Tagged: digital

0

2018 'ASTORS' Homeland Security Awards Open for Early Entries

Michael Madsen, AST Publisher, Cliff Quiroga, Vice President for Sharp Robotics Business Development and the team’s Director of Marketing, Alice DiSanto
Michael Madsen, AST Publisher, with 2017 ‘ASTORS’ Sponsor Cliff Quiroga, Vice President for Sharp Robotics Business Development, and the team’s Director of Marketing, Alice DiSanto

2018 ASTORSAmerican Security Today is pleased to announce that Early Entry Nominations are being accepted for the 2018 ‘ASTORS’ Homeland Security Awards Program – the most Comprehensive Awards Program in the Industry, through April 25th, 2018.

Acknowledge the Most Distinguished Vendors of Physical, IT, Cyber, Port of Entry Security, Law Enforcement, First Responders, Perimeter Protection, Communications as well as Federal, State, County and Municipal Government Agencies in Acknowledgment of Their Outstanding Efforts to: ‘Keep our Nation Safe – One City at a Time’

AST-Image-of-Eagle-and-Flag-resized-2

Access Control/ Identification Personal/Protective Equipment Law Enforcement Counter Terrorism
Perimeter Barrier/ Deterrent System Interagency Interdiction Operation Cloud Computing/Storage Solution
Facial/IRIS Recognition Body Worn Video Product Cyber Security
Video Surveillance/VMS Mobile Technology Anti-Malware
Audio Analytics Disaster Preparedness ID Management
Thermal/Infrared Camera Mass Notification System Fire & Safety
Metal/Weapon Detection Rescue Operations Critical Infrastructure
License Plate Recognition Detection Products And Many Others!

Don’t see a Direct Hit for your Product, Agency or Organization?

Submit your category recommendation for consideration to Michael Madsen, AST Publisher at: [email protected][1].

AST

Please View our Complete List of Categories & Opportunities[2] for Your Organization to Compete and Distinguish Your Achievements in this Exclusive Opportunity to receive the Recognition Your Public Safety, Law Enforcement & Homeland Security Deserves.

AST banner

AST focuses on New and Evolving Security Threats at All Levels of Homeland Security and Public Safety for personnel who are on the front lines of protecting our communities, cities and nation.

• Compelling, attractive and easy to read digital publications delivered daily to a select readership of over 70,000 decision makers in the American security and homeland security fields
• Compelling, attractive and easy to read digital publications delivered daily, weekly and monthly to a select readership of over 70,000 decision makers in the American security and homeland security fields

AST reaches both the private and public experts, essential to meeting today’s growing security challenges, including:

  • Federal, State & Local Government Agencies & Law Enforcement Organizations, Private Security Agencies… Security Directors… Port Directors… Airport Directors… IT/Cyber Security Directors & More
  • Transportation Hubs, Public Assemblies, Government Facilities, Sports Arenas, our Nation’s Schools, Higher Education Campuses and Commercial Business Destinations – are all enticing targets for extremist attacks due to the large numbers of persons and resources clustered together
  • The new integration, where major applications such as Perimeter Protection, Video Surveillance, Access Control and Alarm Systems communicate with one another in a variety of solutions to protect our Cities and Critical Infrastructure
  • Expanded readership into vital Critical Infrastructure audiences such as protection of Nuclear Facilities, Water Plants & Dams, Bridges & Tunnels and other potential targets of terrorism

local-800

The AST Digital Publications is distributed to over 70,000 qualified government and homeland security professionals in federal, state and local levels.

AST puts forward the Largest and Most Qualified Circulation in Government with Over 70,000 readers on the Federal, State and Local levels.

‘PROTECTING OUR NATION, ONE CITY AT A TIME’

Harness the Power of the Web – with our 100% Mobile Friendly Publications

American Security Today’s 2017 ‘ASTORS’ Homeland Awards Presentation Luncheon at ISC East was an overwhelming success, with distinguished guests from National, State and Local Governments, and Industry Leading Corporate Executives from companies allied to Government.

Over 100 professionals gathered from across North America and the Middle East to be honored from disciplines across the Security Industry in their respective fields which included:

  • The Department of Homeland Security
  • The Department of Justice
  • The Security Exchange Commission
  • State and Municipal Law Enforcement Agencies, and
  • Leaders in Private Security

Recognized for their Innovative Training and Education Programs, Outstanding Product Development Achievements and Exciting New Technologies to address the growing Homeland Security Threats our Nation is facing.

The 2017 ‘ASTORS’ Homeland Security Awards Presentation Luncheon
The 2017 ‘ASTORS’ Homeland Security Awards Presentation Luncheon

AST’s publisher Michael Madsen, has announced an AST ‘ASTORS’ Awards Preview Edition to be published in an upcoming AST Magazine – a Full Feature Issue devoted to the competing firms and their achievements with an introduction to our 70,000+ readers – so Enter Today!

american-security-expo-luncheon

The highlight of the 2018 ‘ASTORS’ Homeland Security Awards Program will be the Awards Presentation Luncheon at ISC East at the Javits Convention Center on Wednesday, November 14th.[3]

AST focuses on New and Evolving Security Threats at All Levels of Homeland Security and Public Safety for personnel who are on the front lines of protecting our communities, cities and nation.

AST reaches both the private and public experts, essential to meeting today’s growing security challenges.

For Sponsorship Opportunities and More Information on the AST 2017 ‘ASTORS’ Homeland Security Awards Program, please contact Michael Madsen, AST Publisher at: [email protected][4] or call 732.233.8119 (mobile) or 646-450-6027 (office)

Learn More…

2017 ‘ASTORS’ Homeland Security Award Winners Honored at ISC East[5]

References

  1. ^ [email protected] (americansecuritytoday.com)
  2. ^ Categories & Opportunities (americansecuritytoday.com)
  3. ^ 2018 ‘ASTORS’ Homeland Security Awards Program (americansecuritytoday.com)
  4. ^ [email protected] (americansecuritytoday.com)
  5. ^ 2017 ‘ASTORS’ Homeland Security Award Winners Honored at ISC East (americansecuritytoday.com)
  6. ^ Man Convicted for Making Bomb Parts to Kill American Soldiers in Iraq (americansecuritytoday.com)
  7. ^ Senstar Symphony Intelligent VMS Has a New Home (Learn More, Video) (americansecuritytoday.com)
0

2018 'ASTORS' Homeland Security Awards Open for Early Entries

Michael Madsen, AST Publisher, Cliff Quiroga, Vice President for Sharp Robotics Business Development and the team’s Director of Marketing, Alice DiSanto
Michael Madsen, AST Publisher, with 2017 ‘ASTORS’ Sponsor Cliff Quiroga, Vice President for Sharp Robotics Business Development, and the team’s Director of Marketing, Alice DiSanto

2018 ASTORSAmerican Security Today is pleased to announce that Early Entry Nominations are being accepted for the 2018 ‘ASTORS’ Homeland Security Awards Program – the most Comprehensive Awards Program in the Industry, through April 25th, 2018.

Acknowledge the Most Distinguished Vendors of Physical, IT, Cyber, Port of Entry Security, Law Enforcement, First Responders, Perimeter Protection, Communications as well as Federal, State, County and Municipal Government Agencies in Acknowledgment of Their Outstanding Efforts to: ‘Keep our Nation Safe – One City at a Time’

AST-Image-of-Eagle-and-Flag-resized-2

Access Control/ Identification Personal/Protective Equipment Law Enforcement Counter Terrorism
Perimeter Barrier/ Deterrent System Interagency Interdiction Operation Cloud Computing/Storage Solution
Facial/IRIS Recognition Body Worn Video Product Cyber Security
Video Surveillance/VMS Mobile Technology Anti-Malware
Audio Analytics Disaster Preparedness ID Management
Thermal/Infrared Camera Mass Notification System Fire & Safety
Metal/Weapon Detection Rescue Operations Critical Infrastructure
License Plate Recognition Detection Products And Many Others!

Don’t see a Direct Hit for your Product, Agency or Organization?

Submit your category recommendation for consideration to Michael Madsen, AST Publisher at: [email protected][1].

AST

Please View our Complete List of Categories & Opportunities[2] for Your Organization to Compete and Distinguish Your Achievements in this Exclusive Opportunity to receive the Recognition Your Public Safety, Law Enforcement & Homeland Security Deserves.

AST banner

AST focuses on New and Evolving Security Threats at All Levels of Homeland Security and Public Safety for personnel who are on the front lines of protecting our communities, cities and nation.

