Nick Andersen
Coverage of Nick Andersen in the Nexus archive.
- Trump budget boss Russell Vought open to re-staffing CISA
Trump administration budget chief Russell Vought indicated openness to re-staffing the Cybersecurity and Infrastructure Security Agency (CISA) following personnel cuts. CISA director Markwayne Mullin requested hiring 600 additional personnel, though Vought noted no formal request had been received and emphasized the complexity of federal hiring processes.
- CISA directive orders agencies to prioritize vulnerability patching in a new way
CISA ordered federal agencies to prioritize vulnerability patching based on four criteria, including public exposure and automation potential. Agencies must adhere to timelines for remediation, with urgent fixes required for vulnerabilities meeting all four criteria. The directive aims to address AI-driven increases in vulnerability discovery and exploitation.
- CISA is rethinking how it prioritizes risks and vulnerabilities for feds, private sector
CISA is rethinking risk prioritization for federal and private sectors under acting director Nick Andersen, introducing a binding operational directive for federal agencies. The directive emphasizes risk-based vulnerability management, focusing on internet-exposed assets and CISA's Known Exploited Vulnerabilities (KEV) list, while acknowledging past concepts like Section 9 designations as ineffective.
- DHS Secretary Markwayne Mullin pinpoints optimal CISA staffing levels
DHS Secretary Markwayne Mullin stated the optimal staffing level for CISA is 2,800, down from 3,400 before the second Trump administration and up from the current 2,200. Trump's proposed fiscal 2027 budget includes cuts to CISA, drawing bipartisan criticism, while Mullin emphasized reliance on public partnerships to maintain mission effectiveness. A House Appropriations subcommittee is set to consider a DHS funding bill.
- CISA sidelined as White House scrambles on AI cyber threats
CISA is facing shrinking resources and a diminished role in addressing AI-driven cyber threats, with significant staff and funding cuts under the Trump administration. Industry leaders and former officials warn this undermines preparedness for critical infrastructure attacks, while recent hiring plans may signal a potential reversal.
- CISA chief frets about open-source vulnerabilities, delayed security improvements
CISA acting director Nick Andersen expressed concern about vulnerabilities in open-source software that underpins modern digital infrastructure, citing recent attacks by North Korean group TeamPCP. He emphasized the need for hard security decisions and modified approaches to vulnerability management, while noting the U.S. has delayed necessary security improvements and accumulated significant technical debt.
- CISA credential leak raises alarms, and Capitol Hill demands answers
The Cybersecurity and Infrastructure Security Agency (CISA) is investigating a reported exposure of sensitive agency credential data on GitHub, which was discovered by security firm GitGuardian. Congressional Democrats are demanding answers from CISA about the incident. The exposure has raised concerns about potential abuse by malicious parties.
- CISA wants critical infrastructure to operate ‘weeks to months’ in isolation during conflict
The Cybersecurity and Infrastructure Security Agency is urging critical infrastructure owners to plan for delivering essential services under emergency conditions, potentially for months at a time, due to threats from state-sponsored hackers. The agency is working with the private sector to protect operational technology from attacks. The initiative, known as CI Fortify, aims to create plans for safe operations while isolated from IT networks and third-party tools.
- CISA director pick Sean Plankey withdraws his nomination
Sean Plankey withdrew his nomination to lead the Cybersecurity and Infrastructure Security Agency (CISA) after 13 months without Senate confirmation. His request follows the Senate's confirmation of MarkWayne Mullin as DHS secretary and amid ongoing leadership instability at CISA, which faces budget cuts and personnel changes under Trump's administration.
- Scoop: Top U.S. cyber agency doesn't have access to Anthropic's powerful hacking model
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) lacks access to Anthropic's powerful Mythos Preview AI model, which is being used by other government agencies like the NSA and Commerce Department to identify security vulnerabilities. This exclusion raises concerns as CISA faces budget cuts and workforce reductions under the Trump administration, limiting its capacity to address AI-driven cyber threats.