 |
|
|
|||||
Weve had many, many threats against our nation, President Trump said in the Oval Office in November 2018, as he announced the creation of the Cybersecurity and Infrastructure Security Agency (CISA). Now were putting people that are the best in the world in charge, he said, and I think were going to have a whole different ball game. Eight years later, his second administration is ripping up parts of the countrys cyber playbook and taking many of its best players off the field, from threat hunters and election defenders at CISA to the leader of the NSA and Cyber Command. Amid a barrage of severe attacks like Volt Typhoon and rising trade tensions, lawmakers, former officials, and cyber professionals say that sweeping and confusing cuts are making the country more vulnerable and emboldening its adversaries. There are intrusions happening now that we either will never know about or won’t see for years because our adversaries are undoubtedly stepping up their activity, and we have a shrinking, distracted workforce, says Jeff Greene, a cybersecurity expert who has held top roles at CISA and the White House. The dismissals and budget cuts have eliminated hundreds of workers and jeopardized dozens of initiatives that help protect machines, networks, and individuals across the U.S. Most of the cuts are at CISA, which sits under the Department of Homeland Security and partners with the public and private sectors to defend grids, banks, networks, and other critical industries. Its also responsible for protecting elections from hackers and foreign influence campaigns, efforts the President and Republicans have long accused of political censorship. Around 400 positions at the Dept. of Homeland Security have been cut so far, and in total, 1,300 jobs could be cut at CISA, or over a third of the agency’s workforce. Some of the earliest cuts hit contractors and probationary employees at CISA, eliminating an elite slate of experts recently hired through a new program geared toward attracting more talent from the private sector. (After a judge ordered the probationary workers to be rehired, the agency immediately placed them on administrative leave.) They got rid of some of our best cyber talent, says another veteran federal cyber official, speaking anonymously to avoid retribution. It’s fucking ridiculous. Many anticipated CISA would face heavy scrutiny under Trump 2.0, especially for its election security work. During her confirmation hearing, DHS chief Kristi Noem said the agency had gone off-mission with its work on elections and disinformation, and that she intends to make CISA smaller and more nimble. (Project 2025 called for closing the agency and moving what remains to the Dept. of Transportation.) But the cuts at CISA have extended to programs beyond election integrity, impacting much of what sits outside of the agency’s most basic mission of protecting .gov networks. More broadly, the cuts align with a February executive order that seeks to delegate the bulk of responsibility for disaster preparedness and response, “including cyber attacks, wildfires, hurricanes, and space weather,” to state and local governments. At the same time, the cuts are targeting programs that help cash-strapped states, small businesses and infrastructure operators defend their growing networks. The White House has cut resources around a key cybersecurity grant program that states have been clamoring for, and curtailed support for threat-advisory groups that assist states with network vulnerabilities, critical infrastructure, and election security. State and local cyber officials are worried the cuts will impact their ongoing efforts to fend off cyberattacks. According to a report published Tuesday by the U.S. Government Accountability Office, some government agencies say they will be unable to sustain their cybersecurity initiatives without the federal funding, which is up for reauthorization by Congress this year. While I can understand [shifting more responsibility to states] in theory, it is a little concerning because we don’t really know what the plan is, says Alex Whitaker, director of government affairs for the National Association of State Chief Information Officers. “States and localities are already on the front lines, and these are services they rely on.” Also shut down are CISAs advisory boards focused on safety, AI, and telecommunications, which were conducting investigations into the China-linked hacking group Salt Typhoon and other ongoing threats. These were abruptly disbanded as part of an effort ensuring that DHS activities prioritize our national security, as an administrator wrote in an internal memo. Last week, two senior CISA officials who were leading its Secure by Design effortaimed at making security core to the way our software is builtleft the agency, adding to a number of other departures, and putting the initiative in jeopardy. “We’re undoing a lot of really good work that frankly was started under Trump 1, says a former federal cyber official. Enter revenge politics Amid the wave of efficiency-related cuts to cybersecurity, other decisions have cast a partisan shadow over a set of threats that are stubbornly indifferent to politics. In an April 9 memo, Trump called for an investigation into CISAs founding director, Chris Krebs, who earned the presidents ire in 2020 when he declared that the election was secure. The memo also demanded a comprehensive evaluation of all of CISAs activities over the last 6 years. On Monday, a public