The Wrap: How Do You Measure Cyber?; Coming Soon: New CSRB Investigation; DoD CIO’s New Policy

Welcome to The Wrap for Monday, September 9

From the newsroom at MeriTalk, it’s the quickest read in Federal tech news. Here’s what you need to know today:

How Do You Measure Cyber?

The United States Department of Defense ’s (DoD) new cyber policy chief is looking for a better way to measure the Pentagon’s cybersecurity progress. In his first public remarks in his new role, Michael Sulmeyer, the first-ever assistant secretary of defense for cyber policy, joined the 15th Annual Billington CyberSecurity Summit in D.C. to discuss his cyber plans. Sulmeyer is only four weeks into his new job, and he is already working with his team to focus not just on the quantity of cyber operations, but also the quality. “One of the things I’ve been talking with my team about and trying to talk with other partners across the government about is, how do we keep score of ourselves? It’s one thing to count the number of operations or something like that, or to count the number of ‘hunt-forwards.’ There is a power in quantity, but increasingly how we talk about our return on the nation’s investment in us,” Sulmeyer said on Friday. “Not just DoD, but the cyber community, more broadly, private sector, public, I think is an area I’m looking to try to work on, again in the weeks and months ahead of telling that story – at least from the Office of the Secretary of Defense side,” he added.

Coming Soon: New CSRB Investigation

The U.S. Department of Homeland Security ’s (DHS) Cyber Safety Review Board (CSRB) is poised to reveal details about its next investigation, the board’s chair said today. “I think we’re going to have an announcement soon,” Rob Silvers, DHS undersecretary for policy and chair of the CSRB, said during a Center for Strategic and International Studies event in Washington, D.C. Any guesses as to what it might be? Recent speculation suggests the CrowdStrike outage in July is a leading candidate for the CSRB’s next investigation. Members of Congress, such as Rep. Ritchie Torres, D-N.Y., have also called on the CSRB to investigate the CrowdStrike outage. When asked if the board might investigate the global computer outage caused by a flawed CrowdStrike software update, Silvers mentioned that the board follows specific criteria for selecting incidents but did not provide further details. “One of the questions we often get is, how is it decided what incidents will come under review? And [there’s] a list of criteria that are considered,” Silvers said. “Was it a high-impact, severe incident? Was it the type of incident where a deep study would likely yield new facts and new lessons learned? Has it been closely studied and scrutinized? And is there an element of discretion where it would be in the national interest to review it?” Stay tuned to see if the CrowdStrike outage fits the bill.

DoD CIO’s New Policy

The DoD Chief Information Officer is tightening up security around the department’s information systems with a new policy on managing access to DoD IT resources. The new policy, which took effect on Sept. 3, outlines the roles of the DoD CIO and other component heads to streamline access management for the department’s IT systems. The policy also tags the chief data and artificial intelligence officer (CDAO) to bolster data and AI efforts to support dynamic access. The goal of the policy: to enhance security and streamline access management while ensuring that the DoD’s IT systems are as efficient and interoperable as possible. “Access to DoD information systems will be managed to preserve DoD security,” the document states. “While efficiency and interoperability are key, IT resource and system owners must adhere to the protocols and procedures outlined for access management.”

NTIA Wants to Hear From You

Calling all data center experts! The National Telecommunications and Information Administration (NTIA) wants more information on the challenges surrounding data center growth, resilience, and security “amidst a surge of computing power demand due to the development of critical and emerging technologies.” According to the Sept. 4 request for information (RFI), NTIA will rely on these comments to issue a public report capturing economic and security policy recommendations for fostering safe, secure, and sustainable data center growth. “Data centers are important enablers for economic growth and technological development,” the RFI says. “Their capabilities for data processing, ubiquitous connectivity, secure storage, cost-efficiency, and economy-wide job creation, among others, yield substantial benefits.” The document consists of 11 questions seeking more information on future challenges and opportunities for data centers – including modernization, supply chain risks, and security. NTIA is looking for responses to the RFI by Nov. 4.

Once again, let’s “call IT a day,” but we'll bring you more tomorrow. Until then, please check the MeriTalk breaking news website throughout the day for the latest on government IT people, process, and policy.

And finally, please hit the news tip jar (with leads, breaking news, or simply your two cents) at [email protected] .