• Compelling, attractive and easy to read digital publications delivered daily to a select readership of over 70,000 decision makers in the American security and homeland security fields
• Compelling, attractive and easy to read digital publications delivered daily, weekly and monthly to a select readership of over 70,000 decision makers in the American security and homeland security fields

AST reaches both the private and public experts, essential to meeting today’s growing security challenges, including:

  • Federal, State & Local Government Agencies & Law Enforcement Organizations, Private Security Agencies… Security Directors… Port Directors… Airport Directors… IT/Cyber Security Directors & More
  • Transportation Hubs, Public Assemblies, Government Facilities, Sports Arenas, our Nation’s Schools, Higher Education Campuses and Commercial Business Destinations – are all enticing targets for extremist attacks due to the large numbers of persons and resources clustered together
  • The new integration, where major applications such as Perimeter Protection, Video Surveillance, Access Control and Alarm Systems communicate with one another in a variety of solutions to protect our Cities and Critical Infrastructure
  • Expanded readership into vital Critical Infrastructure audiences such as protection of Nuclear Facilities, Water Plants & Dams, Bridges & Tunnels and other potential targets of terrorism

local-800

The AST Digital Publications is distributed to over 70,000 qualified government and homeland security professionals in federal, state and local levels.

AST puts forward the Largest and Most Qualified Circulation in Government with Over 70,000 readers on the Federal, State and Local levels.

‘PROTECTING OUR NATION, ONE CITY AT A TIME’

Harness the Power of the Web – with our 100% Mobile Friendly Publications

American Security Today’s 2017 ‘ASTORS’ Homeland Awards Presentation Luncheon at ISC East was an overwhelming success, with distinguished guests from National, State and Local Governments, and Industry Leading Corporate Executives from companies allied to Government.

Over 100 professionals gathered from across North America and the Middle East to be honored from disciplines across the Security Industry in their respective fields which included:

  • The Department of Homeland Security
  • The Department of Justice
  • The Security Exchange Commission
  • State and Municipal Law Enforcement Agencies, and
  • Leaders in Private Security

Recognized for their Innovative Training and Education Programs, Outstanding Product Development Achievements and Exciting New Technologies to address the growing Homeland Security Threats our Nation is facing.

The 2017 ‘ASTORS’ Homeland Security Awards Presentation Luncheon
The 2017 ‘ASTORS’ Homeland Security Awards Presentation Luncheon

AST’s publisher Michael Madsen, has announced an AST ‘ASTORS’ Awards Preview Edition to be published in an upcoming AST Magazine – a Full Feature Issue devoted to the competing firms and their achievements with an introduction to our 70,000+ readers – so Enter Today!

american-security-expo-luncheon

The highlight of the 2018 ‘ASTORS’ Homeland Security Awards Program will be the Awards Presentation Luncheon at ISC East at the Javits Convention Center on Wednesday, November 14th.[3]

AST focuses on New and Evolving Security Threats at All Levels of Homeland Security and Public Safety for personnel who are on the front lines of protecting our communities, cities and nation.

AST reaches both the private and public experts, essential to meeting today’s growing security challenges.

For Sponsorship Opportunities and More Information on the AST 2017 ‘ASTORS’ Homeland Security Awards Program, please contact Michael Madsen, AST Publisher at: [email protected][4] or call 732.233.8119 (mobile) or 646-450-6027 (office)

Learn More…

2017 ‘ASTORS’ Homeland Security Award Winners Honored at ISC East[5]

References

  1. ^ [email protected] (americansecuritytoday.com)
  2. ^ Categories & Opportunities (americansecuritytoday.com)
  3. ^ 2018 ‘ASTORS’ Homeland Security Awards Program (americansecuritytoday.com)
  4. ^ [email protected] (americansecuritytoday.com)
  5. ^ 2017 ‘ASTORS’ Homeland Security Award Winners Honored at ISC East (americansecuritytoday.com)
  6. ^ Man Convicted for Making Bomb Parts to Kill American Soldiers in Iraq (americansecuritytoday.com)
  7. ^ Senstar Symphony Intelligent VMS Has a New Home (Learn More, Video) (americansecuritytoday.com)
0

2018 'ASTORS' Homeland Security Awards Open for Early Entries

Michael Madsen, AST Publisher, Cliff Quiroga, Vice President for Sharp Robotics Business Development and the team’s Director of Marketing, Alice DiSanto
Michael Madsen, AST Publisher, with 2017 ‘ASTORS’ Sponsor Cliff Quiroga, Vice President for Sharp Robotics Business Development, and the team’s Director of Marketing, Alice DiSanto

2018 ASTORSAmerican Security Today is pleased to announce that Early Entry Nominations are being accepted for the 2018 ‘ASTORS’ Homeland Security Awards Program – the most Comprehensive Awards Program in the Industry, through April 25th, 2018.

Acknowledge the Most Distinguished Vendors of Physical, IT, Cyber, Port of Entry Security, Law Enforcement, First Responders, Perimeter Protection, Communications as well as Federal, State, County and Municipal Government Agencies in Acknowledgment of Their Outstanding Efforts to: ‘Keep our Nation Safe – One City at a Time’

AST-Image-of-Eagle-and-Flag-resized-2

Access Control/ Identification Personal/Protective Equipment Law Enforcement Counter Terrorism
Perimeter Barrier/ Deterrent System Interagency Interdiction Operation Cloud Computing/Storage Solution
Facial/IRIS Recognition Body Worn Video Product Cyber Security
Video Surveillance/VMS Mobile Technology Anti-Malware
Audio Analytics Disaster Preparedness ID Management
Thermal/Infrared Camera Mass Notification System Fire & Safety
Metal/Weapon Detection Rescue Operations Critical Infrastructure
License Plate Recognition Detection Products And Many Others!

Don’t see a Direct Hit for your Product, Agency or Organization?

Submit your category recommendation for consideration to Michael Madsen, AST Publisher at: [email protected][1].

AST

Please View our Complete List of Categories & Opportunities[2] for Your Organization to Compete and Distinguish Your Achievements in this Exclusive Opportunity to receive the Recognition Your Public Safety, Law Enforcement & Homeland Security Deserves.

AST banner

AST focuses on New and Evolving Security Threats at All Levels of Homeland Security and Public Safety for personnel who are on the front lines of protecting our communities, cities and nation.

• Compelling, attractive and easy to read digital publications delivered daily to a select readership of over 70,000 decision makers in the American security and homeland security fields
• Compelling, attractive and easy to read digital publications delivered daily, weekly and monthly to a select readership of over 70,000 decision makers in the American security and homeland security fields

AST reaches both the private and public experts, essential to meeting today’s growing security challenges, including:

  • Federal, State & Local Government Agencies & Law Enforcement Organizations, Private Security Agencies… Security Directors… Port Directors… Airport Directors… IT/Cyber Security Directors & More
  • Transportation Hubs, Public Assemblies, Government Facilities, Sports Arenas, our Nation’s Schools, Higher Education Campuses and Commercial Business Destinations – are all enticing targets for extremist attacks due to the large numbers of persons and resources clustered together
  • The new integration, where major applications such as Perimeter Protection, Video Surveillance, Access Control and Alarm Systems communicate with one another in a variety of solutions to protect our Cities and Critical Infrastructure
  • Expanded readership into vital Critical Infrastructure audiences such as protection of Nuclear Facilities, Water Plants & Dams, Bridges & Tunnels and other potential targets of terrorism

local-800

The AST Digital Publications is distributed to over 70,000 qualified government and homeland security professionals in federal, state and local levels.

AST puts forward the Largest and Most Qualified Circulation in Government with Over 70,000 readers on the Federal, State and Local levels.

‘PROTECTING OUR NATION, ONE CITY AT A TIME’

Harness the Power of the Web – with our 100% Mobile Friendly Publications

American Security Today’s 2017 ‘ASTORS’ Homeland Awards Presentation Luncheon at ISC East was an overwhelming success, with distinguished guests from National, State and Local Governments, and Industry Leading Corporate Executives from companies allied to Government.

Over 100 professionals gathered from across North America and the Middle East to be honored from disciplines across the Security Industry in their respective fields which included:

  • The Department of Homeland Security
  • The Department of Justice
  • The Security Exchange Commission
  • State and Municipal Law Enforcement Agencies, and
  • Leaders in Private Security

Recognized for their Innovative Training and Education Programs, Outstanding Product Development Achievements and Exciting New Technologies to address the growing Homeland Security Threats our Nation is facing.