statement signed by hundreds of prominent cybersecurity professionals and academics condemned what they described as political retaliation. Chris did the best he could in a difficult time, and he deserves our thanks not our anger, says Greene. Right now, to see what’s happening to the cybersecurity community inside the federal government, we should be outraged, Krebs, a lifelong Republican, said at the RSA Conference this week. Absolutely outraged. Earlier in the month, Trump shocked the national security world when he abruptly fired Gen. Timothy Haugh, director of the National Security Agency and Cyber Command, and reassigned his deputy, without explanation. Some experts speculated the move could be part of a larger plan to split the leadership of NSA and Cyber Command, which are responsible for intelligence and military missions respectively. The right-wing influencer Laura Loomer, who visited the White House the day before, said the dismissals were related to questions about loyalty. Russia and China are laughing at us because we just fired the absolute best leaders, Rep. Don Bacon, R-Nebraska, a member of the Armed Services Committee, told Face the Nation. The firing of Gen. Haughan experienced four-star general with decades of experience in cyberspacereally caught me off-guard, one former CISA official says. Those things have a morale impact thats really hard to quantify. CISA, too, lacks a permanent leader. This month Sen. Ron Wyden, D-Ore, announced he was blocking the confirmation of Trumps nominee to lead the agency, Sean Plankey, a veteran of the Pentagon and DHS, over CISAs years-long refusal to release information regarding a vulnerability in global telecom networks. In a statement, Wyden, a member of the Senate Intelligence Committee, blamed the White House for weakening CISA and the countrys defenses. Trump is kneecapping our countrys ability to defend itself against cyberattacks by disarming our countrys cybersecurity defenses and purging experienced professionals, he said. From firing General Haugh, disbanding the Cyber Safety Review Board and preparing to slash the cybersecurity workforce at CISA, Trump is rolling out a digital red carpet to hackers from China and other adversary nations,” he added. Some of the cyber decisions may reflect a push by Trump White House cyber officials toward a more offensive, deterrent posture. But former officials have worried the strategy could come at the expense of defense, and that its emphasis appears to be focused more heavily on China than on Russia. One signal came in early March, when the Defense Secretary ordered Gen. Haugh at Cyber Command to temporarily pause offensive operations against Russia, amid negotiations with the Kremlin over Ukraine, as The Record and other outlets reported. Some experts at CISA were also directed to focus on adversaries other than Russia, sources told the Washington Post. The Pentagon later denied it had halted its cyber operations, according to Bloomberg, but the reports still chilled security experts, who say Russia remains a major cyberthreat to the U.S. “If we’re dialing it back on hacking Russia, I think we have a high likelihood of seeing ransomware incidents go up against American companies and everybody else, says one former White House cyber official. In response to questions about specific cuts and the country’s cyber posture, a CISA spokesperson says in an email that the agency was designed to work across public and private sectors to improve the nations cybersecurity, which demands more agility, flexibility, and innovation than traditional government organizations have allowed. CISA continuously evaluates how we work with partners and takes decisive action to maximize impact while being good stewards of taxpayer dollars and aligning with Administration priorities and our authorities, they added. One Trump White House official, U.S. chief information officer Greg Barbaccia, struck a rare note of caution last month, when he urged federal agencies to refrain from laying off cybersecurity teams as they raced to complete mass layoffs. We believe cybersecurity is national security and we encourage Department-level Chief Information Officers to consider this when reviewing their organizations, he wrote in an email to IT employees across the federal government. Even CISAs defenders acknowledge bureaucratic inefficiencies that hamper cyber defense. But they say Trumps cuts are reckless and tainted by politics. Apart from upsetting cyber readiness, the upheaval and anxiety inside CISA could make it harder for the government to attract and retain top cyber talent, especially amid a severe talent shortage. It’s not good for bringing the best and the brightest into government, if you’re creating this environment of fear, says the former White House official. People that we know will only respond to us on personal Signal, and they won’t even talk to anybody outside of government, because they’re so terrified of what the Trump people are doing, they added. The administrations handling of sensitive data has raised a separate set of cyber alarms. Even before Signalgate and a slew of personal phones exposed military plans, the Department of Government Efficiencys (DOGE) handling of government data, including on millions of Americans, prompted a slew of lawsuits. Meanwhile, one of two DOGE employees detailed to CISA is Edward Coristine, a college student who has been linked with a cybercrime gang and was suspected by an employer, cybersecurity firm Path