U.S. Cyberdefense Loses Its Head ⇥ wired.com

Lily Hay Newman, Wired, interviewed Easterly near the end of her time running CISA:

The timing couldn’t be worse for the nation to lose its top cybersecurity cop. A Beijing-linked group called Salt Typhoon spent months last year rampaging through American telecoms and siphoning call logs, recordings, text messages, and even potentially location data. Many experts have called it the biggest hack in US telecom history. Easterly and her agency unknowingly detected Salt Typhoon activity in federal networks early last year — warning signs that ultimately sped up the unraveling of the espionage campaign.

The work of banishing Chinese spies from victim networks isn’t over, but the walls are already closing in on CISA. Trump’s nominee to run the Department of Homeland Security, Kristi Noem, told a senate committee last week that CISA needs to be “smaller” and “more nimble.” And a day after the inauguration, all members of the Cyber Safety Review Board — who were appointed by Easterly and were actively investigating the Salt Typhoon breaches — were let go.

By “more nimble”, Noem means curtailing CISA’s work around misinformation and disinformation — work which has been wildly mischaracterized as engaging in censorship. These efforts include election security education, a role which was not appreciated by this administration four years ago.

Becky Bracken, Dark Reading:

In a letter dated Jan. 20, acting secretary of the Department of Homeland Security Benjamine C. Huffman said the move was meant to avoid a “misuse of resources,” and terminated all current memberships on advisory committees immediately.

Ryan Naraine, SecurityWeek:

The CSRB was established under President Joe Biden’s Executive Order (EO) 14028 on “Improving the Nation’s Cybersecurity” to study major cyber incidents and recommend improvements. Its members served in a volunteer capacity and did not have regulatory or enforcement authority.

The board conducted three investigations — the Log4Shell crisis, the high-profile Lapsus$ attacks and Microsoft’s Exchange Online breach — and gained the respect of security professionals for harshly calling out corporate and technical deficiencies at major corporations.

This is probably a pretty good time to be embedded in the communications infrastructure of an entire nation.