Tag: cisa

CISA Orders Federal Agencies to Patch F5 Devices After Nation-State Hack

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive compelling federal agencies to address major security flaws in software management devices made by F5, a technology company. The order follows a security breach where nation-state-affiliated hackers reportedly accessed F5’s internal systems, stealing source code and customer data.

In the directive released on October 15, CISA warned that a foreign government-affiliated group compromised F5’s networks and exfiltrated sensitive files. This stolen data included parts of the source code for BIG-IP, F5’s flagship product, along with information about known vulnerabilities.

CISA stated that this access gives the hackers a significant advantage, allowing them to analyze the code for undiscovered flaws, or “zero-day vulnerabilities,” and develop targeted attacks against F5 devices and software.

Imminent Threat to Federal Networks

According to the directive, this cyber threat actor poses an “imminent threat” to all federal networks that use F5 products. If hackers successfully exploit the vulnerabilities, they could gain access to embedded login details and API keys, which would allow them to move undetected within a network, steal data, and establish long-term access. CISA warns this could lead to a “full compromise” of an organization’s information systems.

Due to what it calls an “unacceptable risk,” CISA has mandated immediate action for agencies using a range of F5 products.

Affected F5 Products:

The directive applies to the following hardware and software:

  • Hardware: BIG-IP iSeries, rSeries, and any other F5 devices that are no longer supported by the company.
  • Software: All devices running BIG-IP (F5OS and TMOS), Virtual Edition (VE), BIG-IP Next, BIG-IQ, and BIG-IP Next for Kubernetes (BNK)/Cloud-Native Network Functions (CNF).

The directive’s requirements are designed to address the immediate risk and help agencies defend against anticipated attacks targeting these systems.

Keep reading

Former top CISA official leaving SentinelOne to challenge Trump administration probe

Chris Krebs, a former top Cybersecurity and Infrastructure Security Agency (CISA) official, is leaving the private sector to challenge a Trump administration probe.

Krebs said in a Wednesday email that he was “stepping away from” the cybersecurity company SentinelOne “effective immediately.”

“For those who know me, you know I don’t shy away from tough fights. But I also know this is one I need to take on fully – outside of SentinelOne. This will require my complete focus and energy. It’s a fight for democracy, for freedom of speech, and for the rule of law. I’m prepared to give it everything I’ve got,” the former CISA director added later.

Krebs, who was insistent that the U.S.’s elections were not compromised, pushed back in 2020 against allegations from now-President Trump that the election had been fraudulent.

In a memo from last week, Trump ordered a probe into “Krebs’ activities as a Government employee, including his leadership of CISA” by Attorney General Pam Bondi and Homeland Security Secretary Kristi Noem. 

The president said in his memo that the probe needed to find “any instances” in which the former CISA director’s behavior “appears to have been contrary to suitability standards for Federal employees” or in which he was “involved the unauthorized dissemination of classified information.”

Keep reading

Trump Orders Security Clearance Revoked for Former CISA Director Chris Krebs Amid Investigation into Censorship and Political Bias

Former Cybersecurity and Infrastructure Security Agency (CISA) Director Chris Krebs is once again facing public examination after President Donald Trump directed federal agencies to revoke Krebs’ security clearance and evaluate the access of others tied to him, including colleagues at the cybersecurity company SentinelOne.

The order, issued via a presidential memorandum on Wednesday, marks a renewed push to scrutinize the former official’s role in what the Trump team describes as a coordinated campaign to censor political speech under the pretense of cybersecurity.

According to the administration’s statement, this action is part of a wider national security review aimed at determining whether individuals with access to sensitive intelligence are acting in alignment with what it calls “the national interest.” The memorandum also calls for a reassessment of CISA’s operations going back six years, asserting that the agency engaged in actions that directly contradicted the foundational principles of free expression.

Krebs currently holds a senior intelligence and policy position at SentinelOne, a publicly traded cybersecurity firm that entered into a partnership with CISA in 2023 to bolster digital protections for critical U.S. infrastructure. The company has not issued a public response to the developments.

The White House released a statement along with the directive, declaring:

“ENDING GOVERNMENT CENSORSHIP: President Trump is committed to ending government censorship of Americans and believes that those who engage in such conduct should not have access to our nation’s secrets.”

The release levels pointed allegations at Krebs, accusing him of weaponizing his role at CISA to silence conservative voices. It claims that the agency’s collaboration with social media companies during his tenure amounted to political interference masked as a fight against misinformation.

The statement further alleges that Krebs and his team discouraged transparency around topics ranging from election vulnerabilities to the COVID-19 pandemic, and attempted to downplay the Hunter Biden laptop story, a matter that remains politically charged.

