Government watchdog recommends creation of White House cyber director position

The Government Accountability Office (GAO) concluded Tuesday that confusion over cybersecurity leadership is undermining the ability of the federal government to fully address cybersecurity challenges, recommending the establishment of a federal cyber czar. 

The watchdog agency wrote in a report that “clarity of leadership” was “urgently needed” in order to implement the Trump administration’s 2018 National Cyber Strategy, citing concerns around the wide array of federal agencies involved in combating cyber threats, and the lack of a White House leader to help coordinate these actions.

“Without effective and transparent leadership that includes a clearly defined leader, a defined management process, and a formal monitoring mechanism, the executive branch cannot ensure that entities are effectively executing their assigned activities intended to support the nation’s cybersecurity strategy and ultimately overcome this urgent challenge,” GAO wrote. 

The agency zeroed in on the elimination of the White House cybersecurity coordinator position in 2018 as being a major factor in leadership confusion at the federal level. The position was eliminated by former national security advisor John BoltonJohn BoltonDiplomacy with China is good for America The Hill’s Morning Report – Sponsored by The Air Line Pilots Association – Pence lauds Harris as ‘experienced debater’; Trump, Biden diverge over debate prep DOJ launches probe into Bolton book for possible classified information disclosures MORE in an effort to decrease bureaucracy.

“In light of the elimination of the White House Cybersecurity Coordinator position in May 2018, it remains unclear which official ultimately maintains responsibility for not only coordinating execution of the Implementation Plan, but also holding federal agencies accountable once activities are implemented,” GAO wrote. 

The report was released in the midst of an ongoing effort by bipartisan members of Congress to push through legislation establishing a national cyber director position at the White House, which would be an expanded version of the previous position and would help coordinate cybersecurity efforts at the federal level.

A bipartisan bill establishing the position was included in the House version of the annual National Defense Authorization Act in July, but was left out of the Senate version. 

GAO recommended Tuesday that Congress “consider legislation” that would establish a position at the White House with the authority “to implement and encourage action in support of the nation’s cyber critical infrastructure.”

House Oversight and Reform Committee Chairwoman Carolyn MaloneyCarolyn Bosher MaloneyTop Democrats call for DOJ watchdog to probe Barr over possible 2020 election influence House panel advances bill to ban Postal Service leaders from holding political positions Shakespeare Theatre Company goes virtual for ‘Will on the Hill…or Won’t They?’ MORE (D-N.Y.), one of the sponsors of the original legislation introduced in June to create a national cyber director, pointed to the report on Tuesday as supporting the establishment of the position.

“Today’s new report from the Government Accountability Office warns of another gaping vulnerability created by President TrumpDonald John TrumpBubba Wallace to be driver of Michael Jordan, Denny Hamlin NASCAR team Graham: GOP will confirm Trump’s Supreme Court nominee before

Read more

House approves bill to secure internet-connected federal devices against cyber threats

The House on Monday passed legislation to improve the security of federal internet-connected devices, with the bill garnering bipartisan support. 

The Internet of Things (IoT) Cybersecurity Improvement Act, passed unanimously by the House, would require all internet-connected devices purchased by the federal government — including computers, mobile devices and other products with the ability to connect to the internet — to comply with minimum security recommendations issued by the National Institute of Standards and Technology. 

The legislation would also require private sector groups providing devices to the federal government to notify agencies if the internet-connected device has a vulnerability that could leave the government open to attacks. 

The bill is sponsored in the House by Reps. Robin KellyRobin Lynne KellyRaces heat up for House leadership posts Battle looms over Biden health care plan if Democrats win big Lawmakers set for tearful goodbye to John Lewis MORE (D-Ill.) and Will HurdWilliam Ballard HurdHouse Democrats’ campaign arm reserves .6M in ads in competitive districts Trump, GOP seek to rebut Democratic narrative on night one ‘Trump show’ convention sparks little interest on K Street MORE (R-Texas) and more than two dozen others.

