CISA, NSA, FBI, and MS-ISAC Release Phishing Prevention Guidance

10/18/2023 08:00 AM EDT

Today, the Cybersecurity Infrastructure and Security Agency (CISA), the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) released a joint guide, Phishing Guidance: Stopping the Attack Cycle at Phase One. The joint guide outlines phishing techniques malicious actors commonly use and provides guidance for both network defenders and software manufacturers to reduce the impact of phishing techniques used in obtaining credentials and deploying malware.

CISA and its partners encourage network defenders and software manufacturers to implement the recommendations in the guide to reduce the frequency and impact of phishing incidents. For more information, see CISA’s Malware, Phishing, and Ransomware and Security-by-Design and -Default webpages.

U.S. Small Business Administration Will Host 2nd Annual Small Business Cyber Summit During Cybersecurity Awareness Month

Experts from the Cybersecurity and Business Worlds Convene to Share Best Practices and Practical Tools

WASHINGTON – The U.S. Small Business Administration (SBA) announced today that the agency will host a cyber summit in October 2023. The free cybersecurity series supports America’s 33 million small businesses with tools, tips, and resources from multiple federal agencies to bolster their cybersecurity infrastructure, in addition to exploring new trends and challenges entrepreneurs are increasingly facing.

“Digital tools represent some of the most exciting revenue growth opportunities for American small businesses – from the $5.2 trillion global e-commerce marketplace to cutting-edge AI and other digital tools,” said SBA Administrator Isabella Casillas Guzman. “As small businesses increasingly rely on technology to start and grow their businesses, our SBA Cyber Summit and our work modernizing the SBA will help more entrepreneurs make the digital pivot safely by leveraging SBA resources and private sector solutions to defend their businesses, their customers, and their livelihoods from the ever-evolving threats from cyber criminals.”

“The rapidly evolving and interconnected world continues to present new challenges for small business owners, and it is our objective to empower them with the proper tools. Through our SBA Cyber Summit, the goal is to bolster the confidence and the know-how of our resilient U.S. small businesses to deal with these cyber challenges head-on,” said SBA Associate Administrator of the Office of Entrepreneurial Development Mark Madrid.

Registration for the event is open to all and free. Sign up at

https://bit.ly/SBACyberSummit2023.

About the SBA’s 2nd Annual Small Business Cyber Summit

The summit will feature various speakers, including SBA Administrator Guzman, SBA Associate Administrator Madrid, SBA Resource Partners, Small Business Development Centers, the SBA Small Business Digital Alliance, the Cybersecurity and Infrastructure Security Agency (CISA), FBI, business chambers, state government partners, experts from the public/private sectors, major technology platforms, and award-winning business coaches.

Comprised of digestible and compact segments, attendees will have the opportunity to network and access practical tips, problem-solving strategies, industry trends, threat avoidance, and small business testimonials to learn how to help small business owners defend themselves against cyber-attacks.

Cyberattacks are a growing threat to small businesses and the U.S. economy. According to the FBI’s Internet Crime Report, the cost of cybercrime against the small business community reached $3.31 billion in 2022.

Small businesses are attractive targets because they have information that cybercriminals want, and they typically lack the security infrastructure of larger businesses.

Surveys have shown that a majority of small business owners feel their businesses are vulnerable to a cyberattack. Yet many businesses cannot afford professional IT solutions, have limited time to devote to cybersecurity, or do not know where to begin. The 2nd Annual SBA Cyber Summit will address these formidable challenges with turnkey solutions.

###

About the U.S. Small Business Administration
The U.S. Small Business Administration helps power the American dream of business ownership. As the only go-to resource and voice for small businesses backed by the strength of the federal government, the SBA empowers entrepreneurs and small business owners with the resources and support they need to start, grow, expand their businesses, or recover from a declared disaster. It delivers services through an extensive network of SBA field offices and partnerships with public and private organizations. To learn more, visit www.sba.gov.

DoS and DDoS Attacks against Multiple Sectors

06/30/2023 12:00 PM EDT

CISA is aware of open-source reporting of targeted denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks against multiple organizations in multiple sectors. These attacks can cost an organization time and money and may impose reputational costs while resources and services are inaccessible.

If you think you or your business is experiencing a DoS or DDoS attack, it is important to contact the appropriate technical professionals for assistance.