The 2017 ‘ASTORS’ Homeland Security Awards Presentation Luncheon
The 2017 ‘ASTORS’ Homeland Security Awards Presentation Luncheon

AST’s publisher Michael Madsen, has announced an AST ‘ASTORS’ Awards Preview Edition to be published in an upcoming AST Magazine – a Full Feature Issue devoted to the competing firms and their achievements with an introduction to our 70,000+ readers – so Enter Today!

american-security-expo-luncheon

The highlight of the 2018 ‘ASTORS’ Homeland Security Awards Program will be the Awards Presentation Luncheon at ISC East at the Javits Convention Center on Wednesday, November 14th.[3]

AST focuses on New and Evolving Security Threats at All Levels of Homeland Security and Public Safety for personnel who are on the front lines of protecting our communities, cities and nation.

AST reaches both the private and public experts, essential to meeting today’s growing security challenges.

For Sponsorship Opportunities and More Information on the AST 2017 ‘ASTORS’ Homeland Security Awards Program, please contact Michael Madsen, AST Publisher at: [email protected][4] or call 732.233.8119 (mobile) or 646-450-6027 (office)

Learn More…

2017 ‘ASTORS’ Homeland Security Award Winners Honored at ISC East[5]

References

  1. ^ [email protected] (americansecuritytoday.com)
  2. ^ Categories & Opportunities (americansecuritytoday.com)
  3. ^ 2018 ‘ASTORS’ Homeland Security Awards Program (americansecuritytoday.com)
  4. ^ [email protected] (americansecuritytoday.com)
  5. ^ 2017 ‘ASTORS’ Homeland Security Award Winners Honored at ISC East (americansecuritytoday.com)
  6. ^ Man Convicted for Making Bomb Parts to Kill American Soldiers in Iraq (americansecuritytoday.com)
  7. ^ Senstar Symphony Intelligent VMS Has a New Home (Learn More, Video) (americansecuritytoday.com)
0

Congress Mulls a CIO's Authority, Future of Homeland Security and Data Breaches

Lawmakers are scheduled to vote Tuesday on a bill that would boost the buying authority of the Federal Communications Commission chief information officer.

The FCC CIO Parity Act[1] is tucked into Ray Baum’s Act[2], legislation that would reauthorize the FCC for the first time in 15 years and contains several measures to improve communications infrastructure and internet access.

The FCC Parity Act would grant the CIO “a significant role” in planning, budgeting and hiring processes related to IT at the agency. These powers would be similar to what the Federal Information Technology Acquisition Reform Act grants to CIOs at CFO Act agencies.

“Aligned with Sen. Moran’s past priorities included in FITARA, the senator feels strongly that federal agencies are increasingly reliant upon IT in their day-to-day operations. As agencies plan for budgets, it only makes sense for the expertise of the CIO to be included in these critical operational decisions,” a spokesman for Sen. Jerry Moran, R-Kan., told Nextgov. Moran and Sen. Tom Udall, D-N.M., introduced the Senate version of the bill back in December. The duo previously pushed the Modernizing Government Technology Act, which not only passed but is now taking agency proposals[3] for funds.

“The FCC is charged with regulating close to a sixth of our economy, but their information technology systems are severely out of date—leaving sensitive industry material vulnerable to increasingly dangerous cyberattacks,” Udall told Nextgov. “The inclusion of this provision will empower the FCC CIO and give the CIO the authority necessary to modernize and take the necessary steps to protect sensitive data.”

Another notable bill tucked into the package is the MOBILE NOW Act[4] introduced by Sens. John Thune, R-S.D., and Bill Nelson, D-Fla., directing the FCC to make more spectrum available to the private sector for fixed and mobile wireless broadband development.

Credit Over-Extended

House Energy and Commerce Committee leaders requested a briefing with the company investigating the Equifax data breach, Mandiant, Thursday after news the credit score giant identified 2.4 million additional victims.

“This latest announcement from Equifax is deeply concerning, and raises even more questions about the company’s total failure in safeguarding consumers’ information and providing adequate tools for protection post-breach,” committee Chairman Greg Walden, R-Ore., and Rep. Bob Latta, R-Ohio, who chairs the committee’s consumer protection panel, said in a statement.

Senate Commerce Chairman John Thune, R-S.D., also said his committee would be reaching out to Equifax for additional information.

Speaking of Equifax

Rep. Ted Lieu, D-Calif., introduced two bills Thursday aimed at protecting consumers from the next major credit reporting agency data breach.

The first bill, the Protecting Consumer Information Act[5], would direct the Federal Trade Commission to study whether current law mandates sufficient cybersecurity protections for credit ratings agency and to promulgate new regulations if the current ones are insufficient.

The second bill, the Ending Forced Arbitration for Victims of Data Breaches Act[6], would prohibit companies from forcing data breach victims to all go through individual arbitration before launching a class action lawsuit.

Forging Ahead on FOSTA

A controversial bill aimed at curbing online sex-trafficking passed the House Tuesday despite pushback from tech-savvy lawmakers and industry groups. The Allow States and Victims to Fight Online Sex Trafficking Act[7] would allow states and victims to sue websites that are “knowingly assisting, supporting or facilitating a violation” of federal anti-sex trafficking laws, but the tech community argues the bill could open companies to frivolous lawsuits.

Though early amendments to FOSTA brought many original opponents on board, tech groups renewed their criticism after lawmakers revised the bill’s final text to more closely mirror its Senate counterpart[8], which takes a stiffer position against online platforms. The Senate is expected to vote on FOSTA the week of March 12, and the measure is widely expected to pass.

Overdoing the Oversight

The Senate Homeland Security Committee is working on a Homeland Security Department reauthorization bill that will pare back the roughly 100 congressional committees and subcommittees that department staff must report to, Chairman Ron Johnson, R-Wisc., said[9] Wednesday.  

Those crisscrossing oversight lines were left unaddressed in the House version of the reauthorization bill, which passed that chamber in July. Johnson has suggested forming a congressional commission to study the problem.

The Senate bill will also likely include language strengthening the department’s election cybersecurity mission, senators said.  

Let’s Make This Thing Official

Also Wednesday, House Homeland Security Chairman Michael McCaul, R-Texas, introduced a bill[10] giving legislative backing to the work of Homeland Security’s cyber incident response teams. The Homeland Security Committee is scheduled to mark up[11] the bill Wednesday.

Senate Pushes Cyber Cooperation With Ukraine

Sen. Sherrod Brown, D-Ohio, introduced legislation[12] Tuesday urging the State Department to help Ukraine secure its digital networks[13] against Russian cyberattacks and to reduce the nation’s reliance on Russian internet infrastructure. The bill merely states the “sense of Congress” and does not mandate any State Department action. A similar bill passed the House[14] Feb. 7.

Ukraine has suffered numerous digital attacks since the 2014 Russian annexation of Crimea that are widely believed to have been launched by the Russian government. Among those was a 2015 attack that severely disrupted electricity across the nation. It was likely the first widely successful cyberattack against an electric grid.

Quit Concealing Climate Change

The Congressional Safe Climate Caucus penned a letter[15] to President Trump condemning the White House push to reduce public access to federal climate change information. The 26 lawmakers said they are “alarmed” by the administration’s “systematic effort” to remove web pages and language related to climate change from federal sites. They accused the administration of violating the Federal Records Act—which requires agencies to collect, retain and preserve records—and pushed the White House to “consider the fact that human-caused global climate change is one of the greatest existential threats to the future of our planet” in its future online practices.

Coming Up

Tuesday and Wednesday this week will be chock full of tech and cyber activity on the hill. Here’s a rundown.

The Senate Armed Services Committee will hold its annual worldwide threats hearing[16] Tuesday.

The Senate Finance Committee will also hear testimony[17] that day about protecting online consumers from counterfeit goods and the House Energy and Commerce Committee will hold an oversight hearing[18] of the National Telecommunications and Information Administration.

The House Small Business Committee will hold a Tuesday hearing[19] on challenges for rural broadband providers.

On Wednesday, the Senate Homeland Security Committee will hold its third business meeting[20] focused on reauthorizing the Homeland Security Department for the first time since its inception.

Also that day, the House Homeland Security Committee will examine[21] efforts to strengthen the department’s cybersecurity workforce and the House Financial Services Committee will consider[22] legislative proposals to reform data security and breach notification regulations.

