At a glance.
- US requests $408 million for further integration of CISA’s CDM into Federal agencies.
- Report: FBI improperly searched its databases for three US officials' names.
- SASC would establish a dedicated DOD-run cyber intelligence center.
Biden Administration requests $408 million for further integration of CISA’s CDM into Federal agencies.
Federal News Network reports that the Biden administration’s budget requests $408 million dollars to further integrate the Continuous Diagnostics and Mitigations (CDM) program into CISA’s cyber services. In a blog post, Michael Duffy, associate director of capacity building at CISA said, “I think going back to the basics is almost as important as identifying the new and emerging trends. And I think finding a way that CDM can stand in the middle of those two things, find a good balance and pull them together is really our unique position in the federal government and our ability to provide capabilities and support to do that in an effective way.”
CDM was initially created to provide an operational tool for agencies to monitor their cyber assets and report to CISA progress in securing said assets. Duffy explained that CDM, in its early stages, was limited to agencies providing metrics to CISA and required a somewhat lengthy process to solve issues. Mr. Duffy explained that CDM is entering a “new era,” allowing agencies to “respond to cyber threats in a coordinated and expedited fashion by sharing data between dedicated CDM Agency Dashboards and CISA’s CDM Federal Dashboard.” While CDM was created to monitor assets and visualize risk, Mr. Duffy notes that its use has far outgrown its original purpose, “The CDM Dashboards are not just a tool for measuring progress or visualizing risk – CISA’s cyber defense operators are increasingly turning to the Federal Dashboard to aid in incident response while agency cyber leaders and practitioners alike are beginning to shape operational and strategic activities based on the evolving ‘current state’ data provided by CDM.”
Report: FBI improperly searched its databases for three US officials' names.
The office of the Director of National Intelligence (ODNI) declassified and released a FISA 702 FISC order on Friday in which it is shown that the FBI improperly queried the name of a US senator and two state officials, Reuters writes. The statement from ODNI reads, “Consistent with the Principles of Intelligence Transparency for the Intelligence Community, ODNI, in consultation with DOJ, is also today making publicly available, with redactions, a 2021 FISC Order that examined certain FBI compliance errors involving the querying of U.S. person information. The errors discussed in the 2021 FISC Order preceded the FBI remedial reforms discussed in the 2023 FISC Opinion, which were initially deployed during the summer of 2021, and the 2021 FISC Order thus does not reflect the current status of FBI compliance.” The FISA section 702 is set to expire at the end of the year; however, intelligence officials including the prospective NSA director are championing its renewal. Reuters explains that the renewal is facing skepticism from both sides of the aisle writing, “Skepticism only deepened when an earlier court order - declassified in May - revealed that the FBI had improperly searched for the foreign intelligence database more than a quarter million times over several years.”
Senior Intelligence officials remain adamant that Section 702 is critical to national security as it allows them to gather information and thwart foreign government actions. In a letter to Chuck Schumer, FBI director Christopher A. Wray writes, “Section 702's critical importance to our national security has only grown with the evolution of technology and threats. Without Section 702 we would be unable to plug a critical intelligence ‘gap—one that foreign threat actors regularly exploit as they traverse computer networks and electronic service providers to conduct cyberattacks, espionage campaigns, or coordinate with like-minded terrorists. To put it plainly, Section 702 is invaluable to our ability to know what our foreign adversaries are doing and how they are doing it—intelligence without which we could not protect Americans or the homeland.” In response to recent criticism that the FBI is abusing its privileges outlined in Section 702, Director Wray writes, “We have significantly lowered our incidents of non-compliance because of our focus on systemic issues, many of which were uncovered by the DOJ and highlighted by the FISC. We changed the FBI database to address even inadvertent querying-related incidents. Personnel must know “Opt- In” and affirm that they intend to run their queries against our Section 702 collection. We also overhauled our training and now require FBI personnel re-take this training annually or else lose access to FISA databases. For higher-risk queries like sensitive and batch queries, we have also implemented and now require supervisory and/or legal approvals. As an example, sensitive queries require higher attorney level review, and in some cases, approval by the Deputy Director.”
US Senate Arms Services Committee approves the establishment of a dedicated DOD-run cyber intelligence center.
The Senate Armed Services Committee has approved a measure that requires the US Department of Defense to establish a dedicated cyber intelligence center in an attempt to better utilize service members tasked with ensuring cybersecurity and computer-based intelligence gathering. The center would support US Cyber Command and could be built in the Defense Intelligence Agency. Why the consolidated cyber intelligence center wouldn’t be established at Cyber Command’s HQ at Fort Meade, MD is unknown. “NSA has a fundamentally different mission focused on foreign intelligence targets. Having a dedicated military cyber intelligence capability under Title 10 — the part of U.S. law that governs the armed forces — is considered increasingly important,” writes Defense Scoop. SC Media quotes an unnamed US official as saying “It became evident during the Russia invasion into Ukraine that the traditional intel rolls within the DIA could not handle the volume of work needed to support this combatant command. DIA could fill the role but they require restructuring their HR system to provide experts in the technical arena. Some they have but they're not near enough."