Thursday, May 26, 2022
Key Issues Army upgraded cloud plan SEPA MQ-8B phase-out
Charlie is an authority on congressional procedure and politics, and has covered multiple subject areas over the course of his career including the structure of government, ethics, environmental and energy policy, international trade, tax reform, and healthcare reform. A veteran journalist, Charlie writes eye-opening, entertaining pieces for the most informed audiences in the nation's capital. He is a regular speaker and panelist at cybersecurity events in Washington, D.C.
State-sponsored Russian cyber actors have been targeting the networks of "cleared defense contractors" in a two-year campaign that has allowed the attackers "to acquire sensitive, unclassified information, as well as CDC-proprietary and export-controlled technology" from the U.S. firms, according to an alert today from the Cybersecurity and Infrastructure Security Agency, the FBI and the National Security Agency.
House Armed Services cyber subcommittee Chairman James Langevin (D-RI), whose record includes landmark pieces of cyber legislation as well as the influential work of the Cyberspace Solarium Commission, has announced he will retire at the end of the year.
President Biden's signature on the Fiscal Year 2022 National Defense Authorization Act starts the clock on cyber-related reports, strategies and pilot programs from the Pentagon and Department of Homeland Security on issues ranging from collaboration with the private sector to shoring up the security of industrial control systems, supply chains and state and local governments.
The House and Senate Armed Services committees today unveiled a compromise fiscal year 2022 defense authorization bill to be voted on in each chamber, without including a number of high-profile cybersecurity amendments such as a cyber incident reporting mandate and assorted recommendations of the Cyberspace Solarium Commission.
Major Cyberspace Solarium Commission proposals were not included in the revised version of the fiscal year 2022 defense authorization bill expected to be debated next week in the Senate, but a key Solarium leader says provisions on cyber incident reporting and others remain in play for ultimate inclusion in the legislation.
The fiscal year 2022 defense authorization bill begins its legislative journey today with a closed mark-up in the Senate Armed Services cybersecurity subcommittee, where a couple of Cyberspace Solarium Commission recommendations are expected to be adopted while others dealing with complex critical infrastructure issues could be addressed in floor amendments or separate bills.
Federal officials are digging into policy gaps exposed by the SolarWinds hack, including shortcomings in cyber info-sharing, and weighing actions the United States will take against a highly sophisticated threat actor in response to the massive infiltration of government and private-sector systems, according to deputy national security adviser for cyber Anne Neuberger.
Defense Secretary-nominee Lloyd Austin emphasized the department's supporting role in helping secure commercial networks from cyberattack, and stressed the need for partnerships across government and with the private sector, echoing a common refrain of President Biden's nominees when it comes to cybersecurity.
House and Senate conferees have agreed to include major cybersecurity pieces in the annual defense policy bill, creating a National Cyber Director and adopting other proposals that will make the legislation "the most significant cyber bill Congress has ever passed," according to Cyberspace Solarium Commission senior adviser Mark Montgomery.
The Pentagon's Cybersecurity Maturity Model Certification program will fall short in securing the defense industrial base because it fails to address underlying economic realities that limit how much small and mid-sized businesses can invest in cyber, according to the industry group Internet Security Alliance.
The annual defense authorization bill cleared a hurdle late Wednesday, passing the House Armed Services Committee on a 56-0 vote and advancing a number of Cyberspace Solarium Commission and other cybersecurity proposals.
The annual defense policy bill approved Wednesday night by the Senate Armed Services Committee includes provisions to implement 11 of the Cyberspace Solarium Commission’s recommendations, including a call for studying "the feasibility and advisability" of creating of a national cybersecurity director.
SAN FRANCISCO -- Pentagon acquisition Chief Information Security Officer Katie Arrington this week vigorously defended the ban on government purchases of Huawei and other Chinese-made telecom products while arguing that pieces of a more comprehensive supply-chain security policy are being put into place.
President Trump today suggested a de-escalation in the military confrontation with Iran along with new sanctions against that country, an evolving dynamic that may do little to diminish the lingering threat of cyberattacks targeting U.S. critical infrastructure.
The U.S. attack on Iran's top general has the cybersecurity community bracing for possible retaliation in cyberspace, while also pointing to the security tools that are in place and the ongoing policy needs that are highlighted by the latest -- perhaps most serious -- clash with a known international cyber aggressor.
The fiscal year 2020 defense authorization conference bill includes language requiring congressional notification before the commerce secretary can remove Huawei from the "Entity List" restricting sales of U.S. components to the Chinese telecom, a procedural hurdle added to the bill amid congressional concerns over the Trump administration's commitment to maintaining a hard line on the cyber threat from China.
Rep. John Ratcliffe's (R-TX) current claim to fame is a viral moment from last week's Mueller hearings, but the lawmaker selected to become the next director of national intelligence also would bring cybersecurity bona fides to the DNI role.
The public-private partnership approach to cybersecurity is advancing on several fronts, but a couple of developments yesterday showed just how challenging this space is for policymakers.
Acting Defense Secretary Pat Shanahan this week said China was stealing U.S. technology at a "staggering" rate and raised concerns about possible Chinese dominance of next-generation "5G" telecom networks -- remarks that come as U.S. and Chinese trade officials move toward concluding talks that have included cyber theft of intellectual property as a key component.
The National Institute of Standards and Technology's framework of cybersecurity standards, released five years ago, helped power a cost-effective approach to cyber risk management at the Defense Department that aligns in many ways with how the framework is employed by the private sector, according to senior National Security Agency official Pat Arvidson.