Campaigns grapple with cybersecurity as Russian threat looms
August 1, 2018 — RollCall.com
Amid increased warnings of Russian interference in the midterm elections — and evidence that hackers are targeting candidates — congressional campaigns are trying to balance cybersecurity with the demands of competitive contests. That’s especially difficult for small House campaigns. But experts warn that such campaigns, particularly in competitive races, are prime targets for hackers and foreign adversaries.
Pence stands by intel community in call to increase election cybersecurity
July 31, 2018 — Axios.com
Vice President Pence’s remarks at a Department of Homeland Security cybersecurity conference in New York contained a throated call to better defend elections and American democracy. His comments included an unambiguous acceptance of the intelligence community’s assessment that Russia tampered with the 2016 election — something President Trump has wavered on — as well as praise for state and federal efforts thus far to protect elections. But he noted there was room for improvement.
GAO seeks stronger Federal actions on cybersecurity
July 27, 2018 — thecrimereport.org
New cyber attack technologies are changing the threat landscape, says the U.S. Government Accountability Office in a new report calling for urgent federal action. The watchdog agency says that attackers may be able to do more damage than before as technologies used to carry out denial-of-service attacks steadily advance. “Threats around the globe are emerging and escalating, with foreign adversaries gaining expertise and being backed by governments and others with significant resources” the GAO says. As recent examples, the agency notes that Atlanta’s municipal information system was hit with a cyberattack that prevented customers from paying bills and viewing court information.
Agencies struggling with basic cybersecurity despite Trump’s pledge to prioritize it
July 26, 2018 — WashingtonPost.com
A top lawmaker on Capitol Hill sounded the alarm about agencies’ use of a web program widely known to be outdated and vulnerable. Across town, the Government Accountability Office revealed in a new report that agencies still hadn’t implemented hundreds of recommendations to shore up their cyber defenses. And even the watchdog at the National Security Agency, which is tasked with defending U.S. communication systems, rebuked the agency for failing to properly safeguard sensitive data stored in its networks.
2 panels dive big-time into cybersecurity this week
July 23, 2018 — Politico.com
The House Homeland Security and Government Oversight committees are going gangbusters on cybersecurity this week. Things kick off Tuesday morning when the Oversight panel holds a hearing titled “Cyber-Securing the Vote: Ensuring the Integrity of the U.S. Election System.” At the same time, the Homeland Security panel will mark up a baker’s dozen worth of bills, most notably H.R. 6443, which authorizes DHS’s Continuous Diagnostics and Mitigation program into law and insists that it keep pace with technological advancement as part of its mission to protect federal agency networks.
Government struggling with sharing cyberthreat information, officials say
July 23, 2018 — The Washington Post
Current and former policymakers admit it: The U.S. government needs do a better job sharing cyberthreat information with the private sector if it’s going to defeat increasingly complex cyberattacks from nation states. The exchange of cyberthreat information between the government and companies was the cornerstone of a 2015 bill hailed as landmark legislation to protect against digital attacks.
Federal cybersecurity incidents were up 5% in 2017, GAO reports
July 25, 2018 — Bloomberg.com
Cyberattacks and security lapses in federal computer systems rose 4.9 percent last year, as a third of 3,000 cybersecurity recommendations made by the U.S. Government Accountability Office remain unheeded, the watchdog agency reported. The GAO reported 35,277 security incidents on federal government computers during the fiscal year that ended Sept. 30 including email “phishing” attacks, improper use and loss of equipment, according to the study issued Wednesday. The agency had reported 33,632 incidents for the previous year.
Government’s cyber monitoring program would become law under House bill
July 19, 2018 — Nextgov.com
At least one lawmaker is a fan of one of the Homeland Security Department’s governmentwide cybersecurity initiatives and has introduced legislation to ensure it sticks around and evolves along with private-sector technology. Rep. John Ratcliffe, R-Texas, Wednesday introduced the Advancing Cybersecurity Diagnostics and Mitigation Act, which would codify the Homeland Security Department’s Continuous Diagnostics and Mitigation, or CDM program, a suite of tools for agencies to monitor malicious traffic and hacking attempts.
White House appoints Federal Chief Information Officer
July 19, 2018 — Nextgov.com
The Office of Management and Budget announced Grant Schneider will be the second federal chief information security officer. As such, Schneider will lead cybersecurity strategy across the executive branch and chair the CISO Council. Schneider has been filling the CISO role in an acting capacity and is the National Security Council’s senior director for cybersecurity. He will continue serving in his position on the NSC, according to an administrative official.
Three top FBI cybersecurity professionals to retire
July 19, 2018 — The Wall Street Journal
Three of the top cybersecurity officials at the Federal Bureau of Investigation are retiring from government service, according to people familiar with the matter—departures that come as cyberattacks are a major concern for the country’s security agencies.
Agency Reorg Kick-Off May Feature Cyber Workforce
July 19, 2018 — MeriTalk.com
Margaret Weichert, deputy director for management at the Office of Management and Budget (OMB) and one of the Trump administration’s most visible point persons promoting its plan to reorganize numerous aspects of Federal civilian agencies, said on Wednesday that the first fruits of that plan may be efforts to standardize aspects of the Federal cybersecurity workforce, ease the backlog of Federal background checks, and make improvements in the provision of government digital services generally.
Senator press federal election officials on state cybersecurity
July 11, 2018 — The Hill
Senators on Wednesday pressed top officials from the U.S. Election Assistance Commission (EAC) about their efforts to boost state cybersecurity election systems, with a focus on whether each state should have a mechanism in place to audit their results. “Many elections across the nation do not have auditable elections. They are done completely electronically,” Sen. James Lankford (R-Okla.) told the panel of witnesses at a hearing on election security preparedness convened by the Senate Rules and Administration Committee.
Inside the White House’s Cybersecurity Risk Report
July 8, 2018 — GovernmentCIOMedia.com
The Office of Management and Budget published the Federal Cybersecurity Risk Determination Report and Action Plan in May. It’s an overview of the state of cyber risk in federal agencies, cyber gaps and needs, actions to improve federal cybersecurity and how to implement those actions. The findings are based on an evaluation of 96 agency risk management assessment reports, and according to those assessments, two of the most significant areas of risk are the abundance of legacy IT and lack of experienced and capable cybersecurity personnel.
DNC measures cybersecurity progress since 2016 breach
July 5, 2018 — Politico.com
With the midterms now just four months away, DNC staffers are getting better at flagging phishing emails, to the point where 80 percent of DNC staffers don’t click the links right away. “People have such PTSD about what happened in 2016 that there’s a real desire to improve [security] here,” DNC Chief Technology Officer Raffi Krikorian told CyberScoop. Krikorian, who joined the DNC in June 2017 after serving in senior tech roles at Twitter and Uber, distributed a short cybersecurity checklist that includes recommendations like regularly updating smartphone apps, encrypting laptop hard drives and using two-factor authentication. “If we can do the simple things right,” Krikorian said, “than it will have a disproportionally positive effect.”