FCW Insider: Sept. 21

A new cybersecurity strategy "starts today," White House National Security Adviser John Bolton told reporters on a Sept. 20 call. The Trump administration is warning adversaries that more offensive action is coming.

"We're going to do a lot of things offensively, and our adversaries need to know that," he said. "We're not just on defense as we have been … for a period of time," Bolton said.

The strategy put much of the policy work coming out of the White House, the Department of Defense and the Department of Homeland Security under a single wrapper, FCW's Derek B. Johnson writes, and it settled some of the turf wars between DHS and the Pentagon. Bolton said "each agency [now] knows its lane and is pursuing it vigorously."

Meanwhile, Sen. Ron Wyden (D-Ore.) is concerned that the Senate Sergeant at Arms, which manages technology for lawmakers and staffs, isn't empowered to protect the personal emails and devices used by members and staffers on the campaign trail and away from official networks. Wyden warned in a letter to Senate leaders that personal devices of members and staff are coming under attack from nation-state adversaries. Google later confirmed that it had forwarded reports of attacks to Wyden's office. The Sergeant at Arms may need statutory authority to spend its money on personal and campaign cybersecurity.

In 2016, Linus Barloon II, then a Senate Sergeant at Arms techie and now its top cyber official, told FCW that while SSA had authority over Senate networks, "our security to some degree stops at the doorstep of the member's office."

When the National Solar Observatory abruptly shut its doors last week there was an outbreak of speculation that extraterrestrial life had been discovered at New Mexico facility. It turned out that a law enforcement investigation precipitated the sudden closure, and it came as FBI agents were closing in on a facilities contractor who allegedly used the observatory's Wi-Fi network to download and share child pornography. The FBI and observatory IT personnel teamed up to set a trap on the facility's Wi-Fi network to capture evidence of the illegal activity. Mark Rockwell has the story.

The Securities and Exchange Commission is losing its CIO and top cybersecurity adviser. Pamela Dyson is leaving the CIO role to move on to a similar post at the Federal Reserve Bank in New York. Agency CTO Charles Riddle will take over as acting CIO. Senior cybersecurity adviser Christopher R. Hetner is staying on until a replacement is named. The news comes as SEC awarded a sole-source cyber forensics contract to FireEye to act as an expert source in case it has to field legal issues arising from a 2016 hack of the agency's EDGAR system for public company filings. Adam Mazmanian has more.

Quick Hits

*** Legacy system outages are increasingly the new normal at federal agencies, according to a new CIO survey and report from Accenture. The report, titled Decouple to Innovate, found that 58 percent of CIOs and tech executives reported two or three "major disruptions or outages" over the past decade. Only four percent of respondents reported no outages over the same period.

Dave McClure, an Accenture principal and former leader of the Office of Citizen Services at the General Services Administration, told FCW that while there was new momentum behind the push to drive agency IT modernization – even at the program and executive level outside IT shops – officials still underestimate the time and money it takes to "decouple" data from legacy system and move to modern managed services and cloud-based systems.

"To free up that data to be consumed by more open architecture, by diverse platforms, requires a sort of decoupling" from legacy code and legacy data-tagging schema, McClure said. "That's hard work."

*** Bug bounty management firm HackerOne bagged yet another government contract. The firm won a $2.3 million deal to manage bug bounties for the Technology Transformation Service at GSA, per a posting on FedBizOpps. HackerOne administers bounty programs for the Pentagon: Efforts there have focused on the Air Force and the Army.

*** A group of senators want to see faster progress from the Trump administration on data privacy policy. White House and Commerce Department officials held meetings with private sector stakeholders over the summer with an eye to making policy recommendations to Congress to unify data rules and eliminate the patchwork of state laws governing data privacy. In a Sept. 20 letter, a bipartisan group of senators on the Commerce Subcommittee on Consumer Protection are urging the administration to issue recommendations on data privacy so that Congress can act in a timely fashion to pass legislation. The letter was signed by Sens. Jerry Moran (R-Kan.), Richard Blumenthal (D-Conn.), Roger Wicker (R-Miss.) and Brian Schatz (D-Hawaii).

"My colleagues and I have met with and heard from a variety of stakeholders, academics and consumer advocates on their priorities related to consumer data privacy practices," Moran told FCW via email. "Since the Commerce Department has been in active discussions with similar outside entities, it was necessary to publicly encourage the agency to coordinate with our offices and ensure Congressional involvement in a privacy national framework."

***Clinicomp, the health record software firm that challenged the Department of Veterans Affairs' $10 billion sole source award to Cerner for a replacement for the agency's homegrown Vista system, may be running out of venues for protest. The U.S. Court of Appeals for the Federal Circuit upheld a lower court ruling tossing out the lawsuit, on the grounds that Clinicomp didn't demonstrate it could have competed to win the electronic health record modernization contract even if it had been opened for bidding.

***The National Institute of Standards and Technology is touting a study that says the agency's Advanced Encryption Standard cryptographic algorithm in use since 2001 has had a $250 billion impact on the economy. Development on AES began in 1996, and from that time to 2017 the effort has paid off $1,976 for every dollar invested by government.

*** Federal Communications Commission leaders are excited about the potential for blazing-fast 5G wireless speeds to transform a range of services and technologies. Republican FCC Commissioner Brendan Carr is excited about the potential of automated vehicles benefiting from 5G as well as telehealth.

"We have a tremendous number of devices now, whether its mobile health applications or smart watches that can do a lot on the telehealth side, but we really need to upgrade our networks to really enable some of that lifesaving technology to truly go to scale," Carr said at a Sept. 20 Politico event.

Democratic Commissioner Jessica Rosenworcel said she's particularly interested in the promise of smart city technology benefiting from 5G and how that technology could improve traffic within a city. "Those are going to have the greatest impact on our day-to-day lives," Rosenworcel said, "and those are the ones we should talk about and those are the ones we should pursue."