GovConJudicata Weekly Debrief (10/14–18)
This week's Weekly Debrief covers a number of interesting topics, such as the Army's enterprise cloud management office, legal protections for sharing supply chain threats, cybersecurity and privacy issues, and details on why CISA wants subpoena authority.
"When U.S. Defense Secretary Mark Esper launched a review this summer of the departmentwide offices known as the 'fourth estate,' he made it clear that everything, including cuts to programs and personnel, were on the table. Two months into that review, clear themes have emerged, according to Pentagon acquisition head Ellen Lord: Esper isn’t looking to cut just to cut, and if offices aren’t tied directly into war-fighting needs, they may no longer belong in the Department of Defense."
"The Army will create an enterprise cloud management office before the end of the year, the service’s top IT official said at the Association of the U.S. Army conference Oct. 15. The office will offer “centralized oversight of capability that exists in the cloud," provide incentives for Army components to move to the cloud and help them migrate to the cloud, Lt. Gen. Bruce Crawford, the Army’s chief information officer/G6 said in an interview with C4ISRNET Oct. 16. With the establishment of the office, the Army also wants to prevent different service entities from buying additional product licenses that the Army has already purchased."
"In the dog-eat-dog world of raising and training canines for government patrol and detection duties, federal agencies increasingly are competing not only among themselves, but also with foreign governments for a dwindling supply in a global market. The Air Force is the executive agent for Defense Department working dogs — buying, training and breeding them at Lackland Air Force Base in San Antonio, where the Transportation Security Administration also trains its dogs."
"Companies can’t protect their IT supply chain unless they know which vendors to avoid, but current laws discourage firms from sharing information about potential bad actors, according to industry cybersecurity experts. On Wednesday, representatives from the tech and telecom industry told Congress that companies could face significant legal penalties if they voice concerns about vendors or products that they believe present cybersecurity risks. Sharing that sort of information is critical to locking down the IT supply chain, panelists said, but companies won’t do so unless the government gives them more legal cover."
"A politician-turned-defense official who is trying to shake up the acquisition bureaucracy in the U.S. Department of Defense told contractors they need to better prioritize security in order to do business with the Pentagon, and stifle foreign theft of defense secrets. 'This is a change of culture,' Katie Arrington, chief information security officer of the Pentagon’s acquisition policy office, said Wednesday. 'It’s going to take time, it’s going to be painful, and it’s going to cost money.'"
"Midway along my drive to work each morning, I gain the freedom to unbuckle. New Hampshire, known for its “Live Free or Die” motto, is the only state in the union that views my seatbelt use as optional. As I cross state lines from Maine to New Hampshire, the rules of the road change. Increasingly, the same can be said for the laws governing privacy. While those patrolling the beat might understand the jurisdictional boundaries; technologically, they’re often irrelevant, forcing many organizations to pay attention to all such laws at once."
"Officials at the Cybersecurity and Infrastructure Security Agency have told lawmakers that there have been at least a half dozen instances over the past year where they have been unable to adequately respond to known cyber risks because they could not identify the owners of vulnerable IP addresses. The agency is pressing Congress for new administrative subpoena powers to compel internet service providers to turn over subscriber information for IP addresses associated with critical infrastructure. In a legislative proposal to Congress seen by FCW, the agency claimed the lack of such authority has left vulnerabilities unmitigated and potential victims 'exposed.'"
. . .