WEEKLY NEWS ROUNDUP
Department of Homeland Security and Department of Justice Leadership
CNN | Tal Kopan | 10/17/17
Department of Homeland Security press secretary David Lapan, the voice of the department and a longtime colleague of White House chief of staff John Kelly, is leaving the Trump administration, Lapan confirms to CNN. Lapan began telling people this week of his move to the private sector, a source familiar with his plans said. In confirming the news, Lapan said he would be joining the Bipartisan Policy Center as senior director of communications and public affairs at the end of the month.
Fox News | Benjamin Brown | 10/19/17
Threat levels in the U.S. are “extremely high,” as intelligence indicates the Islamic State group and other terror groups are using small-scale plots to build toward another 9/11-style attack, acting Department of Homeland Security Secretary Elaine Duke warned. “The terrorist organizations, be it ISIS or others, want to have the big explosion like they did on 9/11,” Duke said Tuesday, speaking at the U.S. Embassy in London, Britain’s Express reported. “They want to take down aircraft. The intelligence is clear on that.” Their ultimate goal is “creating terror,” and a van attack in London, as well as sporadic knife attacks, accomplish just that, while never giving up on a “major aviation plot,” Duke added.
Splinter | Eleanor Sheehan | 10/17/17
Immigrations and Customs Enforcement (ICE) will extend its war on undocumented immigrants to their employers, the agency’s acting chief said on Tuesday. Speaking to the Heritage Foundation, a conservative think tank, acting director Tom Homan said ICE was taking “worksite enforcement very hard this year” and added he had instructed the agency’s investigative arm — Homeland Security Investigations (HSI)— to increase workplace probes “by four or five times.”
Statesman| Jonathan Silver | 10/20/17
U.S. Attorney General Jeff Sessions will be in Austin on Friday to discuss President Donald Trump’s immigration priorities, according to the Justice Department. Sessions will hold a roundtable discussion with state and local law enforcement officials, receive a federal crime briefing and meet with U.S. attorney’s office staff, a Justice Department official told the American-Statesman.
Department of Homeland Security Management and Mission
The Hill | Morgan Chalfant | 10/19/17
The Department of Homeland Security (DHS) has seen its influence and power expand under President Trump, whose efforts to bolster border security and crack down on illegal immigration have run through the youngest federal department. Trump has sought to bolster resources for Homeland Security, particularly for its Customs and Border Protection (CBP) and Immigration and Customs Enforcement (ICE) agents, while signaling the need for deep cuts at other agencies and departments. Overall, Trump’s budget proposal boosted Homeland Security funding by $2.8 billion, which included funds for the border wall as well as millions to hire more CBP and ICE officers.
Federal News Radio| Eric White | 10/18/17
The Homeland Security Department wants a new way to interact with industry. Called Engage DHS, the department has proposed developing a form to collect information during vendor meetings. It will use the info to prepare for meetings, to share information about previous interactions, and to keep track of how often the companies and DHS do meet. DHS said in an information request notice that it expects to collect data from about 750 meetings a year.
Washington Technology | Lisa Pafe | 10/18/17
After the Homeland Security Department cancelled the $1.5 billion Flexible Agile Support for the Homeland (FLASH) procurement May 26, the vendor community was irritated, and rightfully so. This Small Business set-aside, procured through the DHS Procurement Innovation Lab (PIL), required time, money, and expertise to undertake a technical challenge. Bidders had to demonstrate specialized skills in the incremental Agile software development methodology with rapid prototyping and better user interfaces. It is a sound idea for small businesses in the Agile space to watch this procurement closely and do what they can to shape the future of FLASH 2.0. However, proceed with caution as the PIL’s experiments do not always have a happy ending.
