The Wrap: CISA Skeleton; Laying Blame on VA; Brush Your Cyber Teeth
Welcome to The Wrap for Wednesday, September 27!?
?
From the newsroom at MeriTalk, it’s the quickest read in Federal tech news. Here’s what you need to know today:
?
CISA Skeleton Staff
Halloween is five weeks away, but the Cybersecurity and Infrastructure Security Agency (CISA) is already getting fitted for a skeleton costume courtesy of Capitol Hill lawmakers who don’t appear to be making much progress on funding Federal government operations past Sept. 30 when fiscal year 2023 money runs out. That’s the word from the Department of Homeland Security (DHS) – CISA’s parent agency – which said yesterday?that only 571 of CISA’s 3,117 employees would continue to work through a government shutdown – meaning that 79 percent of the agency’s staff would be staying home until government funding is restored. Bryan Ware, formerly assistant director of the Cybersecurity Division within CISA and now chief development officer at ZeroFox, expressed dismay today about the impact of government shutdown-driven staff furloughs set to take effect at his old agency. “I can’t imagine any company, no matter how well run or efficient they are, doing what they do with 20 percent of their staff,” Ware told MeriTalk. “Sometimes we think that the government is maybe inefficient or slow, but realistically with only 20 percent there, the impacts will be large,” he said, and convert CISA’s capabilities into something more akin to a “firefighting mission.” Ware lamented, “The only things that they will be able to do are the most urgent things, and those are likely to be reactive.” He added, that’s “not the posture that we want to have for a cybersecurity defense organization.”
?
Laying Blame on VA
House members want to know who to blame at the Department of Veterans Affairs (VA) – and what’s? going to happen to them – for VA.gov’s recent?technical problems?that impacted the disability claims of thousands of veterans. The agency faced plenty of criticism at a Sept. 26 House Veterans’ Affairs Subcommittee on Technology Modernization hearing at which Chairman Matt Rosendale, R-Mont., said the website problems – some of them long running and complicating vets’ ability to get benefits – mean that “the VA is badly in need of independent oversight.” VA officials including CIO Kurt DelBene absorbed the blows from subcommittee members, who still want more accountability for the problems from the agency. “I think that people need to be held accountable and holding someone accountable is not just saying ‘you’re accountable.’ It is sanctions against someone that missed this, because in this case, 56,000 veterans are paying the price,” Rep. Keith Self, R-Texas, said. Added Rep. Morgan Luttrell, R-Texas, “I greatly appreciate what the VA does as a whole, but when you get down to the granular level, I think we have a problem with addressing the major issues and leadership and not being held accountable for things that they do or do not do in upholding their fiduciary responsibilities to veterans like myself,” Rep. Luttrell said. “My concern is that nobody’s holding you responsible for this.”
?
领英推荐
CISA PSA: Brush Your Cyber Teeth
While our calendars have already been marked for two decades to show that October is Cybersecurity Awareness Month, the challenge for Cybersecurity and Infrastructure Security Agency (CISA) – and Wrap headline writers – is finding new ways to make sure people know about it. For this year’s effort, CISA is kicking off its public service announcement (PSA) “Secure Our World” campaign that is focused on increasing cybersecurity awareness across government and private entities. The PSA?announcement?was unveiled by CISA Director Jen Easterly, who said, “we aim to equip digital citizens with the basic tools that are needed to keep ourselves safe and secure online.” She added, “we want to make keeping information safe, just like buckling the seatbelt, brushing the teeth. Cyber hygiene is easy as a regular hygiene every day.” Per Easterly, if you can only do four things, make them these ones: use strong passwords for sensitive accounts; enable multifactor authentication; recognize phishing and report phishing attempts; and update software regularly.
?
Warner Presses OMB on IoT
Senate Intelligence Committee Chairman Mark Warner, D-Va., called on the Office of Management and Budget (OMB) in a Sept. 26 letter to review all Federal agencies’ cybersecurity policies for internet of things (IoT) devices to ensure they meet National Institute of Standards and Technology (NIST) guidelines, as required by law. OMB is required to review these policies under the?Internet of Things Cybersecurity Improvement Act, which was signed into law in December 2020. While NIST has held up its own statutory obligation under the law – publishing the?IoT Device Cybersecurity Guidance for the Federal Government?in November 2021 – OMB has yet to do so on its end. Sen. Warner is hoping to hasten OMB’s progress by posing a list of questions about when the work is going to get done.
?
Fed Secure Cloud Advisory Committee Meetings Set
Speaking of marking your calendars, FedRAMP aficionados may want to block out time in October and November for the first four public meetings of the Federal Secure Cloud Advisory Committee (FSCAC), which will be developing recommendations on the secure adoption of cloud computing products under the Federal Risk and Authorization Management Program (FedRAMP). In a?meeting notice?posted to the Federal Register on Sept. 25, GSA said the FSCAC will develop FedRAMP recommendations for GSA Administrator Robin Carnahan, the FedRAMP Board, and Federal agencies. The meetings are set for 1 to 3 p.m. on Oct. 19, Oct. 26, Nov. 2, and Nov. 9. Members of the public can attend the FSCAC meetings virtually and sign up to provide oral public comments during the meetings when registering. Meeting registration and more information are available at?https://gsa.gov/fscac.
?
Once again, let’s “call IT a day,” but we'll bring you more tomorrow. Until then please check the MeriTalk breaking news website throughout the day for the latest on government IT people, process, and policy.
?
And finally, please hit the news tip jar [with leads, breaking news, or simply your two cents] at [email protected].