FCW Insider: Oct. 5

House appropriators struck a deal to give federal civilian employees a 1.9 percent pay raise for 2019, backing a Senate move to hike federal pay and bucking a freeze proposed by the Trump administration. But a union official cautioned that nothing is official until the president's signature is on the bill. Chase Gunter reports.

An explosive, anonymously sourced story in Bloomberg alleges that China infiltrated the supply chain of Super Micro, a leading global supplier of servers. The companies named, Super Micro, Amazon and Apple, have denied the allegations in specific detail. Whether or not the reporting stands up, the allegations point to ongoing vulnerabilities in the global technology supply chain, and possible design gaps in the way servers are managed remotely.

The Justice Departmentcharged seven Russian nationals in a global hacking disinformation campaign stretching across several years and multiple continents. Mark Rockwell has more.

The Internet of Things ecosystemposes risks to federal government networks, both through devices operated by agencies and IoT gear at vendors. The National Institute of Standards and Technology has decided the problem of IoT security deserves urgent attention. Matt Leonard explains.

FCW Insider will not publish Oct. 8 due to the Columbus Day holiday. The newsletter will pick up Tuesday Oct. 9.

Quick Hits

*** The Defense Department is delivering a report to the president that highlights 300 vulnerabilities or security gaps in the defense industrial base on Oct. 5. In response, President Donald Trump is also expected to sign presidential determinations that would allocate existing funds to help mitigate the vulnerabilities.

The report points to "five macro forces" that have create gaps in the ability of the defense industrial base to deliver materiel and support to warfighters. The macro forces are budget sequestration and uncertainty of government spending, decline in U.S. manufacturing capabilities, industrial policies in competing nations, government procurement practices and diminishing labor skills both in science and technology occupations and in trade skills, such as pipefitting and welding.

"What we have at the end of the day is a situation where we’ve identified a number of vulnerabilities which demand immediate action," the official said.

The report evaluated single points of failure within a supply chain, such as for a weapons system, which can involve multiple tiers one of which could be a firm that produces a component for the F-35 but wouldn't be able to ramp up production if needed.

One expenditure under the effort involves $70 million to a plant that produces gun components to modernize and secure production lines, but the official declined to share an overall dollar figure for investments.

Other risks included suppliers facing failure because of uncertain budgeting issues, fragile markets in which a firm is producing items that don't have a commercial use and components that are only made by a single company. For example, there’s only one qualified manufacturer for the propeller shafts for ships and submarines, and ammonium perchlorate which is used for rocket fuel and missiles.

The report covered nine sectors and is the result of a multi-department collaboration, including Homeland Security, Energy, Labor and Commerce. It is also a requirement from executive order 13806 that was signed in July 2017.

*** Is China attempting to interfere or influence the 2018 midterm elections or with U.S. politics more generally. And if so, how? That has been the question reporters and cybersecurity experts have been asking since President Donald Trump’s comments last week accusing China of seeking to meddle in the upcoming November elections. The answers provided by various national security officials have been less than clear.

On Oct. 2, Secretary of Homeland Security Kirstjen Nielsen said there is "no indication that a foreign adversary intends to disrupt our election infrastructure" and that Chinese influence operations are "part of a more holistic approach to influence the American public in favor of China."

The next day, William Evanina, director of the National Counterintelligence and Security Center, spoke at a conference hosted by the U.S. Election Assistance Commission. When asked specifically about the president's comments and whether election administrators should be worried about attacks from China, Evanina appeared to concur.

"Russia is the shiny object, obviously we're aware because they've done it [in the past], but China is heavy in the influence process, with our electoral process, with specific candidates, and we need to be aware of that," he said.

Evanina said he was talking more about social media and malign influence operations than specific threats to voting or election systems, though he did not provide any specific information on new or ongoing operations.

That same day, an analyst for cyber threat intelligence firm FireEyesaid the firm hasn’t seen any evidence that China is actively attempting to manipulate specific issues or shape electoral outcomes the way Russia is alleged to have done in 2016.

*** The number of Freedom of Information Act requests government receives annually continues its trend upward -- in fiscal year 2017, the most recent data available, government received a record-high 818,217 FOIA requests. Melanie Pustay, director of the Department of Justice's Office of Information Policy, predicted the total for fiscal year 2018 is "going to be near a million."

"Agencies are going to need to use a whole range of technologies to maximize their effectiveness in administrating the FOIA," she said in remarks at an Oct. 4 meeting of a FOIA advisory committee.

The Chief FOIA Officers Council is turning more of its focus to technology, and standing up a dedicated subcommittee to help agency offices that handle records requests improve their uses of IT. The establishment of a technology subcommittee, which will be chaired by representatives from the Department of State and the Veterans Health Administration, was a recommendation made by the FOIA Advisory Committee to the National Archivist earlier this year.