FedScoop | Carten Cordell | 10/19/17
The Department of Homeland Security is developing a new acquisition management directive tailored around agile development to provide more flexibility to its cybersecurity operations, CISO Jeffery Eisensmith said Thursday. The model is currently being piloted to help iteratively bake in the security requirements to software solutions at the same time as its development and operations, commonly known as DevOpsSec, Eisensmith said at the Consortium for IT Software Quality’s Cyber Resilience Summit as part of Washington DC CyberWeek. For more please read:
Federal News Radio | Jason Miller | 10/16/17
Email is the front door for more than 90 percent of all successful cyber attacks, and the days of misspelled words or offers from Nigerian bankers are giving way to more sophisticated phishing attempts that are populated with ransomware and zero day malware. The theft of 21.5 million current and former federal officials from the Office of Personnel Management happened through email. The IRS annually alerts the public about email scams. And with the recent hurricanes impacting several states and territories, agencies are telling the public to be on the lookout for con artists. For more please see:
- DHS Mandates New Security Standards For Federal Networks
- DHS orders agencies to adopt DMARC email security
Nextgov | Joseph Marks | 10/18/17
When the Homeland Security Department alerted state governments about Russian attempts to probe their election systems in 2016, it followed an ad hoc, one-size-fits-all process, mostly reaching out through existing cybersecurity relationships with governors’ offices. As a result, the officials running those elections—which are often politically firewalled from governors—were sometimes left in the dark. As the clock counts down to national elections in 2018 and 2020, Homeland Security is taking the opposite approach, asking top election officials in all 50 states how they’d like to communicate about relevant information security information, said Robert Kolasky, acting deputy undersecretary for Homeland Security’s cyber and infrastructure protection division.
FCW | Lauren C. Williams | 10/19/17
The Coast Guard is looking to manage cybersecurity risk in much the same way it handles physical danger, according to U.S. Coast Guard Cyber Commander Rear Adm. Kevin Lunday. In 2016, the service merged cybersecurity into its safety plans and issued guidelines with industry on the maritime bulk liquid transfer of hazardous cargo, regarding the control systems involved with those transfers. Speaking at an Oct. 18 conference hosted by CyberScoop, Lunday said there must be a basic culture of compliance to promote safety.
Business Insider| Christopher Woody | 10/19/17
The US Navy and Coast Guard released a joint draft request for proposal for a heavy polar icebreaker on Thursday — another signal the US military is jockeying keep up with activity in increasingly busy Arctic and Antarctic waters. The request is for the “Detail, Design and Construction” of one heavy polar icebreaker cutter with the option for two more. Responses are due by December 11. According to the announcement, the eventual contract is likely to include a number of services relating to operations and maintenance, including materials and spare parts, engineering industrial services, special studies for government-directed engineering tasks, and crew familiarization.
Nextgov | Mohana Ravindranath | 10/17/17
If someone unleashed a harmful pathogen in a crowded metropolitan subway system, local and national first responders would have just minutes to quash it before it proliferated. But today’s biothreat surveillance systems might take too long and too often rely on medical data that belongs to health systems and patients, according to the Homeland Security Department. That’s why DHS is launching a new challenge competition encouraging developers to come up with new ways to detect biothreats—potentially chemicals like anthrax, used for bioterrorism, as well as naturally occurring, often contagious diseases like smallpox.
Government Executive | Ana Campoy | 10/20/17
Hurricane Maria tore through Puerto Rico on Sept. 20. Three weeks later, many residents still live like it’s the day after the storm made landfall. More than 90% of the island remains without electricity, and roughly a third without water service, according to local authorities. Nearly half of the US territory’s population is still unable to make calls, with cell and landline services still down. And in some areas, conditions are much worse than those figures suggest. For more please read:
Bloomberg | Chistorpher Flavelle and Paul Murphy |
With parts of Florida, Texas, and Puerto Rico in desperate need of help, FEMA is under pressure to put money to work as fast as possible. One way to speed things up is to bypass the usual competitive bidding process. In the fiscal year ended Sept. 30, FEMA awarded $178 million in noncompete contracts, more than twice as much as the year before. The danger in sidestepping competitive bidding is that the government may pay more than it needs to and that companies may not get the necessary scrutiny. And with 85 percent of its staff deployed to cope with the effects of natural disasters around the country, FEMA’s personnel may have a harder time than usual making sure contractors are doing their jobs. “There’s not enough people to go around,” says Sandra Knight, a former deputy associate administrator at FEMA who’s now at Dawson & Associates, a Washington consulting firm. “They’re moving 200 miles an hour.”
