The Apple v. FBI feud continues to dominate the headlines and tech giants like Facebook, Google, Twitter and others are expected to support their tech compatriot Apple via amicus briefs in the coming days. House Homeland Security Chairman Mike McCaul and Sen. Mark Warner (D-Va.) are expected to drop their encryption commission bill today. The commission would be tasked with providing recommendations on the encryption conundrum. TOMORROW, Apple executives and general counsel, Bruce Sewell will testify before the House Judiciary Committee with FBI Director James Comey. Catch the hearing here.
In other news...
FirstNet extends deadline for bids; provides answers to RFP questions
On February 19, FirstNet released the first set of answers to the questions it received about its RFP. Most queries focused on administrative action and the procurement process. Questions and answers can be found here. In addition to the release of the Q&A, FirstNet also extended the deadline for final RFP responses to May 13, the original deadline was April 29. Click here to view FirstNet’s press release on these items.
2016 NGA Winter Meeting: United Against Opioid Crisis, Hear About Likely Recession
Much of the focus at this year’s National Governors Association’s Winter Meeting focused on addressing the opioid crisis. Governors came together at the NGA Health and Human Services Committee Meeting and committed to working on prescription protocols to reduce the availability of FDA approved opiates. NGA’s Homeland Security and Public Safety Committee heard from experts on emergency management during their meeting titled “Joining Forces Before the Next Storm.” On February 21, Governors participated in a secure briefing at the FBI on “National Cybersecurity Concerns, Terrorism Threats to the U.S.” Governors also heard from a panel of economists that a recession, though not this year, would be likely in the near term.
Senate Homeland Security Committee hearing on reforming unfunded mandates
The Unfunded Mandates Reform Act of 195 (UMRA) was the subject of the Senate Homeland Security Committee hearing on February 24, 2016. State legislators, counties and members form academia testified at the hearing giving examples of federal overreach. Notably, Professor Paul Posner, Director, Center for Public Service at George Mason University and Former Director of Intergovernmental Affairs, U.S. Government Accountability Office supported the concept of expanding UMRA-like review to the impendent regulatory agencies and voiced support for Sen. Portman’s S. 1607 which would require such review. Professor Posner also called for increased and early participation from state and local representatives.
IRS data breach larger than initial reports
In May 2015, the IRS reported a data breach for 114,000 taxpayer accounts. Three months later, that number became 334,000. Now, the IRS reports that there could be over 700,000 victims. Another 295,000 taxpayer transcripts were targeted but not breached. Hackers used the “Get Transcript” program which allows online access to tax history. The ability to view and download information from “Get Transcript” was disabled. This marks the third revision of the number of affected accounts for an incident spanning from January 2014 to May 2015.
Good on you HHS! HHS crosswalks HIPAA security rule to NIST Framework
On February 24, HHS released a crosswalk document that aligns the HIPAA security rule to the NIST framework. The HIPAA security rule requires protection of health information 9ePHI) that covered entities create, receive, maintain or transmit. The crosswalk also includes mappings to other, common security frameworks.
POTUS announces cybersecurity national action plan, establishes CISO position
On February 9, the President released his last fiscal budget and along with it, several policy items related to cybersecurity. Namely, the President announced the Cybersecurity National Action Plan (CNAP) which includes several action items like establishing a federal CISO, establishing a $3.1 billion IT modernization fund, and increasing civilian cyber defense teams, among others. The plan also calls for establishing the Commission on Enhancing National Cybersecurity; President Obama recently named former White House national security adviser Tom Donilon and former IBM chief executive Sam Palmisano to lead the group. Details about CNAP can be found here.
Cybersecurity Information Sharing interim guidelines released
DHS has issued preliminary guidance on how the private sector and government will communicate cybersecurity threat information as part of the Cybersecurity Act of 2015 (commonly referred to as the Cybersecurity Information Sharing Act or CISA) that was signed into law in late 2015. DHS has released preliminary guidance on: sharing cyber threats by the federal government; guidance to assist non-federal entities (this includes states) to share cyber threat indicators with federal entities; interim procedures related to the receipt of cyber threat indicators by the federal government; and interim guidelines on privacy and civil liberties. Final guidance is statutorily required by June.
GSA’s 18F to partner with State and Local
18F is a team of digital consultants housed within the General Services Administration (GSA) that helps federal agencies “build, buy, and share efficient and easy-to-use digital services.” On February 23, 18F announced that it would expand its consulting and acquisition services to assist federal agencies that provide grants to state and local programs. The expansion grew out of a successful pilot between 18F, HHS, and California’s Department of Social Services. Specifically, 18F helped California upgrade the state’s legacy child welfare system. Robin Carnahan, former Missouri Secretary of State, will lead 18F’s new State and Local Government Practice. Click here to view the press release.
TechBytes
8 things keeping security professionals up at night
Iowa one step closer to adding digital privacy to state constitution
Is collaboration the cure for the ails of state IT projects?
Proper device management could have prevented the whole FBI-Apple fight
How Iowa and Oregon CISOs have dealt with ransomware attacks