  • Contact your network administrator to confirm whether the service outage is due to maintenance or an in-house network issue. Network administrators can also monitor network traffic to confirm the presence of an attack, identify the source, and mitigate the situation by applying firewall rules and possibly rerouting traffic through a DoS protection service.
  • Contact your internet service provider to ask if there is an outage on their end or if their network is the target of an attack, and you are an indirect victim. They may be able to advise you on an appropriate course of action.

Organizations can take proactive steps to reduce the effects of an attack—See the following guidelines for more information:

Major Cyber Attack at OMV Vendor, Louisianans Should Act Urgently to Protect Their Identities

June 15, 2023

BATON ROUGE, La. – Louisiana’s Office of Motor Vehicles (OMV) is one of a still undetermined number of government entities, major businesses and organizations to be affected by the unprecedented MOVEit data breach.

MOVEit is an industry-leading third party data transfer service used to send large files. It is widely used across the country and around the world, and reports are rapidly emerging of newly discovered exposures of sensitive data in this major international cyber attack.

There is no indication at this time that cyber attackers who breached MOVEit have sold, used, shared or released the OMV data obtained from the MOVEit attack. The cyber attackers have not contacted state government. But all Louisianans should take immediate steps to safeguard their identity.

OMV believes that all Louisianans with a state-issued driver’s license, ID, or car registration have likely had the following data exposed to the cyber attackers:

  • Name
  • Address
  • Social Security Number
  • Birthdate
  • Height
  • Eye Color
  • Driver’s License Number
  • Vehicle Registration Information
  • Handicap Placard Information

Gov. John Bel Edwards met with the Unified Command Group at 11 a.m. Thursday to be briefed on the incident, where he instructed the Governor’s Office of Homeland Security and Emergency Preparedness (GOHSEP), Office of Motor Vehicles (OMV), Louisiana State Police (LSP), and the Office of Technology Services (OTS) to act to inform Louisianans of the breach and their best next steps as soon as possible.

We recommend all Louisianans take the following steps immediately:

  1. Prevent Unauthorized New Account Openings or Loans and Monitor Your Credit

Individuals can freeze and unfreeze their credit for free, which stops others from opening new accounts and borrowing money in your name. Freezing your credit does not prevent the use of any existing credit cards or bank accounts. Freezing your credit may be done quickly online or by contacting the three major credit bureaus by phone:

Experian
1-888-397-3742
www.experian.com/freeze
Equifax
1-800-685-1111
www.equifax.com/personal/credit-report-services/credit-freeze/
TransUnion
(888) 909-8872
www.transunion.com/credit-freeze 

Please also request and review your credit report from these agencies to look for suspicious activity.

  1. Change All Passwords

As an additional precaution, consider changing all passwords for online accounts (examples: banking, social media, and healthcare portals) in the event your personal data was used to access these accounts. Utilize multi-factor authentication when able. Learn more about password protection at www.CISA.gov.

  1. Protect Your Tax Refund and Returns with the Internal Revenue Service

To prevent someone else from filing returns or receiving your federal tax refund, request an “Identity Protection Pin” from the Internal Revenue Service by signing up at: https://www.irs.gov/identity-theft-fraud-scams/get-an-identity-protection-pin or calling the IRS at 1-800-829-1040. 

  1. Check your Social Security Benefits

All individuals who are eligible, applied for, and/or are receiving social security benefits (including disability), please consider registering for a ssa.gov account at https://www.ssa.gov/myaccount/ to stop others from stealing your benefits. If you suspect Social Security fraud, call the Office of Inspector General hotline at 1-800-269-0271, Social Security Administration at 1-800-772-1213 or file a complaint online at oig.ssa.gov.

  1. Report Suspected Identity Theft

If you suspect any abnormal activity involving your data, including financial information, contact the Federal Trade Commission at 1-877-FTC-HELP or visit www.ReportFraud.FTC.gov immediately.

The State of Louisiana will be issuing additional information in the coming days. Additional tips on protecting your data and identity can be found at nextsteps.la.gov and www.IdentityTheft.gov.

GOHSEP Director Casey Tingle will hold a press conference 6/16/23 at 10:30 a.m. to take media questions.

