Saturday, February 4, 2023
Charlie is an authority on congressional procedure and politics, and has covered multiple subject areas over the course of his career including the structure of government, ethics, environmental and energy policy, international trade, tax reform, and healthcare reform. A veteran journalist, Charlie writes eye-opening, entertaining pieces for the most informed audiences in the nation's capital. He is a regular speaker and panelist at cybersecurity events in Washington, D.C.
President Biden has signed into law the Fiscal Year 2023 National Defense Authorization Act, unfurling a broad variety of civilian and Defense Department cybersecurity initiatives, while flagging what the White House views as potential overreach in a provision on cyber information sharing with Congress.
The final version of the annual defense policy bill now headed to the Senate floor includes provisions to accelerate work on securing federal systems against the future threat posed by quantum computing and to help advance the government's work on promoting secure artificial intelligence development.
The fiscal year 2023 defense policy bill heading toward final passage in Congress contains an extensive inventory of cybersecurity provisions for the Department of Homeland Security, the Pentagon and other parts of the federal government, addressing issues ranging from the security of federal networks to cyber diplomacy, maritime cybersecurity and clarifying DHS roles and responsibilities in cyberspace.
The Biden administration has released a National Security Strategy focused on challenges from China and Russia, global alliances, deterring nation-state and criminal actors in cyberspace, and bolstering the United States' underlying technological strength.
The annual defense policy bill teed up for Senate floor debate in November lacks the type of landmark cybersecurity elements included in previous years, though cyber provisions related to both the Defense Department and civilian agencies are included throughout the sprawling measure.
An alert from the Cybersecurity and Infrastructure Security Agency and other federal agencies provides details on advanced persistent threat activity targeting a defense industrial base entity with a tool designed to extract sensitive information.
The Cybersecurity and Infrastructure Security Agency and the National Security Agency have put out a new advisory on evolving threats to "operational technology/industrial control system assets," saying "traditional approaches" are insufficient against increasingly sophisticated cyberattacks and offering an array of mitigations.
Enactment of the "CHIPS-plus" law to bolster semiconductor production and U.S. technological innovation is an important step, says Mark Montgomery of the Foundation for Defense of Democracies, but more is needed on research, investment and workforce training to meet the security and economic challenges emanating from China.
The Cybersecurity and Infrastructure Security Agency is partnering with industry on a new awareness campaign to increase use of multifactor authentication, which CISA calls "one of the strongest tools to prevent cyber intrusions," while also taking steps to counter "vigilance fatigue" among cyber defenders.
State-sponsored Russian cyber actors have been targeting the networks of "cleared defense contractors" in a two-year campaign that has allowed the attackers "to acquire sensitive, unclassified information, as well as CDC-proprietary and export-controlled technology" from the U.S. firms, according to an alert today from the Cybersecurity and Infrastructure Security Agency, the FBI and the National Security Agency.
House Armed Services cyber subcommittee Chairman James Langevin (D-RI), whose record includes landmark pieces of cyber legislation as well as the influential work of the Cyberspace Solarium Commission, has announced he will retire at the end of the year.
President Biden's signature on the Fiscal Year 2022 National Defense Authorization Act starts the clock on cyber-related reports, strategies and pilot programs from the Pentagon and Department of Homeland Security on issues ranging from collaboration with the private sector to shoring up the security of industrial control systems, supply chains and state and local governments.
The House and Senate Armed Services committees today unveiled a compromise fiscal year 2022 defense authorization bill to be voted on in each chamber, without including a number of high-profile cybersecurity amendments such as a cyber incident reporting mandate and assorted recommendations of the Cyberspace Solarium Commission.
Major Cyberspace Solarium Commission proposals were not included in the revised version of the fiscal year 2022 defense authorization bill expected to be debated next week in the Senate, but a key Solarium leader says provisions on cyber incident reporting and others remain in play for ultimate inclusion in the legislation.
The fiscal year 2022 defense authorization bill begins its legislative journey today with a closed mark-up in the Senate Armed Services cybersecurity subcommittee, where a couple of Cyberspace Solarium Commission recommendations are expected to be adopted while others dealing with complex critical infrastructure issues could be addressed in floor amendments or separate bills.
Federal officials are digging into policy gaps exposed by the SolarWinds hack, including shortcomings in cyber info-sharing, and weighing actions the United States will take against a highly sophisticated threat actor in response to the massive infiltration of government and private-sector systems, according to deputy national security adviser for cyber Anne Neuberger.
Defense Secretary-nominee Lloyd Austin emphasized the department's supporting role in helping secure commercial networks from cyberattack, and stressed the need for partnerships across government and with the private sector, echoing a common refrain of President Biden's nominees when it comes to cybersecurity.
House and Senate conferees have agreed to include major cybersecurity pieces in the annual defense policy bill, creating a National Cyber Director and adopting other proposals that will make the legislation "the most significant cyber bill Congress has ever passed," according to Cyberspace Solarium Commission senior adviser Mark Montgomery.
The Pentagon's Cybersecurity Maturity Model Certification program will fall short in securing the defense industrial base because it fails to address underlying economic realities that limit how much small and mid-sized businesses can invest in cyber, according to the industry group Internet Security Alliance.
The annual defense authorization bill cleared a hurdle late Wednesday, passing the House Armed Services Committee on a 56-0 vote and advancing a number of Cyberspace Solarium Commission and other cybersecurity proposals.