A bipartisan group of six senators want the FBI and the Cybersecurity and Infrastructure Security Agency to submit a report to Congress about the impact of the SolarWinds cyber attack on agencies. The lawmakers want answers to six questions including how many agencies were impacted, how the FBI and CISA worked together to address the attack, and if agencies failed to implement FISMA or other cyber laws. The senators also want an additional briefing on the topics.
In the wake of the SolarWinds supply chain cyber attack, a new report found that agencies are struggling to implement basic security protections. A majority of the 23 civilian CFO Act agencies failed to implement seven of the most foundational practices to protect their technology supply chains. The lack of these basic oversight practices is putting them at greater risk of a cyber breach similar to the one that SolarWinds faced that came to light earlier this week. The Government Accountability Office said in a new report that agencies are limited in their ability to make risk decisions and lack the ability to understand and manage the risks to their supply chains. GAO made 145 recommendations focusing on leadership, strategy and process improvements.
The Pentagon has a lot of work to do on cybersecurity, according to its inspector general. A new summary from the IG finds various oversight organizations have made 459 cybersecurity recommendations the Defense Department still hasn’t addressed. Some of them date back almost a decade. The IG acknowledges some of those recommendations might not be relevant anymore — but if that’s the case, it’s up to DoD to say so, so the recommendations can be closed.
The Defense Department takes a big step forward on its plan to improve its contractors’ cybersecurity. The Pentagon announced the long-awaited list of contracts that will serve as the pilot programs for its new Cybersecurity Maturity Model Certification program. They include three upcoming procurements in the Navy, three in the Air Force, and one in the Missile Defense Agency. Under the pathfinder project, every contractor and subcontractor working on those programs will need a third-party certification that their IT systems are secure. By 2025, that will be the case for all Defense contracts. (Federal News Network)
Amazon opens a new salvo in its protest against the Defense Department’s award to Microsoft for the JEDI cloud computing deal. Amazon made public its latest complaint, amended after the U.S. Court of Federal Claims found flaws in the original bid evaluations conducted by DoD. Among Amazon’s claims in the 175-page amended protest is that after the government adjusted a single evaluation factor, the company said it is now priced tens of millions of dollars less than Microsoft. Amazon is pressing the government to address many more purported flaws in the initial award.
The Defense Department announces its basic allowance for housing supplements to military families’ for 2021. On average, service members will receive a 2.9% increase. However, the allowance varies greatly by locality. Basic housing allowances add to military families’ income by paying for part of their rent or mortgage. The Defense Department estimates it will pay $23 billion to about a million service members next year.
The Space Force has had a big year, now it’s breaking into new territory. The nation’s newest military branch will now also be the newest member of the intelligence community. Space Force Chief Space Officer Gen. Jay Raymond said the service will be the 18th government organization to collect national security data. The Space Force recently swore in its first seven enlisted service members. It also plans to set up its Space Systems Command by early next year. That command will be in charge of buying and researching space assets and software. (Federal News Network)
House Oversight and Reform Committee Chairwoman Carolyn Maloney (D-NY) is out with a new bill designed to shed more light on midnight regulations. Co-sponsor and Government Operations Subcommittee Chairman Gerry Connolly (D-VA) promised the legislation at a hearing last week. The bill requires the Government Accountability Office to publish a list of regulations published during the end of a presidential administration. It also calls on GAO to evaluate the size and scope of the midnight regulations.
Nearly 70 different organizations, federal employee groups and unions are again calling on Congress to block the president’s Schedule F executive order. The three largest federal employee unions joined the Senior Executives Association, Partnership for Public Service and National Active and Retired Federal Employees Association to include language blocking the order in the next spending package. They say failing to block the EO puts the government’s pandemic response and transition efforts in grave danger. And they worry moving even a small number of career federal employees or political appointees to the new schedule could create a mess for President-elect Biden during his first days in office.
House Democrats say they’re still looking for more information on how the Office of Management and Budget is handling another one of the president’s recent executive orders. Members say OMB hasn’t provided them with details on how it’s implementing the president’s order banning some diversity and inclusion training programs. OMB has said the executive order was meant to cancel only training that promoted divisive concepts. House Democrats cited a long list of federal agencies and grant-receiving universities that have since canceled diversity and inclusion training because of the EO. They’re demanding more details and a briefing from OMB by next week.
Federal agencies are starting to detail their COVID-19 vaccine distribution plans for employees. The Department of Veterans Affairs identified nearly 248,000 health care providers who are in line to receive the COVID-19 vaccine, plus 41,000 other essential workers. The State Department tells employees, frontline medical workers, personnel supporting its 24-7 watch centers and critical operations and custodial staff are approved to receive the vaccine first. State Department employees in certain locations oversees are also in line for some of the first doses.
The CARES Act created a Special Inspector General for Pandemic Recovery, but that watchdog office remains short-staffed. Senator Chuck Grassley (R-IA) is calling on lawmakers to include language in the next pandemic spending bill that would give the special IG expedited hiring authority. Grassley introduced a bill in May that give the IG office that authority for six months, and would allow the watchdog office to accept volunteers and detainees from other agencies. Grassley says the bill would help the watchdog flag fraudulent spending. “We need a fully staffed and fully functional IG in place to meet those bad actors head on – to serve as effective check on waste, fraud and abuse.”
A board of inspectors general for pandemic oversight gets its first permanent chair since Trump’s watchdog shakeup. The Council of the Inspectors General on Integrity and Efficiency names National Science Foundation IG Allison Lerner as its next chairwoman. Lerner will take over the role from Justice IG Michael Horowitz. She’ll also appoint Horowitz as the permanent chair of the Pandemic Response Accountability Committee. He’s served as acting PRAC chair since April. That’s when President Donald Trump eliminated the committee’s first pick, former acting Defense IG Glenn Fine from consideration. (Federal News Network)