Week ahead: Government’s cyber report card due

The White House has vowed to release by Monday a report card on the state of each federal agency’s cybersecurity.

The review will serve as a roundup of the administration’s recently completed 30-day “cybersecurity sprint.”

{mosads}In early June, the White House directed all agencies to take the next month to patch critical vulnerabilities, restrict the number of people who have access to privileged data, speed up the adoption of multifactor authentication and scan systems for malicious activity.

The directive came on the heels of a devastating data breach at the Office of Personnel Management (OPM).

“We said, ‘Run hard for the next 30 days and get big progress on these things,’ ” Federal Chief Information Officer Tony Scott told Reuters in a recent interview. “No excuses, just get it done.”

That race came to an end on July 12. The administration has already touted some successes, reporting that federal civilian agencies boosted their use of multifactor authentication by 20 percent for privileged users. Some agencies even got to 100 percent adoption of multifactor authentication.

But the real judgment will come with the review, expected early next week.

“Some will get there, and some won’t,” Scott said. “There’s probably no CIO [chief information officer] in any federal agency now who wants to be the bottom of the list.”

Also on Monday, the comment period will close for a highly charged Commerce Department attempt to tighten export rules on unknown software flaws.

The government is trying to keep hackers from getting their hands on vulnerabilities to crack U.S. networks.

But the proposed update has been strongly rebuked by security researchers, who warn the rules would limit their ability to share software flaws and test network defenses.

“It’s way too broad and a little arbitrary,” said Jay Kaplan, co-founder of the security firm Synack and a former National Security Agency (NSA) cyber analyst.

The effect, Kaplan and others argue, would be weakened digital defenses at home and reduced competitiveness for U.S. companies overseas.

Although Senate Commerce Committee Chairman John Thune (R-S.D.) told The Hill the issue hadn’t yet hit Capitol Hill, the fight could heat up soon.

Also next week, keep an eye out for signs the Senate may soon move its stalled cybersecurity bill.

While action doesn’t seem imminent, Republican leaders are vowing to get the bill — intended to boost the public-private exchange of data on hackers — on the floor before lawmakers’ August recess.

Battle lines are already starting to form. While the bill, known as the Cybersecurity Information Sharing Act, has strong bipartisan support, a small-but-growing group in the Senate is angling to block it.

Digital rights and privacy groups believe the measure will simply shuttle more sensitive data on Americans to the National Security Agency (NSA), empowering the agency’s surveillance programs.

Sens. Patrick Leahy (D-Vt.) and Ron Wyden (D-Ore.) have led the fight against the bill. Leahy told The Hill on Thursday that they hadn’t yet determined how many votes they could get.

“We’ll know closer to the time,” he said.

 

Recent stories:

The government’s relationship with the controversial Italian surveillance firm Hacking Team may have violated the law: http://bit.ly/1gFqLqc

The Senate now has competing bills aimed at restricting education companies from selling or using student data for targeted ads: http://bit.ly/1MwCBgf

The Senate rewrite of No Child Left Behind would require the secretary of Education to submit a report to Congress on the state of cybersecurity higher education: http://bit.ly/1O9xiUF

Drug store giant CVS has shut down its online photo center after a possible security breach may have exposed credit card data: http://bit.ly/1HDTZMA

British authorities have arrested a man accused of hacking into multiple U.S. federal agencies: http://bit.ly/1HzqRse

Tags John Thune Patrick Leahy Ron Wyden

Copyright 2024 Nexstar Media Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed..

 

Main Area Top ↴

Testing Homepage Widget

 

Main Area Middle ↴
Main Area Bottom ↴

Most Popular

Load more

Video

See all Video