FCW Insider: July 31

Government auditors and a former top cyber official are concerned that CyberStat reviews are declining, but a senior official says the numbers reflect a more substantive and collaborative cybersecurity review process. Derek B. Johnson wonders what ever happened to CyberStat.

Navy CIO Thomas Moldy reminded department personnel in a recent memo about government-wide and service policy covering use of personal communications accounts to conduct official business. Adam Mazmanian has the story.

Steve Kelman digs deeper into the ways non-traditional contractors are changing the federal IT community. Learn how companies like Oddball and Fearless are taking on the federal marketplace.

An international group of criminals is using federal agency solicitations to steal hundreds of thousands of dollars of IT gear, according to a watchdog report from the Office of Inspector General at the Department of Homeland Security. Mark Rockwell reports.

Quick Hits

*** The top human resources official at the Department of Homeland Security told a Senate panel July 30 that the agency was rewriting its hiring playbook for cybersecurity specialists thanks to authorities granted by Congress in 2014.

Angela Bailey, the chief human capital officer at DHS, told the Senate subcommittee charged with oversight of federal workforce issues that by the spring or summer of 2020, the agency would start hiring cybersecurity specialists under a new set of regulations.

"We blew up everything that had to do with current way of recruiting, hiring, and paying folks and started from scratch and built a 21^st century hiring system," Bailey said.

Under the new system, DHS will be able to recruit and make offers to cybersecurity specialists at conferences like Black Hat and put out calls to recruit individuals with particular skills – say digital forensics – and match resumes with open positions.

Bailey told Sen. Tom Carper (D-Del.), a sponsor of the original legislation seeking expedited and enhanced hiring for cyber personnel at DHS, that officials were leveraging the new authorities to execute their version of civil service reform.

"I think what you'll find is you gave us something that is just spectacular and we didn't waste it," she said.

*** The Cybersecurity and Infrastructure Security Agency at DHS plans to use small drones to record and participate in exercises testing the vulnerability of critical infrastructure sites. According to a privacy assessment released July 30 by DHS, testing could include piloting a small drone with an unidentified payload into a sports stadium to test incident response. Another aspect of the testing includes the photography and data collection via drone of exercises at critical infrastructure sites. It's this second aspect that necessitates the privacy assessment because of the possibility that images of non-participants could be gathered along with those of officials and volunteers actively participating in a particular exercise. According to the assessment, photography generally won't be of a level of resolution to identify individuals.