Welcome to MeriTalk News Briefs, where we bring you all the day’s action that didn’t quite make the headlines. No need to shout about ‘em, but we do feel that they merit talk.
Senate Committee Okays $23.6 Billion Multi-Agency Spending Bill
The Senate Committee on Appropriations yesterday approved a $23.688 billion spending bill that, among other measures, funds IT modernization, cybersecurity improvements, and a raise for Federal civilian employees. The FY2019 Financial Services and General Government Appropriations Act funds the Treasury Department, the Judiciary, Small Business Administration, Securities and Exchange Commission , Commodity Futures Trading Commission (CFTC), and several other independent agencies. The CFTC received $281.5 million. Included in the legislation is increased funding to strengthen CFTC’s analytical expertise, cybersecurity capabilities, and financial technology to assist in the CFTC’s mission to oversee U.S. swaps, futures, and options markets. Treasury received $208.751 million for Departmental Offices. Additional funding will go towards investing in IT improvements. In a line item sure to make Feds happy, the bill funds a pay increase for civilian Federal employees of 1.9 percent in calendar year 2019.
FTC Hearings to Focus on Comms, Networks, Privacy, Big Data
The Federal Trade Commission (FTC) earlier this announced it plans to hold between 15 and 20 public hearings between September of this year and January 2019 on whether economic changes, new technologies, evolving business practices, and international developments require adjustments to the agency’s competition and consumer protection enforcement law, enforcement priorities, and policy. The hearings will cover numerous topics including “competition and consumer protection issues in communications, information, and media technology networks,” “the intersection between privacy, big data, and competition,” and its “authority to deter unfair and deceptive conduct in privacy and data security matters,” the agency said. FTC is taking comments through August 20 on its plans.
OMB Receives 500 Comments on ICAM Guidance
The Office of Management and Budget (OMB) received 500 comments on its draft guidance for governmentwide identity, credential, and access management (ICAM), said Jordan Burris, senior cybersecurity advisor to the Office of the Federal CIO at OMB, during an Information Security and Privacy Advisory Board meeting today. OMB released the draft guidance on April 6, inviting public comment to refine the guidelines in the document. Burris noted that the Office of the Federal CIO is now reviewing and adjudicating the comments to update the guidance.
Grant Schneider Joins NSC’s Vulnerabilities Equities Process Board
Grant Schneider, a senior director for cyber policy at the National Security Council (NSC), will need to get new business cards. On Thursday the White House selected Schneider to join the NSC’s Vulnerabilities Equities Process board. Schneider will serve as the new coordinator tasked with determining which software vulnerabilities the government finds should be kept for intelligence gathering purposes and which should be publicly released. “Grant Schneider brings expertise across a range of vital cyber security areas to the Vulnerabilities Equities Process, including incident response,” an NSC spokeswoman said Thursday. “Grant will serve as the chair of the Vulnerabilities Equities Process overseeing the vital task of protecting the public’s interest in cybersecurity.”
Employee Negligence Blamed For Most Data Breaches
Hackers aren’t the biggest cybersecurity concern for U.S. businesses, employees are. Shred-it, an information security company, released a report Wednesday which found employee negligence or accidental loss is a main cause of data breaches. Nearly half of C-Suite executives (47 percent) and small business owners (42 percent) reported that human error or accidental loss by an employee was the cause of a data breach. External vendors also cause significant risk–28 percent of C-Suite execs and 17 percent of small business owners reported human error or accidental loss by an external vendor caused a data breach.
ACLU Guide Advises on Fending Off Government Demands
The ACLU released a guide for software developers dealing with government demands to install malicious software updates on individual users’ devices to potentially bypass passcodes and encryption, turn on cameras and microphones, or track an individual’s location. The guide, intended to preserve privacy and customer data, advises using strong cryptographic signatures, preparing for a government order ahead of time, and obtaining legal counsel. “Governments may ask you for help, or they might seek to compel assistance,” the guide says. “You have the right to say no to requests that are not backed up by a court order. But by obtaining a court order demanding technical assistance, the government might try to compel you to install malware on a user’s machine as a software update that appears to be entirely ordinary, and that comes directly from you. You have a right to challenge these orders in court.”
Northrop Grumman Snags $850M Modernization Contract With State
Northrup Grumman said it won a 10-year contract worth $850 million with the State Department for its Consular Systems modernization program. The company said it will “modernize and consolidate the operational environment under a common technology framework in order to better support the services” provided by the agency’s Bureau of Consular Affairs, including digital transformation of systems supporting passport and visa applications and other functions.