Federal Times Blogs
Sen. Joseph Lieberman, I-Conn., has revised his cybersecurity bill “to try carrots instead of sticks as we begin to improve our cyber defenses,” he said.
The bill has the endorsement of President Obama, who, in an op-ed in The Wall Street Journal Thursday, urged the Senate to pass the bill so he could sign it into law.
Under the bill, owners of critical infrastructure — such as dams, energy and water systems — would voluntarily show they meet certain cybersecurity practices through a third-party verification or certification. By volunteering, they would be eligible for benefits, such as liability protections in the event of a cyber attack on their systems, expedited security clearances and priority assistance with cybersecurity issues.
The bill would establish a multi-agency council chaired by the secretary of the Department of Homeland Security to assess the risks and vulnerabilities of critical systems and work with industry to develop voluntary security practices.
The first iteration of the bill would have authorized DHS to regulate security standards for privately owned critical systems.
The revised bill uses “incentives rather than mandatory regulations,” Lieberman said.
The bill is expected to win a motion to proceed, which would assume there is wide support for the bill.
Sen. John McCain, R-Ariz., and seven Republican co-sponsors introduced their own bill in March that promotes voluntary information sharing of cyber threats between government and industry through existing partnerships.
A House subcommittee on Wednesday passed a bill to ensure vets are quickly notified when their personal information is breached.
The Veterans Data Breach Timely Notification Act, , H.R. 3730, requires the Veterans Affairs Department to notify Congress and vets within 10 business days of their personal information being breached. VA could request a five-day extension if more time is needed to identify affected individuals or mitigate a breach.
VA contractors that handle vets’ personal information would be held to the same standards under the bill.
“In the unfortunate event of a breach of sensitive information, veterans and their families should be notified as soon as practically possible,” Rep. Joe Donnelly, D-Ind., ranking member of the House Veterans Affairs Subcommittee on Oversight and Investigations, said in a statement.
“Current law, however, gives the VA a full thirty days to notify veterans that their personal information may have been compromised. That is too long.”
Sen. Joseph Lieberman, I-Conn., is confident the Senate will consider his controversial cybersecurity bill within the next month. Whether he has garnered enough support among divided lawmakers is another issue.
“I’m as confident as I can be that this will come up no later than July,” Lieberman told reporters at one of two cyber briefings by the Department of Homeland Security on Wednesday. Lieberman echoed intentions by Senate Majority Leader Harry Reid, D-Nev., to bring cyber legislation to the Senate floor as soon as possible.
The House passed the Cyber Intelligence Sharing and Protection Act (CISPA), HR 3523, in April, but Lieberman said his bill is the better bill. In a statement Wednesday he urged the Senate to pass the bill and iron out differences with the House.
Under Lieberman’s 2012 Cybersecurity Act, certain companies operating the nation’s electric grid, water supply and other critical systems would have to meet cybersecurity standards approved and enforced by DHS and share with the government all instances when they come under cyber attack.
But Congress is at odds about DHS regulating the security of some privately owned networks and whether the department is capable of taking on that role. The briefing on Capitol Hill was one of several that Lieberman hopes will change people’s perception of DHS and highlight its cyber defense capabilities.
“I want people to be confident that the folks at the department can handle it,” he said.
Mark Weatherford, DHS’ deputy under secretary for cybersecurity, said the department has the capacity and cybersecurity expertise in house as well as partnerships with the Defense Department and National Security Agency. He also refuted claims that DHS’ latest intrusion detection system, Einstein 3, may not be made available to agencies. DHS is considering how to deploy the system, he said.
Officials from DHS’ United States Computer Emergency Readiness Team demonstrated how easily hackers can gain control of a person’s computer through spear phishing — targeted emails crafted to convince an individual to divulge information or open malicious files.
The officials simulated how hackers might gather personal information from social networking sites to design a seemingly credible email. They planted malicious code into an email attachment using an open software tool called BackTrack5. By opening the corrupt file, victims can give attackers complete access to their computer, web camera, documents and other data.
The tool was created for security testing purposes but can also be used to launch intentional attacks.
