Latest news with #JenEasterly
Mint
23-06-2025
- Politics
- Mint
Here's how cyberwarfare takes centre stage in escalating Iran-Israel conflict, details report
As the war between Iran and Israel rages on with deadly missile exchanges and airstrikes, a quieter but equally volatile battleground has emerged in cyberspace, where both nations are deploying their digital arsenals in increasingly aggressive campaigns. What began as shadowy online skirmishes has now escalated into a full-fledged cyberwar, prompting warnings from security officials that the digital conflict may soon entangle the United States and its critical infrastructure, reported Politico. According to the publication, following recent US airstrikes on Iranian nuclear sites, cyber experts and government agencies are bracing for retaliatory attacks that could target American energy grids, water systems, and essential services. The US Department of Homeland Security's National Terrorism Advisory System has flagged a heightened threat environment, citing the possibility of low-level intrusions from pro-Iranian hacktivists and more sophisticated operations directed by Tehran's cyber units. 'Cyber is one of the tools of Iran's asymmetric warfare,' said Alex Vatanka, senior fellow at the Middle East Institute, the media outlet reported. 'They may not match Israel or the US in capability, but Iran has repeatedly used cyber tools to project power beyond its borders.' The US Cyber Command is reportedly assisting military operations, though details of its involvement remain classified. Meanwhile, the Cybersecurity and Infrastructure Security Agency (CISA) and former Director Jen Easterly have urged American firms to heighten their cyber defences, warning that Iranian groups may be preparing for attacks on civilian infrastructure akin to those seen in previous confrontations. Israel and Iran, both considered cyber powerhouses in their own right, have a long history of digital hostilities. In the wake of the October 2023 Hamas assault on Israel, the cyber dimension of the conflict took on a sharper edge. Iranian hackers breached an Israeli hospital last year, stealing sensitive patient data. In retaliation, Israeli operatives disrupted petrol distribution across Iran by hacking into its national fuel infrastructure. Last week, Israeli-linked group Predatory Sparrow claimed responsibility for cyberattacks on Iran's Bank Sepah and Nobitex, the country's largest cryptocurrency exchange. The group allegedly drained around $90 million and leaked source code files online. These incidents were accompanied by digital assaults on Iranian state media, some of which briefly broadcast anti-government messages before the Iranian regime initiated a nationwide internet shutdown that, as of Sunday, remained largely in effect. In response, Iranian officials have taken drastic measures, ordering top leaders to cease using internet-connected and mobile devices to mitigate further Israeli incursions. The government's paranoia is not unfounded, previous cyberattacks have targeted communication systems used by Hezbollah, Iran's Lebanon-based proxy, reportedly causing widespread damage and injuries. The media report added that despite Iran's resilience and retaliatory strikes, experts widely agree that Israel maintains a technological edge. 'The Iranians are improving, but they're not yet operating at the level of the Israelis or Americans,' said Vatanka. 'Cyber operations from Iran often aim to instil fear, sow confusion, and degrade morale rather than cause direct physical damage,' said John Hultquist, chief analyst at Google's Threat Intelligence Group. 'They're particularly focused on cyber espionage, tracking movement, intercepting communication, and identifying targets.'
