Home  /  Empower and Protect  /  Cybersecurity Week in Review

Cybersecurity Week in Review

By Robert DuPree •  December 7, 2018
cyber security news

This week’s cybersecurity news in review has coverage on some NIST initiatives regarding IoT and first responder device cybersecurity, Justice Dept. interest in bypassing communication device encryption for investigations, GSA’s push to acquire email security tools for all its domains, and a new OMB program to retrain federal workers without cyber backgrounds to be cyber employees.        

There are also Department of Homeland Security articles giving updates on DHS publication of a defined list of critical functions due to cyber risk, efforts by agencies to more swiftly purchase DHS’ CDM cyber tools, pre-solicitation notices for new technologies, and a new “cyber roadmap” issued by TSA.

Finally there are stories on various Department of Defense cybersecurity issues, including a new report faulting the lengthy Pentagon cyber acquisition process, concerns that cultural bias within the department is causing resistance to moving IT systems to the RMF, DoD efforts to help ensure small contractors comply with the NIST cyber framework, and an extension of the DISA deadline for proposals for cloud-based solutions to wall off DoD internal networks from the public internet.

NIST sees comments on publication clarifying IoT cybersecurity as helpful

The National Institute of Standards and Technology sees a need for more communication regarding cybersecurity controls for internet of things (IoT) devices, and in September released a draft publication clarifying the distinction between managing cybersecurity for IoT devices and traditional IT systems. Federal News Network reports NIST feels the comments it has received are promising. Read more…

NIST looks at cybersecurity of first responders mobile, wearable devices

GCN reports NIST has issued a draft report analyzing the cybersecurity of first responders’ mobile and wearable devices as they connect to the FirstNet wireless broadband public-safety network. Read more…

Justice Dept wants companies to allow it to access encrypted communications

According to FCW, the Department of Justice wants technology companies to help allow law enforcement agencies to bypass encryption of apps and devices in order to obtain information during investigations. Read more…

GSA agency seeks wider use of email security tool

A report in Nextgov says that GSA’s Technology Transformation Service has issued a sources sought notice to see what the cost would be to employ the DMARC email security tool on all of its domains.  Read more…

New program looks to retrain feds without a cyber background

Looking to help meet the government’s needs for skilled technology workers, OMB is launching a the Federal Cybersecurity Reskilling Academy to retrain current workers without a cybersecurity or IT background, according to a report by FCWRead more…

Critical functions list due from DHS Risk Management Center

FCW reports that DHS’ National Risk Management Center at the Department hopes to develop by the end of December a list of national critical functions, defined as those whose disruption from a cyber attack might result in a national security or economic crisis. Read more…

Agencies get creative to acquire CDM tools

According to Nextgov, some federal agency officials are receiving approval from DHS to use requests for services, which is a type of task order modification, to more rapidly purchase additional Continuous Diagnostics and Mitigation (CDM) cybersecurity tools from DHS and the GSA.  Read more…

DHS small biz research office seeking new technologies

The Small Business Innovation Research program at DHS is seeking to improve the department’s capabilities in a range of tech areas, including identity management, blockchain forensics, biometrics, cybersecurity and machine learning for scanners, and has issued pre-solicitation notices for such initiatives, FCW reports. Read more…

Cybersecurity “roadmap” issued by TSA

According to FCW, on Dec. 4 the Transportation Security Administration released what it calls a cybersecurity roadmap for aligning the agency’s cybersecurity initiatives with overall administration efforts and expanding collaboration with the private sector.  Read more…

Report: Slow DoD cybersecurity acquisition process endangers warfighter

Fifth Domain summarizes a recent report which found that the lengthy DoD acquisition process for cybersecurity tools often exceeds the life cycle for automated equipment, meaning that the technology may be obsolete by the time it is deployed, putting the warfighter at risk.  Read more…

Pentagon official faults cultural resistance to adoption of Risk Management Framework

According to FCW, a key DoD cyber official recently lamented that there is a cultural roadblock that is preventing the Pentagon from realizing the expected benefits of moving its IT systems from the DoD Information Assurance Certification and Accreditation Process to the Risk Management Framework. Read more… 

Defense Dept to help ensure small vendors comply with NIST cyber framework

Nextgov says the Pentagon is looking to determine whether smaller companies in its industrial base are meeting the NIST cybersecurity framework, as required by a DoD rule issued last year, and to provide help to those firms who may need assistance.  Read more…

DISA extends deadline for proposals for non-public, cloud-based systems

A report in Nextgov says DISA has extended until Dec. 14 the deadline for vendors to respond to a solicitation and show how they would propose to build a cloud-based system to quarantine DoD’s internal networks from the public-facing internet. Read more…

Robert DuPree

Robert DuPree

Robert DuPree is the manager of government affairs at Telos Corporation. Follow him on Twitter: @RFDuPree See full bio...

The Empower and Protect Blog brings you cybersecurity and information technology insights from top industry experts at Telos.

Leave a Reply

Your email address will not be published.

eighteen + nineteen =