber Threat Report 2024-2025• Checkout.com: Protecting Our Merchants: Standing Up to Extortion: “We will not be extorted by criminals. We will not pay this ransom.” Holidays & Hostile Events!• Europol: 10 years on: remembering the victims of the 13 November terrorist attack in Paris• DOJ: New Jersey Man Charged with Cyberstalking in Connection with Violent Network ‘764'• Indiana Republican called out by Trump on redistricting is swatted• Marjorie Taylor Greene Says She Received Pipe Bomb Threat: What We Know• Terror plot arrests reveal ‘more dangerous' online pathway to ISIS radicalization in America• Suspects charged in alleged Michigan Halloween terror plot eyed attack on Chicago Pride Parade: Docs • Racists are now openly targeting Indian Americans• Is left-wing terrorism returning? Quick Hits:• Blended Threats! Risky Biz News - German TV station hacked: A cyberattack has disrupted the broadcast of German radio station Radio Nordseewelle. Hardware components were damaged in the attack and had to be replaced. The broadcaster said it had to rebuild large parts of its IT network. The hack took place days after a similar incident crippled the transmission of Dutch radio and TV station RTV Noord. [Tarnkappe]

There are a lot of reasons why government shutdowns are harmful. The impact on the nation's cyber defenses is certainly one of those reasons, but it's also difficult to measure. We do know that significant percentages of cyber personnel are furloughed, including more than half the staff at the Cybersecurity and Infrastructure Security Agency. But for a deeper look at some of the less tangible impacts, we're joined now by Justin Miller. He's a former Secret Service special agent who specialized in cyber investigations – now an associate professor of cyber studies at the University of Tulsa.See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

Nearly two months after calling on the Office of Management and Budget to bar use of xAI's Grok chatbot in government, a coalition of advocacy groups is pressing its case further after the General Services Administration struck a deal with Elon Musk's AI company to deploy Grok across the federal government. In a letter sent Wednesday to OMB Director Russell Vought, the advocacy groups reiterated their concerns in the wake of the GSA OneGov deal, along with recent comments from Michael Kratsios, the director of the White House Office of Science and Technology Policy. “OMB is entrusted with ensuring that AI systems procured by the federal government meet the highest standards of truth-seeking, accuracy and neutrality,” the letter, led by Public Citizen, stated. “Grok has repeatedly demonstrated failures in these areas and Director Kratsios himself has confirmed that such behavior is the precise type that Executive Order 14319 was designed to prevent.” The letter refers to an executive order signed by President Donald Trump in July that seeks to prevent “woke AI,” or ideological biases in models that are used by the federal government. The groups argued in their August letter to Vought that the use of Grok contradicts this order, given its past controversies with spewing antisemitic and pro-Hitler content. Weeks after the letter was sent, GSA inked a deal with xAI to offer Grok models to the government for a nominal cost. Under the deal, federal agencies can buy Grok 4 and Grok 4 Fast for 42 cents until March 2027. The White House appears to be moving forward with plans to redesign federal government websites, registering a new government domain — techforce.gov — this week. The new URL, which was first discovered Thursday by a bot tracking new government domains, leads to a sign-in page that states “National Design Studio” and “Tech Force” at the top. It includes a form for users to submit their email and receive a code to access the website. Records maintained by the Cybersecurity and Infrastructure Security Agency show the domain was registered Oct. 24 and last changed Wednesday. The domain registration comes more than two months after President Donald Trump signed an executive order launching an “America by Design” initiative focused on both digital and physical spaces. A new National Design Studio and chief design officer will lead the initiative and coordinate agency actions. The Daily Scoop Podcast is available every Monday-Friday afternoon. If you want to hear more of the latest from Washington, subscribe to The Daily Scoop Podcast  on Apple Podcasts, Soundcloud, Spotify and YouTube.

