30-06-2025
Asleep at the cyber wheel
With help from Maggie Miller and John Sakellariadis
Driving the day
— Amid increased threats from Iranian hackers, lawmakers worry the Trump administration's cuts to federal cyber agencies have left critical infrastructure vulnerable.
HAPPY MONDAY, and welcome to MORNING CYBERSECURITY! To properly decompress from a long week, I like to turn to home-decorating shows. I recently discovered 'Decorating Cents,' a home improvement show from the '90s where host Joan and her co-conspirator of the week take a boring room and somehow make it worse. I can't recommend it enough.
Follow POLITICO's cybersecurity team on X at @RosiePerper, @johnnysaks130, @delizanickel and @magmill95, or reach out via email or text for tips. You can also follow @POLITICOPro on X.
Want to receive this newsletter every weekday? Subscribe to POLITICO Pro. You'll also receive daily policy news and other intelligence you need to act on the day's biggest stories.
Happening This Week
On Wednesday… The Election Assistance Commission holds a virtual meeting of the U.S. Election Assistance Commission technical development committee to discuss the draft of the Voluntary Voting System Guidelines 2.1 and the executive order to protect the integrity of American elections. 1 p.m.
On The Hill
DEEP CUT — Cyber experts and industry groups have been warning about the increased cybersecurity risks to U.S. networks since tensions erupted between Iran and Israel earlier this month. These concerns were heightened after the U.S. waded into the conflict by striking Iranian nuclear facilities directly last weekend.
While a shaky U.S.-mediated ceasefire persists between Israel and Iran for now, lawmakers and former U.S. cyber officials are worried that U.S. networks remain vulnerable to threats from Iran due to the Trump administration's massive cuts to federal cyber agencies — particularly CISA, which was set up to protect U.S. critical infrastructure.
'Iranian cyber actors threaten critical infrastructure like water systems, power grids and hospitals — essential services that keep our communities running,' said Sen. Gary Peters (Mich.), the top Democrat on the Senate Homeland Security Committee, in a statement to MC. 'At a time when cybersecurity threats are only continuing to grow, the Trump administration's decision to cut staff at our lead cybersecurity agency puts us further at risk.'
— What's the plan?: Frustrations are mounting on Capitol Hill over the Trump administration's role in the conflict with Iran and the inadequate protections to U.S. critical systems.
The Trump administration briefed the House and Senate late last week on the latest intel related to Iran. A House staffer, granted anonymity to discuss the details of the classified briefing, told MC that cyber threats were not discussed during the briefing.
Rep. Bennie Thompson (D-Miss.), ranking member of the House Homeland Security Committee, noted in a statement on Friday after the briefing that the DHS, the FBI and ODNI were 'noticeably absent' from the briefing. DHS warned last week of increased threats of 'low-level cyber attacks against US networks' by pro-Iranian hackers, while the FBI has reportedly reallocated resources from immigration enforcement to counter terrorism and cybersecurity in the aftermath of the strike.
'We are sensitive to any type of cyber activity that would impact our critical infrastructure, and right now we are certainly on heightened alert,' Sen. Mike Rounds (R-S.D.), the chair of the Senate Armed Services Committee's cyber panel, said in a statement to MC last week.
— Missing leaders: These concerns are amplified by the lack of leadership at U.S. cyber agencies reeling from cuts to personnel and programs.
Both CISA and the Office of the National Cyber Director remain without a Senate-confirmed leader at the helm.
Rep. Eric Swalwell (D-Calif.), ranking member of the House Homeland Security Committee's cyber subcommittee, said at an Axios event in Washington on Thursday that the cyber threats from Iran 'should be a shield's up moment for CISA to project out to the cyber community.'
'We haven't seen that,' he said. 'I don't know if that's an intentional decision, or if it's because there is a lack of resources or a lack of Senate-confirmed individuals across our cybersecurity resources. That doesn't mean that Iran is any less capable or willing to hit us.'
CISA — alongside the FBI, NSA and the Pentagon's Cyber Crime Center — finally released an updated fact sheet Sunday afternoon about the cyber threats to U.S. networks posed by Iranian-linked hackers.
'Over the past several months, Iranian-aligned hacktivists have increasingly conducted website defacements and leaks of sensitive information exfiltrated from victims,' the advisory said. 'These hacktivists are likely to significantly increase distributed denial of service campaigns against U.S. and Israeli websites due to recent events.'
— Filling the gap: The cybersecurity community has stepped up to monitor and protect critical networks from harm, while federal outreach has lagged.
