A PubKGroup Product
PubKCyber is the go-to source for the most critical regulatory, policy, and oversight developments related to federal cybersecurity. Our coverage includes federal cyber regulations and policy, local and state activity, international law and agreements, federal regulatory body activity, congressional and agency oversight, and industry standards, as well as legal actions and court decisions related to cybersecurity, privacy, and fallout from security breaches.
Ability to subscribe and post job announcements and advertisements online
A daily email summarizing the day’s top cyber developments relevant to contractors
PubK Event Board
A weekly community calendar emailed to your inbox
Coming in 2017:
A bimonthly update collecting critical developments, with added insight and context, and links to important resources
In response to a letter from 11 former U.S. cybersecurity officials expressing their concerns about preparedness for the 2020 census, Census Bureau CIO Kevin Smith says his office will work with other federal agencies to ensure census data is protected. Smith says the bureau will work with the Department of Homeland Security and the intelligence community to address cybersecurity threats not known to its private sector IT security partners. However, the bureau expects to handle 95 percent of its cybersecurity concerns through commercially available IT security products and services.
Smith responded to a number of specific questions posed in the letter, stating that collected data will be encrypted both in transit and at rest, enumerators’ devices will only contain data until it is transmitted to Census systems, and the bureau will conduct public service announcements to warn the public about rogue websites and phishing.
Contractors may soon need to recalibrate their approach to DoD procurements. The Department recently announced that it is reviewing a strategy dubbed “Deliver Uncompromised,” which lays out recommendations for how it can better secure its vast and varied supply chain. Central to the strategy is an increased focus on security in the procurement process. A contractor’s overall security would join cost, performance, and schedule as key evaluation pillars – marking a significant shift in how contractors compete for work. The strategy recognizes, however, that its success would likely require increased incentives for the contracting community to invest in risk mitigation, including liability protections and tax incentives. Although only a proposal for now, the strategy is yet another indicator of the government’s broader emphasis on supply chain security. Just yesterday, the National Defense Authorization Act for Fiscal Year 2019 was signed into law in record time, with several provisions focused on the same issue.
The Pentagon has a new goal aimed at protecting its $100 billion supply chain from foreign theft and sabotage: To base its weapons contract awards on security assessments — not just cost and performance — a move that would mark a fundamental shift in department culture.
The goal, based on a strategy called “Deliver Uncompromised,” comes as American defense firms are increasingly vulnerable to data breaches, a risk highlighted earlier this year by China’s alleged theft of sensitive information related to undersea warfare, and the Pentagon’s decision last year to ban software made by the Russian firm Kaspersky Lab.
The strategy was written by the Mitre Corp., a not-for-profit company that runs federally funded research centers.
The term “Deliver Uncompromised” grew out of a 2010 meeting of senior counterintelligence policy officials, some of whom lamented that the Defense Department was tolerating contractors repeatedly delivering compromised capabilities to the Pentagon and the intelligence community.
The National Defense Authorization Act for fiscal year 2019 has been signed into law. It authorizes a $717 billion national defense budget, and includes wide-ranging provisions on cybersecurity aimed a such things as: enhancing the military’s ability respond to cyber attacks, protecting the IT supply chain, and encouraging greater public-private collaboration.
The Act establishes a more aggressive posture on U.S. cybersecurity policy, stating that “all instruments of national power” will be used to defend, deter, and respond to significant cyber threats.
The SEC, Cybersecurity, and Registered Investment Advisers: All in the Same Boat Fighting Cybercrime
Greenberg Traurig’s Paul Ferrillo says the SEC’s Office of Compliance Inspections and Examinations is examining the capabilities of domestic organizations to protect against and recover from cyberattacks, to maintain the confidence of investors and the markets. The office has published guidelines to prevent attacks, and will issue critical reports about companies which do not follow them.
“To guard against disastrous cyberattacks, minimize both organizational and reputational risk, and prevent OCIE or enforcement penalties, companies and firms should understand and implement these guidelines at their earliest opportunity,” Ferrillo writes. “This benefits both the organization (to avoid potential regulatory fines and penalties, and liability to other parties affected by a breach) and any investors and limited partners, who could potentially lose millions should there be a successful breach.”