10:30 a.m. – Press Conference
GOHSEP Press Room
7667 Independence Blvd.
Baton Rouge, LA 70806

CISA and Partners Update the #StopRansomware Guide, Developed through the Joint Ransomware Task Force (JRTF)

05/23/2023 08:00 AM EDT

Today, CISA, the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) published an updated version of the #StopRansomware Guide, as ransomware actors have accelerated their tactics and techniques since its initial release in 2020. The update incorporates lessons learned from the past two years and includes additional recommended actions, resources, and tools to maximize its relevancy and effectiveness and to further help reduce the prevalence and impacts of ransomware.

The #StopRansomware Guide serves as a one-stop resource to help organizations reduce the risk of ransomware incidents through best practices to detect, prevent, respond, and recover, including step-by-step approaches to address potential attacks. The authoring organizations recommend that entities review this joint guide to prepare and protect their facilities, personnel, and customers from the impacts of ransomware and data exfiltration. For more information and to access the latest resources about how to stop ransomware, please visit stopransomware.gov.

This joint guide was developed through the Joint Ransomware Task Force (JRTF), an interagency collaborative effort to reduce the prevalence and impact of ransomware attacks. JRTF was established by Congress in 2022 and is co-chaired by CISA and FBI. For additional information about the JRTF, please visit CISA’s newly launched Joint Ransomware Task Force (JRTF) webpage.

 

CISA Urges Increased Vigilance One Year After Russia’s Invasion of Ukraine

CISA assesses that the United States and European nations may experience disruptive and defacement attacks against websites in an attempt to sow chaos and societal discord on February 24, 2023, the anniversary of Russia’s 2022 invasion of Ukraine. CISA urges organizations and individuals to increase their cyber vigilance in response to this potential threat.

In response to the heightened geopolitical tensions resulting from Russia’s full-scale invasion of Ukraine, CISA maintains public cybersecurity resources, including Shields Up—a one-stop webpage that provides resources to increase organizational vigilance and keep the public informed about current cybersecurity threats. CISA recommends that all organizations review and consider implementing the below guidance:

Infrastructure Security Month

CISA APPLAUDS THE BEGINNING OF INFRASTRUCTURE SECURITY MONTH DECLARING INFRASTRUCTURE SECURITY IS NATIONAL SECURITY


WASHINGTON – Today, the Cybersecurity and Infrastructure Security Agency (CISA) announced November 1 as the kickoff of Infrastructure Security Month. In our work to raise awareness of the importance of infrastructure security and to help share CISA’s extensive resources with critical infrastructure owners and operators, this year’s theme is Infrastructure Security is National Security: Drive Down Risk, Build Resilience.

Critical infrastructure spans everything from healthcare, water, and education to chemicals, transportation, and energy systems. It underpins all the critical functions that keep our country and our economy running, and the threats to it run the gamut from weather-induced power outages to technology incidents. They include physical threats originating here at home, as well as cyber threats launched from across the globe by adversaries seeking to disrupt or destroy the essential services we rely on for health and economic and national security.

“CISA’s mission is to lead the national effort to understand, manage, and reduce risk to the cyber and physical infrastructure Americans rely on every hour of every day—to get gas at the pump, food at the grocery store, money from the ATM, power, water, transportation, communications—effectively the backbone of networks and services that underpin our daily lives,” said CISA Director Jen Easterly. “As the National Coordinator for critical infrastructure security and resilience, CISA is laser focused on the broad and complex landscape of threats to this infrastructure, and because much of it is owned or operated by the private sector, our collaborative partnerships with private industry are foundational to our ability to help defend the nation. It takes all of us, working together, to drive down risk and build resilience.”

Throughout November, CISA will be bringing the world of infrastructure security and resilience to life with interviews and blogs featuring CISA staff and external industry partners, as well as other activities. We encourage everyone to visit CISA’s Infrastructure Security Month webpage for more information and resources. Be sure to follow CISA on social media throughout the month for resources, tools, and tips you can use to help identify and reduce risk to infrastructure facilities, their internet and operational technology systems, employees, visitors and more.

About CISA:  
As the nation’s cyber defense agency, the Cybersecurity and Infrastructure Security Agency leads the national effort to understand, manage, and reduce risk to the digital and physical infrastructure Americans rely on every hour of every day. Visit CISA.gov for more information.

What is Doxing?

We have all heard the term doxing before, but what does it really mean? Why is it important to me?

Doxing refers to the internet-based practice of gathering an individual’s personally identifiable information (PII)—or an organization’s sensitive information— from open source or compromised material and publishing it online for malicious purposes.