During the 2020 election cycle, CISA worked with major online platforms to address “disinformation,” a strategy that drew concern from Republican lawmakers who viewed the effort as an overreach and a potential tool of political bias.

Keep reading

Trump Cracks Down on Pro-Censorship CISA, Puts Key Officials on Leave

President Donald Trump appears to be making good on a number of campaign promises, including those moves aimed at ending practices that, during the previous administration, resulted in wide-scale censorship collusion between the government and large tech companies.

According to a number of insider documents, lawsuits, and Congressional investigations, the reason for this “joint work” in flagging, removing, deplatforming, and committing other forms of free speech violations was most often justified as the need to combat “misinformation” – usually election, or Covid-related.

But critics have for years insisted that the actual result was First Amendment violations, through the exertion of control over speech and therefore public opinion ahead of an election (such as the discrediting of the Hunter Biden laptop story as “misinformation” and an example of supposed foreign interference).

And, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) by all accounts “excelled” at this work.

Keep reading

The Spies Who Hate Us

Brownstone Institute has been tracking a little-known federal agency for years. It is part of the Department of Homeland Security created after 9-11. It is called the Cybersecurity and Infrastructure Security Agency or CISA. It was created in 2018 out of a 2017 executive order that seemed to make sense. It was a mandate to secure American digital infrastructure against foreign attack and infiltration. 

And yet during the Covid year, it assumed three huge jobs. It was the agency responsible for dividing the workforce between essential and nonessential. It led the way on censorship efforts. And it handled election security for 2020 and 2022, which, if you understand the implications of that, should make you spit out your coffee upon learning. 

More than any other agency, it became the operationally relevant government during this period. It was the agency that worked through third parties and packet-switching networking to take down your Facebook group. It worked through all kinds of intermediaries to keep a lid on Twitter. It managed LinkedIn, Instagram, and most of the other mainstream platforms in a way that made you feel like your opinions were too crazy to see the light of day. 

The most astonishing court document just came out. It was unearthed in the course of litigation undertaken by America First Legal. It has no redaction. It is a reverse chronicle of most of what they did from February 2020 until last year. It is 500 pages long. The version available now takes an age to download, so we shrunk it and put it on fast view so you can see the entire thing. 

What you discover is this. Everything that the intelligence agencies did not like during this period – doubting lockdowns, dismissing masking, questioning the vaccine, and so on – was targeted through a variety of cutouts among NGOs, universities, and private-sector fact-checkers. It was all labeled as Russian and Chinese propaganda so as to fit in with CISA’s mandate. Then it was throttled and taken down. It managed remarkable feats such as getting WhatsApp to stop allowing bulk sharing. 

Keep reading

Documents Show CISA Monitored and Influenced Domestic Speech on COVID-19 Through Private Sector Partners

America First Legal (AFL) has revealed new information from a document it has been able to obtain through the lawsuit filed against the Cybersecurity and Infrastructure Security Agency (CISA).

CISA is part of the US Department of Homeland Security (DHS), which has a “foreign disinformation” unit, the Countering Foreign Influence Task Force (CFITF).

However, as early as mid-February 2020, CISA (via CFITF) had already started to monitor domestic speech about Covid – nearly a month before the pandemic was officially declared by the UN’s WHO, and before orders started to be issued to shut down schools and businesses in the US.

Even though several layers deep, CFITF was still a government entity, and in order to circumvent constitutional issues related to censorship of online speech, the document indicates that the unit turned to what AFL brands “the censorship industrial complex” – specifically, its private sector component.

These were “fact checkers,” “bias raters” and similar that keep cropping up in revelations about the Covid-era censorship: Atlantic Council DFR Lab, Media Matters, Stanford Internet Observatory, Alliance for Securing Democracy, Center for Countering Digital Hate (CCDH) (a UK-based group, which now passes as “British-American”), Global Disinformation Index (GDI), and even an openly foreign government project, EU’s “EU vs. Disinfo.”

Keep reading

“Shutting Down CISA” Senator Paul Rand’s Crusade Against Online Censorship

Senator Paul Rand, who is about to take over as chair of the US Senate Committee on Homeland Security and Governmental Affairs, has spoken in favor of shutting down the Cybersecurity and Infrastructure Security Agency (CISA).

CISA, a part of the Department of Homeland Security (DHS), was established in 2018 to do just what its name says – but has in the meanwhile become weaponized to suppress free speech, opponents believe, citing a number of programs where CISA was involved in monitoring and flagging online posts for removal.

Senator Paul refers to the agency’s behavior – which he says included the ability to censor content and thus influence what information is available to people – as “intrusions into the First Amendment.”