The House Oversight Committee will also hold the second in a series of hearings focused on how artificial intelligence can benefit the federal government.[23]

References

  1. ^ FCC CIO Parity Act (www.congress.gov)
  2. ^ Ray Baum’s Act (www.congress.gov)
  3. ^ taking agency proposals (www.nextgov.com)
  4. ^ MOBILE NOW Act (www.congress.gov)
  5. ^ Protecting Consumer Information Act (lieu.house.gov)
  6. ^ Ending Forced Arbitration for Victims of Data Breaches Act (lieu.house.gov)
  7. ^ Allow States and Victims to Fight Online Sex Trafficking Act (www.nextgov.com)
  8. ^ Senate counterpart (www.nextgov.com)
  9. ^ said (www.nextgov.com)
  10. ^ bill (www.congress.gov)
  11. ^ mark up (docs.house.gov)
  12. ^ introduced legislation (www.congress.gov)
  13. ^ help Ukraine secure its digital networks (www.brown.senate.gov)
  14. ^ passed the House (boyle.house.gov)
  15. ^ penned a letter (beyer.house.gov)
  16. ^ worldwide threats hearing (www.armed-services.senate.gov)
  17. ^ hear testimony (www.finance.senate.gov)
  18. ^ oversight hearing (energycommerce.house.gov)
  19. ^ Tuesday hearing (smallbusiness.house.gov)
  20. ^ third business meeting (www.hsgac.senate.gov)
  21. ^ examine (homeland.house.gov)
  22. ^ consider (financialservices.house.gov)
  23. ^ focused on (oversight.house.gov)
0

Congress Mulls a CIO's Authority, Future of Homeland Security and …

Lawmakers are scheduled to vote Tuesday on a bill that would boost the buying authority of the Federal Communications Commission chief information officer.

The FCC CIO Parity Act[1] is tucked into Ray Baum’s Act[2], legislation that would reauthorize the FCC for the first time in 15 years and contains several measures to improve communications infrastructure and internet access.

The FCC Parity Act would grant the CIO “a significant role” in planning, budgeting and hiring processes related to IT at the agency. These powers would be similar to what the Federal Information Technology Acquisition Reform Act grants to CIOs at CFO Act agencies.

“Aligned with Sen. Moran’s past priorities included in FITARA, the senator feels strongly that federal agencies are increasingly reliant upon IT in their day-to-day operations. As agencies plan for budgets, it only makes sense for the expertise of the CIO to be included in these critical operational decisions,” a spokesman for Sen. Jerry Moran, R-Kan., told Nextgov. Moran and Sen. Tom Udall, D-N.M., introduced the Senate version of the bill back in December. The duo previously pushed the Modernizing Government Technology Act, which not only passed but is now taking agency proposals[3] for funds.

“The FCC is charged with regulating close to a sixth of our economy, but their information technology systems are severely out of date—leaving sensitive industry material vulnerable to increasingly dangerous cyberattacks,” Udall told Nextgov. “The inclusion of this provision will empower the FCC CIO and give the CIO the authority necessary to modernize and take the necessary steps to protect sensitive data.”

Another notable bill tucked into the package is the MOBILE NOW Act[4] introduced by Sens. John Thune, R-S.D., and Bill Nelson, D-Fla., directing the FCC to make more spectrum available to the private sector for fixed and mobile wireless broadband development.

Credit Over-Extended

House Energy and Commerce Committee leaders requested a briefing with the company investigating the Equifax data breach, Mandiant, Thursday after news the credit score giant identified 2.4 million additional victims.

“This latest announcement from Equifax is deeply concerning, and raises even more questions about the company’s total failure in safeguarding consumers’ information and providing adequate tools for protection post-breach,” committee Chairman Greg Walden, R-Ore., and Rep. Bob Latta, R-Ohio, who chairs the committee’s consumer protection panel, said in a statement.

Senate Commerce Chairman John Thune, R-S.D., also said his committee would be reaching out to Equifax for additional information.

Speaking of Equifax

Rep. Ted Lieu, D-Calif., introduced two bills Thursday aimed at protecting consumers from the next major credit reporting agency data breach.

The first bill, the Protecting Consumer Information Act[5], would direct the Federal Trade Commission to study whether current law mandates sufficient cybersecurity protections for credit ratings agency and to promulgate new regulations if the current ones are insufficient.

The second bill, the Ending Forced Arbitration for Victims of Data Breaches Act[6], would prohibit companies from forcing data breach victims to all go through individual arbitration before launching a class action lawsuit.

Forging Ahead on FOSTA

A controversial bill aimed at curbing online sex-trafficking passed the House Tuesday despite pushback from tech-savvy lawmakers and industry groups. The Allow States and Victims to Fight Online Sex Trafficking Act[7] would allow states and victims to sue websites that are “knowingly assisting, supporting or facilitating a violation” of federal anti-sex trafficking laws, but the tech community argues the bill could open companies to frivolous lawsuits.

Though early amendments to FOSTA brought many original opponents on board, tech groups renewed their criticism after lawmakers revised the bill’s final text to more closely mirror its Senate counterpart[8], which takes a stiffer position against online platforms. The Senate is expected to vote on FOSTA the week of March 12, and the measure is widely expected to pass.

Overdoing the Oversight

The Senate Homeland Security Committee is working on a Homeland Security Department reauthorization bill that will pare back the roughly 100 congressional committees and subcommittees that department staff must report to, Chairman Ron Johnson, R-Wisc., said[9] Wednesday.  

Those crisscrossing oversight lines were left unaddressed in the House version of the reauthorization bill, which passed that chamber in July. Johnson has suggested forming a congressional commission to study the problem.

The Senate bill will also likely include language strengthening the department’s election cybersecurity mission, senators said.  

Let’s Make This Thing Official

Also Wednesday, House Homeland Security Chairman Michael McCaul, R-Texas, introduced a bill[10] giving legislative backing to the work of Homeland Security’s cyber incident response teams. The Homeland Security Committee is scheduled to mark up[11] the bill Wednesday.

Senate Pushes Cyber Cooperation With Ukraine

Sen. Sherrod Brown, D-Ohio, introduced legislation[12] Tuesday urging the State Department to help Ukraine secure its digital networks[13] against Russian cyberattacks and to reduce the nation’s reliance on Russian internet infrastructure. The bill merely states the “sense of Congress” and does not mandate any State Department action. A similar bill passed the House[14] Feb. 7.

Ukraine has suffered numerous digital attacks since the 2014 Russian annexation of Crimea that are widely believed to have been launched by the Russian government. Among those was a 2015 attack that severely disrupted electricity across the nation. It was likely the first widely successful cyberattack against an electric grid.

Quit Concealing Climate Change

The Congressional Safe Climate Caucus penned a letter[15] to President Trump condemning the White House push to reduce public access to federal climate change information. The 26 lawmakers said they are “alarmed” by the administration’s “systematic effort” to remove web pages and language related to climate change from federal sites. They accused the administration of violating the Federal Records Act—which requires agencies to collect, retain and preserve records—and pushed the White House to “consider the fact that human-caused global climate change is one of the greatest existential threats to the future of our planet” in its future online practices.

Coming Up

Tuesday and Wednesday this week will be chock full of tech and cyber activity on the hill. Here’s a rundown.

The Senate Armed Services Committee will hold its annual worldwide threats hearing[16] Tuesday.

The Senate Finance Committee will also hear testimony[17] that day about protecting online consumers from counterfeit goods and the House Energy and Commerce Committee will hold an oversight hearing[18] of the National Telecommunications and Information Administration.

The House Small Business Committee will hold a Tuesday hearing[19] on challenges for rural broadband providers.

On Wednesday, the Senate Homeland Security Committee will hold its third business meeting[20] focused on reauthorizing the Homeland Security Department for the first time since its inception.

Also that day, the House Homeland Security Committee will examine[21] efforts to strengthen the department’s cybersecurity workforce and the House Financial Services Committee will consider[22] legislative proposals to reform data security and breach notification regulations.

The House Oversight Committee will also hold the second in a series of hearings focused on how artificial intelligence can benefit the federal government.[23]

References

  1. ^ FCC CIO Parity Act (www.congress.gov)
  2. ^ Ray Baum’s Act (www.congress.gov)
  3. ^ taking agency proposals (www.nextgov.com)
  4. ^ MOBILE NOW Act (www.congress.gov)
  5. ^ Protecting Consumer Information Act (lieu.house.gov)
  6. ^ Ending Forced Arbitration for Victims of Data Breaches Act (lieu.house.gov)
  7. ^ Allow States and Victims to Fight Online Sex Trafficking Act (www.nextgov.com)
  8. ^ Senate counterpart (www.nextgov.com)
  9. ^ said (www.nextgov.com)
  10. ^ bill (www.congress.gov)
  11. ^ mark up (docs.house.gov)
  12. ^ introduced legislation (www.congress.gov)
  13. ^ help Ukraine secure its digital networks (www.brown.senate.gov)
  14. ^ passed the House (boyle.house.gov)
  15. ^ penned a letter (beyer.house.gov)
  16. ^ worldwide threats hearing (www.armed-services.senate.gov)
  17. ^ hear testimony (www.finance.senate.gov)
  18. ^ oversight hearing (energycommerce.house.gov)
  19. ^ Tuesday hearing (smallbusiness.house.gov)
  20. ^ third business meeting (www.hsgac.senate.gov)
  21. ^ examine (homeland.house.gov)
  22. ^ consider (financialservices.house.gov)
  23. ^ focused on (oversight.house.gov)
0

TechVets launches to offer UK military veterans a route into cyber and startups

There’s a problem in the UK tech industry and it’s staring us in the face.

