Greetings NASCIO colleagues and partners!
Hope everyone had an enjoyable Thanksgiving break!
Federal budget posture: “crap sandwich”
Last week’s Thanksgiving recess was truly the calm before the storm and any kumbayah feelings are now out the door evinced by the political jockeying taking place on both sides of the appropriations debate. An omnibus plan put forth by House Republicans earlier this week was rebuffed by Democrats who cried foul, saying the plan was a non-starter because of the many policy riders that were attached. House Speaker Ryan (R-Wis.) called the spending impasse a “crap sandwich” when speaking to the Republican conference and House Minority Leader Pelosi (D-Calif.) remarked that the Republican proposal was nothing more than a “tea party wish list.” Some, like House Appropriations Committee Chairman Harold Rodgers (R-Ky.) are still hoping to meet the Dec. 11 deadline and stated that he hopes to file text of an omnibus agreement on Monday (12/7). Stay tuned.
Data breach notification bill markup next week
On December 8, the House Financial Services Committee will markup H.R. 2205, the Data Security Act of 2015. H.R. 2205 would impose a national uniform standard for the protection of financial data and for breach notification. H.R. 2205 expressly preempts state law on the issue even though 47 states have passed legislation on data breach notification many with stronger and broader protections for consumers than what H.R. 2205 proposes. NASCIO has voiced preemption concerns with the committee along with several groups that represent the executive branch of state government. NASCIO will keep members apprised as H.R. 2205 moves forward.
Final version of CISA could be done early next year
A final version of the Cybersecurity Information Sharing Act (CISA) that reconciles that differences between the upper and lower chamber’s passed versions may be available at the beginning of the new year, said Senate Intelligence Committee Chairman Richard Burr (R-NC). Discussions among staff are occurring now though an official conference committee has not yet been formed. The most contentious part of this reconciliation process regards, as expected, privacy. Privacy advocates favor text that was passed by the House Homeland Security Committee as opposed to the Senate’s provisions. CISA would allow states to share and receive threat information with the federal government. NASCIO will continue to monitor CISA.
Capitol Hill focusing attention on cyber crime
On December 2, the House Judiciary Committee approved H.R. 1584, the Cybercrime Anti-Resale Deterrent and Extraterritoriality Revision (CARDER) Act which aims to address stolen credit card data by foreign criminal middlemen on the dark web. DOJ had been prevented from going after these middlemen criminals because they aren’t responsible for the actual hack or the subsequent fraud. The CARDER Act would allow DOJ prosecution to move forward on anyone caught possessing stolen credit card data with an intent to defraud.
Additionally, H.R. 3490, the Strengthening State and Local Cyber Crime Fighting Act of 2015 passed the lower chamber by voice vote on November 30. H.R. 3490 would authorize the National Computer forensics Institute to train state and local law enforcement officers, prosecutors, and judges on how to investigate cyber crimes, conduct computer and mobile device forensic exams and respond to network intrusion investigations.
Additionally, Senate Homeland Security Chairman Ron Johnson (R-Wis.) and Ranking Member Tom Carper (D-Del.) have sent a letter to Attorney General Loretta Lynch asking for details on how the federal government is combating ransomware. In 2014, law enforcement took down ransomware CryptoLocker which had infected 234,000 computers and extorted $27 million. New ransomware like Cryptowall, have sprung up since Cryptolocker's demise and Sens. Johnson and Carper are seeking more information on their impact.
TechBytes:
Did the OPM hack affect you? OPM sets up verification center
IoT overload: connecting crockpots, baby onesies, toasters and more
Can UAS devices self-regulate?
Google, Microsoft and Apple: encryption needs to stay strong despite calls for the opposite
Kids, too, are affected by data breach