nextgov
What to Know About "The Cyber" From the First Presidential Debate
The presidential nominees agree that the nation’s cybersecurity will be a priority for the winner of the November election. And that’s where the agreement ends. During the “Securing America” segment of Sept 26’s presidential debate, Democratic nominee Hillary Clinton and Republican nominee Donald Trump offered some of their thoughts—and colorful quotes—on who is attacking US institutions and how to fight them. Here’s what we learned:
- Clinton said the nation faces two types of cyber adversaries: hacking groups motivated by profit and "increasingly" states.
- Clinton attributed the Democratic National Committee e-mail breach to Russia, a step the White House has not publicly taken despite pressure from lawmakers.
- Trump questioned whether Russia orchestrated the DNC breach, offering China or “someone sitting on their bed that weighs 400 pounds” as alternatives.
- Clinton shared a positive view of the nation’s cyber capabilities: “We need to make it very clear, whether it's Russia, China, Iran or anybody else, the United States has much greater capacity. And we are not going to sit idly by and permit state actors to go after our information, our private-sector information or our public-sector information, and we're going to have to make it clear that we don't want to use the kinds of tools that we have.”
- Trump appeared to have doubts: “As far as the cyber, I agree to parts of what Secretary Clinton said, we should be better than anybody else, and perhaps we're not.”
- Trump’s 10-year-old son Barron Trump is good with computers: “He is so good with these computers, it's unbelievable.”
- Trump said the US has lost control of the Internet: “And I think Secretary Clinton and myself would agree very much when you look at what ISIS is doing with the Internet, they're beating us at our own game. ISIS. So we have to get very, very tough on cyber and cyber warfare.”
- Clinton suggested partnerships to avoid social media recruiting: “I think we need do much more with our tech companies to prevent ISIS and their operatives from being able to use the internet to radicalize, even direct people in our country and Europe and elsewhere.”
House Oversight Committee Votes to Hold Clinton Techie in Contempt
The Hillary Clinton e-mail saga continues. On Sept 23, the House Oversight and Government Reform committee voted 19-15 to hold Bryan Pagliano, formerly a tech aide for Clinton while she served as Secretary of State, for failing to testify about Clinton’s private e-mail server that he maintained. “Mr. Pagliano is a crucial fact witness in this committee’s investigation of former Secretary of State Hillary Clinton’s use of a private e-mail server to conduct government business,” said Oversight Chairman Jason Chaffetz (R-UT).
Pagliano, through his attorney, previously warned that were he to testify publicly, he would simply invoke his Fifth Amendment rights. Nonetheless, the resolution passed along party lines. “Mr. Pagliano’s attorney asserts because his client took the Fifth before the Select Committee on Benghazi, he shouldn’t be required to provide testimony to this committee. This is not a good faith argument,” Chairman Chaffetz said. Ranking Member Elijah Cummings (D-MD) accused Republican counterparts of seeking a “photo op” and “ready-made campaign commercial.” “No matter what anyone says, that is not a legitimate legislation purpose,” Ranking Member Cummings said.
House Passes Modernizing Government Technology Act
One week after Rep Will Hurd (R-TX) introduced new IT legislation to the House of Representatives, designed to thrust government into 21st-century technologies, the Modernizing Government Technology Act passed on a voice vote. “Many parts of the federal government’s IT infrastructure are stuck in the Stone Age,” said Rep Hurd, who chairs the House IT Subcommittee. “The MGT Act will save taxpayer dollars, increase government accountability, and help government be more efficient in serving the American people.”
The MGT Act is essentially a combination of two prior pieces of legislation, taking portions of its language from the MOVE IT Act Hurd introduced earlier this summer and the White House-backed IT Modernization Fund introduced by Rep Steny Hoyer (D-MD) in the spring. The bill calls for the creation of working IT capital funds in CFO Act agencies, allowing agencies to bank savings from modernization efforts afoot. As a whole, government spends approximately 80 percent of its $90 billion IT budget on legacy systems. Agencies that are able to show savings from modernization efforts would be rewarded under this bill, allowing them to use savings to fund other modernization efforts, such as moving to the cloud.
Unleashing Digital Talent in the next administration
[Commentary] The adage “good help is hard to find” is especially true for Information Technology (IT) talent in the federal government. The White House recently announced its Federal Cybersecurity Workforce Strategy, which includes a goal of hiring an additional 3,500 cybersecurity and IT specialists by January 2017. The use of existing flexibilities in the government’s system of hiring, training and nurturing talent could enable the government to meet that goal and improve performance today. But many senior IT and human resources managers do not know how to use the system well enough to make this happen. And further, in some areas, the system is so badly broken it is impossible to make progress without substantive reform. The next president should take a pragmatic path to hire more and better IT talent through existing hiring laws, while also enacting a targeted reform program to deliver even better mission results.
[W. Scott Gould is a senior adviser at Boston Consulting Group and former deputy secretary of the Veterans Affairs Department. Jeffrey Neal is a senior vice president at ICF International, former chief human capital officer for the Homeland Security Department, and publisher of the blog ChiefHRO.com.]
Report: Government Mobility Spending Lags Behind Private Sector
Government agencies spend less of their total budget on making operations mobile than commercial groups do, according to new research from IDC. Public-sector spending is about 17 percent of its budget, compared to about 25 percent of private-sector counterparts, according to an as-yet unpublished survey from IDC.