Water systems—once considered too small or obscure to be hacked—are now squarely in the crosshairs of cyber actors. In recent months, Bluefield Research has tracked a surge of cyber activity targeting water and wastewater utilities around the world, from the U.S. Cybersecurity and Infrastructure Security Agency's (CISA) release of 32 new control system advisories to Poland's launch of a national cybersecurity framework for water utilities. In this episode of The Future of Water, Bluefield's Barcelona-based Maria Cardenal and Boston-based Leigh Ramsey join host Reese Tisdale to unpack one of the most pressing—and overlooked—threats facing the water sector: cybersecurity. Our water experts explore where these threats are emerging, how utilities are responding, and what the next phase of digital resilience looks like. Key discussion points include: What's really at stake when critical infrastructure is under attack The biggest vulnerabilities in today's water systems—from legacy hardware to weak IT–OT segmentation Real-world examples from the U.S., Norway, and Poland that show how cyberattacks on operational assets are evolving How governments are responding—including Poland's US$1.1 billion cybersecurity initiative for water and wastewater systems How smaller utilities are managing cybersecurity with limited resources The role of new regulations—from the EU's NIS2 Directive to state-level initiatives in the U.S. Why cybersecurity must become part of asset management and workforce training, not an afterthought If you enjoy listening to The Future of Water Podcast, please tell a friend or colleague, and if you haven't already, please click to follow this podcast wherever you listen. If you'd like to be informed of water market news, trends, perspectives and analysis from Bluefield Research, subscribe to Waterline, our weekly newsletter published each Wednesday. Related Research & Analysis: Poland Strengthens Cybersecurity in the Water Sector Cybersecurity Alerts Highlight Water HMI Vulnerabilities

Federal cyber authorities issued an emergency directive last week requiring federal agencies to identify and apply security updates to F5 devices after the cybersecurity vendor said a nation-state attacker had long-term, persistent access to its systems. The order, which mandates federal civilian executive branch agencies take action by Wednesday, Oct. 22, marked the second emergency directive issued by the Cybersecurity and Infrastructure Security Agency in three weeks. CISA issued both of the emergency directives months after impacted vendors were first made aware of attacks on their internal systems or products. F5 said it first learned of unauthorized access to its systems Aug. 9, resulting in data theft including segments of BIG-IP source code and details on vulnerabilities the company was addressing internally at the time. CISA declined to say when F5 first alerted the agency to the intrusion. CISA officials said they're not currently aware of any federal agencies that have been compromised, but similar to the emergency directive issued following an attack spree involving zero-day vulnerabilities affecting Cisco firewalls, they expect the response and mitigation efforts to provide a better understanding of the scope of any potential compromise in federal networks. Many federal agencies and private organizations could be impacted. CISA said there are thousands of F5 product types in use across executive branch agencies. Sens. Maria Cantwell, D-Wash., and Ted Cruz, R-Texas, moved to mandate comprehensive new safety reviews for all aircraft operations near DCA and at all major and mid-size U.S. airports, in a new bipartisan agreement that would also require fleets across the nation to be equipped with more precise situational awareness technology. Their proposal aims to resolve safety issues identified by the federal investigation into the tragic crash in January, where an Army UH-60M Black Hawk helicopter fatally collided with an American Airlines passenger plane over the Potomac River near Ronald Reagan Washington National Airport. All 67 people aboard both aircraft were killed in the collision. In a statement on Thursday, Tim and Sheri Lilley — whose son was the first officer onboard that AA Flight 5342 — called on Congress “to continue moving quickly and decisively to pass and fully implement these reforms, because every person who boards an aircraft depends on it.” The 42-page Cantwell-Cruz Bipartisan Aviation Safety Agreement combines elements of legislation the lawmakers previously put forward separately in the months after the fatal collision. It includes language that directs every military service with an aviation component to sign a memorandum of understanding with the Federal Aviation Administration to share appropriate safety information and expand coordination to prevent future accidents. Another safety failure that came to light in the wake of the crash was associated with the Army Black Hawk helicopter not transmitting via Automatic Dependent Surveillance–Broadcast (ADS-B) technology, which essentially enables aircraft to receive data and information about other systems, weather and traffic — delivered directly in the cockpit. The senators' proposal would set a clear 2031 deadline for aircraft operators to equip their fleets with the full package of ADS-B capabilities. The Daily Scoop Podcast is available every Monday-Friday afternoon. If you want to hear more of the latest from Washington, subscribe to The Daily Scoop Podcast  on Apple Podcasts, Soundcloud, Spotify and YouTube.

