Tuesday, April 23, 2024
Rick has more than 30 years of experience in covering federal policy, and has worked as an editor and reporter in such key policy areas as energy and environment, health care policy, and now cybersecurity and the tech industry. Rick is a founding member of the editorial team at Inside Cybersecurity, reporting on federal cybersecurity policies since their earliest stages, and is a regular contributor to Inside Defense.
The information technology industry is raising serious concerns about the unintended consequences of a federal ban on purchasing products from tech giant Huawei and other China-based companies, arguing regulatory language affecting defense and civilian agency contractors should be narrowed to limit its impact.
The Defense Department's cybersecurity certification program hinges to large extent on the establishment of an accreditation body that will certify an army of third-party assessors, with the group's recently installed board chairman saying funding and language for a binding agreement with the Pentagon on roles and responsibilities are still in the works.
The Defense Department has announced plans for a meeting next month with industry officials to examine potential problems to a sweeping ban on the use of China-based Huawei and ZTE products by federal contractors, a move that marks a major milestone in broader federal efforts to counter cyber threats from Beijing.
Pentagon acquisition officials say a sweeping cybersecurity certification program issued last week will take six years to fully implement, a phased-in schedule that defense industry officials say is the result of pressure by the contracting community about mitigating costs.
The cybersecurity certification firm HITRUST has emerged as a prominent player in the Defense Department's efforts to establish a landmark program to certify the data-security practices of the entire defense industrial base.
A report by a bipartisan think tank on countering threats from China says Defense Department efforts could be bolstered by tougher technology export controls developed by a government-wide rulemaking process, a recommendation that underscores an ongoing regulatory debate prompted by a Commerce Department proposal.
The industry leaders of a CISA task force on supply-chain security say the Defense Department's emerging cybersecurity certification program is among the issues to be addressed by a new "tiger team" being formed to coordinate federal regulatory requirements.
The Accreditation Body for implementing the Defense Department's landmark cybersecurity certification program has announced a full board of directors, less than two weeks after the deadline for accepting applications for the positions.
The increased threat to national security from new technologies in cyberspace will impose unprecedented responsibilities on private industry to protect critical infrastructure, while challenging government policymakers to preserve civil liberties in meeting these emerging risks, according to National Security Agency General Counsel Glenn Gerstell.
The Defense Department is required at the beginning of next month to produce a framework for improved cybersecurity of the nation's defense industrial base, including regulations and metrics for measuring the security of contractors with implications for software development and cloud computing.
The first members have been announced for a board that will form an accreditation body to certify the cybersecurity practices of Defense Department contractors, with nearly 100 applications received for the remaining six positions expected to be filled within the next few weeks.
An accreditation body that will certify third parties to audit the cybersecurity practices of Defense Department contractors is expected to form its complete board of directors by the end of next week, clearing the way for signing a Memorandum of Understanding with DOD acquisition officials by the beginning of February, according to officials involved in the effort.
The National Institute of Standards and Technology is preparing to issue another round of draft revisions to foundational data security and privacy guidelines for public comment, a milestone for a document that has major implications for federal efforts, including at the Pentagon, to secure crucial systems and data from foreign adversaries.
Industry working groups tasked with implementing the Pentagon's landmark cybersecurity certification program have selected the University of Virginia's Ty Schieber as board chairman to lead the process for selecting a board of directors for an accreditation body that is expected to be up and running later this month.
President Trump is asserting executive privilege to withhold annual reporting of military operations in cyberspace to senior members of Congress, based on his signing statement last month in enacting the Fiscal Year 2020 National Defense Authorization Act.
The next two months could be crucial for the federal government's landmark efforts in setting cybersecurity requirements for contractors and agencies to protect national security and other information from foreign adversaries, with a proposed rule later this month and comments due in February on banning Huawei and other China-based tech products.
Industry-based working groups backed by the Pentagon are seeking broader input on developing an accreditation body for certifying third-party cybersecurity assessments of defense contractors, as Defense Department officials race forward with plans to sign an agreement next month with the private sector on oversight of the landmark certification program.
The Defense Department has issued a draft plan for its Cybersecurity Maturity Model Certification program that addresses the highest levels of risks for contractors and relies on security controls developed by the National Institute of Standards and Technology that are still under review.
The America's Small Business Development Centers this week is hosting the first of what is expected to be dozens of classes throughout the country over the next couple of months that are intended to prepare companies for the Pentagon's Cybersecurity Maturity Model Certification plan expected to be finalized early next year.
The Defense Department has convened a series of industry working groups to develop recommendations for creating an accreditation body that will be central to a cybersecurity certification program for Pentagon contractors expected to be up and running next year.