Quick Hits
*** Rep. Will Hurd (R-Texas), formerly chairman of the now-defunct IT Subcommittee of the House Oversight and Reform Committee, is moving over to the House Appropriations Committee. Hurd, now in the minority party, is joining the subcommittees on Military Construction and Veterans Affairs and on Transportation, Housing and Urban Development.
*** Former House legislative assistant Matt Pincus is joining the National Association of State Chief Information Officers. Pincus, most recently the deputy legislative director at the National Guard Association of the United States, will assume the role of NASCIO’s director of government affairs, working on both federal and state policy. NASCIO announced the hire Jan. 30.
*** The Pentagon may outsource supply chain cybersecurity measures by allowing companies to verify defense subcontractors' adherence to a standard framework.
During a Jan. 29 Senate Armed Services Cybersecurity Subcommittee hearing on Department of Defense policies and threats, DOD CIO Dana Deasy said contractors were "an extension of what we do" and must be treated as a part of the department’s own networks.
To help with that, DOD is considering a model in which a company certified by the organization would check a sub-contractors' security posture against the National Institute of Standards and Technology cybersecurity standards.
"A lot of the problems that have occurred," Deasy said, "it does come back many times to basic hygiene."
The goal is to better to enforce compliance and move away from a self-certification process to one where DOD's under secretary for defense acquisition and sustainment would evaluate and validate the self-assessments, then assign confidence scores.
One early-stage idea involves "identifying and possibly even certifying companies that can play the role, that can follow the NIST standard, and actually go in and look at a second- or third-tier supplier," Deasy said.
There's discussion on the right approach to combing through the entire defense industrial base's cybersecurity posture, Deasy said, adding that artificial intelligence will likely be able to play a future role in protecting the supply chain.
"Looking at how do you take your entire supply base, the NIST standards, the hygiene problems we see, can you apply AI to this problem to start to identify where you may most likely are going to experience problems in the supply chain?" he asked. "This is a good case where we can apply machine learning in looking at this problem."