Two US cybersecurity bills signed. US National Defense Authorization Act prioritizes cybersecurity. CISA’s Cybersecurity Advisory Committee recommends new recruitment position.

Summary

By the CyberWire staff

At a glance.

US president signs two cybersecurity bills.
US National Defense Authorization Act prioritizes cybersecurity.
CISA’s Cybersecurity Advisory Committee recommends new cybersecurity recruitment position.

US president signs two cybersecurity bills.

The White House yesterday announced that President Biden signed two cybersecurity-focused bills into law. The State and Local Government Cybersecurity Act of 2021 directs the Department of Homeland Security on improving cybersecurity collaboration with state, local, tribal, and territorial governments. As the Record by Recorded Media explains, the legislation will allow the Cybersecurity and Infrastructure Security Agency (CISA) to offer state and local governments the opportunity to upgrade their digital security tools and procedures in order to increase cyber coordination while strengthening the cyber workforce at the federal level. The second bill, the Federal Rotational Cyber Workforce Program Act, will establish a rotational, inter-agency workforce development program that will allow cybersecurity professionals to sample jobs at various agencies. The idea is to give these employees the opportunity to learn new skill sets and be exposed to the full scope of government work in an effort to make these positions more competitive with private sector employment.

US National Defense Authorization Act prioritizes cybersecurity.

Last week the US Senate Armed Services Committee finalized the 2023 National Defense Authorization Act (NDAA). The military spending authorization bill calls for a 5.5% increase over last year’s bill, including $817 million in Department of Defense (DoD) spending, and a 4.6% pay increase for the military and the DoD civilian workforce. MeriTalk lists the dozens of cybersecurity-related provisions, including the creation of a new Assistant Secretary of Defense position for cyber policy, unclassified reporting through 2032 of US Cyber Command efforts to related to election security, an increase of $180 million for Cyber Mission Force operational support, and $44 million of new funding for Cyber Command’s Hunt Forward Operation. Representative Jim Langevin (Democrat, Rhode Island 2nd District), considered one of the more important cyber lawmakers in the US, took the NDAA as an opportunity to introduce cybersecurity measures that would enhance collaboration and information gathering. Among them: codification of the definitions of the most essential critical infrastructure, the establishment of centers studying vital cybersecurity issues, and the creation of a Bureau of Cyber Statistics. “For the remainder of my time in Congress, I'm committed to advancing the key Cyberspace Solarium Commission recommendations, and this year's NDAA is an excellent opportunity to do so,” Langevin told the Washington Post.

At AFCEA International’s recent TechNet Cyber event, Defense Information Systems Agency (DISA) director Lt. Gen. Robert Skinner presented a list of advancements that would help the agency enhance its operational capabilities, and MeriTalk notes that prioritizing cybersecurity in bills like the NDAA will help DISA optimize network performance to ensure that missions can be carried out in the most efficient way possible. The NDAA will now be sent to the full Senate for consideration, and will then go to the House for debate and voting.

CISA’s Cybersecurity Advisory Committee recommends new cybersecurity recruitment position.

The US Cybersecurity and Infrastructure Security Agency (CISA) will establish a new role, a Chief People Officer to oversee recruitment efforts and ensure that hiring priorities focus on collaboration with the private sector and other agencies to alleviate the public sector’s shortage of cyber talent. In draft recommendations sent to CISA Director Jen Easterly today, Nextgov reports, CISA’s Cybersecurity Advisory Committee urged the agency to focus on finding a Chief People Officer who will collaborate with the director and other leadership to create a unified talent acquisition approach. The advisors wrote, “CISA requires a comprehensive review of its current workforce and talent needs to ensure that it is properly aligned with the agency’s strategic goals and future growth. The review should include assessment of CISA’s policies and processes to support hiring for those needs while better competing with the private sector.” They also advise that CISA streamline the apparently tedious hiring process to more efficiently onboard new hires. They recommend the agency analyze data on candidates to monitor their progress in the hiring process, setting a goal of “90 days from offer to onboarding for cybersecurity candidates,” instead of the nearly two hundred days on average CISA currently takes.

Selected Reading

Pegasus makers face EU grilling. Here’s what to ask them (POLITICO) Uncovering NSO Group’s workings is key for lawmakers trying to gain control of the spyware market.

The world’s biggest surveillance company you’ve never heard of (MIT Technology Review) Hikvision could be sanctioned for aiding the Chinese government’s human rights violations in Xinjiang. Here’s everything you need to know.

Biden signs a pair of cybersecurity bills into law (The Record by Recorded Future) President Joe Biden on Tuesday signed into law two pieces of legislation that will enhance cyber coordination to state and local governments and strengthen the federal cyber workforce, the White House announced.

Press Release: Bill Signed: S. 1097, S. 2520, and S. 3823 (The White House) On Tuesday, June 21, 2022, the President signed into law:S. 1097, the "Federal Rotational Cyber Workforce Program Act of 2021," which establishes a

Senate Panel Okays Cyber-Loaded FY2023 NDAA (MeriTalk) The Senate Armed Services Committee on June 16 completed its markup of the fiscal year 2023 National Defense Authorization Act (NDAA) and voted 23-3 to send the spending bill to the full Senate for consideration.

Defense bill is a major cyber legislation opportunity for Rep. Langevin (Washington Post) Langevin is reaching for cyber measures even as he heads out the door

How ‘Cybersecurity First’ Strategies Can Help Make DISA’s ‘Wish List’ Come True (MeriTalk) A recent keynote address from Lt. Gen. Robert Skinner, director of the Defense Information Systems Agency (DISA), stands out as a perfect example of this digital transformation-inspired dynamic. Skinner spoke at AFCEA International’s TechNet Cyber event and presented a “wish list” of advancements that would help DISA significantly improve operations and solve its problems. “Every great innovation started when somebody said, ‘Wouldn’t it be cool if…’” Skinner told his audience of private sector IT firms.

Bill Would Ban Brokers From Selling Health, Location Data (GovInfoSecurity) Worries among Democratic lawmakers that the U.S. Supreme Court will overturn a key abortion ruling have led Sen. Elizabeth Warren, D-Mass., to introduce legislation

Federal Backstop for Cyber Insurance Should Be Studied, GAO Says (Bloomberg Law) The Biden administration should assess whether private insurers need a federal assistance to help cover losses from cyberattacks on electricity grids, banks, pipelines and other critical infrastructure, a government watchdog said.

Health systems want government help fighting off the hackers (POLITICO) Hospitals look to Washington to provide more security for what they consider critical national infrastructure.

CISA Plans to Hire Chief People Officer to Boost Cyber Workforce (Nextgov.com) Agency advisors are set to vote on a host of draft recommendations which include reviewing the security clearance process for inefficiency.

Former Mandiant exec tapped to run CTIIC, ODNI's cyber threat intelligence center (CyberScoop) Laura Galante comes to the role after several years of running her own cybersecurity firm. The Ukrainian government was one of her clients.

Hawaii Cyber Airmen Awarded For Aiding Community’s Critical Networks (Air National Guard) Three Airmen were presented with Achievement Medals on May 14, at Fort DeRussy for providing major enhancements to Hawaii National Guard’s cyber-response capabilities.