Although doxing can be carried out by anyone with the ability to query and combine publicly available information, it is often attributed to nefarious actors, hacktivists, and extremists. Doxers compile sensitive information from compromises of personal and professional accounts and a wide range of publicly available data sources to craft invasive profiles of targets, which are then published online with the intent to harm, harass, or intimidate victims (CISA, 2021).

Organizations may be targets of doxing due to their stance on a particular issue, involvement in a certain industry, related organization policies, or grievances. Doxing attacks targeting senior leaders of an organization, often serve as “reputation attacks” and could lead to activities seeking to embarrass, harass, or undermine confidence. Incidents of doxing that target individuals often serve to harass, intimidate, or inflict financial damages, and can potentially escalate to physical violence (CISA, 2021).

Most businesses compile databases that contain personal information, whether suppliers, customers, or employees. Almost everyone, individuals and businesses has a presence on social media. Any of these databases can be breached and personal information gathered for use in doxing.

As you can see doxing can be and is dangerous.  How do you better protect yourself from doxing:

  • Limit what you share on social media.
  • Maximize the privacy and security settings on social media sites.
  • Remain vigilant of phishing attacks.
  • Make sure that all operating system software (i.e. windows) is updated.
  • Delete any apps that you do not use. This reduces the ability for hackers to get in through a rarely used door.

If you become a victim of doxing, take these steps

  1. Contact law enforcement, local first, then move up the chain to the FBIs Internet Crime Complaint Center (IC3).
  2. Determine what information was leaked and how it was compromised.
  3. Delete the information from the source of the leak.
  4. Monitor signs of identity theft through financial institutions, unsolicited password changes, etc.

Works Cited

CISA. (2021, August). MITIGATING THE IMPACTS OF DOXING ON CRITICAL INFRASTRUCTURE. Retrieved from http://www.cisa.gov: https://www.cisa.gov/publication/mitigating-impacts-doxing-critical-infrastructure

 

 

CISA HOSTS VIRTUAL INDUSTRY DAY AUGUST 5

The U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) will host a virtual Industry Day on August 05, 2021 from 10:00AM to 4:00PM EST.

CISA is the Nation’s risk advisor, working with partners to defend against today’s threats and collaborating to build more secure and resilient infrastructure for the future.  The threats we face—digital and physical, man-made, technological, and natural—are more complex, and the threat actors more diverse, than at any point in our history. CISA is at the heart of mobilizing a collective defense as we lead the Nation’s efforts to understand and manage risk to our critical infrastructure.  Our partners in this mission span the public and private sectors. Programs and services we provide are driven by our comprehensive understanding of the risk environment and the corresponding needs identified by our stakeholders. We seek to help organizations better manage risk and increase resilience using all available resources, whether provided by the Federal Government, commercial vendors, or their own capabilities.

In its ongoing efforts to engage closely with industry, CISA’s Industry Day will provide insight into CISA’s current and future challenges, as well as, provide presentations regarding:

  • Software vulnerability collaboration
  • Next Generation Network Priority Services
  • Risk architecture and cyber risk reduction
  • Supply Chain
  • Public/private partnership efforts on 5G Security and Resilience
  • Building Long-Term Analytic Capability
  • Machine Learning and Large-Scale Analytics
  • Zero-Trust Architecture (ZTA)
  • Digital Twin

WHO SHOULD ATTEND:

Large and small companies interested in contracting and opportunities to collaborate/partner with CISA to accomplish its mission.

DISCLAIMER:

This notice shall not be construed as a request for proposals, request for quotes, or follow-up acquisition of any type. CISA will not assume liability for costs incurred by attendees or for preparations, travel expenses or marketing efforts; therefore, vendors’ expenses in response to this notice are not considered an allowable direct charge to the Government.

