Weekly News Roundup




Department of Homeland Security and Department of Justice Leadership

First On CNN: DHS Spokesman, John Kelly Ally Leaving Administration

CNN | Tal Kopan | 10/17/17

Department of Homeland Security press secretary David Lapan, the voice of the department and a longtime colleague of White House chief of staff John Kelly, is leaving the Trump administration, Lapan confirms to CNN. Lapan began telling people this week of his move to the private sector, a source familiar with his plans said. In confirming the news, Lapan said he would be joining the Bipartisan Policy Center as senior director of communications and public affairs at the end of the month.

Terror Groups Working For Another 9/11, Acting DHS Chief Warns

Fox News | Benjamin Brown | 10/19/17

Threat levels in the U.S. are “extremely high,” as intelligence indicates the Islamic State group and other terror groups are using small-scale plots to build toward another 9/11-style attack, acting Department of Homeland Security Secretary Elaine Duke warned. “The terrorist organizations, be it ISIS or others, want to have the big explosion like they did on 9/11,” Duke said Tuesday, speaking at the U.S. Embassy in London, Britain’s Express reported. “They want to take down aircraft. The intelligence is clear on that.” Their ultimate goal is “creating terror,” and a van attack in London, as well as sporadic knife attacks, accomplish just that, while never giving up on a “major aviation plot,” Duke added.

ICE Chief: ‘We’re Going to Quadruple Workplace Crackdowns’

Splinter | Eleanor Sheehan | 10/17/17

Immigrations and Customs Enforcement (ICE) will extend its war on undocumented immigrants to their employers, the agency’s acting chief said on Tuesday. Speaking to the Heritage Foundation, a conservative think tank, acting director Tom Homan said ICE was taking “worksite enforcement very hard this year” and added he had instructed the agency’s investigative arm — Homeland Security Investigations (HSI)— to increase workplace probes “by four or five times.”

Jeff Sessions To Discuss Immigration Priorities In Austin

Statesman| Jonathan Silver | 10/20/17

U.S. Attorney General Jeff Sessions will be in Austin on Friday to discuss President Donald Trump’s immigration priorities, according to the Justice Department. Sessions will hold a roundtable discussion with state and local law enforcement officials, receive a federal crime briefing and meet with U.S. attorney’s office staff, a Justice Department official told the American-Statesman.

Department of Homeland Security Management and Mission

Homeland Security Sees Power Grow Under Trump

The Hill | Morgan Chalfant | 10/19/17

The Department of Homeland Security (DHS) has seen its influence and power expand under President Trump, whose efforts to bolster border security and crack down on illegal immigration have run through the youngest federal department. Trump has sought to bolster resources for Homeland Security, particularly for its Customs and Border Protection (CBP) and Immigration and Customs Enforcement (ICE) agents, while signaling the need for deep cuts at other agencies and departments. Overall, Trump’s budget proposal boosted Homeland Security funding by $2.8 billion, which included funds for the border wall as well as millions to hire more CBP and ICE officers.

DHS Wants Better Engagement with Industry

Federal News Radio| Eric White | 10/18/17

The Homeland Security Department wants a new way to interact with industry. Called Engage DHS, the department has proposed developing a form to collect information during vendor meetings. It will use the info to prepare for meetings, to share information about previous interactions, and to keep track of how often the companies and DHS do meet. DHS said in an information request notice that it expects to collect data from about 750 meetings a year.

Should You Trust DHS’ FLASH Redo?

Washington Technology | Lisa Pafe | 10/18/17

After the Homeland Security Department cancelled the $1.5 billion Flexible Agile Support for the Homeland (FLASH) procurement May 26, the vendor community was irritated, and rightfully so. This Small Business set-aside, procured through the DHS Procurement Innovation Lab (PIL), required time, money, and expertise to undertake a technical challenge. Bidders had to demonstrate specialized skills in the incremental Agile software development methodology with rapid prototyping and better user interfaces. It is a sound idea for small businesses in the Agile space to watch this procurement closely and do what they can to shape the future of FLASH 2.0. However, proceed with caution as the PIL’s experiments do not always have a happy ending.