Network, of leaking proprietary information to a competitor. Coristine did not respond to a request for comment. ‘Very concerning’ at the local level For years, CISA has offered free services and consultations to states and municipalities that struggle to hire their own IT and cyber experts. State and local governments, K-12 schools, and critical infrastructure facilities are often short on resources and have limited tolerance for downtime, making them a top target for cyberattackers. fficials from every party have also expressed gratitude for CISAs help protecting elections, adopted the agencys recommendations, and sought out its services. “Your IT person is a city council member; he or she is mowing the lawn and they’re also doing all the IT stuff, says Whitaker. There’s never enough resources.” But soon, layoffs are expected to decimate the units at CISA primarily responsible for much of this work. Cuts are expected at the Integrated Operations Division, which coordinates CISA operations at the regional level and helps respond to incidents that impact critical infrastructure, and at the Stakeholder Engagement Division, which helps coordinate national and global information sharing and helps local governments, companies, and other organizations protect critical infrastructure. The National Risk Management Center (NRMC), which coordinates risk analysis for cyber and critical infrastructure, is also expected to see significant cuts. In March the administration also eliminated an inter-state threat-advisory organization focused on election threats, and placed on leave dozens of personnel who work on combating foreign election disinformation. At the FBI, Attorney General Pam Bondi also dissolved a task force focused on foreign influence around U.S. elections. And the State Department has put dozens of employees who tracked global disinformation on leave, closing the operation that had publicized the spread of Chinese and Russian propaganda. Cuts have also impacted a separate threat sharing program, the Multi-State Information Sharing and Analysis Center (MS-ISAC). Some of its work will continue, including support for an intrusion detection system geared toward government networks. But other services have been decimated, including stakeholder engagement, cyber threat intelligence, and cyber incident response. Cuts to the MS-ISAC are “very concerning,” Whitaker says. MS-ISAC is considered “one of the best tools that states have to figure out where the threats are coming from.” The New York-based nonprofit that runs the program has said it will continue its efforts with more limited funding in the short-term. The group recently issued two advisories about vulnerabilities and patches, which was the first time it had done so in more than a month. States also stand to lose millions in vital cyber funds. In 2021, Congress created a four-year, $1 billion cybersecurity grant program for state and local governments. Since then, every state but one has taken advantage of the funds to back initiatives like deploying intrusion-monitoring software, securing websites, and teaching cyber hygiene, with states required to direct at least 80% of their grant awards to cash-strapped local governments. In Connecticut in 2022, more than 100 communities requested a combined $12 million, far more than the states $2.7 million allotment from Washington, its CIO told the House Subcommittee on Cybersecurity and Infrastructure Protection at a March hearing. The federal funding is not big,” says Whitaker, “but its essential.” The grant program expires next September, however, leaving its fate in the hands of a GOP-controlled Congress, and DHS chief Kristi Noem, whose state was the only one in the country not to take the federal cyber funds. And the funding is already in jeopardy. The White House recently cut staff at CISA and FEMA who manage the State and Local Cybersecurity Grant Program, and an Office of Management and Budget memo that went into effect in January directs federal agencies to temporarily pause all activities related to obligations or disbursement of all Federal financial assistance, including dozens of cybersecurity-specific federal grant programs and other federal grants that can help bolster cyber defenses. A federal judge temporarily halted the order the same day. The prospect of state governments shouldering more responsibility for cybersecurity has rattled some state officials, who operate on often razor-thin budgets, and are already eyeing cuts to technical and fiscal support. States have tools, but states need the federal government to lead on coordination, unification and major incident response, adds Colin Ahern, the chief cyber officer for New York State. We think that one of the things that only the feds can really do is this information sharing and operational collaboration. A retreat by Washington is also prompting companies to reevaluate their own defenses, according to Danny Rogers, CEO of iVerify, which partnered with CISA last year on a security toolkit for communities at higher risk of cyberattack. The cuts, he said, suggest that you’re really not going to be able to rely on the government to have your back anymore.” The effects wont be immediately evident. “Its a boil the frog thing, he added, where we’re going to wake up one day and realize there’s a lot more catastrophe and a lot less capacity to deal with it.” To discuss this or share more information, you reach me securely on Signal at alex.265 or at apasternack@fastcompany.com.
