A LEGISLATIVE UPDATE: Lawmakers on the House Energy and Commerce Committee on Wednesday held a hearing on legislative proposals addressing the security of U.S. energy infrastructure, including digital threats to energy assets. Several bipartisan bills introduced earlier this month by lawmakers on the committee aim to bolster the Department of Energy's preparedness to address cyber incidents, enhance its ability to coordinate cybersecurity efforts across U.S. energy infrastructure, and bolster public-private partnerships to strengthen the security of electric utilities. "This is really important stuff for our country," said Chairman Greg Walden (R-Ore.) at the outset of the hearing, which also addressed emergency response broadly. "Because our energy sector drives the entire nation's economy, I have made it a top priority of the committee to focus on emerging threats and propose solutions to make our infrastructure more resilient." "In today's highly interconnected world, the threat of cyberattacks is ever present so we have to be vigilant. We also must be prepared for physical threats," Walden said. Undersecretary of Energy Mark Menezes emphasized that energy security is a "top priority" of Secretary Rick Perry, pointing to the department's recent decision to set up an Office of Cybersecurity, Energy Security and Emergency Response (CESER). He commended lawmakers for their efforts to address energy cybersecurity using legislation, though repeatedly emphasized that they should authorize resources so that DOE can carry out any new responsibilities granted via legislation. "Clear direction and the authorization to have the resources would be very helpful," Menezes said. When questioned by Rep. Jerry McNerney (D-Calif.) as to why the department's fiscal 2019 budget proposal significantly cut funds to the Office of Electricity Delivery and Reliability, Menezes noted that the proposal includes $96 million in funding for CESER, the new cyber office. Menezes warned that the department and the U.S. energy grid face a barrage of cyberattacks in the evolving digital realm. "Our systems our constantly being attacked, constantly," Menezes told Rep. Joe Barton (R-Texas). "Not only the DOE system, but also the energy system." Menezes referenced sensitive intelligence that the department has viewed as part of the National Security Council. "When you look at it, those that want to penetrate our system try all segments--all segments," he said. "So, in that respect, we're all vulnerable." Menezes also pointed to some "reported breaches" of U.S. energy infrastructure but said the nation has been lucky not to suffer a "major consequence" from a cyberattack. He agreed to speak with lawmakers at a bipartisan classified briefing to go into more detail on threats. A NOMINATION IN FOCUS: Lt. Gen. Paul Nakasone, President Trump's nominee serve as the next NSA director and commander of U.S. Cyber Command, will appear before the Senate Intelligence Committee Thursday morning for his second confirmation hearing. Nakasone, who currently commands U.S. Army Cyber Command, has already been approved by lawmakers on the Senate Armed Services Committee. If confirmed, he will replace outgoing NSA Director Adm. Mike Rogers, who took over at NSA following the 2013 Edward Snowden disclosures. Nakasone's confirmation hearing is scheduled for 10 a.m. Thursday morning. A LIGHTER CLICK: Machines can now help your office with their March Madness brackets. (Technology Review) WHAT'S IN THE SPOTLIGHT: Top government officials appeared before members on the House Oversight Committee to address the status of federal information technology in the present year as well as federal plans for information technology (IT) modernization. Information Technology Subcommittee Chairman Will Hurd (R-Texas) laid out a series of concerns he wanted the officials to address in the hearing, as well as highlighting what he views as federal progress to the credit of the Trump administration. But he also expressed concern about "lost momentum" in some areas. Hurd pointed to the lagging pace it took to appoint a federal CIO, incentives to recruit and retain talented cyber professionals, and recommendations from the Government Accountability Office (GAO) that go unheeded. "We need to rethink how we restructure the federal workforce so the federal government has access to smart, well-trained IT and cybersecurity professionals and be working in a bipartisan fashion," Hurd said at the start of the hearing. "I also continue to have concerns about long-standing GAO recommendations that remain unaddressed often times year after year after year. These opening lingering vulnerabilities put us at incredible risk as we saw with the devastating data breaches with the [Office of Personnel Management]," he continued. Representatives from the GAO, Department of Homeland Security, Office of Management and Budget, and General Services Administration (GSA). Witnesses like GAO's top IT management official David Powner and OPM's Margaret Weichert stressed the need for the CIO of an agency to have flexibility on issues like spending and structure. "We are absolutely in alignment in terms of the idea that the CIO for the broad agency needs to have all the capabilities and tools to make these very profound investments," Weichert said. Hurd also questioned the witnesses about their cyber-hygiene efforts. Jeanette Manfra, a top DHS's official in the Office of Cybersecurity and Communications, emphasized spotlighting vulnerabilities, which has led them to be able to independently validate whether patch management programs work. The ability to independently validate instead of self report allowed them to cut the time it took to patch vulnerabilities from months to just around 30 days. IN CASE YOU MISSED IT: Links from our blog, The Hill, and around the Web. Facebook bans far-right British group retweeted by Trump. (The Hill) OP-ED: For national security, the 'Internet of Things' is the 'Internet of Trouble'. (The Hill) Google to ban cryptocurrency ads. (The Hill) Haley blames Russia for poisoning ex-spy in UK. (The Hill) Japanese crypto firm pays back customers after hack. (Wall Street Journal) Fitness app Strava is taking steps to restrict access to its online map after revealing sensitive information (Reuters) YouTube is using Wikipedia to push back on videos about conspiracy theories. (The Verge) If you'd like to receive our newsletter in your inbox, please sign up here. |
沒有留言:
張貼留言