Blogs

Weekly W.H.A.T.: Introduction, OPM Breach & more...

By Yejin Jang posted Jul 28,2015 04:33 PM

  

Hello NASCIO community!  Great to be joining you virtually through NASCIO’s weekly WHAT!  Very excited to get to know everyone and to start the convo, here’s a little about me: Grew up in Athens, Georgia which means I am a bulldog fan by default, GO DAWGS!  In that vein, here are my major sports teams: Baltimore Orioles (baseball), Baltimore Ravens (NFL), UGA Bulldogs (college football) and JHU Blue Jays (lacrosse). 

Beyond sports, my interests include my dog, Sandy, and my husband, Justin. In that order. Kidding of course.  

Getting down to business – It’s been a busy month in Washington as legislators load up on work before the August recess! 

Here’s a quick rundown of what’s been dominating headlines in our nation’s capital: OPM breach leads to increased interest (and funding) for cybersecurity. Speaker Boehner says a continuing resolution is likely – implications for states. FCC moving 100% of IT to the cloud by end of 2017.

Coverage on OPM Breach Still Hot in D.C. But Not as Hot as Donald Trump 

Key Takeaway: If you’re worried the OPM breach affects you, assume your information has been compromised.  Keep checking the OPM website for updates.  Look for identity monitoring services after mid-August.  Online security clearance requests have resumed. 

The White House Office of Personnel Management (OPM), continues to wrestle with the security breach that resulted in the release of millions of personnel and security records of current, former and prospective federal employees and contractors. 

In light of this breach, OPM will offer identity monitoring to those affected.  However, not everyone whose information was stolen has been notified. As you may recall, there were two OPM breach events, one in April and another in June.  Individuals affected by the April breach have been notified. However, notifications to individuals impacted by the June breach has not yet begun.

OPM is currently looking for a contractor to notify victims of the breach and to provide identify fraud protection services to those affected. Although the search continues, it won’t be until mid-August until a contractor is hired. 

OPM’s promise to provide at least 3 years monitoring services to impacted individuals is also facing some challenges.  Namely, because this breach comes at close to the end of the fiscal year, OPM has asked that other federal agencies whose employees have been put at risk should expect to absorb even more costs in the future. 

Additionally, to combat future attacks, OPM updated their definition of “routine use” to allow personal information to be shared with outsiders when it “suspects or has confirmed” that security has been compromised and disclosure is necessary for responding.

The most current information on the breach can be found on the OPM website. Also, NASCIO is in regular communication with DHS and other appropriate federal agencies and will continue  monitoring the progress of breach recovery efforts. Stay tuned.  

Other Buzz:

OPM Breach = More Money for Cybersecurity: The financial services and general government appropriations bill governs funding for OPM.  On July 23, the Senate Appropriations Committee debated the financial services bill and added funding for OPM’s cybersecurity efforts to bring the total to $264.5 million, an increase of $24 million or 10% above FY15 enacted levels.  Additionally, Senator Mikulski’s (D-Md.) amendment which would provide breached individuals complimentary identity protection for at least 10 years was accepted by voice vote. However, this will be all for naught if Speaker Boehner’s predictions about a continuing resolution hold true.

House Speaker Boehner Signals that CR Likely to Keep Government Running: Though both chambers’ appropriations committees have finished all 12 appropriations bills, it is unlikely that they will be able to reconcile their differences before the end of the fiscal year.  That will likely lead to passage of a Continuing Resolution (CR) so the government can stay open. What does this mean for states?  If a CR is passed, there won’t be huge increases/decreases in federal programs.  Click here to see the latest funding numbers (Thank you FFIS!)

Beware! USAJOBS Phishing Email: If you get an email from USAJOBS asking you to re-validate your information, DON’T!

Senators Introduce Bill to Give DHS the Power to Repel Cyber Attacks: A group of bipartisan senators introduced the FISMA Reform Act which would formally codify and strengthen DHS’s role in protecting government networks and websites.   

FCC Joins Cloud Club: Will Fully Transition 100% of IT by 2017: FCC CIO David Bray addresses common challenges, e.g. personnel, and says agency will focus on a “modular, data-centric approach ‘that remixes existing [software-as-a-service] and [platform-as-a-service platforms] that’s much faster, more resilient and easier to maintain than anything they could do on premise themselves.” Welcome to the cloud club, FCC!

TechBytes:

Game Changing Broadband for Rural Communities in Minnesota

State CIOs: Asked to do Much with Little

Cybersecurity Challenges for States: Complexity, Funding, Lack of Visibility and Growing Regulations

Infographic of State FY16 Budget Status

Federal Government Cybersecurity Incidents Increased by more than 1,000% since 2006

0 comments
59 views

Permalink