REGISTRATION:

CISA’s Industry Day may be accessed via the link below.

https://share.dhs.gov/fy21cisaindustryday/ 

QUESTIONS:

Questions regarding Industry Day may be submitted to CISA Vendor Engagement at: cisavendorengagement@cisa.dhs.gov

CISA ISSUES EMERGENCY DIRECTIVE REQUIRING FEDERAL AGENCIES TO MITIGATE WINDOWS PRINT SPOOLER SERVICE VULNERABILITY

CISA Encourages All Organizations to Take Steps to Protect their Networks

WASHINGTON – The Cybersecurity and Infrastructure Security Agency (CISA) issued Emergency Directive (ED) 21-04 today to mitigate a Microsoft Windows print spooler service vulnerability CVE-2021-34527 being actively exploited. Federal civilian agencies are required to immediately disable the print spooler service on Microsoft Active Directory Domain Controllers, apply the Microsoft July 2021 cumulative updates, and make additional configuration changes to all Microsoft Windows servers and workstations within one week.

Exploitation of the vulnerability allows an attacker to remotely execute code with system level privileges, enabling a threat actor to quickly compromise the entire identity infrastructure of a targeted organization.

The emergency directive is in response to validated active exploitations. CISA is concerned that exploitation of this vulnerability may lead to full system compromise of affected agency networks if left unmitigated.

“Since this exploitation was identified, CISA has been engaged with Microsoft and federal civilian agencies to assess potential risk to federal agencies and critical infrastructure,” said Eric Goldstein, Executive Assistant Director for Cybersecurity, CISA. “CISA’s mission is to protect the nation against cybersecurity threats, and this directive reflects our determination to require emergency action for exploitations that pose an unacceptable risk to the federal civilian enterprise. We will continue to actively monitor exploitation of this vulnerability and provide additional guidance, as appropriate.”

Although only directed to federal agencies, CISA encourages public and private sector organizations to review our directive and consider similar steps to mitigate this vulnerability and avoid being exploited by malicious cyber actors.

Read the full Emergency Directive (ED) 21-04.

United States Government Launches First One-Stop Ransomware Resource at StopRansomware.gov

Release Date:

July 14, 2021

New website provides cybersecurity resources from across the federal government

WASHINGTON – Today, as part of the ongoing response, agencies across the U.S. government announced new resources and initiatives to protect American businesses and communities from ransomware attacks. The U.S. Department of Homeland Security (DHS) and the U.S. Department of Justice (DOJ), together with federal partners, have launched a new website to combat the threat of ransomware. StopRansomware.gov establishes a one-stop hub for ransomware resources for individuals, businesses, and other organizations. The new StopRansomware.gov is a collaborative effort across the federal government and the first joint website created to help private and public organizations mitigate their ransomware risk.

“As ransomware attacks continue to rise around the world, businesses and other organizations must prioritize their cybersecurity,” said Secretary Mayorkas. “Cyber criminals have targeted critical infrastructure, small businesses, hospitals, police departments, schools, and more. These attacks directly impact Americans’ daily lives and the security of our Nation. I urge every organization across our country to use this new resource to learn how to protect themselves from ransomware and reduce their cybersecurity risk.”

“The Department of Justice is committed to protecting Americans from the rise in ransomware attacks that we have seen in recent years,” said Attorney General Garland. “Along with our partners in and outside of government, and through our Ransomware and Digital Extortion Task Force, the Department is working to bring all our tools to bear against these threats. But we cannot do it alone. It is critical for business leaders across industries to recognize the threat, prioritize efforts to harden their systems, and work with law enforcement by reporting these attacks promptly.”

StopRansomware.gov is the first central hub consolidating ransomware resources from all federal government agencies. Prior to today, individuals and organizations had to visit a variety of websites to find guidance, latest alerts, updates, and resources, increasing the likelihood of missing important information. StopRansomware.gov reduces the fragmentation of resources, which is especially detrimental for those who have become victims of an attack, by integrating federal ransomware resources into a single platform that includes clear guidance on how to report attacks, and the latest ransomware-related alerts and threats from all participating agencies. StopRansomware.gov includes resources and content from DHS’s Cybersecurity and Infrastructure Security Agency (CISA) and the U.S. Secret Service, the Department of Justice’s Federal Bureau of Investigation (FBI), the Department of Commerce’s National Institute of Standards and Technology (NIST), and the Departments of the Treasury and Health and Human Services.

Ransomware is a long-standing problem and a growing national security threat. Tackling this challenge requires collaboration across every level of government, the private sector, and our communities. Roughly $350 million in ransom was paid to malicious cyber actors in 2020, a more than 300% increase from the previous year. Further, there have already been multiple notable ransomware attacks in 2021 and despite making up roughly 75% of all ransomware cases, attacks on small businesses often go unnoticed. Like most cyber-attacks, ransomware exploits the weakest link. Many small businesses have yet to adequately protect their networks and StopRansomware.gov will help these organizations and many more to take simple steps to protect their networks and respond to ransomware incidents, while providing enterprise-level information technology (IT) teams the technical resources to reduce their ransomware risk.