Maggie reported that operators of critical infrastructure entities have turned to information sharing and analysis centers and other cyber firms and organizations for threat intelligence.
As the private sector continues to fill the void, lawmakers are calling on the federal government to step up while the threats continue to grow.
'The current conflict with Iran might be taking place overseas, but that doesn't stop adversaries from working to target Americans in cyberspace,' said Rep. Mark Green (R-Tenn.), chair of the House Homeland Security Committee, in a statement last week. 'The federal government must ensure private owners and operators are prepared to combat nation-state threats, because industry can't counter these threats alone.'
On The Hill
POSTHUMOUS POSTING — The accounts for recently deceased lawmakers continue to post on social media, highlighting a gap in policy on how to keep tabs on who has access to the accounts.
POLITICO's Giselle Ewing reported on Saturday that people on former Rep. Gerry Connolly's (D-Va.) mailing list reportedly continued receiving emails from his campaign encouraging Virginians to vote in a special election — though Connolly died last month.
— Recordkeeping nightmare: There is no official process for handing off control of lawmakers' social media accounts if they die while in office, according to Zack Brown, the communications director for Rep. Don Young (R-Alaska) when he died in office in March 2022.
While the process of physically closing down Young's office was 'meticulous,' with everything from the lawmaker's office requiring logging, the 'digital aspect of it was completely ignored,' he said.
Brown cautioned that a lack of procedure for how to handle a dead official's social media accounts poses security risks that would normally be unthinking for physical recordkeeping.
'I can't walk into the National Archives right now and just go behind closed doors and take whatever files from Congressman Young that I want,' he said. 'Why does somebody who has social media access have that power to do that with tweets?'
Industry Intel
AIRLINE AIMS — Scattered Spider, the prolific hacking group linked to recent cyberattacks on U.K. retailers, is now targeting the aviation industry, according to law enforcement and the cybersecurity sector.
On Friday evening, the FBI said in a post on X that the cybercriminal group is expanding its scope to the airline sector. 'They target large corporations and their third-party IT providers, which means anyone in the airline ecosystem, including trusted vendors and contractors, could be at risk,' the agency added.
The warnings come as at least two North American airlines have reported cyber incidents this month. Hawaiian Airlines said last week that it was working to secure its systems following a 'cybersecurity event.' WestJet — Canada's second-largest airline — also reported a cyberattack earlier this month, and it remains unresolved.
— What firms say: Maggie reported on Friday that cyber companies have also flagged the new activity. Charles Carmakal, the chief technology officer at Google's Mandiant, told your host in a statement that Mandiant 'is aware of multiple incidents in the airline and transportation sector which resemble the operations' of Scattered Spider.
Palo Alto Networks' security research division, Unit 42, also said it observed the hacking group targeting aviation.
People on the Move
Cory Wilson will serve as deputy assistant secretary for the Office of Cybersecurity and Critical Infrastructure Protection (OCCIP).
Wilson recently served as the assistant special agent in charge of critical systems protection at the U.S. Secret Service, where he led teams responsible for mitigating cyber threats to networks and infrastructure linked to the president and vice president. Prior to that, he served as the director of cybersecurity planning and operations at the Office of the National Cyber Director and has also held previous leadership roles at Treasury, Interpol, DHS and the Senate.
Quick Bytes
'THE LOCKNET' — A yearlong investigation from ChinaFile's Jessica Batke and Northeastern University's Laura Edelson found that China's online censorship is getting harder to evade.
COURT SLOP — Dozens of YouTube channels are using AI-generated images and videos with false claims about Sean 'Diddy' Combs' trial to pull in tens of millions of views, reports Craig Silverman for The Guardian.
CARTEL HACKER — A hacker working on behalf of the Sinaloa drug cartel infiltrated cameras and phones to track an FBI official investigating the drug lord El Chapo. They then used the data from that surveillance to kill and intimidate potential sources or cooperating witnesses, according to a Justice Department watchdog report.
Also Happening Today
The Atlantic Council holds a virtual discussion on 'Bolstering the Transatlantic Partnership at a Global Inflection Point.' 7:45 a.m.
The Federal Communications Bar Association holds a virtual forum on 'Protecting the Digital Infrastructure that Powers A.I.' 12 p.m.
The Center for Strategic and International Studies holds a virtual discussion on 'What Do Strikes on Iran Mean for China, Russia and North Korea?' 3 p.m.
Chat soon.
Stay in touch with the whole team: Rosie Perper (rperper@ John Sakellariadis (jsakellariadis@ Maggie Miller (mmiller@ and Dana Nickel (dnickel@