NPR | Brian Naylor | 10/17/17
The Federal Emergency Management Agency is being stretched by the number of natural disasters this year. The agency has put out the help wanted sign as it responds to 22 disasters nationwide, including massive hurricanes in the south and now wildfires in the west. FEMA wants to hire as many as 2,000 local people to help respond to individual recovery efforts. According to the agency, it’s seeking everything from civil engineers to historic preservation specialists to crisis counselors and nurses. It held a job fair in Puerto Rico last week. The temporary positions could last for as long as a year. Mike Sprayberry, who is emergency management director for North Carolina, says there are also disaster reservists to call on. And the states, he says, are pitching in to help each other as part of an emergency management assistance compact.
Federal Times | Armin Haracic | 10/19/17
The Transportation Security Administration and Department of Homeland Security did not perform proper oversight when implementing a new digital strategy for its Technology Infrastructure Modernization (TIM) program, according to the Government Accountability Office. The TSA had intended to incorporate agile software development within TIM, yet the agency failed to define key roles and responsibilities, implement automated capabilities and prioritize system requirements for the effective usage of agile.
Associated Press| Elliot Spagat | 10/19/17
The last two of eight prototypes for President Donald Trump’s proposed border wall took shape Thursday at a construction site in San Diego. The prototypes form a tightly packed row of imposing concrete and metal panels, including one with sharp metal edges on top. Another has a surface resembling an expensive brick driveway. Companies have until Oct. 26 to finish the models but Border Patrol spokesman Theron Francisco said the last two came into profile, with crews installing a corrugated metal surface on the eighth model on a dirt lot just a few steps from homes in Tijuana, Mexico. For more on the Border Wall please read:
- Senate GOP to Back Trump on Border Wall, Risking Shutdown Fight
- As Trump’s Border Plans Take Shape, Critics Call For Virtual Wall
CNN | Tal Kopan | 10/17/17
A federal judge has ordered President Donald Trump’s administration to reveal internal deliberative documents that went into the decision to rescind the Deferred Action for Childhood Arrivals (DACA) program, a partial victory for groups challenging the rescission in a California federal court. Judge William Alsup on Tuesday ordered the government turn over the records by October 27 and said they must appeal “very promptly” if they desire to do so.
Department of Justice Management and Mission
FCW | Derek B. Johnson | 10/19/17
A senior Department of Justice official said a framework to clarify how private companies can conduct information security research without running afoul of the Computer Fraud and Abuse Act is gaining traction, but that the government is content for now to keep the guidance broad and allow “natural momentum” from the private sector to determine specific policies. Speaking Oct. 18 at a CyberScoop conference in Washington, D.C., Leonard Bailey, DOJ’s senior counsel for the National Security, Computer Crime and Intellectual Property Section, provided an update on the vulnerabilities disclosure program for online systems that was unveiled in July 2017. Bailey said the government’s goal for the program was to provide enough direction to decrease “opportunities for disagreement that may result in litigation” without prescribing a particular set of policies.
Government Executive | Eric Katz | 10/18/17
A congressional committee is investigating potential abuse of federal funds and resources provided to local municipalities in Puerto Rico, citing red flags raised by the FBI. The House Natural Resources Committee probed the Federal Emergency Management Agency and FBI regarding accusations of “mishandling and misappropriation of emergency supplies” provided by the federal government for the people of Puerto Rico. The letters from several Republican leaders on the panel came after Douglas Leff, the FBI special agent in charge for the San Juan Field Office, announced last week he was looking into accusations of abuse of federal funds.
Washington Post | Matt Zapotosky | 10/20/17
The Justice Department filed Friday its formal notice of appeal to a federal judge’s decision to block the Trump administration from enforcing its latest travel ban. Department lawyers filed the notice in federal district court in Maryland, writing that they intended to appeal the case to the U.S. Court of Appeals for the 4th Circuit. The notice is the first step in taking the case to a higher court. The government has yet to file its arguments. Two different federal judges, one in Maryland and the other in Hawaii, have blocked the administration from enforcing Trump’s latest travel ban, his third attempt at barring entry to people from certain countries around the globe.
Government Executive| Charles S. Clark | 10/16/17
A Democratic senator on Monday reacted to a weekend expose on loosened enforcement against unlawful distributors of opioids by introducing a bill to repeal a 2016 law that trimmed the prosecutorial powers of the Drug Enforcement Administration. Sen. Claire McCaskill, D-Mo., announced her coming bill to repeal the Ensuring Patient Access and Effective Drug Enforcement Act, saying, “Media reports indicate that this law has significantly affected the government’s ability to crack down on opioid distributors that are failing to meet their obligations and endangering our communities.”
