Worries that the government may shut down Friday, Jan. 19, have dominated the airwaves, but everything around Washington hasn’t been mired in deadlock. Federal agencies’ cyberspace policies and posture have seen a lot of activity in the past week, and there will be ramifications regardless of whether Congress manages to avert a shutdown. Here’s a roundup of the biggest cyber stories:
Kaspersky filed a preliminary injunction to counter DHS ban: Kaspersky Lab filed a preliminary injunction in U.S. federal court on Jan. 17, 2018, over the Department of Homeland Security’s binding operational directive banning the product’s use in government agencies.
“Kaspersky Lab has filed a motion for a preliminary injunction (PI) in its appeal to challenge the U.S. Department of Homeland Security’s (DHS) Binding Operational Directive 17-01 (BOD). The company has made this filing in hopes that the court will address and resolve the appeal expeditiously in light of the BOD’s damage to the company,” Kaspersky Lab told Federal Times in a statement.
“The company asserts that the DHS decision is unconstitutional and relied on subjective, non-technical public sources, such as uncorroborated and often anonymously sourced media reports, related claims, and rumors. Furthermore, DHS has failed to provide the company adequate due process to rebut the unsubstantiated allegations underlying the BOD and has not provided any evidence of wrongdoing by the company.”
DHS published the BOD in September 2017, giving agencies 90 days to purge their systems of all Kaspersky products after suspicions arose that the Russia-based company could be forced to provide data gained from federal networks to the Russian government.
Kaspersky has already filed an appeal of the ban under the Administrative Procedure Act, asserting that the decision to ban their products is unconstitutional.
The House passed a bill to reinstate the State Office of Cyber Issues: The House passed the Cyber Diplomacy Act of 2017 on Wed., Jan. 17, which would formally institute a top cyber diplomat’s office after Secretary of State Rex Tillerson decided to shut down the Cyber Coordinator’s office when the agency lost its cyber coordinator Christopher Painter in July, 2017.
The bill would establish an Office of Cyber Issues, the head of which would hold the rank of ambassador and be appointed by the president.
Congressmen worry over internet of things cybersecurity in manufacturing: Members of the House Energy and Commerce committee expressed concern in a Jan. 18 hearing that the expansion of internet-connected devices in the manufacturing sector could increase the risk of bad actors wreaking havoc by taking advantage of poorly secured devices.
“As with all connected technologies, strong cybersecurity is essential to smart manufacturing,” said Rep. Frank Pallone, D-N.J.
“While the internet of things helps ensure that a manufacturer’s monitoring, measuring and sensing control systems work together, one weak point can affect the whole network. Imagine the potential consequences if a malicious actor brought down automated manufacturing at a pharmaceutical plant that makes vaccines, or if network disruptions affected quality control monitoring for seat belts at an auto plant. Experts have found that companies in the U.S. are not doing enough to address these risks, and a strong, comprehensive framework for cybersecurity in manufacturing is urgently needed.”
Witnesses emphasized that employees should all be educated in cyber hygiene and that security of internet of things devices must be a priority for consumers, manufacturers and lawmakers. They also encouraged Congress to look at ways to develop programs and resources to address cybersecurity in U.S. businesses.
Budget debates could damage government ability to prevent cyberattacks: Witnesses before the House Homeland Security Committee noted that prolonged budgeting problems in Congress can keep agencies from procuring necessary cyber tools under the Department of Homeland Security’s Continuous Diagnostics and Mitigation (CDM) program. Read more.
Nearly half of federal agencies miss email security deadline: Recent research by ValiMail found that nearly half of federal agencies have not instituted a Domain-based Message Authentication, Reporting and Conformance email policy to help combat sphear-phishing attempts, despite a Jan. 15 Department of Homeland Security deadline to do so. Read more.
New leadership at Cyber Command: With the reported retirement of U.S. Cyber Command leader Adm. Mike Rogers, Fifth Domain’s Mark Pomerleau investigated the four most likely candidates to replace him. Read more.
Shutdown watch: As with the CDM program, a shutdown could have widespread cyber impacts on government agencies and programs, as cyber employees may or may not be designated emergency personnel and called in to protect federal networks while under shutdown.