Spear phishing is the most common form of cyber attacks used against personal computers and critical cyber infrastructure, Lieberman said. He added that his bill would raise the defenses against these types of attacks through information sharing and security requirements. For example, the bill would likely require companies to create more complex passwords.
“Some just have the word password,” he said.
The Library of Congress said today it will preserve everything from a tinny 1888 recording of “Twinkle, Twinkle, Little Star” to Prince’s incendiary album “Purple Rain” as part of its latest slate of entries to the National Recording Registry.
The Library each year preserves 25 recordings it feels are “cultural, artistic and/or historical treasures for generations to come.” This year, a wide variety of recordings will be added, including:
- Bo Diddley’s songs “Bo Diddley” and “I’m A Man,”
- Sugarhill Gang’s “Rapper’s Delight,” recognized as the first hit rap song,
- Booker T and the MG’s “Green Onions,”
- Vince Guaraldi’s jazzy soundtrack to “A Charlie Brown Christmas,”
- Dolly Parton’s “Coat of Many Colors,”
- Parliament’s album “Mothership Connection,”
- A May 1977 concert by the Grateful Dead, and
- Donna Summer’s “I Feel Love.”
Thomas Edison recorded an anonymous employee singing “Twinkle Twinkle Little Star” for a talking doll. It may sound unnervingly spooky, but it is believed to be the first commercial children’s recording, and possibly the first time someone was paid to sing on record. The registry also has audio of former slaves telling their life stories, Leonard Bernstein’s debut performance with the New York Philharmonic, and journalist Edward R. Murrow.
The announced preservations of “I Feel Love” and “Green Onions” come not long after Summer and Donald “Duck” Dunn, bassist for Booker T and the MGs, passed away. The Associated Press reported that the Library had already chosen Summer’s song weeks before she died of cancer.
But I find the government’s enshrinement of the “Purple Rain” album somewhat ironic, given that its highly sexual song “Darling Nikki” led then-senator’s wife and future First Lady Tipper Gore to lead a campaign against smutty rock music.
To put you in the right frame of mind for your drive home, enjoy this 70s-tastic performance of “Rapper’s Delight.” Ho-tel, mo-tel, Holiday Inn!
Cybersecurity funding at the Department of Homeland Security would increase 63 percent from $459 million to $749 million under a proposed 2013 spending bill by the House Appropriations Committee.
The increase would fund new initiatives to improve federal network security and defend against foreign espionage, according to a committee press release. The House Homeland Security Appropriations Subcommittee will mark up the bill on Wednesday.
Cyber funding would be $20 million below the president’s $769 million request. Both the administration and some members of the Senate are backing legislation that would give DHS new authorities to regulate cybersecurity. The 2012 Cybersecurity Act, S 2105, would authorize the DHS to regulate security standards for certain privately owned critical networks, such as those affecting the power grid and other systems that, if attacked, would cause death, severe economic damage or national security risks.
Skeptics of DHS’ ability to regulate industry point to the department’s troubled chemical facility security program, or CFATS. Congress in 2007 directed DHS to beef up the physical security and cybersecurity of chemical facilities. But that program suffered from unstable leadership, inadequate training and poor hiring decisions.
The spending bill would provide $45 million for CFATS, $29 million below what was requested and $47 million below current spending levels. “This reduction is due to significant managerial problems, program delays and poor budget execution,” the new release said.
Two Republican congresswomen introduced a cybersecurity bill this week that promotes information sharing and aligns closely with legislation sponsored by Sen. John McCain, R-Ariz.
Reps. Mary Bono Mack, R-Calif., and Marsha Blackburn, R-Tenn., introduced the 2012 Strengthening and Enhancing Cybersecurity by Using Research, Education, Information, and Technology Act (SECURE IT), H.R. 4263, on Tuesday.
The bill would provide “explicit authorization for the private sector to defend its own networks and voluntarily share cyber threat information within the private sector and with the government – without the legal barriers that currently exists,” acorrding to a news release.
Other measures include:
- Stiffer penalities for cyber criminals who hack into servers and steal personal information like credit card numbers and government documents.
- Better security of federal networks through reforms to the 2002 Federal Information Security Management Act.
- Advancement of cybersecurity research.
Spring Break fever was in the air today on Capitol Hill. Legislators have officially fled Washington D.C. and there will be no hearings until April 16th.
