Blogs

Weekly WHAT: Encryption, IRS, and POTUS Budget

By Yejin Jang posted Feb 11,2016 04:37 PM

  

Weekly WHAT: Encryption, IRS, and POTUS Budget 

Election politics may dominate the headlines but there’s plenty of cybersecurity news happening in the nation’s capital. Here’s some of them.

DON’T MESS WITH MY MESSAGES: Reps. Ted Lieu (D-Calif.), Blake Farenthold (R-Texas), Suzan DelBene (D-Wash.) and Mike Bishop (R-Mich.) introduced the Ensuring National Constitutional Rights for Your Private Telecommunications (ENCRYPT) Act of 2016 on February 10th.  The bill would preempt state laws that try to ban encryption, force decryption, or block sales of electronic products that use encryption.  Read the full bill here.

This bipartisan group is trying to get ahead of state legislative efforts, saying that different encryption standards from 50 states would be unworkable and impractical. Currently, two states New York and California, have put forth legislative proposals that would ban the retail sale of smartphones with encryption features. Read Rep. Lieu’s press release here.

OTHER FOLKS ON ENCRYPTION: In the Senate, Sens. Richard Burr (R-N.C.) and Dianne Feinstein (D-Calif.) are working on a bill that would force companies to decrypt data under court order. More about that here. During a Senate Intelligence Committee hearing on global threats, intelligence officials were asked if there should be legislation regarding encryption technology. FBI Director James Comey said, “I’m going to have to dodge that…” citing it wasn’t the role of the FBI to make legislative recommendations. BUT Comey did note that the growing use of encryption by bad actors is “overwhelmingly affecting law enforcement.” Director of National Intelligence James Clapper stated that there could be technological possibilities not yet exhausted. Read more here and here.

WHO DOESN’T LIKE THE IRS (EVERYBODY): On February 9, the IRS announced that identity thieves used automated bots to generate phony login information using stolen social security numbers to create over 100,000 successful PINs. Though the event occurred in December, the IRS acknowledged and issued a statement about the issue on February 9th.

That’s not all. The Feb. 9th announcement follows on the heels of a service outage earlier this month. Several IRS services and tools on the IRS website were not working on February 3. The problem was solved by the next day and the IRS cited hardware failure. While others were more dubious.

Oh, one more thing.  The IRS isn’t doing a terribly great job at detecting identity thieves and their bad activities (See, Treasury Inspector General for Tax Administration’s report on the deficiencies of the Return Review Program used by IRS).  We wrote about this earlier, check it out here.

POTUS GOES HARD ON CYBERSECURITY:  This week, the President released his budget package for FY2017. Notably, the President’s budget includes a big boost for cybersecurity funding, totaling $19 billion, which represents a 35 percent increase over FY2016. The budget also includes funding for a new initiative, the Cybersecurity National Action Plan (CNAP) which attacks the issue of cybersecurity from a myriad of vectors including:

  • Let’s get rid of that old IT junk: $3.1 billion for Information Technology Modernization Fund
    • To do what? Will enable retirement, replacement, and modernization of legacy IT which State CIOs know are hard to secure and expen$ive to maintain
  • Helping the average Joe secure himself online: Feds want more multi-factor authentication for Americans; aims to arm consumers with actionable information to help protect themselves online
  • Put a security guy/gal at the top: POTUS wants new federal CISO position
  • Cyber workers…where are you?: The president’s budget proposes expanding the Scholarship for Service program by establishing a Cyber Corp Reserve program; enhance student loan forgiveness programs for cybersecurity experts joining the federal workforce; and develop a cybersecurity core curriculum that will guide educational institutions on necessary knowledge and skills

This list should sound REALLY familiar to state CIOs and CISOs. The same trends and forces of change that we’ve witnessed in the State IT world are translating almost point for point in the federal environment. 

The president’s budget also includes policy proposals which Congress could take up; unlikely this year as the majority party has signaled their displeasure with the President’s budget proposal.  

So what does this all mean?  Are we going to have a flurry of new cybersecurity programs and activity now?  Depends. You never know what’ll happen in this town.

TechBYTES:

Panic! House staffers experience email blackout

Hacker data dumps info on DHS and FBI employees

Mexico’s version of FirstNet

FBI can’t crack encryption on San Bernardino killer’s phone

Cybersecurity for the Super Bowl

Feds say: self driving car could = “driver”

0 comments
131 views

Related Content

Permalink