Category:
E-Commerce
4.5 billion years ago the Sun was formed in a swirling cloud of dust and gas called the Solar Nebula. In a paper published by Nature Astronomy journal on April 28th, a team of internationally collaborating scientists proved that another giant molecular cloud hangs only 300 light-years awaymaking it the closest cloud to Earth. The cloud, named Eos after the Greek goddess of dawn, is so massive that its width would measure about 40 moons side-by-side and its mass is 3,400 times that of the Sun. This thing was pretty much in our cosmic backyard, and weve just missed it, says astrophysicist and study coauthor Thomas Haworth in an interview with CNN. Why has it taken scientists so long to detect Eos? Molecular clouds are usually detected by tracking light emitted by their carbon monoxide content. For example, the Orion Nebula, which was previously thought to be the closest star forming cloud to Earth, is so bright that its visible to the naked eye as a fuzzy smudge under Orions Belt. However, this only really works for clouds that have already produced stars. Clouds like Eos that have not yet created any stars do not contain much carbon monoxide. Eos is mostly hydrogen, so it does not emit the signature that scientists typically look for. Because of this, the researchers found Eos by tracking ultraviolet emissions from the hydrogen using data from the Korean STSAT-1 satellite. A spectrograph on the satellite split the ultraviolet light into a spectrum of wavelength components that the researchers were able to analyze. This is the first-ever molecular cloud discovered by looking for far ultraviolet emission of molecular hydrogen directly, says lead study author Dr. Blakesley Burkhart in a news release. The data showed glowing hydrogen molecules detected via fluorescence in the far ultraviolet. This cloud is literally glowing in the dark. Could Eos make new stars? Stars are formed when clumps of gas and dust in molecular clouds reach a critical mass and then collapse into their own gravity, sucking in more nearby material. Large molecular clouds can birth thousands of protostars. But Eos might be dispersing too quickly to ever produce its own stars. The researchers calculated that the cloud will be destroyed in 5.7 million years’ time. They also calculated the clouds photodissociation rate to be around three times the regions star-formation rate. Even if Eos may never birth a new star, it will provide researchers much deeper insight into the ways that molecular clouds form and dissociate. When we look through our telescopes, we catch whole solar systems in the act of forming, but we dont know in detail how that happens, says Burkhart. Our discovery of Eos is exciting because we can now directly measure how molecular clouds are forming and dissociating, and how a galaxy begins to transform interstellar gas and dust into stars and planets. Not to mention, that using the new far-ultraviolet fluorescence emission technique could allow scientists to uncover previously hidden clouds across the galaxy.
