At a glance.
- The National Defense Authorization Act as a vehicle for Cyberspace Solarium recommendations.
- Risks to elections, and the cost of securing them.
- Policies for telework: advice from CISA and NSA.
Implementing Cyberspace Solarium recommendations.
One of the co-chairs of the Cyberspace Solarium Commission, Representative Mike Gallagher (Republican, Wisconsin 8th), thinks that the National Defense Authorization Act is the right place to begin implementing the recommendations the Commission reported. Defense News quotes Representative Gallagher as saying, "We think there's probably about 30% of our recommendations that could be put into the NDAA process." The chair of the House Armed Services Committee, Representative Adam Smith (Democrat, Washington 9th), chairman of the House Armed Services Committee said that the NDAA would be “a logical vehicle” for the recommendations Congress can agree on.
Risks to elections, and the cost of securing them.
The Brennan Center has released a report on election security that advocates increased Federal funding for state election authorities. They examined five states, concluded that they all needed significant help, and that the other states are probably in the same boat as well. The report highlighted four areas the researchers believe should be adddressed:
- "developing the infrastructure necessary to support changed voter behavior (e.g., more voters choosing to register online or to vote by mail)"
- "protecting voters and election workers during elections (e.g., giving poll workers PPE, allowing curbside voting, cleaning polling places, and ensuring that election staff can work off-site as needed without exposing election offices to cyberattacks)"
- "educating the public about changes made to election procedures and polling locations (including notice of changed elections, moved polling sites, and new voting options to reduce density at in-person locations)"
The study offers a detailed breakdown of the cost of addressing these issues in each of the states, and the security enhancements won't come cheap.
Telework in the agencies: advice from CISA and NSA.
As Federal agencies conduct as much of their business online as possible during the COVID-19 pandemic emergency, both CISA and NSA have offered detailed guidance on how to do so securely and effectively.
CISA's recommendations focus specifically on Microsoft Office 360. Because of the haste with which many agencies are deploying the Office 360, CISA thinks it all too likely that sound deployment and configuration practices may be overlooked. They recommend that admins pay particular attention to six best practices:
- "Use multi-factor authentication. This is the best mitigation technique to protect against credential theft for O365 administrators and users."
- "Protect Global Admins from compromise and use the principle of 'Least Privilege.'"
- "Enable unified audit logging in the Security and Compliance Center."
- "Enable Alerting capabilities."
- "Integrate with organizational SIEM solutions."
- "Disable legacy email protocols, if not required, or limit their use to specific users."
NSA's advice, "Selecting and Safely Using Collaboration Services for Telework," after providing considerations to bear in mind when selecting a telework service, offers these high-level recommendations on how to use it:
- "If possible, use government furnished equipment (GFE) that is managed and intended for government use only and secure services designed for government use."
- "If you download a collaboration service app, be sure you know where it came from."
- "Ensure that encryption is enabled when initiating a collaboration session."
- "Use the most secure means possible for meeting invitations."
- "Verify that only intended invitees are participating before beginning, and throughout, each session."
- "Ensure that any information shared is appropriate for the participants."
- "Ensure that your physical environment does not provide unintentional access to voice, video, or data during collaboration sessions."