At a glance.
- DoD launches new cyber workforce strategy.
- FCC calls for rule change for telecom cyberincident response.
- US Senator urges Department of Education to establish contracts with cybersecurity software providers.
DoD launches new cyber workforce strategy.
US Deputy Secretary of Defense Dr. Kathleen Hicks has signed the 2023-2027 Department of Defence (DoD) Cyber Workforce Strategy. Developed in coordination with the Joint Chiefs of Staff, United States Cyberspace Command, and the military services, the strategy outlines how the DoD will cultivate a cyber workforce to support its cyber missions. “The strategy will enable the DoD to close workforce development gaps, resource workforce management and development initiatives, stay at the forefront of technological advances, securely and rapidly deliver resilient systems, and transform into a data-centric enterprise with optimized workforce analytics,” a DoD press release states. The plan highlights four human capital pillars – identification, recruitment, development, and retention – that will provide the basis for the strategy’s objectives. The Biden Administration’s 2022 National Defense Strategy directed the Department to "Cultivate the Workforce We Need," and the new plan focuses on hiring a diverse, skilled stable of cybersecurity professionals as well as equipping them with the resources and partnerships necessary for growth. Mark Gorak, Principal Director for Resources and Analysis, stated, "This strategy, in combination with our current portfolio, will help to unify cyber personnel management efforts across the DoD and ensure that our workforce continually develops through training and skill-building opportunities.”
FCC calls for rule change for telecom cyberincident response.
The US Federal Communications Commission (FCC) has proposed a rule change that would expand the definition of the term “data breach” for communications carriers to include any incident that compromises the confidentiality of customer data, even if there is no harm to customers. FCC Chairwoman Jessica Rosenworcel explained that the growth in the volume and sophistication of data breaches has motivated the FCC to reevaluate their incident response rules. "This new proceeding will take a much-needed, fresh look at our data breach reporting rules to better protect consumers, increase security, and reduce the impact of future breaches,” she states. Currently telecom carriers must notify federal law enforcement of all customer data breaches within seven business days, and they inform consumers seven days after that. The new rule would eliminate this seven-day waiting period between notifying law enforcement and notifying customers. By updating the definition of breach, the FCC hopes to motivate companies to reevaluate their breach response plans in order to proactively prevent incidents in the first place. Venkat Gupta, data estate modernization portfolio leader at Sogeti, told Dark Reading, "This [rule] means [communications] carriers would be required to report any unauthorized access or disclosure of customer information, even if the breach was unintentional or not malicious. Everyone should care because data breaches can occur in many different ways, and even unintentional breaches can have profound consequences."
US Senator urges Department of Education to establish contracts with cybersecurity software providers.
On Monday US Senator Ron Wyden, a Democrat out of Oregon, penned a letter to the Department of Education calling for better cybersecurity software for the nation’s schools.
Wyden suggested the Department could lower the financial burden to schools by negotiating contracts with educational software providers. The letter reads, “Educators shouldn’t need to choose between students’ learning and their privacy—model contracts could help level the playing field between big tech companies and the under-resourced school administrators who must negotiate with them.” These contracts, Wyden suggests, would also include provisions barring telecoms from selling student data to third party brokers. GCN explains that American schools, with their limited resources and high volume of sensitive data, have increasingly become a target for cyberattacks, especially as education has become more tech-oriented as a result of the COVID-19 pandemic. This expanded attack surface has made it that much easier for attackers to take advantage of security gaps in school networks, increasing the need for strong cybersecurity software. Wyden continues, “A nationwide, Department-endorsed approach would give schools greater leverage when negotiating with the largest edtech players. These companies have little incentive to negotiate and instead exploit their market power by telling school districts to ‘take it or leave it’ when it comes to invasions of their students’ privacy.”