Category:
E-Commerce
A long-delayed project promising nonstop rail service between San Francisco and Los Angeles in under three hours may be able to secure the private funding it desperately needs if California agrees to pay the investors back, its chief executive told The Associated Press. Ian Choudri, who was appointed CEO of the California High-Speed Rail Authority in August, is tasked with reinvigorating the nation’s largest infrastructure project amid skyrocketing costs and new fears that the Trump administration could pull $4 billion in federal funding. We started this one, and we are not succeeding, Choudri said, describing what drew him to the job after work on high-speed systems in Europe. That was the main reason for me to say, ‘Lets go in, completely turn it around, and put it back to where it should have been. Fix all the issues, get the funding stabilized, and demonstrate to the rest of the world that when we decide that we want to do it, we actually will do it.’ Voters first approved $10 billion in bond money in 2008 to cover about a third of the estimated cost with a promise the train would be up and running by 2020. Five years past that deadline, no tracks have been laid, and Choudri acknowledges it may take nearly two more decades to complete most of the San Francisco-to-Los Angeles segment, even if funding is secured. Funding woes The project’s price tag now exceeds $100 billion, more than triple the initial estimate. It has mostly been funded by the state through the voter-approved bond and money from the states cap-and-trade program. A little less than a quarter of the money has come from the federal government. The authority has already spent about $13 billion. The state is now out of bond money, and officials need to come up with a financing plan for the Central Valley segment by mid-2026, according to the inspector generals office overseeing the project. The managers of the project were in trouble from the very beginning because they never had the financingcertainly not stable and predictable financingthat they would have needed to manage the project efficiently, said Lou Thompson, who led a peer review group that analyzes the states high-speed rail plans. Losing money from the federal government would require a real hard rethinking of what do we do to survive the next four years, he said. Rail leaders are in talks with Gov. Gavin Newsoms administration and state lawmakers on what will be needed to secure private investment, Choudri said, adding that without the private sector money the state may have to take out federal loans or issue new bonds. At an industry forum in January, private investors expressed interest in the project but need some form of security, he said. Choudri is pushing Newsom and lawmakers to consider a program that would eventually commit the state to paying back private investors, possibly with interest. That would give the state more time to cover the cost. Legislative Democrats say they remain hopeful for the projects future. But they havent unveiled any proposals yet this year in the state Legislature to set aside additional funding and have resisted spending more money on the project in the past. Choudri plans to provide lawmakers this summer with an updated timeline and price tag. An ambitious vision Choudri aims to fulfill the original vision of building a pioneering systemalready common in Europe and Asiathat spurs economic growth, curbs planet-warming emissions from cars and planes, and saves drivers hours on the road. At speeds up to 220 miles (354 kilometers) per hour, it would be the nation’s fastest way to travel by ground. Amtraks Acela train transports passengers at speeds up to 150 miles (241 kilometers) per hour to major cities including New York, Boston, and Philadelphia. Another rail line in Florida, operating at speeds up to 125 miles (201 kilometers) per hour, shuttles people from Orlando to Miami. Construction is underway for a mostly privately funded high-speed system to carry riders from Las Vegas to Southern California. California’s construction is far from completion. Of the 119 miles (192 kilometers) of construction underway in the Central Valley, only a 22-mile (35-kilometer) stretch is ready for the track-laying phase, which isnt set to start until next year. Finishing the line in the Valley is just the first step. Next, the train has to extend north toward the San Francisco Bay Area and south toward Los Angeles. Choudri’s goal within the next 20 years is to build to Gilroy, about 70 miles (113 kilometers) southeast of San Francisco. Under current public transit, it would then take at least one more train transfer to get into the city. Southward, he envisions building to Palmdale, 37 miles (60 kilometers) northeast of Los Angeles. From there, it takes more than one hour to drive or two hours on an existing train line to reach Los Angeles. In the ideal world, you can take the 500 miles, build it in your warehouse and then just drop it, and everybodys happy,” Choudri said. But the programs are never built like that. You build incrementally, and thats what were doing right now. Doubts for the future Critics say the project will never be completed and may leave towering and unusable infrastructure stretching through the state’s agricultural heartland. More than 50 structures have already been built, including underpasses, viaducts, and bridges to separate the rail line from existing roadways for safety. Weve now spent billions of dollars and really no tracks have been laid, said Republican state Sen. Tony Strickland, who is vice chair of the Senate Transportation Committee. Doug Verboon, chair of the Kings County Board of Supervisors, who has fought the High-Speed Rail Authority in court over farmers’ loss of land due to the project, said the people who should be most upset by delays are its longtime supporters. It doesnt seem to me like the state government is in a hurry to finish it,” he said. Sophie Austin, Associated Press/Report for America
Category:
E-Commerce
All news |
||||||||||||||||||
|
||||||||||||||||||