DHS Piloting Agile Cyber Acquisition, CDM For Cloud, CISO Says

FedScoop | Carten Cordell | 10/19/17

The Department of Homeland Security is developing a new acquisition management directive tailored around agile development to provide more flexibility to its cybersecurity operations, CISO Jeffery Eisensmith said Thursday. The model is currently being piloted to help iteratively bake in the security requirements to software solutions at the same time as its development and operations, commonly known as DevOpsSec, Eisensmith said at the Consortium for IT Software Quality’s Cyber Resilience Summit as part of Washington DC CyberWeek. For more please read:

DHS Tells Agencies To Put A Stronger Lock On The Door To Most Cyber Attacks

Federal News Radio | Jason Miller | 10/16/17

Email is the front door for more than 90 percent of all successful cyber attacks, and the days of misspelled words or offers from Nigerian bankers are giving way to more sophisticated phishing attempts that are populated with ransomware and zero day malware. The theft of 21.5 million current and former federal officials from the Office of Personnel Management happened through email. The IRS annually alerts the public about email scams. And with the recent hurricanes impacting several states and territories, agencies are telling the public to be on the lookout for con artists. For more please see:

Sharing Election Threat Info With States Won’t Be One-Size-Fits-All, DHS Says

Nextgov | Joseph Marks | 10/18/17

When the Homeland Security Department alerted state governments about Russian attempts to probe their election systems in 2016, it followed an ad hoc, one-size-fits-all process, mostly reaching out through existing cybersecurity relationships with governors’ offices. As a result, the officials running those elections—which are often politically firewalled from governors—were sometimes left in the dark. As the clock counts down to national elections in 2018 and 2020, Homeland Security is taking the opposite approach, asking top election officials in all 50 states how they’d like to communicate about relevant information security information, said Robert Kolasky, acting deputy undersecretary for Homeland Security’s cyber and infrastructure protection division.

Why The Coast Guard Treats Cybersecurity Like Hazardous Cargo

FCW | Lauren C. Williams | 10/19/17

The Coast Guard is looking to manage cybersecurity risk in much the same way it handles physical danger, according to U.S. Coast Guard Cyber Commander Rear Adm. Kevin Lunday. In 2016, the service merged cybersecurity into its safety plans and issued guidelines with industry on the maritime bulk liquid transfer of hazardous cargo, regarding the control systems involved with those transfers. Speaking at an Oct. 18 conference hosted by CyberScoop, Lunday said there must be a basic culture of compliance to promote safety.

The US Navy And Coast Guard Are Looking To Play Catch-Up In The Arctic

Business Insider| Christopher Woody | 10/19/17

The US Navy and Coast Guard released a joint draft request for proposal for a heavy polar icebreaker on Thursday — another signal the US military is jockeying keep up with activity in increasingly busy Arctic and Antarctic waters. The request is for the “Detail, Design and Construction” of one heavy polar icebreaker cutter with the option for two more. Responses are due by December 11. According to the announcement, the eventual contract is likely to include a number of services relating to operations and maintenance, including materials and spare parts, engineering industrial services, special studies for government-directed engineering tasks, and crew familiarization.

DHS Wants To Stop The Next Anthrax Outbreak With Open Data

Nextgov | Mohana Ravindranath | 10/17/17

If someone unleashed a harmful pathogen in a crowded metropolitan subway system, local and national first responders would have just minutes to quash it before it proliferated. But today’s biothreat surveillance systems might take too long and too often rely on medical data that belongs to health systems and patients, according to the Homeland Security Department. That’s why DHS is launching a new challenge competition encouraging developers to come up with new ways to detect biothreats—potentially chemicals like anthrax, used for bioterrorism, as well as naturally occurring, often contagious diseases like smallpox. 

Puerto Rico is Still a Disaster Zone, Three Weeks After Hurricane Maria

Government Executive | Ana Campoy | 10/20/17

Hurricane Maria tore through Puerto Rico on Sept. 20. Three weeks later, many residents still live like it’s the day after the storm made landfall. More than 90% of the island remains without electricity, and roughly a third without water service, according to local authorities. Nearly half of the US territory’s population is still unable to make calls, with cell and landline services still down. And in some areas, conditions are much worse than those figures suggest. For more please read:

FEMA Is Spending Billions, and Some Questionable Companies Are Getting Work

Bloomberg | Chistorpher Flavelle and Paul Murphy |

With parts of Florida, Texas, and Puerto Rico in desperate need of help, FEMA is under pressure to put money to work as fast as possible. One way to speed things up is to bypass the usual competitive bidding process. In the fiscal year ended Sept. 30, FEMA awarded $178 million in noncompete contracts, more than twice as much as the year before. The danger in sidestepping competitive bidding is that the government may pay more than it needs to and that companies may not get the necessary scrutiny. And with 85 percent of its staff deployed to cope with the effects of natural disasters around the country, FEMA’s personnel may have a harder time than usual making sure contractors are doing their jobs. “There’s not enough people to go around,” says Sandra Knight, a former deputy associate administrator at FEMA who’s now at Dawson & Associates, a Washington consulting firm. “They’re moving 200 miles an hour.”