Analyst John Jackson described some of the findings at an AT&T event Sept 7 in Washington. Concerns about the security of apps and the data stored in those apps have been the primary barrier to adoption, Jackson explained. And for at least the past three years, concerns about integrating back-end systems into a mobile strategy have been the second largest barrier to adoption. Jackson predicted public- and private-sector organizations will soon spend more on software services, but spending on software itself is not likely to move much, he said.
Who's In Charge of Regulating the Internet of Things?
So, who governs the Internet of things? Who ensures connected and self-driving cars don’t put their passengers in danger, that security cameras don’t relay video feeds of their users to third parties, or that data collected from billions of consumer devices can be used without compromising personal information? For now, it’s still not clear. Today, several agencies, including the Food and Drug Administration, the Federal Communications Commission, the Federal Trade Commission and the National Highway Traffic Security Administration have authority over some aspects of the Internet of things.
Experts say the regulatory framework isn’t well defined and that agencies will likely need to work together as cases arise that expose the potential downsides of widespread connectivity. As more IoT-related cases begin to test the regulatory framework, “the main thing that connects them is they’re going to have internet connectivity of some sort,” said Lee Tien, senior staff attorney at the Electronic Frontier Foundation. “Regulating a Fitbit is very different from regulating an automobile or regulating an implantable medical device like a defibrillator.” Here’s a look at some of the discussions federal groups are having about regulating the Internet of things.
How to Delight Customers Through Public-Private Partnerships
[Commentary] A key function of government is to address citizen constituent needs. Fulfilling those needs requires implementing innovative and cost-effective services through the public sector’s digital transformation. The goal of citizen service is to provide faster, flexible and more responsive performance in critical mission programs. Partnering with the private sector has proven to be a good channel for innovation and helps deliver best commercial practices for agencies. This collaboration allows for fiscal accountability and provides a vehicle for efficient and fruitful programs.
In any vertical—health care, national security, transportation or education—a starting point for innovation can be in public/private partnering for citizen services. In commercial markets, the pressure is to win, maintain and expand market share while delighting customers with excellent customer service. This same level of pressure is on governments today with the goals of excellent response and effective resolution of any issue.
[Teresa A. Weipert is senior vice president of Sutherland Government Solutions.]
It's Official: MEGABYTE Act Signed Into Law
Agency chief information officers will need to get a better handle on their software license inventories and prepare to show savings to the Office of Management and Budget under a new law. Signed into law July 29, the Making Electronic Government Accountable By Yielding Tangible Efficiencies, or MEGABYTE, Act requires executive agency CIOs to develop a comprehensive software licensing policy in order to track spending on software, identify unused licenses and avoid duplication.
“There is considerable waste in software license expenditures, and implementation of the MEGABYTE Act will rectify this to the benefit of American taxpayers,” said Rep Matt Cartwright (D-PA) who sponsored the bill. The MEGABYTE Act requires CIOs to inventory 80 percent of software license spending and enterprise licenses, regularly track and maintain licenses, and embrace metrics such as software usage data to make cost-effective decisions. The act also requires CIOs to report financial savings or cost avoidance that results from software license management.
Environmental Protection Agency Tests Future of Public Comments
Collecting public comment on federal rules might get a little easier. An Environmental Protection Agency pilot lets citizens comment on specific paragraphs of proposed rules instead of submitting them via e-mail or in a separate text box. It might seem like a minor feature that should have existed before, but EPA is among the first to test drive it, according to a blog post from General Services Administration tech consultancy, 18F.
Since 2015, 18F and the Consumer Financial Protection Bureau have been gradually adding new features to the eRegulations system, an open source platform that hosts proposals online. EPA is trying out the comment feature on a rule that would lay out fees for groups using the agency's hazardous waste tracking system; interested parties can choose to comment on specific sections, such as the rule's "scope" or "preamble."
Time to Stop Hitting the Cyber Snooze Button on US Infrastructure
[Commentary] Power grids have proven to be vulnerable to cyber terrorists. Hackers interrupted a regional power supply abroad (in the Ukraine), and white hat hackers in the Midwest recently demonstrated there’s nothing special about our own grid that would protect our systems from the eventuality of a similar – and potentially much more damaging – fate. Those of us who make our bread and butter in the world of cyber defense have long warned of the possibility of cyberattacks that could threaten our critical infrastructure, our economy and our very way of life by extension.
In July, new legislation was introduced in the Senate to protect our electrical infrastructure from cyberattack. The Securing Energy Infrastructure Act proposes taking our industrial control systems offline in an effort to isolate them from insidious threats that can lurk in our always-on and always-connected networks. While this approach might be a bit unconventionally retro in nature, it is heartening to see members of Congress working with industry to think about new (and old) ways to address a very real and difficult challenge. But further thinking and action are needed on a global scale. By working with our allies and industrial partners across the globe to ensure information sharing about cyberthreats and attacks, we can do much to further secure our collective online existence. The consequences of oversleeping are far too great to consider ignoring the alarm for an extra nine minutes of peace.
[Jack Harrington is vice president of cybersecurity and special missions at Raytheon]