Friday, April 19, 2024
Rick has more than 30 years of experience in covering federal policy, and has worked as an editor and reporter in such key policy areas as energy and environment, health care policy, and now cybersecurity and the tech industry. Rick is a founding member of the editorial team at Inside Cybersecurity, reporting on federal cybersecurity policies since their earliest stages, and is a regular contributor to Inside Defense.
An agreement by the House and Senate on the fiscal year 2020 defense authorization bill contains numerous cybersecurity provisions, including an expansion of past cyber acquisition reforms targeting foreign adversaries such as China and Russia, and a requirement that the Defense Department develop a strategy for securing next-generation 5G networks crucial to warfare in the digital age.
The Defense Department called a meeting last week with contractors and standards-writing bodies that included presentations from several working groups on recommendations for establishing a cybersecurity certification program, an event that underscores the Pentagon's breakneck pace for creating the landmark program even while core elements remain unresolved.
The Professional Services Council, which convened a lively meeting on behalf of Pentagon acquisition officials last week, is seeking industry input on the "additional activities" of an accreditation body that will establish the requirements for third-party auditors expected to certify the cybersecurity compliance of up to several hundred thousand defense contractors beginning next year.
The Defense Department is planning a December meeting to begin discussions with industry and standards-writing groups on a binding agreement to establish an accreditation body for auditors under a landmark cybersecurity certification program that the Pentagon expects to be "operational" by January.
A bipartisan group of senators is pressing new White House national security adviser Robert O'Brien to establish a telecommunications security coordinator, citing concerns about China and the development of next-generation 5G networks and arguing federal efforts lack a "coherent national strategy."
The congressionally mandated U.S.-China Economic and Security Review Commission issued its annual report this morning, saying Chinese President Xi Jinping is pressing the military to up its investments in cyber warfare despite progress over the past several years by the People's Liberation Army in developing cyber defensive and offensive capabilities.
The Pentagon's "defend forward" cyber strategy was the focus of lively discussion by an American Bar Association panel of national security lawyers late last week, who described the more active approach to countering foreign adversaries as a response to a failed U.S. deterrence posture -- which is also forcing a rethinking of key international norms and the relationship between the military and private sector in defending critical national functions.
The Defense Department's acquisition office has released its much-anticipated latest draft of a cybersecurity certification program for contractors, focusing on the most basic security controls while work continues on requirements for securing the most critical data and systems from "advanced persistent threats."
The Pentagon's acquisition office is seeking industry input on establishing an accreditation body for third-party auditors as part of a cybersecurity certification program for contractors, expected to be rolled out in some form next year.
Tech giant Huawei is rejecting the U.S. government's claim that the Constitution's Bill of Attainder Clause -- which prohibits legislative action declaring guilt -- does not apply to companies, in urging a federal court to strike down a ban on federal purchases of its products and components as part of the build-out of next-generation 5G networks.
The Pentagon's top policy official in the Obama administration is raising warnings about the cyber threats from foreign adversaries such as Russia and China, as conflicts move to a "grey zone" of electronic warfare and advance outages.
The National Defense Industrial Association has issued a report that emphasizes the important role that insurance companies can play in helping smaller businesses get certified -- and stave off potential supply shortages -- under an emerging Defense Department program that would establish baseline cybersecurity requirements for vendors and service providers.
The Cybersecurity and Infrastructure Security Agency task force on supply-chain security was briefed by a Defense Department official who laid out an aggressive schedule for the Pentagon's plan to certify the cybersecurity practices of contractors, with final revisions expected in December and a "transition" to implementation in January.
The White House Office of Management Budget has been reviewing revised standards by the National Institute of Standards and Technology since the beginning of the year, and the absence of that foundational document on federal data protections has stalled -- or at least frustrated -- key cybersecurity initiatives, including the Pentagon's landmark contractor certification proposal.
A coalition of industry groups is urging the Defense Department, General Services Administration and NASA to revise a federal acquisition rule issued this summer that bans the government from purchasing IT and video surveillance products from China, calling for an "annual certification" process to assist small businesses as well as other steps to make those requirements more specific.
The Pentagon's landmark cybersecurity certification program could be scuttled if Congress ends up funding the military through a series of continuing resolutions until after the election, according to Defense Department Special Assistant for Cybersecurity Katie Arrington.
Defense Department Special Assistant for Cybersecurity Katie Arrington said the Pentagon's maturity model for certifying contractors based on their ability to secure data and systems is moving forward, with a revised version of the plan to be released at the beginning of November for use in contracts next year, despite calls from industry and others to slow down the implementation process.
The Small Business Administration's advocacy office is urging the Defense Department to subject its draft cybersecurity certification program to a formal notice-and-comment rulemaking process, warning the complexity and costs of the plan could undermine the Pentagon's contracting goals.
A federal district judge has suggested he may rule against the U.S. government in a case challenging the constitutionality of a federal ban on purchases of products by China-based tech giant Huawei, in explaining why the Justice Department needs to file an additional brief on a core question in the dispute -- the Constitution's prohibition on a "bill of attainder."
The U.S. district court for eastern Texas has ordered the Justice Department to file an additional brief in its arguments rejecting Huawei's claim that a federal ban on purchasing its products is unconstitutional, a move that comes after parties argued in court last week in a case that could determine the government's authority to counter China's cybersecurity threat.