FEMA Looks To Hire 2,000 More People As It Responds To Long List Of Disasters

NPR | Brian Naylor | 10/17/17

The Federal Emergency Management Agency is being stretched by the number of natural disasters this year. The agency has put out the help wanted sign as it responds to 22 disasters nationwide, including massive hurricanes in the south and now wildfires in the west. FEMA wants to hire as many as 2,000 local people to help respond to individual recovery efforts. According to the agency, it’s seeking everything from civil engineers to historic preservation specialists to crisis counselors and nurses. It held a job fair in Puerto Rico last week. The temporary positions could last for as long as a year. Mike Sprayberry, who is emergency management director for North Carolina, says there are also disaster reservists to call on. And the states, he says, are pitching in to help each other as part of an emergency management assistance compact.

TSA’s Agile Modernization Plan Is Clunky, Overbudget And Behind Schedule

Federal Times | Armin Haracic | 10/19/17

The Transportation Security Administration and Department of Homeland Security did not perform proper oversight when implementing a new digital strategy for its Technology Infrastructure Modernization (TIM) program, according to the Government Accountability Office. The TSA had intended to incorporate agile software development within TIM, yet the agency failed to define key roles and responsibilities, implement automated capabilities and prioritize system requirements for the effective usage of agile.

Border Wall Prototypes Taking Shape In San Diego

Associated Press| Elliot Spagat | 10/19/17

The last two of eight prototypes for President Donald Trump’s proposed border wall took shape Thursday at a construction site in San Diego. The prototypes form a tightly packed row of imposing concrete and metal panels, including one with sharp metal edges on top. Another has a surface resembling an expensive brick driveway. Companies have until Oct. 26 to finish the models but Border Patrol spokesman Theron Francisco said the last two came into profile, with crews installing a corrugated metal surface on the eighth model on a dirt lot just a few steps from homes in Tijuana, Mexico. For more on the Border Wall please read:

DHS Ordered To Turn Over DACA Deliberations

CNN | Tal Kopan | 10/17/17

A federal judge has ordered President Donald Trump’s administration to reveal internal deliberative documents that went into the decision to rescind the Deferred Action for Childhood Arrivals (DACA) program, a partial victory for groups challenging the rescission in a California federal court. Judge William Alsup on Tuesday ordered the government turn over the records by October 27 and said they must appeal “very promptly” if they desire to do so.

Department of Justice Management and Mission

DOJ Sees A Path To Legal Hacking

FCW | Derek B. Johnson | 10/19/17

A senior Department of Justice official said a framework to clarify how private companies can conduct information security research without running afoul of the Computer Fraud and Abuse Act is gaining traction, but that the government is content for now to keep the guidance broad and allow “natural momentum” from the private sector to determine specific policies. Speaking Oct. 18 at a CyberScoop conference in Washington, D.C., Leonard Bailey, DOJ’s senior counsel for the National Security, Computer Crime and Intellectual Property Section, provided an update on the vulnerabilities disclosure program for online systems that was unveiled in July 2017. Bailey said the government’s goal for the program was to provide enough direction to decrease “opportunities for disagreement that may result in litigation” without prescribing a particular set of policies.

Congress, FBI Already Investigating Potential Abuse of Federal Funds in Puerto Rico’s Disaster Response

Government Executive | Eric Katz | 10/18/17

A congressional committee is investigating potential abuse of federal funds and resources provided to local municipalities in Puerto Rico, citing red flags raised by the FBI. The House Natural Resources Committee probed the Federal Emergency Management Agency and FBI regarding accusations of “mishandling and misappropriation of emergency supplies” provided by the federal government for the people of Puerto Rico. The letters from several Republican leaders on the panel came after Douglas Leff, the FBI special agent in charge for the San Juan Field Office, announced last week he was looking into accusations of abuse of federal funds.

Justice Department Files Notice Of Appeal To Judge’s Block Of Travel Ban

Washington Post | Matt Zapotosky | 10/20/17

The Justice Department filed Friday its formal notice of appeal to a federal judge’s decision to block the Trump administration from enforcing its latest travel ban. Department lawyers filed the notice in federal district court in Maryland, writing that they intended to appeal the case to the U.S. Court of Appeals for the 4th Circuit. The notice is the first step in taking the case to a higher court. The government has yet to file its arguments. Two different federal judges, one in Maryland and the other in Hawaii, have blocked the administration from enforcing Trump’s latest travel ban, his third attempt at barring entry to people from certain countries around the globe.

 Expose on DEA Opioid Policy Prompts Repeal Bill from Senator

Government Executive| Charles S. Clark | 10/16/17

A Democratic senator on Monday reacted to a weekend expose on loosened enforcement against unlawful distributors of opioids by introducing a bill to repeal a 2016 law that trimmed the prosecutorial powers of the Drug Enforcement Administration. Sen. Claire McCaskill, D-Mo., announced her coming bill to repeal the Ensuring Patient Access and Effective Drug Enforcement Act, saying, “Media reports indicate that this law has significantly affected the government’s ability to crack down on opioid distributors that are failing to meet their obligations and endangering our communities.”

