At a glance.
- Experts say US cybersecurity implementation plan could face challenges.
- Democrat and Republican lawmakers scrutinize US intelligence surveillance practices.
- A Maryland county recovers after a cyberattack.
Experts say US cybersecurity implementation plan could face challenges.
As we noted last week, the White House released its National Cybersecurity Strategy Implementation Plan, which details sixty-five federal initiatives to be completed by eighteen government agencies. Decipher notes some highlights of the document, including a push for “secure-by-design” tech development and bolstering protections for critical infrastructure. CISOs are hoping that the plan will harmonize the country’s often disjointed patchwork of cybersecurity regulations. Sounil Yu, CISO at JupiterOne, stated, “Regulatory harmonization as the first item on the implementation plan is a great sign that the White House is hearing industry's concerns. Without harmonized regulations, we must comply with a multitude of different standards, much of which are redundant and sometimes even conflicting.”
The timing of the plan’s release couldn’t be better, as the Government Accountability Office (GAO) last week issued a statement calling for urgency in bringing the strategy to fruition. “it is critical that these details be issued expeditiously so agencies can begin planning and allocating resources to properly execute the strategy,” the GAO stated. FedWeek reports the office added that the current lack of a national cyber director (a role vacated by Chris Inglis five months ago), will likely impede timely implementation. “This vacancy leaves unfilled a key leadership role needed to coordinate the federal efforts to address cybersecurity threats and challenges. Further, sustained leadership in this position is essential to ensuring strategy execution and accountability.”
While the implementation plan is intended to be a roadmap for carrying out the initiatives introduced in the strategy, some experts say there are some critical gaps in the plan. Robert DuPree, manager of government affairs at the security solutions firm Telos, told NextGov.com that “financial potholes," like a recent congressional appropriations bill that guts the Technology Modernization Fund, could make progress more challenging. "It’s impossible to accelerate technology modernization with so little funding and especially if no new funding is provided," DuPree stated. "The administration is going to need to find a new way forward in its multi-year plan." Joel Krooswyk, federal chief technology officer for GitLab, said the plan was lacking in detail. "The plan seems like a 'plan to plan' rather than a plan to implement," Kroowswky stated. "We need tangible directions ... that can provide a starting point for iterative implementation." Other possible hurdles include a critical shortage in the cyber workforce and a divided Congress.
Democrat and Republican lawmakers scrutinize US intelligence surveillance practices.
In the US legislature, concerns regarding government surveillance are at top of mind, and Wired notes that the issue is unifying lawmakers who might otherwise be unwilling to reach across the aisle. At a committee hearing last week, Representative Zoe Lofgren, a Democrat from California, expressed worries regarding Federal Bureau of Investigation (FBI) director Christopher Wray’s recent admission that the FBI had purchased commercial data on US citizens in order to avoid getting a judge’s permission to obtain search warrants. Lofgren noted the importance of further investigating this warrantless surveillance, and Jim Jordan, the committee's Republican chair, voiced his agreement, as did Representative Matt Gaetz, known to be one of the most conservative members of the house. “The American people need to understand what just happened,” Gaetz stated. “My Democratic colleague just asked the director of the FBI whether or not they are buying information about our fellow Americans, and the answer is, ‘Well, we’ll just have to get back to you.’”
Republican lawmakers also asked questions about allegations that the FBI helped to plant a bomb outside of a Democratic Party building on the day of the 2021 insurrection carried out by supporters of former President Donald Trump. Congresswoman Pramila Jayapal, a Democrat representing Washington state, drew attention to a recently declassified report that found the intelligence community was purchasing American’s personal information typically protected under the US constitution like GPS cell phone data, and Republican Thomas Massie questioned Wray about an FBI request for “gun purchase records” from a US bank.
A Maryland county recovers after a cyberattack.
A cyberattack last November targeting the government of Washington county, located in the US state of Maryland, caused major disruption in government operations, and some experts are questioning whether the county has taken the right steps to avoid future incidents. Markus Rauschecker, cybersecurity program director at the University of Maryland’s Center for Health and Homeland Security, stated, “You don’t want to be in a situation where you don’t know what you’re going to do if an incident happens,” adding that each jurisdiction should have a plan which “outlines the exact roles and responsibilities that every entity has with respect to cyber incident response.” When asked about Washington County’s response to the attack, spokesperson Danielle Weaver told the Herald-Mail, "Information privacy and security are among the County’s highest priorities. We have strict security measures in place to protect information in our care…"Washington County continues to review and enhance our cybersecurity posture by implementing additional safeguards."
Weaver, however, declined to offer details about those safeguards. The state of Maryland has suffered its fair share of cyberincidents in recent years, and local governments are increasingly enlisting the help of multiple levels of government to aid in the recovery process. US Congress has instituted a $1 billion State and Local Cybersecurity Grant Program aimed at helping state and local governments improve their defenses, and Maryland is working on a state cybersecurity plan to submit to the Department of Homeland Security to request the federal funding. Washington County recently approved a cyber intrusion detection and monitoring system that will cost over a quarter million dollars a year. “Now we just need to keep on top of it,” said Commissioner Randall Wagner. “No more incidents I hope.”