Lawmakers Unveil Plans for Agency Telework and Cloud Security
Plus the annual defense authorization bill is poised to pass.
Tech and cyber watchers will be focused on the Senate floor this week where the conference version of the National Defense Authorization Act is awaiting final passage. The House passed it Thursday by a vote of 359-54.
The cyber and tech-heavy conference bill banned the Chinese telecoms Huawei and ZTE from federal contracts as expected. It also gave the Pentagon more authority to bar other companies with questionable foreign ties and ordered more details about Defense Department’s $10 billion Joint Enterprise Defense Infrastructure cloud contract, which opened for bids Thursday.
Here’s a full rundown.
Rubio’s Riled Up
One lawmaker who wasn’t pleased with the conference NDAA was Sen. Marco Rubio, R-Fla., who led the charge to include a provision that would have reinstated U.S. penalties that effectively put ZTE out of business.
Those penalties, which the Trump administration reversed, were for violating U.S. sanctions but Rubio and other lawmakers frequently cited the cybersecurity dangers ZTE poses as a reason to keep the penalties in place.
“I don’t think ZTE or Huawei for that matter should be allowed to do any business in the United States. Period,” Rubio told Fox News.
House Homeland Steps Up to Bat
The House Homeland Security Committee forwarded a slew of tech and cyber bills last week, including one that would give the Homeland Security secretary broad authority to bar companies like Kaspersky and Huawei that officials believe pose risks to national security.
Other bills would put the power of legislation behind Homeland Security’s Continuous Diagnostics and Mitigation program and create a chief data officer at the department. Another approved bill would create a top Homeland Security official for drones.
(Fed)Ramping Up Agency IT
Rep. Gerry Connolly, D-Va., introduced a bill that would make it faster and easier for agencies to validate cloud security. The FedRAMP Reform Act encourages agencies to reuse existing authorities to operate instead of subjecting third-party vendors to the program’s cumbersome authorization process.
The bill codifies the 8-year-old program into law, establishes metrics to track implementation across government and clarifies the roles of different agencies and offices in overseeing the program. For example, the Office of Management and Budget is responsible for setting high-level guidance for the program management office and agencies, while the General Services Administration—which houses the FedRAMP program management office—is responsible for day-to-day activities.
Connolly also joined Rep. John Sarbanes, D-Md., to sponsor a bill to expand agencies’ use of telework. The Telework Metrics and Cost Savings Act bars groups from issuing agencywide restrictions on how frequently employees can telework and requires organizations to justify any plans to cut telework to Congress and the Office of Personnel Management.
Under the legislation, OPM would also need to develop a plan to increase government’s use of telework and more thoroughly research its cost-savings.
“Federal government telework programs not only improve productivity, but also save taxpayer money by increasing efficiency, strengthening employee retention and reducing costs for federal office space, as numerous studies have demonstrated,” Sarbanes said.
Get Your DATA Act Together, People
The Digital Accountability and Transparency Act requires agencies to send in quarterly spending data to be published on USASpending.gov, but lawmakers and watchdog groups found much of the information agencies submit is incorrect.
In response, Sens. Mark Warner, D-Va., and Rob Portman, R-Ohio, wrote letters to the Defense, Treasury, Agriculture and Veterans Affairs departments asking for updates on each group’s DATA Act implementation programs. The lawmakers requested corrective action plans from each group by August 15.
First You Indict, Then You Sanction
The Treasury Department should impose sanctions on the 12 Russian military hackers that Special Counsel Robert Mueller indicted earlier this month, according to Sens. Pat Toomey, R-Pa., and Chris Van Hollen, D-Md.
Specifically, the senators want Treasury to use a sanctions authority Congress granted in 2017 specifically aimed at Russians undermining cybersecurity and Democratic institutions, known as the Countering America’s Adversaries Through Sanctions Act, or CAATSA, according to a letter to Treasury Secretary Steven Mnuchin.
“The administration has the ability to sanction them today, and the precedent to support that action,” Van Hollen said in a statement. “As Congress considers additional legislation to deter Russia from attacking future elections, I urge Secretary Mnuchin to use the tools he already has to hold the Kremlin accountable.”
Grid and Bear It
Two senators want a thorough report from the White House on Russia’s ability to disable the U.S. electric grid, including how deeply the Russians have penetrated the grid and what the U.S. has done about it.
The letter from Sens. Maria Cantwell, D-Wash., and Lindsey Graham, R-S.C., comes after The Wall Street Journal reported that Russian hackers had reached U.S. utility control rooms. The article described a years-long operation that had previously been generally described by many cybersecurity companies.
News Flash: Wyden’s At It Again
Sen. Ron Wyden, D-Ore., a well-known cybersecurity scold, wrote to Homeland Security Secretary Kirstjen Nielsen and U.S. Cyber Command Chief Gen. Paul Nakasone, Wednesday, urging the pair to team up to halt government using Adobe Flash.
“Flash is widely acknowledged by technical experts to be plagued by serious, largely unfixable cybersecurity issues,” Wyden wrote.
He urged the pair to order government agencies to halt new Flash deployments within 60 days and to rid federal systems of it by August 2019.
Sen. Ed Markey, D-Mass., and Reps. Luis Gutierrez, D-Ill., and Mark DeSaulnier, D-Calif., asked Amazon for details on the sale of its facial recognition technology, “Rekognition,” to law enforcement groups across the country. In a letter, the lawmakers asked Amazon what groups asked to acquire the technology and whether the company took any steps to ensure Rekognition isn’t used to violate personal privacy rights or conduct secretive government surveillance.
They also asked the company for the results of any internal accuracy and bias assessments it’s run on the software. The letter comes after the American Civil Liberties Union released a report showing Rekognition misidentified 28 members of Congress, including Markey, Gutierrez and DeSaulnier, in a series of mugshots.
At 10 a.m. Tuesday, the Senate Commerce Committee will investigate global internet governance.
At 9:45 a.m. Wednesday, the Senate Commerce Committee will mark up bills including one to make the U.S. more competitive in quantum computing.
Also at 9:45 a.m., the Senate Intelligence Committee will hear from social media experts on foreign influence operations over the web.