Atlantic
19-06-2025
- Politics
- Atlantic
The Trojan Horse Will Come for Us Too
I stopped using my cellphone for regular calls and text messages last fall and switched to Signal. I wasn't being paranoid—or at least I don't think I was. I worked in the National Security Council, and we were told that China had compromised all major U.S. telecommunications companies and burrowed deep inside their networks. Beijing had gathered information on more than a million Americans, mainly in the Washington, D.C., area. The Chinese government could listen in to phone calls and read text messages. Experts call the Chinese state-backed group responsible Salt Typhoon, and the vulnerabilities it exploited have not been fixed. China is still there. Telecommunications systems aren't the only ones compromised. China has accessed enormous quantities of data on Americans for more than a decade. It has hacked into health-insurance companies and hotel chains, as well as security-clearance information held by the Office of Personnel Management. The jaded response here is All countries spy. So what? But the spectacular surprise attacks that Ukraine and Israel have pulled off against their enemies suggest just how serious such penetration can become. In Operation Spiderweb, Ukraine smuggled attack drones on trucks with unwitting drivers deep inside of Russia, and then used artificial intelligence to simultaneously attack four military bases and destroy a significant number of strategic bombers, which are part of Russia's nuclear triad. Israel created a real pager-production company in Hungary to infiltrate Hezbollah's global supply chains and booby-trap its communication devices, killing or maiming much of the group's leadership in one go. Last week, in Operation Rising Lion, Israel assassinated many top Iranian military leaders simultaneously and attacked the country's nuclear facilities, thanks in part to a drone base it built inside Iran. In each case, a resourceful, determined, and imaginative state used new technologies and data to do what was hitherto deemed impossible. America's adversaries are also resourceful, determined, and imaginative. Just think about what might happen if a U.S.-China war broke out over Taiwan. A Chinese state-backed group called Volt Typhoon has been preparing plans to attack crucial infrastructure in the United States should the two countries ever be at war. As Jen Easterly put it in 2024 when she was head of the Cyber and Infrastructure Security Agency (CISA), China is planning to 'launch destructive cyber-attacks in the event of a major crisis or conflict with the United States,' including 'the disruption of our gas pipelines; the pollution of our water facilities; the severing of our telecommunications; the crippling of our transportation systems.' The Biden administration took measures to fight off these cyberattacks and harden the infrastructure. Joe Biden also imposed some sanctions on China and took some specific measures to limit America's exposure; he cut off imports of Chinese electric vehicles because of national-security concerns. Biden additionally signed a bill to ban TikTok, but President Donald Trump has issued rolling extensions to keep the platform functioning in the U.S. America and its allies will need to think hard about where to draw the line in the era of the Internet of Things, which connects nearly everything and could allow much of it—including robots, drones, and cloud computing—to be weaponized. China isn't the only problem. According to the U.S. Intelligence Community's Annual Threat Assessment for this year, Russia is developing a new device to detonate a nuclear weapon in space with potentially 'devastating' consequences. A Pentagon official last year said the weapon could pose 'a threat to satellites operated by countries and companies around the globe, as well as to the vital communications, scientific, meteorological, agricultural, commercial, and national security services we all depend upon. Make no mistake, even if detonating a nuclear weapon in space does not directly kill people, the indirect impact could be catastrophic to the entire world.' The device could also render Trump's proposed 'Golden Dome' missile shield largely ineffective. Americans can expect a major adversary to use drones and AI to go after targets deep inside the United States or allied countries. There is no reason to believe that an enemy wouldn't take a page out of the Israeli playbook and go after leadership. New technologies reward acting preemptively, catching the adversary by surprise—so the United States may not get much notice. A determined adversary could even cut the undersea cables that allow the internet to function. Last year, vessels linked to Russia and China appeared to have severed those cables in Europe on a number of occasions, supposedly by accident. In a concerted hostile action, Moscow could cut or destroy these cables at scale. Terrorist groups are less capable than state actors—they are unlikely to destroy most of the civilian satellites in space, for example, or collapse essential infrastructure—but new technologies could expand their reach too. In their book The Coming Wave, Mustafa Suleyman and Michael Bhaskar described some potential attacks that terrorists could undertake: unleashing hundreds or thousands of drones equipped with automatic weapons and facial recognition on multiple cities simultaneously, say, or even one drone to spray a lethal pathogen on a crowd. A good deal of American infrastructure is owned by private companies with little incentive to undertake the difficult and costly fixes that might defend against Chinese infiltration. Certainly this is true of telecommunications companies, as well as those providing utilities such as water and electricity. Making American systems resilient could require a major public outlay. But it could cost less than the $150 billion (one estimate has that figure at an eye-popping $185 billion) that the House of Representatives is proposing to appropriate this year to strictly enforce immigration law. Instead, the Trump administration proposed slashing funding for CISA, the agency responsible for protecting much of our infrastructure against foreign attacks, by $495 million, or approximately 20 percent of its budget. That cut will make the United States more vulnerable to attack. The response to the drone threat has been no better. Some in Congress have tried to pass legislation expanding government authority to detect and destroy drones over certain kinds of locations, but the most recent effort failed. Senator Rand Paul, who was then the ranking member of the Senate Committee on Homeland Security and Governmental Affairs and is now the chair, said there was no imminent threat and warned against giving the government sweeping surveillance powers, although the legislation entailed nothing of the sort. Senators from both parties have resisted other legislative measures to counter drones. The United States could learn a lot from Ukraine on how to counter drones, as well as how to use them, but the administration has displayed little interest in doing this. The massively expensive Golden Dome project is solely focused on defending against the most advanced missiles but should be tasked with dealing with the drone threat as well. Meanwhile, key questions go unasked and unanswered. What infrastructure most needs to be protected? Should aircraft be kept in the open? Where should the United States locate a counter-drone capability? After 9/11, the United States built a far-reaching homeland-security apparatus focused on counterterrorism. The Trump administration is refocusing it on border security and immigration. But the biggest threat we face is not terrorism, let alone immigration. Those responsible for homeland security should not be chasing laborers on farms and busboys in restaurants in order to meet quotas imposed by the White House.