The tech industry is growing at twice the rate of the wider economy and now contributes[1] around £97bn a year, up 30pc in five years.

And yet only 4% of military veterans work in ICT, which is 20% less than non-veterans. Yes, a military veteran is five times less likely to go into tech than a non-veteran. That’s crazy.

Meanwhile, 45% of businesses claim to have a problematic shortage of cybersecurity skills and 67% of cybersecurity professionals claim[2] they are too busy with their jobs to keep up with skills development and training.

It’s clear, despite its huge growth in the UK, the tech industry is not tapping into the enormous amounts of unrealised human potential contained in the people who are leaving our armed forces. People who have literally put their lives on the line for the country.

The problem is acute. Every year there are over 15,000 ‘service leavers’ leaving the UK military. And right now there are over 900,000 working-age veterans in the UK and other estimates say there are 220,000 who are unemployed or inactive.

That has to change. That’s why today I am backing the launch of a new non-profit to address this issue: TechVets[3].

Next week in London, TechVets will launch on 8 March at Level 39, in Canary Wharf, with an audience of veterans, tech business leaders and investors.

TechVets will be a not-for-profit which provides a bridge for veterans and service leavers into cybersecurity and technology.

Veterans possess unrivalled leadership, crisis management and problem-solving skills which have been forged in the toughest environments. When given effective transition support, veterans have the potential to contribute an enormous amount to the future of the UK’s tech, cybersecurity and startup sectors.

TechVets is being backed by General Sir Richard Barrons KCB CBE (pictured), who served as Commander Joint Forces Command, one of the six “Chiefs of Staff” leading the UK Armed Forces until April 2016. He says: “The transferable skills of the veteran community are a national resource and have a vital role to play in supporting the security and prosperity of the nation.”

At the launch, TechVets is announcing details of their first support programme, a Digital Cyber Academy, with Immersive Labs[4]. This will provide free Cyber-Security training to the first cohort from the service leaver and veteran community.

TechVets will bring people together: serving as a catalyst to foster greater dialogue and creating connections between veterans and the technology and cyber security sectors and to highlight the strong mutual benefits. By leveraging the extensive networks of the TechVets founders, and organising resources made available by businesses, TechVets creates and curates opportunities for veterans and helps the UK economy by stimulating the technology sector.

The TechVets founders are: Peter Connolly (a retired Army Major, entrepreneur and founder of a cyber and physical security consultancy); Mark Milton (a tech design and innovation specialist with a background in cyber security); and Euan Crawford (a corporate financier, who spent time with the Army Reserve in Iraq before qualifying as a Chartered Accountant). Interest declared: I am also joining as a co-founder and adviser.

Connolly explains: “Around 15,000 people per year leave military service in the UK, and while they are highly trained, hard-working, bright minds, they typically do not find their way into the tech industry due to predominantly a lack of connections. We aim to address this missed opportunity by the TechVets programme bringing in veterans to help build our digital future.”

As well as providing free cyber-security training, TechVets is working with industry partners to secure employment for their cohort. TechVets will take no recruitment fees for this service. TechVets will work closely with the UK government, the MOD’s the Career Transition Partnership, military charities, and industry champions, in order to build the UK’s tech and cyber sectors with the unrealised human potential of the UK veteran community.

Milton says: “The UK government is committed to making the UK a secure and resilient digital nation, this programme supports that goal by recognising the unrealised human potential of our veteran community to address our cyber skills shortage.”

Crawford adds: “We are looking forward to working closely with the UK government and defence, the Career Transition Partnership, military charities, and industry champions, in order to harness the unrealised human potential within veterans. We are totally committed to supporting the recruitment and education of veterans and service leavers, and to helping veterans to leverage their transferable skills and succeed in tech.”

The TechVets launch event will be at Level 39, Canary Wharf, on Thursday 8 March, 2-6pm, and will feature veterans who have succeeded in tech and cyber as well as speakers from NCSC, Amazon, Google, Google Deepmind, IBM, Oracle, Institute for Cyber-Security Innovation, Cylon, Hut Zero.

Veterans and service leavers can register TechVets.co to apply to join the first cohort for cyber training or give feedback on what support would be most valued. Companies hiring in tech or cyber or who would like to signpost veterans to them please email [email protected]
Charities who are working with individuals who they feel may benefit, head to TechVets.co to register OR email [email protected]

References

  1. ^ contributes (www.telegraph.co.uk)
  2. ^ claim (www.esg-global.com)
  3. ^ TechVets (techvets.co)
  4. ^ Immersive Labs (immersivelabs.co.uk)
0

Homeland Security's tall order: A hacker-free election

jeanette-manfra-head-of-cybersecurity-department-of-homeland-security-7600

James Martin/CNET

As lawmakers and federal investigators continue to try to understand the chaos foreign actors were able to create during the 2016 election, the US Department of Homeland Security has taken a central role in helping secure the next election.

The agency declared the US election system, which is run by a fragmented group of officials in all 50 states as well as dozens of smaller local governments, to be a part of the nation’s “critical infrastructure” in January 2017. The agency doesn’t have any legal authority over election officials, but it offers programs to help them keep hackers out of voting machines, voter registration databases and public-facing election websites.

Homeland Security’s top cybersecurity official, Jeanette Manfra, sat down with CNET to talk about the balancing act of helping secure elections without overstepping the federal government’s authority. She serves as the National Protection and Programs Directorate Assistant Secretary for the Office of Cybersecurity and Communications at Homeland Security. Manfra told us that, so far, 32 states and 31 local governments have taken part in at least the most basic cybersecurity help offered by Homeland Security, and the agency will have finished 14 deeper assessments by the end of April.

What’s more, Manfra said Homeland Security hasn’t seen a concerted hacking effort targeting the election system like it saw in 2016 — so far.

“The intelligence community has said we have every reason to expect that this foreign influence activity will continue, but we don’t see any specific credible threat or targeting of election infrastructure,” Manfra said.

Manfra also talked with us about why she thinks a return to paper ballots wouldn’t create a totally secure election, what Homeland Security has done to secure the federal government since the disastrous Office of Personnel Management data breach in 2015, and how she thinks the government can help make the internet of things safer. Here’s an edited transcript of our conversation.

Q: Tell us what Homeland Security is doing to help states and local governments secure the vote.
Manfra: When the government has information that would be useful to election officials, that we get that to them.

We issued a few public statements[1] over the past couple of days about a series of meetings[2] with industry, with state and local government officials. If there’s somebody targeting a network or a system in your state, who are the people that we need to notify.

To the extent that they would like to take advantage of the services we have, we offer those as well. There’s everything from scanning — they provide us with their IP ranges, we provide them with a weekly report on any vulnerabilities that we identify.

The other one that’s been written about a lot is the risk and vulnerability assessment. It takes about three weeks. They lay out for us what their networks, what their systems look like. We try a variety of different things and identify where we saw some potential issues, some recommended mitigations, and we often times will talk through with them if they have any questions.

Can you speak to the difference between securing voting machines and securing voter rolls and other election related networks?
Manfra: The voting machines tend to make a lot of news when you’ve got people talking about being able to hack into them. While technically somebody may be able to demonstrate it, it’s nearly impossible to gain physical access to those machines.

Then you’ve got all these other pieces of the system, where if somebody wanted to [they could] create confusion. It’s got nothing to do with actually changing a vote, but you try to get into these different systems, because people don’t understand necessarily how all of these pieces are very disconnected.

A voter during the 2016 US presidential election.

A voter during the 2016 US presidential election.


Brianna Soukup/Getty Images

We published voter registration database best practices in 2016[3]. We’ve been working with software vendors. We’ve been working with state officials. How can they best ensure that their public-facing websites are protected? How can they ensure that there’s no disruption of voter rolls? We’re working with the different organizations that would publish [early results], whether that’s through a state site, or the AP.

Not that we’re seeing targeting of any of this. We’re just wanting to take a really comprehensive approach to what we consider election infrastructure. Because it’s virtually impossible to actually affect the vote count itself, then an adversary may want to look at other means.