This week on The Necessary Conversation, it's just Chad, Haley and Mary Lou. Bob's resting. But we break down another wild week in America under Trump's second term.

Federal agencies' latest status updates on how they're using artificial intelligence reveal persistent barriers and variability on where agencies stand with ”high-impact” use cases. The release of the 2025 AI compliance plans offers one of the first in-depth glimpses at how federal agencies are addressing issues of AI risk management, technical capacity and workforce readiness under the second Trump administration. Those documents, which were required under the Trump administration's AI governance memo to agencies, were supposed to be released publicly by Sept. 30. As of publication time, FedScoop located roughly 20 plans and 14 strategies across 22 agencies. For nine of the roughly two dozen Chief Financial Officers Act agencies, FedScoop was unable to find either a plan or a strategy. The U.S. Department of Agriculture and the Nuclear Regulatory Commission, meanwhile, produced only strategies. FedScoop and DefenseScoop attempted to contact the CFO Act agencies that didn't produce both documents, but the agencies either didn't respond or didn't provide the documents. Two of those agencies, NASA and the Justice Department, noted the government shutdown in their responses, and both the DOJ and Department of Defense indicated they were working to post at a later date. Agencies were also required to submit AI strategies for the first time this year. Those documents contain some of the same information as the compliance documents, including plans to train the workforce, examples of use cases, and systems for governance. The compliance plans, meanwhile, which are in their second year, have changed only slightly from their previous iterations, with some agencies showing progress on their implementation of the technology and risk management practices. A top Senate Democrat introduced legislation Thursday to extend and rename an expired information-sharing law, and make it retroactive to cover the lapse that began Oct. 1. Michigan Sen. Gary Peters, the ranking member of the Homeland Security and Governmental Affairs Committee, introduced the Protecting America from Cyber Threats (PACT) Act, to replace the expired Cybersecurity and Information Sharing Act of 2015 (CISA 2015) that has provided liability protections for organizations that share cyber threat data with each other and the federal government. Industry groups and cyber professionals have called those protections vital, sometimes describing the 2015 law as the most successful cyber legislation ever passed. The 2015 law shares an acronym with the Cybersecurity and Infrastructure Security Agency, which some Republicans — including the chairman of Peters' panel, Rand Paul of Kentucky — have accused of engaging in social media censorship. As CISA 2015 has lapsed and Peters has tried to renew it, “some people think that's a reauthorization of the agency,” Peters told reporters Thursday in explaining the new bill name. The Daily Scoop Podcast is available every Monday-Friday afternoon. If you want to hear more of the latest from Washington, subscribe to The Daily Scoop Podcast  on Apple Podcasts, Soundcloud, Spotify and YouTube.

The Senate Commerce Committee investigates the Cybersecurity and Infrastructure Security Agency for allegedly pressuring tech companies like Facebook to take down posts that were flagged as misinformation. Learn more about your ad choices. Visit podcastchoices.com/adchoices