Yahoo
06-06-2025
- Business
- Yahoo
Jen Easterly to Keynote 2025 Hybrid Identity Protection Conference
Easterly joins identity-first defenders at the award-winning conference, October 7–9 in Charleston, SC HOBOKEN, N.J., June 6, 2025 /PRNewswire/ -- Semperis, a leader in AI-powered identity security and cyber resilience, today announced that Jen Easterly, former Director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA), will keynote the Hybrid Identity Protection Conference (HIP Conf), taking place October 7-9 in Charleston, SC. A globally recognized leader in cybersecurity and national defense, Easterly led CISA through a transformative period—scaling it into a $3 billion agency with over 10,000 personnel and establishing it as a cornerstone of U.S. cyber defense. A combat veteran, former Morgan Stanley executive, and cybersecurity pioneer, Easterly brings decades of experience at the intersection of security, technology, and resilience. "Defenders working in hybrid identity environments set the standard for resilience in a world where adversaries move fast and trust is everything," said Easterly. "We are in an era where adversaries exploit every weakness and identity is the first and last line of defense. I am looking forward to joining this community at the upcoming HIP Conf." HIP Conf is the premier global event for identity-first defenders, uniquely focused on securing hybrid and multi-cloud environments. This year's Semperis' conference will deliver the latest in identity threat detection and response (ITDR); Active Directory, Entra ID, and Okta security; and building operational resilience in a rapidly evolving threat landscape. The 2025 program features a robust lineup of technical sessions and strategic insights from dozens of leaders across industry, government, and academia. Key sessions include: What's New, What's Next? Active Directory Roadmap – Linda Taylor, Principal Software Engineer, Microsoft A Quarter Century, a Quarter Million Breaches: AD Security & Incident Response in 2025 – Michael Van Horenbeeck, CEO, The Collective The State of Identity Security 2026 – Henrique Teixeira, SVP, Strategy, Saviynt, and David Lee, Field CTO, Saviynt Beyond Backups: Practical Steps to Build Operational Resilience – Ben Cauwel, Head of Cyber Security, Capgemini From Hybrid to Full Cloud: Is It Right for You? – Joe Kaplan, Security Delivery Associate Director, Accenture Demystifying Managed Service Accounts: Best Practices & Security Measures to Reduce Risk – Jorge De Almeida Pinto, Senior Incident Response Lead, Semperis Additional speakers and sessions to be announced. Longtime HIP advocate Alex Weinert, Chief Product Officer at Semperis and former VP of Identity Security at Microsoft, returns to the stage for his third consecutive year. "Identity is the new security perimeter, and as organizations modernize their infrastructure, they need to stay ahead of increasingly complex identity-based attacks," said Weinert. "HIP continues to be a go-to event for real-world strategies and community connections. We're proud to be leading this important global conversation." Unlike broader cybersecurity conferences, HIP Conf is purpose-built for practitioners managing and defending hybrid identity environments. The event fosters long-term collaboration, community, and real-world knowledge sharing that continues well beyond the conference. For more information and to register for HIP Conf 25, visit: About the Hybrid Identity Protection Conference Mobile workforces, cloud applications, and digitalization are changing every aspect of the modern enterprise. With radical transformation comes new business risks. The Hybrid Identity Protection Conference (HIP Conf) is the premier educational forum for identity-centric practitioners. Whatever the industry sector or job function, HIP strives to provide its community with the insights and relationships needed to enable and protect today's digitally driven organizations. Learn more about HIP Conf 25 via our social media feeds: X / LinkedIn / Facebook About Semperis Semperis protects critical enterprise identity services for security teams charged with defending hybrid and multi-cloud environments. Purpose-built for securing hybrid identity environments—including Active Directory, Entra ID, and Okta—Semperis' AI-powered technology protects more than 100 million identities from cyberattacks, data breaches