The Wrap: CSRB Hammers Microsoft; Show Your Telework; Lowering Quantum Barriers

Welcome to The Wrap for Wednesday, April 3!

?

From the newsroom at MeriTalk, it’s the quickest read in Federal tech news. Here’s what you need to know today:

?

Cyber Board Hammers Microsoft

Microsoft took a licking from the Department of Homeland Security’s (DHS) Cyber Safety Review Board (CSRB) over what the board called a “cascade of security failures” that led to the summer 2023 Microsoft Exchange Online intrusion?that exposed to China-based hackers the email accounts of Federal government officials including Commerce Secretary Gina Raimondo. CSRB said in its 34-page?report that the intrusion “was preventable and should never have occurred.” In particular, the board pointed to the hackers’ use of a stolen signing key used by the company to authenticate customers, and Microsoft’s failure to quickly detect the compromised signing key which makes up one the company’s “cryptographic crown jewels.” Perhaps even more damning, CSRB called out the company’s security culture, which it said was “inadequate and requires an overhaul, particularly in light of the company’s centrality in the technology ecosystem.” For its part, Microsoft said it’s working to remedy that kind of cultural deficit through its Secure Future Initiative. “Recent events have demonstrated a need to adopt a new culture of engineering security in our own networks,” a company spokesperson said. “While no organization is immune to cyberattack from well-resourced adversaries, we have mobilized our engineering teams to identify and mitigate legacy infrastructure, improve processes, and enforce security benchmarks.”

?

Show Your Telework

That’s one of the central aims of new legislation introduced by Sens. Gary Peters, D-Mich., and Joni Ernst, R-Iowa, that would require Federal agencies to gather quality data and monitor how telework impacts agency performance and Federal property decisions, in order to “weigh the pros and cons of telework policies.” Among other requirements, the Telework Transparency Act would tell agencies to publish their telework policies online, tell the Office of Personnel Management to compile telework data in a central location, and monitor the impact of telework on a range of topics including customer service, backlogs and wait times, cost to operations, security, management of real property and personal property, technology investments, and recruitment and retention. Some lawmakers have been?calling?for more transparency and oversight in Federal agencies’ telework policies for well over a year, arguing that when the governmentwide COVID-19 operating status?ended?on May 15, 2023 agencies should?go back to the office.

?

DoD’s Commercial Space Strategy

The Pentagon has released its new Commercial Space Integration Strategy?that offers a big hug to the private sector for its crucial role in creating the technologies to help the Defense Department (DoD) operate in space, and also brings up interesting questions about DoD’s role in defending those vital commercial space assets. The new strategy broadly covers how DoD plans to integrate commercial space capabilities into military operations, and leans on the premise that the commercial space sector’s innovative capabilities, scalable production, and rapid technology refresh rates hold the keys for resilience of DoD space capabilities. “The commercial space sector is driving innovation,” John F. Plumb, assistant secretary of defense for space policy said in a?statement. “But the impact on national security will be measured by how well the department can integrate commercial capabilities into the way we operate, both in peacetime and in conflict.” The new policy’s four priorities: ensure access to commercial solutions across the spectrum of conflict; achieve integration during peacetime; set the security conditions to integrate commercial space gear; and leverage DoD’s financial, contractual, and policy tools to support the development of new commercial space solutions.

?

Lowering Quantum Barriers

Quantum computing – when it arrives at practical scale – should be easily adoptable. That was the news from Neal Ziring, Technical Director at NSA’s Cybersecurity Directorate, who discussed the need for government and industry to work together now towards that goal during a talk at the Palo Alto Networks Ignite conference on April 2. He said the goals of practical quantum computing development should be interoperability with classical systems, and the creation of “low barrier to entry kind of toolkits that allows folks who are building computing systems – whether they’re for logistics, material science, or whatever – to incorporate the quantum computing capabilities.” Ziring’s timeframe: “A noisy intermediate scale quantum computer that you can reliably use for mission critical things [such as] to do an optimization problem [or] to train machine learning … I’m thinking three to five years out. That’s my crystal ball prediction.”

?

Once again, let’s “call IT a day,” but we'll bring you more tomorrow. Until then please check the MeriTalk breaking news website throughout the day for the latest on government IT people, process, and policy. And finally, please hit the news tip jar [with leads, breaking news, or simply your two cents] at [email protected].