We noticed a couple of interesting trends this week in tech media coverage. The news around cybersecurity initiatives continues to pour in, and we’ve also noted reporting on how changes at the federal level are impacting state and local governments. Here’s a roundup of trending topics this week:
The Week in Cybersecurity
While discussion continued this week around the sharing of war plans in a group chat that included a journalist – including news that the Department of Defense (DOD) Inspector General will investigate the incident, government tech reporters turned their attention to a number of other cybersecurity-related issues. These included changes to the mission of the Critical Infrastructure and Security Agency (CISA), developments with regard to zero-trust cybersecurity at DOD, and security initiatives like DOD’s Cybersecurity Maturity Model Certification (CMMC) program and the Federal Risk and Authorization Management Program (FedRAMP). Here’s a sample of what grabbed headlines this week:
- There were mixed messages from Congress this week regarding the mission focus envisioned for CISA. Rep. Mark Green, chairman of the House Committee on Homeland Security, stated in a public speech that CISA will remain intact but must return to focusing on its core mission of critical infrastructure protection, according to coverage by Weslan Hansen for MeriTalk. But at a separate industry event this week, Rep. Andrew Garbarino, chairman of the House Homeland Security Subcommittee on Cybersecurity and Infrastructure Protection, said CISA should take on a broader role rather than having individual agencies like the Environmental Protection Agency take on cyber-related responsibilities, as reported by Tim Starks of CyberScoop.
- On the other side of the aisle, Rep. Eric Swalwell, a Democratic member of the House Judiciary and Homeland Security Committees, advocated allowing government contractors to conduct offensive cybersecurity operations against foreign adversaries, David DiMolfetta noted in Nextgov/FCW.
- Zero trust cybersecurity remains a priority for the DOD, with the department looking to expand the framework beyond traditional IT to cover weapon systems, Carley Welch wrote in Breaking Defense. In a related story, Mikayla Easley of DefenseScoop reported that the Defense Information Security Agency Thunderdome program – offering a suite of technologies that DOD agencies can use as their zero trust solutions – reached full compliance with the Pentagon’s advanced zero-trust standards.
- The CMMC program also continues to grab headlines. The White House’s nominee for the Pentagon’s top acquisition job – Michael Duffey – alerted Congress that he plans to review the program “so that industry can affordably maintain pace with current cybersecurity best practices,” according to reporting by Justin Doubleday for Federal News Network. If you’re interested in learning more about developments related to CMMC, tune into Fed Gov Today this weekend, when host Francis Rose interviews Katie Arrington, who formerly headed the CMMC program and is now performing the duties of DOD CIO.
- The recent FedRAMP 20x revamp for promoting secure cloud solutions has also been in the headlines. John Curran at MeriTalk shared the news that a public working group will explore the creation of key security indicators that could help FedRAMP more rapidly evaluate the security of cloud services. Also this week, you can watch Francis Rose’s interview with former FedRAMP lead Brian Conrad, who gave his perspective on the recent changes to the program.
Reverberations at State/Local Governments
Several publications, covering both federal as well as state/local government technology, reported this week on federal issues that are rippling out into the state and local levels:
- State and local government technology leaders this week urged Congress to reauthorize the $1 billion State and Local Cybersecurity Grant Program to help them prepare plans, provide shared services to localities and fund new initiatives in response to growing cyber threats, according to an article by Route Fifty Managing Editor Chris Teale. In her coverage for StateScoop, Sophia Fox-Sowell noted that Department of Homeland Security Secretary Kristi Noem has questioned the efficacy of the grant program. In CyberScoop, Tim Starks reported that tech leaders supporting the program also told lawmakers it could stand some improvements such as more consistent year-to-year funding. Writing for Government Technology, Jule Pattison-Gordon concluded that the fate of the program, set to expire in September, remains unclear.
- In a related speech this week covered by Lisbeth Perez at MeriTalk, the aforementioned Rep. Eric Swalwell conveyed similar concerns about a recent White House executive order on cybersecurity that pushes responsibility for cyber response to states. Swalwell said the order would make states more vulnerable to cyberattacks by cutting federal guidance to states that lack the resources to combat nation-state cyberthreats.
- In the area of cloud security, Route Fifty’s Teale published a more upbeat piece on how the recently revamped FedRAMP 20x will inform changes to GovRAMP, the equivalent cloud security program for state and local governments, educational institutions and others.
- In another example of actions at the federal level affecting state and local governments, Teale’s colleague Kaitlyn Levinson wrote that public health experts expressed concern that federal staff and budget cuts will hamper state and local health departments’ capacity to juggle public health needs like disease surveillance and data modernization.
I’ll be back next week with the latest trending news from government tech media. Be sure to check back every Friday to stay apprised of what’s grabbing the attention of these very busy reporters and editors. See you then.