But before the final votes ensued, the Senate subcommittee on contracting oversight held a hearing where Senators McCaskill, Portman and Tester grilled witnesses from the Army, The Office of Personnel and Management and The Department of Homeland Security over contractor spending.
Meanwhile, Chairwoman McCaskill’s grandsons were in attendance. My guess is they are on their own Spring Break. They sat graciously through the hearing; only occasionally trying sneak into my shot. I’m sure they were absolutely enthralled with the subject of Contractors: How Much Are They Costing the Government.
When Grandma adjourned the hearing she let the boys smack the gavel to officially call the hearing to a close – then they really spotted me. And as kids do, they hammed it up for the camera. So, cute.
The Office of Management and Budget wants Congress to reconsider a proposal to reduce how much contractors can charge the government for their executives’ compensation, an amount that is currently “unjustified and unnecessary,” the federal procurement chief said in a blog post this morning.
Under federal cost reimbursement contracts, agencies pay contractors for incurred costs, including salaries for executives and other employees. These costs usually show up in the overhead rates that contractors set. OMB caps how much contractors can charge the government for executive compensation based on what top private sector executives earn.
Contractors can currently ask the government to reimburse up to $693,951 for each of its top five executives. OMB will soon have to update that figure and the cap is expected to increase to $750,000.
The administration asked Congress last year to scrap the formula that sets the reimbursement cap and instead tie it to what the government pays its own top executives, about $200,000.
“Unfortunately, Congress failed to reform the current reimbursement formula for contractor executives and, until it does, taxpayers will continue to foot a bill that is both unjustified and unnecessary,” Lesley Field, acting administrator of OMB’s Office of Federal Procurement Policy, said in the post.
The administration has asked Congress to take another look at the formula and lower the compensation cap this year.
A cap on how much contractors can charge the government for their top execs would be extended to all defense contract employees as part of the agreement reached by House and Senate leaders for the 2012 National Defense Authorization Act.
Currently, contractors can seek reimbursement for the compensation — wages, salary, bonuses and deferred compensation — of each of the company’s top five executives. Legislation now proposed for the 2012 NDAA would extend that cap, which is now at $693,951, to all employees that work on a contract or are included in the overhead costs of a contract.
The Defense Department could also create an exemption for scientists and engineers if it determines that an exemption is necessary to attract skilled workers in those areas.
The Senate tried to lower the limit of the cap by tying it to the President’s salary, which is now $400,000. Sen. Barbara Boxer, who co-sponsored that language in the Senate bill, was disappointed by the change in the final version and said she will continue working on ways to “rein in exorbitant taxpayer-funded salaries for contractors.”
“It is outrageous that under this bill, defense contractors can continue to charge taxpayers $700,000 a year for their salaries,” she said in a statement.
Both the House and Senate now have to approve the agreements reached by the conference committee.
The proposed NDAA would also preempt any mandate by the President that would require contractors to disclose their political contributions before being awarded a federal contract. Both the House and Senate versions included identical language to prohibit agencies from requiring contractors to submit information about their political contributions at any time during the contract process.
A draft executive order that would have required was leaked in April but the White House has not said anything more than it was under consideration.
Happy Friday! FedLine couldn’t let the week end without noting that the Congressional Research Service has a new permanent director. After serving as CRS’ acting chief since April, Mary Mazanec got the nod Monday from James Billington, the Librarian of Congress. Mazanec replaces Daniel Mulhollan, who retired.
“Dr. Mazanec has advanced degrees in law and medicine and brings a breadth of experience that will be valuable in leading CRS and ensuring that CRS continues to provide comprehensive and objective research and analysis that meets the needs of [members of Congress] and staff,” Billington said in a news release.
Mazanec previously worked at the Health and Human Services Department from 2002 to 2010, where she wound up her tenure as deputy assistant secretary and director of the Office of Medicine, Science and Public Health. She also served as a Senate staffer and as a senior policy analyst at the Medicare Payment Advisory Commission.
Her degrees include a bachelor of science from the University of Notre Dame, a doctor of medicine from Case Western Reserve University Medical School and a juris doctorate from Case Western Reserve University Law School.
Tags: Mary Mazanec