“The First Amendment is important, that’s why we listed it as the First Amendment. I’d like to, at the very least, eliminate their ability to censor content online,” Paul said in a post on X.

Keep reading

Senators Demand Answers on CISA’s Role in 2024 Election Oversight

US Senators Roger Marshall, Bill Hagerty, and Eric Schmitt have sent a letter to the Cybersecurity and Infrastructure Security Agency (CISA), regarding its involvement in flagging online content.

CISA is an agency within the Department of Homeland Security (DHS), and the three Republicans want to know how it is preparing for the November elections – given, as they spell it out in the letter, CISA’s “past mistakes that put the agency in direct conflict with the First Amendment.”

We obtained a copy of the letter for you here.

The senators specifically want to know how CISA is organizing and working now, to avoid repeating those same mistakes – namely, monitoring, flagging, and censoring political speech.

Even more specifically – the point is to make sure that there is acknowledgment from CISA that it will not engage in the same kind of activities, this electoral cycle around.

The letter cites the House Judiciary Committee reports as the basis for the senators’ belief this type of censorship was happening back in 2020.

Keep reading

CISA, FBI Resuming Talks With Social Media Firms Over Disinformation Removal, Senate Intel Chair Says

Key federal agencies have resumed discussions with social media companies over removing disinformation on their sites as the November presidential election nears, a stark reversal after the Biden administration for months froze communications with social platforms amid a pending First Amendment case in the Supreme Court, a top senator said Monday.

Mark Warner, D-Va., who chairs the Senate Intelligence Committee, told reporters in a briefing at RSA Conference that agencies restarted talks with social media companies as the Supreme Court heard arguments in Murthy v. Missouri, a case that first began in the Fifth Circuit appellate court last July. The case was fueled by allegations that federal agencies like the Cybersecurity and Infrastructure Security Agency were coercing platforms to remove content related to vaccine safety and 2020 presidential election results.

The Supreme Court is expected to decide whether agencies are allowed to stay in touch with social media firms about potential disinformation. Missouri’s then-Attorney General Eric Schmitt filed the suit on the grounds that the Biden administration violated First Amendment rights pertaining to free speech online in a bid to suppress politically conservative voices.

According to Warner, communications between agencies and social platforms resumed roughly around the same time that multiple justices appeared to favor the executive branch’s stance on the issue, he said. 

“There seemed to be a lot of sympathy that the government ought to have at least voluntary communications with [the companies],” he said, adding that, in the event of election interference attempts akin to Russia in 2016, the Biden administration should more forcefully call out nation-state entities that attempt to meddle in the U.S. election process.

Warner said his committee will convene a hearing on elections security in two weeks. The panel was supposed to hold the session with CISA Director Jen Easterly and Director of National Intelligence Avril Haines last month, but it was postponed amid GOP attempts to impeach Homeland Security Secretary Alejandro Mayorkas.

For around six months, agencies chilled their communications with social firms about election security and other disinformation flash points. Warner previously said that White House lawyers had been “too timid” in their legal interpretation of the case, especially given that the high court allowed the Biden administration to temporarily continue their talks until a ruling was made.

Keep reading

Why CISA’s Censorship And Election Interference Work Is The ‘Most Insidious Attack on American Democracy’

West Virginia Secretary of State Mac Warner last month eviscerated the Big Brother censorship operation known as the Cybersecurity and Infrastructure Security Agency (CISA).

“When we have our own federal agencies lying to the American people, that’s the most insidious thing that we can do in elections,” the election integrity champion told officials from the FBI and CISA on a panel at the winter meeting of the National Association of Secretaries of State (NASS) in Washington, D.C., according to Wired’s Eric Geller. While Geller did his best to defend the federal agency — under the suggestive headline, “How a Right-Wing Controversy Could Sabotage US Election Security” — its history of censorship and election interference validate Warner’s concern.

The agency’s work, particularly the extracurricular business CISA has conducted in recent years, has been rightly criticized for its massive overreach. A report released last fall by the House Judiciary Committee and the Select Subcommittee on the Weaponization of the Federal Government details just how CISA “Colluded With Big Tech And ‘Disinformation’ Partners To Censor Americans.”

“Although the investigation is ongoing, information obtained to date has revealed that the Cybersecurity and Infrastructure Security Agency (CISA)—an upstart agency within the Department of Homeland Security (DHS)—has facilitated the censorship of Americans directly and through third-party intermediaries,” the congressional report states. 

The report goes on to assert that the shadowy agency has “metastasized into the nerve center of the federal government’s domestic surveillance and censorship operations on social media.” 

Keep reading