The bill was approved by the House Oversight and Reform Committee last year. Committee Chairwoman Carolyn MaloneyCarolyn Bosher MaloneyBusiness groups back pandemic insurance bill modeled on post-9/11 law Democrats reveal Medicaid chief’s spending on high-paid consultants The Hill’s Morning Report – Sponsored by National Industries for the Blind – Prudent or ‘pathetic’? GOP senators plan to vote on coronavirus relief Thursday MORE (D-N.Y.) said on the House floor Monday that the bill would help address the “silent war” the U.S. government faces from hackers on a daily basis. 

“Currently there are no national standards to ensure the security of these connected devices,” Maloney said. “Protecting our nation from cyber threats is an ongoing, interactive process that requires established, baseline standards and constant vigilance.”

Both Hurd and Kelly spoke on the House floor in support of the legislation, with Kelly noting that she believed it is a “strong bill that I think can be passed by both chambers and signed into law.”

Hurd said the bill would help the U.S. government “take advantage of technology before it takes advantage of us.”

“The Internet of Things is showing just how innovative humans can be, but like most innovations, IoT has the potential to be misused and abused by bad actors,” Hurd said. “If our security practices for using the Internet of Things does not evolve as our use of it grows, then we will find out how innovative criminals, hackers and hostile foreign governments can be.”

The legislation has also been introduced in the Senate, where it is primarily sponsored by Sens. Mark WarnerMark Robert WarnerSenate panel seeks documents in probe of DHS whistleblower complaint Microsoft warns Russia, China and Iran targeting US election Intel panel rebuffs request to share info for GOP’s Obama-era probes MORE (D-Va.) and Cory GardnerCory Scott GardnerCongress needs to finalize space weather bill

Read more

Trump orders hardening of satellites against cyber treats

Over the past years, the Pentagon has become increasingly reliant on satellites to provide missile defense, secure communications, reconnaissance and global positioning systems. But those system are vulnerable to attack—not just by missiles that could knock them out but by an array of other means, including cyber attacks.

“Cyberthreats happen all the time, not just from China but also from non-state actors,” a senior administration official, not authorized to speak publicly told reporters. “So we need to secure our systems against a wide, wide range of potential threats. The threats are only getting more serious.”

The policy, however, lays out a series of broad principles — but not enforceable regulations — that encourage satellite operators to better harden their systems, in space and on the ground, against attacks and to abide by best practices. In many cases, the practices, such as encrypting satellite to ground links, are already in use.

But the policy highlights a vulnerability space and national security experts have been warning about for years. And it gives the issue the weight of the White House, which cast the measure as a broader attempt to combat cyberattacks, at a time when hackers are threatening to disrupt many facets of life.

In a report issued last year, the Aerospace Corporation, a federally funded research and development center, said that the “vulnerability of satellites and other space assets to cyberattack is often overlooked in wider discussions of cyber threats to critical national infrastructure.”

It said that generally “spacecraft have been considered relatively safe from cyber intrusions; however, recent emerging threats have brought spacecraft into play as a direct target of an adversary.”

In 2014, for example, American officials said China hacked a NOAA weather satellite. The hack only had a limited impact on its weather forecasts. But it showed how vulnerable the system was and how another nation could take advantage of it.

Like cyberattacks on the ground, hacks of satellites can have significant consequences, even allowing an adversary to seize control of a satellite, according to a report released earlier this year by the Center for Strategic and International Studies.

“A cyberattack on space systems can result in data loss, widespread disruptions, and even permanent loss of a satellite,” the report said.

In addition to national security, commerce and everyday life in the United States has become bound to space — from weather forecasts, to television, as well as the little blue GPS dot on many people’s phones that tracks their location as they navigate through a city. And so the White House said it needed to act.

“From communications to weather monitoring, Americans rely on capabilities provided by space systems in everyday life,” Scott Pace, the executive secretary of the National Space Council, said in a statement. “President Trump’s directive ensures the U.S. Government promotes practices to protect American space systems and capabilities from cyber vulnerabilities and malicious threats.”

Source Article

Read more