General Services Administration, Office of Management and Budget, and Government Accountability Office

Trump’s GSA Nominee Wins Bipartisan Praise

Governemt Executive | Charles S Clark | 10/18/17

A Senate committee Wednesday scrutinized the people nominated to lead two agencies responsible for major technology projects. Emily Webster Murphy, nominated to lead the General Services Administration, and Jeff Pon, the White House’s choice for the Office of Personnel Management head, both sketched out broad technology goals during a Homeland Security and Governmental Affairs confirmation hearing, which include doubling down on open data programs and providing better cybersecurity training for employees. President Trump’s nominee to head the General Services Administration encountered a relative lovefest during her Senate confirmation hearing on Wednesday, with senators of both parties applauding her 20-year background in federal procurement that includes time at GSA itself. For more on the nominations please read:

OMB Orders Agencies To Gauge Cyber Risk

Federal News Radio| Eric White | 10/18/17

Agencies have their cybersecurity marching orders for 2018. The Office of Management and Budget used 2017 to develop a standard approach to measuring cyber risk across the government. Now for 2018, OMB wants agencies to use that methodology to conduct risk management assessments. As part of the 2018 Federal Information Security Management Act (FISMA) guidance issued yesterday, OMB told CFO Act agencies to update their data quarterly and non-CFO Act agencies to update their data on a semiannual basis. OMB said the metrics represent baseline security controls. OMB and DHS will use these metrics in the ongoing Risk Management Assessment process.

Greg Wilshusen: Nearly All Big Agencies Struggling With Cybersecurity

Federal News Radio | Tom Temin | 10/19/17

For a variety of reasons, federal agencies continue to struggle with cybersecurity. Last year, nearly all of the 24 big departments and agencies had problems in all of the control areas. That’s what the Government Accountability Office found in its most recent, two-year study. Greg Wilshusen, the GAO’s director of information security issues, shares the details on Federal Drive with Tom Temin.

White House

Graves Says Final IT Modernization Report Will Debut Soon

FedScoop| Carten Cordell | 10/18/17

The final version of the technology modernization report by the White House’s American Technology Council and Office of American Innovation technology will be out shortly, acting federal Chief Information Officer Margie Graves said Wednesday. Graves said at CyberTalks in Washington, D.C., that the Trump administration has incorporated comments from public stakeholders following the August release of the previous draft.

Trump’s Nominee for the White House Office of National Drug Control Policy Withdraws

Government Executive | Charles S. Clark | 10/17/17

In an early-morning tweet on Tuesday, President Trump announced that Rep. Tom Marino, R-Pa., the man he nominated in September to run the White House Office of National Drug Control Policy, had pulled out. “Rep. Tom Marino has informed me that he is withdrawing his name from consideration as drug czar. Tom is a fine man and a great Congressman!” Trump wrote.

Legislative Branch

Senator: Why Won’t DOJ Answer My Emails On Cyber?

Federal Times | Jessie Bur | 10/19/17

Sen. Sheldon Whitehouse, D-R.I., criticized the Justice Department’s lack of a cybersecurity representative to coordinate with Congress on legislative issues at a Department of Justice Oversight hearing on Wednesday. “It really complicates life if there is not somebody at the Department of Justice whose job it is to work with us on cybersecurity legislation. And the silence has been deafening,” said Whitehouse. “The issue is, there are things we need to fix legislatively on cybersecurity, and, at the moment, I can’t find a point of entry into this administration of anybody who is working on cybersecurity on this administration or who is appointed to or delegated to.” Though Attorney General Jeff Sessions recommended that the Senator contact the legislative affairs office for cybersecurity coordination, Whitehouse said that multiple letters of request sent to that department have gone unanswered.

Upcoming Homeland Security Events

GAO Reports of Interest

TSA Modernization: Use of Sound Program Management and Oversight Practices Is Needed to Avoid Repeating Past Problems

Publicly Released: October 17, 2017.

Upcoming Congressional Committee Hearings of Interest

Public-Private Solutions To Educating A Cyber Workforce

Homeland Security Committee (Cybersecurity and Infrastructure Protection Subcommittee)| October 24, 2017 2:00 PM | House Capitol Visitor Center (HVC) Room 210

Examining Physical Security and Cybersecurity At Our Nation’s Ports

Homeland Security Committee (Border and Maritime Security and Cybersecurity Subcommittees)| October 30, 2017 1:30 PM | Second Floor Of The Port Of Los Angeles Administration Building, 425 South Palos Verdes St., San Pedro, California