Security experts have been warning that voting machines are vulnerable to hacks for years, even if they would have to be hacked in person. What’s your approach with the vendors of these machines in ensuring that this improves?
Manfra: My approach with the vendor community is more nascent. We had a meeting with them last Thursday, and have had some individual meetings, and we’ve got our own team of experts to look and do some penetration testing. I would say it’s a little bit early for me to judge them, and pretty much anything is going to have some vulnerability that somebody is going to try to exploit.

I also believe that once you have a product, you also have to make sure that you’re doing everything you can to lower the risk. It’s not always a cyberfix for a cybervulnerability; sometimes it’s reducing physical access, like they’ve done, and there’s other mechanisms in place such as the transparency of our election process. We’ve got observers that are looking at the vote counts and would be able to identify if there’s any anomalous changes.

I’ve talked to some advocates who say we should move back to paper ballots across the board. Would that make things more secure?
Manfra: I vote in a community who’s gone to paper ballots. That introduces different complexity that those digital machines were trying to overcome. I couldn’t say that that will just unilaterally remove all risk. Particularly because if you have an adversary whose goal is to just create confusion, and undermine confidence, it wouldn’t necessarily matter.

I do believe that there should be audit capability and redundant means for checking if there is suspicion that something happened. And I know a lot of states and localities already have it, and if they didn’t, they’re working on it.

If there’s no current signs of foreign activity against US election systems, that’s different from what you’ve said was seen in the 2016 election when 21 states were targeted and a few were actually — is breached the right word?
Manfra: That’s been the subject of endless debates.

But now you’re saying you’re not seeing a specific, concerted efforts along those lines…
Manfra: …targeting election systems at this time. But again, what the intelligence officials laid out is, there is no reason to believe that the previous activity would go away.

There was an initial announcement that elections would be considered critical infrastructure because there was concerns over federal involvement in the state and local processes. Can you speak to where those concerns are coming from and how you deal with the challenge of offering assistance in elections that Homeland Security doesn’t have authority over?
Manfra: In our non-federal cybersecurity role, we’ve tried to focus on what are those critical services and functions that we depend upon. Access to clean water, electricity and communications, and confidence in the financial systems. We have no kind of oversight or directive authority over any of those functions. Some of them may be regulated by other parts of the state government or the federal government, but not by us. And we think that [Homeland Security’s] voluntary approaches have been very useful.

Not every state is using every service offered by Homeland Security. What are some of the reasons a state might not opt into some of this?
Manfra: We have a lot of great partnerships with organizations across the country that never take any of our services because they’re buying their own. If they’d like to take advantage [of ours], then that’s great. It benefits both of us. We learn about their systems, and they’re able to participate in our programs for free.

What has changed in the government’s approach to securing federal networks since the Office of Personnel Management breach in June of 2015[4]?
Manfra: That was only three years ago, [but] it feels like a lifetime. At Homeland Security, Congress has given us a lot of authority. [We’ve been] implementing those authorities, many of them we got in 2014 and 2015. The binding operational directive[5] is one that we’ve been using successfully. You saw in the president’s executive order[6] [in May 2017] very clearly that cabinet secretaries, heads of agencies, you are accountable for your cybersecurity. This needs to be a priority for you.

The first directive we issued was about patching critical vulnerabilities within 30 days. We were not there when that started. And we’re now largely in that [range].

How developed is the information sharing system authorized under the Cybersecurity Information Sharing Act in 2015[7], and what has Homeland Security been able to do with it so far?
Manfra: For the automated indicator sharing — remembering that it’s all about volume and velocity, and not about human validation for every single indicator — we’ve shared 1.8 million unique indicators through that program. We’ve got a little over 200 organizations that are signed up for it.

Are those private and public sector organizations?
Manfra: Yes. And the 200 doesn’t necessarily mean a company or an agency. We’ve got a lot of information sharing organizations that have thousands of customers.

In 2016 we saw internet of things[8] devices being used in unprecedented DDOS attacks[9]. Now we’re seeing botnets, including IoT botnets, caught up in cryptojacking schemes[10]. What do you see Homeland Security’s role in setting security standards for the growing network of sensors in our homes, workplaces and industrial settings?
Manfra: In traditional consumer products, you can look at your microwave and see the UL seal there and you know that it’s passed some level of standards and certification. I think that is probably what we need for the so-called internet of things.

What we’ve looked at is Underwriter Laboratories, Energy Star and different things that have now become an industry standard — how did they develop? I think that there’s a government role in nurturing that process, but not dictating what the standards are. I think at one point the government said we’re only going to buy Energy Star products[11], and that was a very clear indicator for the market. I’m not suggesting that we have any plans along those lines, but I think it’s worthwhile looking back at how some of these different certification programs came about. I want to keep seeing the innovation, but I also want to see some standards.

When it comes to critical infrastructure like power plants and water systems, we’ve only seen small attacks in the US, such as the breach of a control system for a small dam in Rye Brook, NY[12]. But places like Ukraine have seen problems like power outages[13]. What’s your assessment of the threat to the US electrical grid and other physical infrastructure[14]?
Manfra: I think the advantage that the US has in a lot of its critical infrastructure is it’s not very connected yet. A lot of it is very legacy systems. When you’re talking about water systems, you have some large water systems in our country, but it’s still very local. The electric grid has a long history of resilience.

What we’re working with with all the different industries is to recognize what we’ve done to build resilient systems for natural hazards or terrorist attacks, and all these different things that people have been working on now for quite a long time, [and asking,] how can we use those processes to manage a cyber incident, and where is there potentially a difference?

iHate[15]: CNET looks at how intolerance is taking over the internet.

Blockchain Decoded[16]:  CNET looks at the tech powering bitcoin — and soon, too, a myriad of services that will change your life.

References

  1. ^ public statements (www.dhs.gov)
  2. ^ a series of meetings (www.dhs.gov)
  3. ^ voter registration database best practices in 2016 (www.us-cert.gov)
  4. ^ Office of Personnel Management breach in June of 2015 (www.cnet.com)
  5. ^ binding operational directive (cyber.dhs.gov)
  6. ^ in the president’s executive order (www.cnet.com)
  7. ^ authorized under the Cybersecurity Information Sharing Act in 2015 (www.cnet.com)
  8. ^ internet of things (www.techrepublic.com)
  9. ^ unprecedented DDOS attacks (www.cnet.com)
  10. ^ caught up in cryptojacking schemes (www.cnet.com)
  11. ^ only going to buy Energy Star products (energy.gov)
  12. ^ a small dam in Rye Brook, NY (www.cnet.com)
  13. ^ places like Ukraine have seen problems like power outages (www.cnet.com)
  14. ^ physical infrastructure (www.techrepublic.com)
  15. ^ iHate (www.cnet.com)
  16. ^ Blockchain Decoded (cms.cnet.com)
0

Homeland Security's tall order: A hacker-free election

jeanette-manfra-head-of-cybersecurity-department-of-homeland-security-7600

James Martin/CNET

As lawmakers and federal investigators continue to try to understand the chaos foreign actors were able to create during the 2016 election, the US Department of Homeland Security has taken a central role in helping secure the next election.

The agency declared the US election system, which is run by a fragmented group of officials in all 50 states as well as dozens of smaller local governments, to be a part of the nation’s “critical infrastructure” in January 2017. The agency doesn’t have any legal authority over election officials, but it offers programs to help them keep hackers out of voting machines, voter registration databases and public-facing election websites.

Homeland Security’s top cybersecurity official, Jeanette Manfra, sat down with CNET to talk about the balancing act of helping secure elections without overstepping the federal government’s authority. She serves as the National Protection and Programs Directorate  Assistant Secretary for the Office of Cybersecurity and Communications at Homeland Security. Manfra told us that, so far, 32 states and 31 local governments have taken part in at least the most basic cybersecurity help offered by Homeland Security, and the agency will have finished 14 deeper assessments by the end of April.

What’s more, Manfra said Homeland Security hasn’t seen a concerted hacking effort targeting the election system like it saw in 2016 — so far.

“The intelligence community has said we have every reason to expect that this foreign influence activity will continue, but we don’t see any specific credible threat or targeting of election infrastructure,” Manfra said.

Manfra also talked with us about why she thinks a return to paper ballots wouldn’t create a totally secure election, what Homeland Security has done to secure the federal government since the disastrous Office of Personnel Management data breach in 2015, and how she thinks the government can help make the internet of things safer. Here’s an edited transcript of our conversation.

Question: Tell us what Homeland Security is doing to help states and local governments secure the vote.
Manfra: When the government has information that would be useful to election officials, that we get that to them.

