Quick Hits
*** The Equal Employment Opportunity Commission is preparing a rule that a federal employee union claims would effectively strip union members of the right to use official time – paid work time that may be devoted to union activities under collective bargaining agreements -- when representing a fellow union member during discrimination proceedings.
The draft rule was shared by the Association of Federal Government Employees in an Nov. 19 press release. In the eight-page document, the EEOC argues that the Federal Service Labor-Management Relations Statute which established "the ability for someone acting on behalf of a labor organization to receive official time" was not created until 1978, rules concerning representation and official time is not covered by the Civil Service Commission, which was established six years earlier.
"The EEOC's sudden move to strip representatives of this long-held right simply because they serve in the union is disgraceful and, if allowed to take effect, will have a chilling effect on the ability of workers to successfully challenge workplace discrimination," AFGE National Vice President for Women and Fair Practices Jeremy Lannan said.
*** Mark Bristow, who leads the Department of Homeland Security's hunt and incident response team for its National Cybersecurity and Communications Integration Center, said that when it comes to agency security executives, it's a little crowded at the top.
"We have too many CISOs in the government. We have too many CISOs," even at DHS, Bristow said during a panel discussion at Defense One's Cyber Summit Nov. 19. "I think between me and the top line of DHS there's like six or seven CISOs. It's just a lot."
Bristow said it's understandable why the information security executives are in place, but having too many lines of authority — each with their own opinions and guidance — creates bureaucracy and "gets in the way of setting strategic vision." The result, he said, impedes cybersecurity mitigation efforts and fosters "organizational stagnation" because "everyone has to fight with like 50 other people to make one change in their environments and our adversaries...they know this is how this works."
*** The National Security Agency warned organizations in a Nov. 19 advisory that malicious actors are increasingly encrypting their activities at the transport layer to avoid detection. The advisory recommends that organizations adopt Transport Layer Security Inspection protocols that decrypt and inspect incoming web traffic for signs of malware or other signs of an attack. However, the agency also warned that this protocol, which typically involves assigning the task of breaking and inspecting traffic to a specific proxy device, could in turn be targeted by hackers for exploitation and is also subject to insider threat risks.