and operational errors. As part of its mission to be a force for good, Semperis offers a variety of cyber community resources, including the award-winning Hybrid Identity Protection (HIP) Conference, HIP Podcast, and free identity security tools Purple Knight and Forest Druid. Semperis is a privately owned, international company headquartered in Hoboken, New Jersey, supporting the world's biggest brands and government agencies, with customers in more than 40 countries. Learn more: Follow us: Blog / LinkedIn / X / Facebook / YouTube Media Contact:Bill KeelerSenior Director, PR & Commsbillk@ View original content to download multimedia: SOURCE Semperis Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Yahoo
06-06-2025
- Business
- Yahoo
Jen Easterly to Keynote 2025 Hybrid Identity Protection Conference
Easterly joins identity-first defenders at the award-winning conference, October 7–9 in Charleston, SC HOBOKEN, N.J., June 6, 2025 /PRNewswire/ -- Semperis, a leader in AI-powered identity security and cyber resilience, today announced that Jen Easterly, former Director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA), will keynote the Hybrid Identity Protection Conference (HIP Conf), taking place October 7-9 in Charleston, SC. A globally recognized leader in cybersecurity and national defense, Easterly led CISA through a transformative period—scaling it into a $3 billion agency with over 10,000 personnel and establishing it as a cornerstone of U.S. cyber defense. A combat veteran, former Morgan Stanley executive, and cybersecurity pioneer, Easterly brings decades of experience at the intersection of security, technology, and resilience. "Defenders working in hybrid identity environments set the standard for resilience in a world where adversaries move fast and trust is everything," said Easterly. "We are in an era where adversaries exploit every weakness and identity is the first and last line of defense. I am looking forward to joining this community at the upcoming HIP Conf." HIP Conf is the premier global event for identity-first defenders, uniquely focused on securing hybrid and multi-cloud environments. This year's Semperis' conference will deliver the latest in identity threat detection and response (ITDR); Active Directory, Entra ID, and Okta security; and building operational resilience in a rapidly evolving threat landscape. The 2025 program features a robust lineup of technical sessions and strategic insights from dozens of leaders across industry, government, and academia. Key sessions include: What's New, What's Next? Active Directory Roadmap – Linda Taylor, Principal Software Engineer, Microsoft A Quarter Century, a Quarter Million Breaches: AD Security & Incident Response in 2025 – Michael Van Horenbeeck, CEO, The Collective The State of Identity Security 2026 – Henrique Teixeira, SVP, Strategy, Saviynt, and David Lee, Field CTO, Saviynt Beyond Backups: Practical Steps to Build Operational Resilience – Ben Cauwel, Head of Cyber Security, Capgemini From Hybrid to Full Cloud: Is It Right for You? – Joe Kaplan, Security Delivery Associate Director, Accenture Demystifying Managed Service Accounts: Best Practices & Security Measures to Reduce Risk – Jorge De Almeida Pinto, Senior Incident Response Lead, Semperis Additional speakers and sessions to be announced. Longtime HIP advocate Alex Weinert, Chief Product Officer at Semperis and former VP of Identity Security at Microsoft, returns to the stage for his third consecutive year. "Identity is the new security perimeter, and as organizations modernize their infrastructure, they need to stay ahead of increasingly complex identity-based attacks," said Weinert. "HIP continues to be a go-to event for real-world strategies and community connections. We're proud to be leading this important global conversation." Unlike broader cybersecurity conferences, HIP Conf is purpose-built for practitioners managing and defending hybrid identity environments. The event fosters long-term collaboration, community, and real-world knowledge sharing that continues well beyond the conference. For more information and to register for HIP Conf 25, visit: About the Hybrid Identity Protection Conference Mobile workforces, cloud applications, and digitalization are changing every aspect of the modern enterprise. With radical transformation comes new business risks. The Hybrid Identity Protection