The White House Office of Management and Budget is instructing agencies to consider reducing staff for programs that have a lapse in funding in the event of a government shutdown, as tensions rise ahead of the Sept. 30 end to the fiscal year. “With respect to those Federal programs whose funding would lapse and which are otherwise unfunded, such programs are no longer statutorily required to be carried out,” the undated message said. The guidance goes on to say that consistent with applicable law, including a federal reduction in force statute, agencies are directed to use this opportunity to consider RIF notices for employees working in projects, programs or activities that have a funding lapse on Oct.1, don't have another source of funding, and are not consistent with President Donald Trump's priorities. The project, program or activity must meet all three criteria, the message said. The message places blame for a possible shutdown squarely on congressional Democrats, calling their demands “insane.” The OMB message explains that the One Big Beautiful Bill Act, legislation passed earlier this year that is at the heart of Trump's second-term agenda, provided “ample resources to ensure that many core Trump Administration priorities will continue uninterrupted.” Federal cyber authorities sounded a rare alarm last week, issuing an emergency directive about an ongoing and widespread attack spree involving actively exploited zero-day vulnerabilities affecting Cisco firewalls. Cisco said it began investigating attacks on multiple government agencies linked to the state-sponsored campaign in May. The vendor, which attributes the attacks to the same threat group behind an early 2024 campaign targeting Cisco devices it dubbed “ArcaneDoor,” said the new zero-days were exploited to “implant malware, execute commands, and potentially exfiltrate data from the compromised devices.” Cisco disclosed three vulnerabilities affecting its Adaptive Security Appliances — CVE-2025-20333, CVE-2025-20363 and CVE-2025-20362 — but said “evidence collected strongly indicates CVE-2025-20333 and CVE-2025-20362 were used by the attacker in the current attack campaign.” The Cybersecurity and Infrastructure Security Agency said those two zero-days pose an “unacceptable risk” to federal agencies and require immediate action. The Daily Scoop Podcast is available every Monday-Friday afternoon. If you want to hear more of the latest from Washington, subscribe to The Daily Scoop Podcast  on Apple Podcasts, Soundcloud, Spotify and YouTube.

Dr. Jim Lewis, a distinguished fellow with the Tech Policy Program at the Center for European Policy Analysis, and Mark Montgomery, a retired US Navy rear admiral who is now the senior director of the Center on Cyber and Technology Innovation at the Foundation for Defense of Democracies as well as a Cyberspace Solarium Commission senior adviser, joins Defense & Aerospace Report Editor Vago Muradian to discuss Russia's recent cyber attacks on European airports as well as drone attacks and fighter incursions on NATO members; how allies must respond; outlook for TikTok in the United States; and reauthorization of the Cybersecurity and Infrastructure Security Agency.

The Department of Homeland Security failed to effectively implement a critical retention incentive program for cyber talent, according to a new report from the agency's inspector general, which found that federal funds meant for the Cybersecurity and Infrastructure Security Agency were used incorrectly. In 2015, the agency implemented the Cyber Incentive program. The goal, the inspector general said, was to provide extra incentives to employees that might otherwise leave the federal government. More than $100 million has been spent on the program in recent years. The program “was designed to help CISA retain mission-critical cybersecurity talent needed to execute its mission,” the report noted, and was meant to consider a series of qualifications to guide who received the retention benefit. The government hoped to keep in-demand technology experts in government. The watchdog wrote that “CISA's implementation of the program wasted taxpayer funds and invites the risk of attrition of cyber talent, thereby leaving CISA unable to adequately protect the Nation from cyber threats.” Instead of being targeted toward valuable talent likely to transition to the private sector, the payments were disbursed generally, with many ineligible employees receiving tens of thousands of dollars in payment. The Pentagon's chief information officer is undertaking yet another reform of the Defense Department's IT enterprise — this time focusing on streamlining its classified networks to enhance data sharing and interoperability. Katie Arrington, who is performing the duties of CIO, plans to introduce a new program dubbed “Mission Network-as-a-Service” that aims to reduce the number of disparate data fabrics used by combatant commands into a single, unified network. Speaking last week during the Billington Cybersecurity Summit, Arrington said the program will be key to realizing the department's vision for Combined Joint All-Domain Command and Control, or CJADC2. Broadly speaking, CJADC2 seeks to connect the U.S. military's sensors and weapons under a single network, enabling rapid data transfer between warfighting systems and domains. The Pentagon also wants to be able to quickly share relevant information with international partners and allies during conflicts, adding another layer of difficulty to realizing the construct. The Daily Scoop Podcast is available every Monday-Friday afternoon. If you want to hear more of the latest from Washington, subscribe to The Daily Scoop Podcast  on Apple Podcasts, Soundcloud, Spotify and YouTube.