We issued a few public statements[1] over the past couple of days about a series of meetings[2] with industry, with state and local government officials. If there’s somebody targeting a network or a system in your state, who are the people that we need to notify.

To the extent that they would like to take advantage of the services we have, we offer those as well. There’s everything from scanning — they provide us with their IP ranges, we provide them with a weekly report on any vulnerabilities that we identify.

The other one that’s been written about a lot is the risk and vulnerability assessment. It takes about three weeks. They lay out for us what their networks, what their systems look like. We try a variety of different things and identify where we saw some potential issues, some recommended mitigations, and we often times will talk through with them if they have any questions.

Can you speak to the difference between securing voting machines and securing voter rolls and other election related networks?
The voting machines tend to make a lot of news when you’ve got people talking about being able to hack into them. While technically somebody may be able to demonstrate it, it’s nearly impossible to gain physical access to those machines.

Then you’ve got all these other pieces of the system, where if somebody wanted to [they could] create confusion. It’s got nothing to do with actually changing a vote, but you try to get into these different systems, because people don’t understand necessarily how all of these pieces are very disconnected.

We published voter registration database best practices in 2016[3]. We’ve been working with software vendors. We’ve been working with state officials. How can they best ensure that their public-facing websites are protected? How can they ensure that there’s no disruption of voter rolls? We’re working with the different organizations that would publish [early results], whether that’s through a state site, or the AP.

Not that we’re seeing targeting of any of this. We’re just wanting to take a really comprehensive approach to what we consider election infrastructure. Because it’s virtually impossible to actually affect the vote count itself, then an adversary may want to look at other means.

Security experts have been warning that voting machines are vulnerable to hacks for years, even if they would have to be hacked in person. What’s your approach with the vendors of these machines in ensuring that this improves?
My approach with the vendor community is more nascent. We had a meeting with them last Thursday, and have had some individual meetings, and we’ve got our own team of experts to look and do some penetration testing. I would say it’s a little bit early for me to judge them, and pretty much anything is going to have some vulnerability that somebody is going to try to exploit.

I also believe that once you have a product, you also have to make sure that you’re doing everything you can to lower the risk. It’s not always a cyberfix for a cybervulnerability; sometimes it’s reducing physical access, like they’ve done, and there’s other mechanisms in place such as the transparency of our election process. We’ve got observers that are looking at the vote counts and would be able to identify if there’s any anomalous changes.

I’ve talked to some advocates who say we should move back to paper ballots across the board. Would that make things more secure?
I vote in a community who’s gone to paper ballots. That introduces different complexity that those digital machines were trying to overcome. I couldn’t say that that will just unilaterally remove all risk. Particularly because if you have an adversary whose goal is to just create confusion, and undermine confidence, it wouldn’t necessarily matter.

I do believe that there should be audit capability and redundant means for checking if there is suspicion that something happened. And I know a lot of states and localities already have it, and if they didn’t, they’re working on it.

If there’s no current signs of foreign activity against US election systems, that’s different from what you’ve said was seen in the 2016 election when 21 states were targeted and a few were actually — is breached the right word?
That’s been the subject of endless debates.

But now you’re saying you’re not seeing a specific, concerted efforts along those lines…
…targeting election systems at this time. But again, what the intelligence officials laid out is, there is no reason to believe that the previous activity would go away.

There was an initial announcement that elections would be considered critical infrastructure because there was concerns over federal involvement in the state and local processes. Can you speak to where those concerns are coming from and how you deal with the challenge of offering assistance in elections that Homeland Security doesn’t have authority over?
In our non-federal cybersecurity role, we’ve tried to focus on what are those critical services and functions that we depend upon. Access to clean water, electricity and communications, and confidence in the financial systems. We have no kind of oversight or directive authority over any of those functions. Some of them may be regulated by other parts of the state government or the federal government, but not by us. And we think that [Homeland Security’s] voluntary approaches have been very useful.

Not every state is using every service offered by Homeland Security. What are some of the reasons a state might not opt into some of this?
We have a lot of great partnerships with organizations across the country that never take any of our services because they’re buying their own. If they’d like to take advantage [of ours], then that’s great. It benefits both of us. We learn about their systems, and they’re able to participate in our programs for free.

What has changed in the government’s approach to securing federal networks since the Office of Personnel Management breach in June of 2015[4]?
That was only three years ago, [but] it feels like a lifetime. At Homeland Security, Congress has given us a lot of authority. [We’ve been] implementing those authorities, many of them we got in 2014 and 2015. The binding operational directive[5] is one that we’ve been using successfully. You saw in the president’s executive order[6] [in May 2017] very clearly that cabinet secretaries, heads of agencies, you are accountable for your cybersecurity. This needs to be a priority for you.

The first directive we issued was about patching critical vulnerabilities within 30 days. We were not there when that started. And we’re now largely in that [range].

How developed is the information sharing system authorized under the Cybersecurity Information Sharing Act in 2015[7], and what has Homeland Security been able to do with it so far?
For the automated indicator sharing — remembering that it’s all about volume and velocity, and not about human validation for every single indicator — we’ve shared 1.8 million unique indicators through that program. We’ve got a little over 200 organizations that are signed up for it.

Are those private and public sector organizations?
Yes. And the 200 doesn’t necessarily mean a company or an agency. We’ve got a lot of information sharing organizations that have thousands of customers.

In 2016 we saw internet of things devices being used in unprecedented DDOS attacks[8]. Now we’re seeing botnets, including IoT botnets, caught up in cryptojacking schemes[9]. What do you see Homeland Security’s role in setting security standards for the growing network of sensors in our homes, workplaces and industrial settings?
In traditional consumer products, you can look at your microwave and see the UL seal there and you know that it’s passed some level of standards and certification. I think that is probably what we need for the so-called internet of things.

What we’ve looked at is Underwriter Laboratories, Energy Star and different things that have now become an industry standard — how did they develop? I think that there’s a government role in nurturing that process, but not dictating what the standards are. I think at one point the government said we’re only going to buy Energy Star products[10], and that was a very clear indicator for the market. I’m not suggesting that we have any plans along those lines, but I think it’s worthwhile looking back at how some of these different certification programs came about. I want to keep seeing the innovation, but I also want to see some standards.

When it comes to critical infrastructure like power plants and water systems, we’ve only seen small attacks in the US, such as the breach of a control system for a small dam in Rye Brook, NY[11]. But places like Ukraine have seen problems like power outages[12]. What’s your assessment of the threat to the US electrical grid and other physical infrastructure?
I think the advantage that the US has in a lot of its critical infrastructure is it’s not very connected yet. A lot of it is very legacy systems. When you’re talking about water systems, you have some large water systems in our country, but it’s still very local. The electric grid has a long history of resilience.

What we’re working with with all the different industries is to recognize what we’ve done to build resilient systems for natural hazards or terrorist attacks, and all these different things that people have been working on now for quite a long time, [and asking,] how can we use those processes to manage a cyber incident, and where is there potentially a difference?

0

Homeland Security's tall order: A hacker-free election

jeanette-manfra-head-of-cybersecurity-department-of-homeland-security-7600

James Martin/CNET

As lawmakers and federal investigators continue to try to understand the chaos foreign actors were able to create during the 2016 election, the US Department of Homeland Security has taken a central role in helping secure the next election.

The agency declared the US election system, which is run by a fragmented group of officials in all 50 states as well as dozens of smaller local governments, to be a part of the nation’s “critical infrastructure” in January 2017. The agency doesn’t have any legal authority over election officials, but it offers programs to help them keep hackers out of voting machines, voter registration databases and public-facing election websites.

Homeland Security’s top cybersecurity official, Jeanette Manfra, sat down with CNET to talk about the balancing act of helping secure elections without overstepping the federal government’s authority. She serves as the National Protection and Programs Directorate Assistant Secretary for the Office of Cybersecurity and Communications at Homeland Security. Manfra told us that, so far, 32 states and 31 local governments have taken part in at least the most basic cybersecurity help offered by Homeland Security, and the agency will have finished 14 deeper assessments by the end of April.

What’s more, Manfra said Homeland Security hasn’t seen a concerted hacking effort targeting the election system like it saw in 2016 — so far.

“The intelligence community has said we have every reason to expect that this foreign influence activity will continue, but we don’t see any specific credible threat or targeting of election infrastructure,” Manfra said.

Manfra also talked with us about why she thinks a return to paper ballots wouldn’t create a totally secure election, what Homeland Security has done to secure the federal government since the disastrous Office of Personnel Management data breach in 2015, and how she thinks the government can help make the internet of things safer. Here’s an edited transcript of our conversation.