Conference (HIP Conf) is the premier educational forum for identity-centric practitioners. Whatever the industry sector or job function, HIP strives to provide its community with the insights and relationships needed to enable and protect today's digitally driven organizations. Learn more about HIP Conf 25 via our social media feeds: X / LinkedIn / Facebook About Semperis Semperis protects critical enterprise identity services for security teams charged with defending hybrid and multi-cloud environments. Purpose-built for securing hybrid identity environments—including Active Directory, Entra ID, and Okta—Semperis' AI-powered technology protects more than 100 million identities from cyberattacks, data breaches and operational errors. As part of its mission to be a force for good, Semperis offers a variety of cyber community resources, including the award-winning Hybrid Identity Protection (HIP) Conference, HIP Podcast, and free identity security tools Purple Knight and Forest Druid. Semperis is a privately owned, international company headquartered in Hoboken, New Jersey, supporting the world's biggest brands and government agencies, with customers in more than 40 countries. Learn more: Follow us: Blog / LinkedIn / X / Facebook / YouTube Media Contact:Bill KeelerSenior Director, PR & Commsbillk@ View original content to download multimedia: SOURCE Semperis Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Epoch Times
06-05-2025
- Politics
- Epoch Times
China's Cybersecurity ‘Pearl Harbor' Against America: ‘Everything, Everywhere, All at Once'
Originally published by Commentary China's multidimensional war against U.S. interests is already underway and well-documented. One underappreciated dimension of its attack on American primacy, however, is the arena of cybersecurity. For decades, Communist China's spies, hackers and businessmen have feasted on the In the last two years, however, the Chinese Communist Party's (CCP) cyber-attacks against America have These changes in the CCP's cyber offensive on America consist of two basic capabilities. Related Stories 4/22/2025 4/18/2025 The newer capability is China's comprehensive data-collection operation, given the title of 'Salt Typhoon' by Microsoft, and known by other names, such as ' China is also simultaneously The second revolutionary advance in China's offensive cyber-warfare capabilities that target U.S. interests is more deadly. It threatens a Pearl Harbor-magnitude attack on America. ' Then U.S. Rep. Mike Waltz, shortly before he was appointed National Security Advisor, stated in an '[W]e have been, over the years, trying to play better and better defense when it comes to cyber. We need to start going on offense and start imposing, I think, higher costs and consequences to private actors and nation state actors that continue to steal our data, that continue to spy on us, and that even worse, with the Volt Typhoon penetration, that are literally putting cyber time bombs on our infrastructure, our water systems, our grids, even our ports.' China could The gravity of this weaponization of cyberspace at the strategic level has been Volt Typhoon is devised to create chaos in the United States. Jen Easterly, former head of the US Cybesecurity and Infrastructure Security Agency, If China is successful in placing undiscovered and undefused malware that is capable of disabling critical infrastructure in the United States, the result would most likely be the complete loss of confidence in America's ability to protect 'Free Asia' or anyone else, and enabling China to be closer to achieving its goal of ruling in the Indo-Pacific region, which it appears to see as the The Trump Administration's plan of action would do well to include massive arms deliveries to Taiwan and encouraging the island democracy to move to a war footing. President Donald Trump has already sent Trump might also convene a cabinet meeting to assure that all aspects of American public and private capabilities should be mobilized to build resiliency in critical national infrastructure, while simultaneously examining U.S. cyberspace vulnerabilities. The United States also might also go on the offense and target China's critical national infrastructure, perhaps starting with the Cyberspace Administration of China? Views expressed in this article are opinions of the author and do not necessarily reflect the views of The Epoch Times.