DHS, DOJ, the White House, and our federal partners encourage all individuals and organizations to take the first step in protecting their cybersecurity by visiting StopRansomware.gov.

 

https://www.dhs.gov/news/2021/07/14/united-states-government-launches-first-one-stop-ransomware-resource

Senate confirms Jen Easterly as head of U.S. cyber agency

July 12, 2021

The Senate on Monday confirmed Jen Easterly to lead the Cybersecurity and Infrastructure Security Agency, filling an eight-month leadership void at the top of an agency struggling to address widespread digital weaknesses inside the government and across the country.

Lawmakers unanimously installed Easterly, a former senior NSA and White House counterterrorism and cyber official, as the second person to officially lead CISA, a roughly 2,500-person DHS agency responsible for protecting federal networks and offering security advice to critical infrastructure operators, small businesses and local governments.

Easterly will face a complex suite of problems in her new post. CISA, formed in 2018 from DHS’ cyber wing, is struggling to fulfill its vast mission of defending the country’s physical and digital infrastructure. It has had trouble mustering enough personnel and resources to comprehensively monitor federal computer systems and conduct regular security inspections of vital infrastructure facilities, and recent legislation has given it new responsibilities. Meanwhile, high-profile cyberattacks — including the SolarWinds espionage campaign and the Colonial Pipeline, JBS and Kaseya ransomware attacks — have placed significant strain on the agency, prompting calls for major increases in its budget.

Lawmakers recently gave CISA with new authorities, including the ability to proactively hunt for intrusions on other agencies’ networks, and Congress is considering an even bigger expansion of its mission in a bill mandating that companies report cyberattacks to the government.

It will be up to Easterly to determine how to triage CISA’s resources between its various missions, implement new congressional mandates and reassure worried staffers. She will also need to oversee the agency’s ambitious transformation of its federal security efforts in the wake of the SolarWinds compromises. CISA has committed to improving its intrusion-detection systems by deploying more sensors inside other agencies’ networks and developing better analytical capabilities.

Easterly will also have to raise CISA’s public profile and reinforce its reputation as a trusted partner. Many companies are reluctant to share data with CISA after being hacked, fearing public exposure or regulatory headaches. The Colonial incident highlighted these problems — the pipeline operator called the FBI rather than CISA, took several days to share key data with CISA and kept the agency in the dark about basic aspects of the incident, such as the ransom payment that the company made to the hackers.

Digital security experts and former national security officials have said Easterly’s long record of military and intelligence work makes her the person to solve these problems.

At her confirmation hearing, she was introduced by a Republican congressman, Mike Gallagher of Wisconsin, who co-chairs the congressionally chartered Cyberspace Solarium Commission.

“Jen Easterly’s qualifications are well above and beyond those stipulated by the law,” said Gallagher, whose panel’s recommendations for improving CISA have largely been enacted. “Her background is incredible.”

At the NSA, Easterly worked in the elite hacking unit known as Tailored Access Operations, led the Army’s information warfare battalion and served as a cyber adviser to NATO forces in Afghanistan. In 2009, she was one of four officials tasked with establishing U.S. Cyber Command, the military unit that works closely with the NSA to disrupt adversaries’ computer networks. She later spent more than two years as the No. 2 official in the NSA’s counterterrorism division, followed by three years as a special assistant to the president and senior director for counterterrorism at the National Security Council under former President Barack Obama.

In her most recent role, as head of resilience for Morgan Stanley, Easterly witnessed firsthand how U.S. businesses have dealt with an increasing barrage of cyberattacks. The connections and experience that she developed working for the financial services giant may aid Easterly as she takes the helm of CISA.

Despite being an uncontroversial nominee, Easterly had a slightly bumpy path to confirmation.

Senate Democrats tried on June 23 to confirm Easterly by unanimous consent, but Sen. Rick Scott (R-Fla.) objected, fulfilling an earlier promise to place holds on all of Biden’s DHS nominees until the president visited the U.S.–Mexico border.

Scott released his hold after Vice President Kamala Harris visited the border on June 25.

Politico.com