Biden’s Nominee to Lead CISA Interested in Reforming FISMA

Hailshadow/iStock.com

Featured eBooks
Digital Transformation
Read Now

Federal IT Modernization Still a Major Challenge

Read Now

DHS’ next chapter as an enterprise services provider

Read Now

What's happening in health tech

Read Now
Mariam Baksh By Mariam Baksh,
Senior Correspondent

By Mariam Baksh

|

Members of the Senate Homeland Security Committee pressed Jen Easterly and other key nominees on supply chain security and workforce challenges.

Congress should pursue efforts to hold federal agencies accountable for their cybersecurity by considering changes to the Federal Information Security Modernization Act, according to President Joe Biden’s nominee to direct the Cybersecurity and Infrastructure Security Agency.  

“I know there was some discussion about [Federal Information Security Modernization Act] reform to ensure that accountability is rightly structured ... I think things like that are very important discussions to have and if confirmed, I would look forward to working with this committee on it,” Jen Easterly said.

Easterly testified before the Senate Homeland Security and Governmental Affairs Committee Thursday along with Chris Inglis, the nominee for national cyber director and Robin Carnahan, the nominee to lead the General Services Administration.  

Lawmakers have expressed a need to clarify agencies’ incident reporting responsibilities, supply chain scrutiny and technology modernization efforts in the context of reshaping the foundational law in the wake of the pandemic and a string of breaches involving federal agencies. 

“I watched just, as all of us did, horrified that so much of the quick policy work and appropriation that was done by Congress wasn't able to get to the people that needed it because of outdated or not working, technology systems and likewise that cyber criminals were gonna take advantage of that and steal money,” Carnahan said.

Carnahan also said GSA has work to do toward removing certain Chinese technology from federal government systems as required under Section 889 of the 2019 National Defense Authorization Act.

“I think it's important that GSA get on with, as the chief buyer, strengthening the supply chain to ensure that it's complying with Section 889,” she told Sen. Josh Hawley, R-Mo. “My understanding is that it has worked on that, but in the end, there's no excuse for not just getting it done. I don't know what the blockers are currently to having this fully implemented and enforcing these rules but if I'm confirmed I'm going to be interested in, as quickly as possible, getting to the bottom of that issue.”

Sen. James Lankford, R-Kan., noted that all three of the nominees would have a role in dealing with removal orders like those surrounding companies like China’s Huawei and Russia’s Kaspersky and asked what their approach would be going forward.   

Carnahan said she would look to automation as a way to better monitor the supply chain. Easterly referenced CISA’s place on the Federal Acquisition Security Council—an interagency group that has the authority to recommend such removal orders—and said she was looking forward to working with that body and a public-private Information and Communication Technology Supply Chain Risk Management task force within CISA. Inglis said the national cyber director’s access to the National Security Council from within the White House would make him well-positioned to advise on legal challenges that can result from such removal orders.

Multiple senators also asked the nominees to describe how they would go about putting a dent in the government’s cybersecurity workforce shortage.

Carnahan said the government could benefit from realizing the attractiveness of positions that allow remote work and is looking forward to hearing from a GSA task force on the future of work. 

Easterly stressed the importance of organizational culture. “You have to build a culture of excellence that prizes inclusion, innovation, collaboration, empowerment and ownership, so that people wake up in the morning and they love what they do and they enjoy their teammates, and they like who they work for,” she said. “That is how you attract the best talent and retain the best talent.” She also noted a need to tap diverse pipelines for talent. 

Inglis agreed with this. “I think we also need to revisit what the fundamental qualifications are to take one of these jobs, not all of them require a bachelor of science in computer science,” he said. “Many of them simply need good critical thinkers, people who've got a good work ethic and we need to open the doors for them to make their way into these jobs such that they can make an immediate and positive difference.”

Inglis is also a proponent of starting earlier and advocates planting the seed about viable cybersecurity jobs as part of the education system in kindergarten through 12th grade.    

“We have found that the pipelines aren't generating enough, either in the diversity or in the literal numbers,” he said. “We need to actually work those pipelines.”

NEXT STORY: Pentagon Weapons Programs Still Struggle to Use Modern Software Practices, Watchdog Says

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.