A PubKGroup Product
PubKCyber is the go-to source for the most critical regulatory, policy, and oversight developments related to federal cybersecurity. Our coverage includes federal cyber regulations and policy, local and state activity, international law and agreements, federal regulatory body activity, congressional and agency oversight, and industry standards, as well as legal actions and court decisions related to cybersecurity, privacy, and fallout from security breaches.
Ability to subscribe and post job announcements and advertisements online
A daily email summarizing the day’s top cyber developments relevant to contractors
PubK Event Board
A weekly community calendar emailed to your inbox
Coming in 2017:
A bimonthly update collecting critical developments, with added insight and context, and links to important resources
The White House’s fiscal year 2019 budget request would increase cybersecurity funding by about 4 percent across the government, but with more dramatic changes in the details. The proposed budget includes increases of about 4 percent for cyber funding at the Department of Defense, 23 percent at the Department of Energy, 33 percent for the Nuclear Regulatory Commission, and 16 percent for the Department of Veterans Affairs.
However, the National Institute of Standards and Technology – currently revising the standards that federal agencies are now required to follow – would see a cut of 18 percent. The Department of Homeland Security’s overall cyber funding would remain about the same, redistributed somewhat, with 7 percent more for its cyber and infrastructure protection wing and 15 percent less for the Continuous Diagnostics & Mitigation program.
The Government Accountability Office has issued a report on Homeland Security’s efforts to fulfill the Homeland Security Cybersecurity Workforce Assessment Act of 2014. GAO found that DHS has taken actions to identify, categorize, and assign employment codes to its cybersecurity positions but that its actions have not been timely and complete. For example, although DHS reported in August that it had coded 95 percent of the department’s identified cybersecurity positions, GAO found it had done so for only 79 percent, because it had left out vacant positions. GAO recommends that DHS take six actions, including ensuring that its cybersecurity workforce procedures identify position vacancies and responsibilities; reported workforce data are complete and accurate; and plans for reporting on critical needs are developed.
The Information Security Oversight Office within the National Archives and Records Administration recently issued guidance for all non-executive branch entities (such as elements of the legislative or judicial branches of the Federal Government; state, tribal or local government elements; and private organizations including contractors) concerning controlled unclassified information. Specifically, the ISOO issued CUI Notice 2018-01, which provides CUI guidance regarding information sharing agreements with non-executive branch entities (herein “IS agreements”) that are not governed by the forthcoming CUI Federal Acquisition Regulation Clause. Examples of applicable IS agreements include certain contracts, grants, licenses, memoranda of understanding, and information-sharing arrangements. The ISOO guidance provides both mandatory and recommended language for inclusion in IS agreements.
An AP investigation found that Russian cyberspies pursuing the secrets of military drones and other sensitive U.S. defense technology, tricked key contract workers into exposing their email to theft.
The hackers known as “Fancy Bear” – who also intruded in the U.S. election – targeted at least 87 people working on militarized drones, missiles, rockets, stealth fighter jets, cloud-computing platforms, or other sensitive activities. Fifteen of these targets worked on drones, which are becoming “the forefront of modern warfare.”
As many as 40 percent of those targeted clicked on the hackers’ phishing links. One reported clicking a link on a fake notice about his Gmail account, but realized before he typed his credentials that it was bogus.
Fancy Bear – believed to be working on behalf of the Kremlin – previously attempted to break into the Gmail accounts of Hillary Clinton’s presidential campaign, American national security officials, journalists, and Kremlin critics and adversaries around the world.
Rubio, Cotton Introduce Legislation to Prohibit U.S. Government Use of Chinese Telecommunications Companies
Following the January introduction by Representative Mike Conaway (R-TX) of the “Defending U.S. Government Communications Act,” Senators Marco Rubio (R-FL) and Tom Cotten (R-AR) have introduced a companion bill in the Senate. The legislation which would prohibit the federal government from purchasing or leasing telecommunications equipment and/or services from Huawei or ZTE, industry-leading companies based in China.
“Chinese telecom companies, like Huawei, are directly linked to the Chinese government and communist party,” stated Rubio. Cotton’s statement adds “There are plenty of other companies that can meet our technology needs, and we shouldn’t make it any easier for China to spy on us.”