Two sophisticated ransomware groups, Akira and Lynx, are increasingly targeting managed service providers (MSPs) and small businesses by exploiting stolen credentials and vulnerabilities. Together, they have compromised over 365 organizations, with Akira targeting major firms like Hitachi Vantara and Lynx focusing on critical infrastructure, including a CBS affiliate in Chattanooga, Tennessee. Both groups utilize double extortion tactics, combining file encryption with data theft to pressure victims into paying ransoms. This shift in tactics highlights the evolving threat landscape for MSPs and small businesses.In response to the growing cybersecurity threats, the U.S. Cybersecurity and Infrastructure Security Agency has released Thorium, an open-source platform designed for malware and forensic analysis. Thorium can automate tasks and process over 10 million files per hour, empowering IT professionals without in-house malware analysis capabilities to conduct effective preliminary analyses. This tool aims to enhance cybersecurity operations and better manage risks associated with complex malware threats.Additionally, SonicWall has issued a warning to its customers to disable SSL Virtual Private Network (VPN) services due to active ransomware attacks targeting its systems. Meanwhile, Google's AI-powered bug hunter, Big Sleep, has identified 20 security vulnerabilities in popular open-source software, raising concerns about the reliability of AI-generated bug reports. A newly discovered prompt injection vulnerability in Google's Gemini AI chatbot poses serious security risks, enabling attackers to craft convincing phishing campaigns without relying on links or attachments.The podcast also discusses the alarming rise in cybersecurity incidents, particularly social engineering attacks, which have tripled in the first half of 2025. A report from Level Blue indicates that social engineering now accounts for 39% of initial access incidents, with fake CAPTCHA schemes rising dramatically. Furthermore, the report highlights the risks associated with unauthorized AI tool usage, revealing that 97% of organizations lack adequate access controls, exposing sensitive data to potential threats. This underscores the need for organizations to strengthen their defenses and educate users on emerging threats. Four things to know today00:00 Attackers Up Their Game: Ransomware Hits MSPs, SonicWall Vulnerable, and Google's AI Found Exploitable05:53 Social Engineering Surges as Shadow AI Breaches Drive Up Cyber Costs and Risk Exposure08:35 Neglected Tech, Rising Risk: Email and Printers Still Expose Businesses to Modern Threats11:04 From Ransomware to Retirements: Vendor Shifts Reveal Risks and Realignment in the IT Channel This is the Business of Tech.     Supported by:  https://cometbackup.com/?utm_source=mspradio&utm_medium=podcast&utm_campaign=sponsorship https://getflexpoint.com/msp-radio/ Tell us about a newsletter! https://bit.ly/biztechnewsletter  All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want to be a guest on Business of Tech: Daily 10-Minute IT Services Insights? Send Dave Sobel a message on PodMatch, here: https://www.podmatch.com/hostdetailpreview/businessoftech Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessof.tech

Today on the show, Liz Wheeler interviews Mike Benz, Executive Director of Foundation For Freedom Online about the deep state and the Cybersecurity and Infrastructure Security Agency, better known as CISA. SPONSORS: PREBORN: Your tax-deductible donation of twenty-eight dollars sponsors one ultrasound and doubles a baby's chance at life. How many babies can you save? Please donate your best gift today– just dial #250 and say the keyword, “BABY" or go to https://preborn.com/LIZ. KEKSI COOKIES: Mother's Day is coming up so don't wait—go to https://keksi.com right now and use code LIZ15 for an exclusive 15% discount. Your mom deserves the best—give her something she'll remember! Learn more about your ad choices. Visit megaphone.fm/adchoices

John is joined by former U.S. Cybersecurity and Infrastructure Security Agency director Chris Krebs to discuss the Trump 2.0 rollback of the nation's cyberdefenses—an interview taped just an hour before Trump ordered the Justice Department to investigate Krebs, who earned the president's enmity four years ago by declaring the 2020 election “the most secure in American history.” Krebs details the rapidly escalating and dramatically expanding threats posed by Chinese and Russian hackers to America's corporations, public and private infrastructure, and voting systems; how and why the administration is dismantling the agencies and programs designed to stave off those threats; and the potential risks to the security of our elections as a result of gutting CISA, the organization Krebs once led … and Trump himself signed into law. To learn more about listener data and our privacy practices visit: https://www.audacyinc.com/privacy-policy Learn more about your ad choices. Visit https://podcastchoices.com/adchoices