The Wrap: IDEA Act Guidance Incoming; Cyber Central Takes From VA, DHS

Welcome to The Wrap for Thursday, May 18!

?

From the newsroom at MeriTalk, it’s the quickest read in Federal tech news. Here’s what you need to know today:

?

IDEA Act Guidance Incoming

Federal CIO Clare Martorana said today she expects the Office of Management and Budget (OMB) to issue guidance this summer to Federal agencies on how to further implement the 21st Century Integrated Digital Experience Act (IDEA Act) approved by Congress in late 2018. The legislation created a set of minimum functionality and security standards that all public-facing Federal agency websites and digital services must meet, and gave agencies one year to make sure that websites and digital services came in line with the new standards, but progress since then has been uneven. The underlying law, she said at the Fed Tech Day event organized by the Department of Labor, is “four pages of incredible guidance for the journey that most of us have been on in many organizations across government.” The Federal CIO continued, “Agencies will be required to modernize their websites and digital products, digitize forms and services, accelerate the use of e-signatures, [and] standardize and transition to central shared services and standards.”

?

Cyber Central: VA’s ‘Trust but Verify’ Cyber Approach

The Department of Veterans Affairs (VA) is implementing a "trust but verify" approach to all of its IT acquisitions to ensure its cybersecurity components are fully compliant with President Biden’s cybersecurity executive order (EO), said VA Chief Acquisition Officer Michael Parrish at MeriTalk’s Cyber Central event on May 17. Parrish explained how the EO has helped to improve supply chain security by elevating cybersecurity standards for vendors. “I think we’ve seen significant improvement. I think what it’s really done in the acquisition community is it’s helped to provide two things,” Parrish said. “One is it’s brought the standards that we do for procurement of widgets and products, it’s gotten to software to be able to get to that same level of standardization.”

?

Cyber Central: DHS Input on National Cyber Strategy

A top policy official at the Department of Homeland Security (DHS) said that her office has played a significant role in helping to craft the White House’s National Cybersecurity Strategy, and will continue to do so when it comes to implementing the strategy. “The National Cyber Strategy was a really big deal for the entire Federal government, the nation, and really the world,” DHS’s Office of Strategy, Policy, and Plans Chief of Staff Tracy Pakulniewicz said during MeriTalk’s Cyber Central event on May 17. “The dynamics that exist within [our] office really had a large role in crafting that document.” Pakulniewicz emphasized that the strategy is “going to give us the tools that we need to – and the direction and guidance that we need – to make sure that we’re drafting policies, operationalizing ideas, engaging with the right partners, to make sure that we continue to secure our networks and keep our country safe, our homeland safe.”

?

GAO Flags DoT Cyber Policy Implementation

A?new report ?from the U.S. Government Accountability Office (GAO) finds that the Department of Transportation (DoT) can be doing more to effectively implement cybersecurity policies across the agency and its components. On the plus side, the watchdog agency found in the May 15 report that DoT “has established cybersecurity roles and responsibilities for officials that manage cybersecurity at agencies within the department.” And it said that “DOT’s Chief Information Officer regularly communicates with staff about cyber threats, and provides cybersecurity tools and technical assistance.” On the still-needs-work front, GAO said it also “found that DOT could improve how it implements cybersecurity policies,” GAO said. It cited one example in which “DOT reviewed component agency cybersecurity programs for agencies within the department, but didn’t use the reviews to address longstanding cyber issues.” The GAO report came at the same time as DoT has been dealing with a?data breach ?that exposed the data of 237,000 current and former Federal employees.

?

CIA’s Eye on the Cyber Threat

The Central Intelligence Agency (CIA) is hyper-focused on cybersecurity and is conducting simulated cyberattacks to better understand the “bad actors” who are trying to do “the unthinkable,” the agency’s chief information security officer (CISO) said on May 16. Joseph “Rich” Baich, who?became ?CIA CISO last year, said he has found “a very strong tone from the top regarding cybersecurity. Within the agency, cybersecurity is every individual’s responsibility. We’re implementing, we’re configuring, we’re innovating technology.” Speaking during an Intelligence and National Security Alliance (INSA) webinar, Baich said CIA cyber officials are focused on “utilizing simulations to understand the effectiveness of our controls … bad actors have the advantage because they get to study, watch, learn and more importantly, do the unthinkable. We as defenders need to be ready.”

?

Once again, let’s “call IT a day,” but we'll bring you more tomorrow. Until then please check the MeriTalk breaking news website throughout the day for the latest on government IT people, process, and policy.

?

And finally, please hit the news tip jar [with leads, breaking news, or simply your two cents] at [email protected].