Q: Tell us what Homeland Security is doing to help states and local governments secure the vote.
Manfra: When the government has information that would be useful to election officials, that we get that to them.

We issued a few public statements[1] over the past couple of days about a series of meetings[2] with industry, with state and local government officials. If there’s somebody targeting a network or a system in your state, who are the people that we need to notify.

To the extent that they would like to take advantage of the services we have, we offer those as well. There’s everything from scanning — they provide us with their IP ranges, we provide them with a weekly report on any vulnerabilities that we identify.

The other one that’s been written about a lot is the risk and vulnerability assessment. It takes about three weeks. They lay out for us what their networks, what their systems look like. We try a variety of different things and identify where we saw some potential issues, some recommended mitigations, and we often times will talk through with them if they have any questions.

Can you speak to the difference between securing voting machines and securing voter rolls and other election related networks?
Manfra: The voting machines tend to make a lot of news when you’ve got people talking about being able to hack into them. While technically somebody may be able to demonstrate it, it’s nearly impossible to gain physical access to those machines.

Then you’ve got all these other pieces of the system, where if somebody wanted to [they could] create confusion. It’s got nothing to do with actually changing a vote, but you try to get into these different systems, because people don’t understand necessarily how all of these pieces are very disconnected.

A voter during the 2016 US presidential election.

A voter during the 2016 US presidential election.


Brianna Soukup/Getty Images

We published voter registration database best practices in 2016[3]. We’ve been working with software vendors. We’ve been working with state officials. How can they best ensure that their public-facing websites are protected? How can they ensure that there’s no disruption of voter rolls? We’re working with the different organizations that would publish [early results], whether that’s through a state site, or the AP.

Not that we’re seeing targeting of any of this. We’re just wanting to take a really comprehensive approach to what we consider election infrastructure. Because it’s virtually impossible to actually affect the vote count itself, then an adversary may want to look at other means.

Security experts have been warning that voting machines are vulnerable to hacks for years, even if they would have to be hacked in person. What’s your approach with the vendors of these machines in ensuring that this improves?
Manfra: My approach with the vendor community is more nascent. We had a meeting with them last Thursday, and have had some individual meetings, and we’ve got our own team of experts to look and do some penetration testing. I would say it’s a little bit early for me to judge them, and pretty much anything is going to have some vulnerability that somebody is going to try to exploit.

I also believe that once you have a product, you also have to make sure that you’re doing everything you can to lower the risk. It’s not always a cyberfix for a cybervulnerability; sometimes it’s reducing physical access, like they’ve done, and there’s other mechanisms in place such as the transparency of our election process. We’ve got observers that are looking at the vote counts and would be able to identify if there’s any anomalous changes.

I’ve talked to some advocates who say we should move back to paper ballots across the board. Would that make things more secure?
Manfra: I vote in a community who’s gone to paper ballots. That introduces different complexity that those digital machines were trying to overcome. I couldn’t say that that will just unilaterally remove all risk. Particularly because if you have an adversary whose goal is to just create confusion, and undermine confidence, it wouldn’t necessarily matter.

I do believe that there should be audit capability and redundant means for checking if there is suspicion that something happened. And I know a lot of states and localities already have it, and if they didn’t, they’re working on it.

If there’s no current signs of foreign activity against US election systems, that’s different from what you’ve said was seen in the 2016 election when 21 states were targeted and a few were actually — is breached the right word?
Manfra: That’s been the subject of endless debates.

But now you’re saying you’re not seeing a specific, concerted efforts along those lines…
Manfra: …targeting election systems at this time. But again, what the intelligence officials laid out is, there is no reason to believe that the previous activity would go away.

There was an initial announcement that elections would be considered critical infrastructure because there was concerns over federal involvement in the state and local processes. Can you speak to where those concerns are coming from and how you deal with the challenge of offering assistance in elections that Homeland Security doesn’t have authority over?
Manfra: In our non-federal cybersecurity role, we’ve tried to focus on what are those critical services and functions that we depend upon. Access to clean water, electricity and communications, and confidence in the financial systems. We have no kind of oversight or directive authority over any of those functions. Some of them may be regulated by other parts of the state government or the federal government, but not by us. And we think that [Homeland Security’s] voluntary approaches have been very useful.

Not every state is using every service offered by Homeland Security. What are some of the reasons a state might not opt into some of this?
Manfra: We have a lot of great partnerships with organizations across the country that never take any of our services because they’re buying their own. If they’d like to take advantage [of ours], then that’s great. It benefits both of us. We learn about their systems, and they’re able to participate in our programs for free.

What has changed in the government’s approach to securing federal networks since the Office of Personnel Management breach in June of 2015[4]?
Manfra: That was only three years ago, [but] it feels like a lifetime. At Homeland Security, Congress has given us a lot of authority. [We’ve been] implementing those authorities, many of them we got in 2014 and 2015. The binding operational directive[5] is one that we’ve been using successfully. You saw in the president’s executive order[6] [in May 2017] very clearly that cabinet secretaries, heads of agencies, you are accountable for your cybersecurity. This needs to be a priority for you.

The first directive we issued was about patching critical vulnerabilities within 30 days. We were not there when that started. And we’re now largely in that [range].

How developed is the information sharing system authorized under the Cybersecurity Information Sharing Act in 2015[7], and what has Homeland Security been able to do with it so far?
Manfra: For the automated indicator sharing — remembering that it’s all about volume and velocity, and not about human validation for every single indicator — we’ve shared 1.8 million unique indicators through that program. We’ve got a little over 200 organizations that are signed up for it.

Are those private and public sector organizations?
Manfra: Yes. And the 200 doesn’t necessarily mean a company or an agency. We’ve got a lot of information sharing organizations that have thousands of customers.

In 2016 we saw internet of things[8] devices being used in unprecedented DDOS attacks[9]. Now we’re seeing botnets, including IoT botnets, caught up in cryptojacking schemes[10]. What do you see Homeland Security’s role in setting security standards for the growing network of sensors in our homes, workplaces and industrial settings?
Manfra: In traditional consumer products, you can look at your microwave and see the UL seal there and you know that it’s passed some level of standards and certification. I think that is probably what we need for the so-called internet of things.

What we’ve looked at is Underwriter Laboratories, Energy Star and different things that have now become an industry standard — how did they develop? I think that there’s a government role in nurturing that process, but not dictating what the standards are. I think at one point the government said we’re only going to buy Energy Star products[11], and that was a very clear indicator for the market. I’m not suggesting that we have any plans along those lines, but I think it’s worthwhile looking back at how some of these different certification programs came about. I want to keep seeing the innovation, but I also want to see some standards.

When it comes to critical infrastructure like power plants and water systems, we’ve only seen small attacks in the US, such as the breach of a control system for a small dam in Rye Brook, NY[12]. But places like Ukraine have seen problems like power outages[13]. What’s your assessment of the threat to the US electrical grid and other physical infrastructure[14]?
Manfra: I think the advantage that the US has in a lot of its critical infrastructure is it’s not very connected yet. A lot of it is very legacy systems. When you’re talking about water systems, you have some large water systems in our country, but it’s still very local. The electric grid has a long history of resilience.

What we’re working with with all the different industries is to recognize what we’ve done to build resilient systems for natural hazards or terrorist attacks, and all these different things that people have been working on now for quite a long time, [and asking,] how can we use those processes to manage a cyber incident, and where is there potentially a difference?

iHate[15]: CNET looks at how intolerance is taking over the internet.

Blockchain Decoded[16]:  CNET looks at the tech powering bitcoin — and soon, too, a myriad of services that will change your life.

References

  1. ^ public statements (www.dhs.gov)
  2. ^ a series of meetings (www.dhs.gov)
  3. ^ voter registration database best practices in 2016 (www.us-cert.gov)
  4. ^ Office of Personnel Management breach in June of 2015 (www.cnet.com)
  5. ^ binding operational directive (cyber.dhs.gov)
  6. ^ in the president’s executive order (www.cnet.com)
  7. ^ authorized under the Cybersecurity Information Sharing Act in 2015 (www.cnet.com)
  8. ^ internet of things (www.techrepublic.com)
  9. ^ unprecedented DDOS attacks (www.cnet.com)
  10. ^ caught up in cryptojacking schemes (www.cnet.com)
  11. ^ only going to buy Energy Star products (energy.gov)
  12. ^ a small dam in Rye Brook, NY (www.cnet.com)
  13. ^ places like Ukraine have seen problems like power outages (www.cnet.com)
  14. ^ physical infrastructure (www.techrepublic.com)
  15. ^ iHate (www.cnet.com)
  16. ^ Blockchain Decoded (cms.cnet.com)