General Services Administration, Office of Management and Budget, and Government Accountability Office
Governemt Executive | Charles S Clark | 10/18/17
A Senate committee Wednesday scrutinized the people nominated to lead two agencies responsible for major technology projects. Emily Webster Murphy, nominated to lead the General Services Administration, and Jeff Pon, the White House’s choice for the Office of Personnel Management head, both sketched out broad technology goals during a Homeland Security and Governmental Affairs confirmation hearing, which include doubling down on open data programs and providing better cybersecurity training for employees. President Trump’s nominee to head the General Services Administration encountered a relative lovefest during her Senate confirmation hearing on Wednesday, with senators of both parties applauding her 20-year background in federal procurement that includes time at GSA itself. For more on the nominations please read:
- GSA Nominee Wants Competition At The Task Order Level
- GSA, OPM Nominees Pledge To Build Public Trust Through Open Data Programs
Federal News Radio| Eric White | 10/18/17
Agencies have their cybersecurity marching orders for 2018. The Office of Management and Budget used 2017 to develop a standard approach to measuring cyber risk across the government. Now for 2018, OMB wants agencies to use that methodology to conduct risk management assessments. As part of the 2018 Federal Information Security Management Act (FISMA) guidance issued yesterday, OMB told CFO Act agencies to update their data quarterly and non-CFO Act agencies to update their data on a semiannual basis. OMB said the metrics represent baseline security controls. OMB and DHS will use these metrics in the ongoing Risk Management Assessment process.
Federal News Radio | Tom Temin | 10/19/17
For a variety of reasons, federal agencies continue to struggle with cybersecurity. Last year, nearly all of the 24 big departments and agencies had problems in all of the control areas. That’s what the Government Accountability Office found in its most recent, two-year study. Greg Wilshusen, the GAO’s director of information security issues, shares the details on Federal Drive with Tom Temin.
FedScoop| Carten Cordell | 10/18/17
The final version of the technology modernization report by the White House’s American Technology Council and Office of American Innovation technology will be out shortly, acting federal Chief Information Officer Margie Graves said Wednesday. Graves said at CyberTalks in Washington, D.C., that the Trump administration has incorporated comments from public stakeholders following the August release of the previous draft.
Government Executive | Charles S. Clark | 10/17/17
In an early-morning tweet on Tuesday, President Trump announced that Rep. Tom Marino, R-Pa., the man he nominated in September to run the White House Office of National Drug Control Policy, had pulled out. “Rep. Tom Marino has informed me that he is withdrawing his name from consideration as drug czar. Tom is a fine man and a great Congressman!” Trump wrote.
Federal Times | Jessie Bur | 10/19/17
Sen. Sheldon Whitehouse, D-R.I., criticized the Justice Department’s lack of a cybersecurity representative to coordinate with Congress on legislative issues at a Department of Justice Oversight hearing on Wednesday. “It really complicates life if there is not somebody at the Department of Justice whose job it is to work with us on cybersecurity legislation. And the silence has been deafening,” said Whitehouse. “The issue is, there are things we need to fix legislatively on cybersecurity, and, at the moment, I can’t find a point of entry into this administration of anybody who is working on cybersecurity on this administration or who is appointed to or delegated to.” Though Attorney General Jeff Sessions recommended that the Senator contact the legislative affairs office for cybersecurity coordination, Whitehouse said that multiple letters of request sent to that department have gone unanswered.
Upcoming Homeland Security Events
- Washington DC Cyber Week – Cyber Scoop | October 16th–20th | Washington, D.C.
- Homeland Security Week 2017 – ASD Events | October 24th-27th | Washington, DC
- 2017 National Disaster Resilience Conference – FLASH | October 25th-27th | Atlanta, GA
- NICE Conference & Expo 2017 – NIST | November 7th–8th | Dayton Conference Center
- Aviation Cyber Security Conference – Cyber Senate and US ISAC | November 21st–22nd | London, UK
- Silicon Valley Innovation Program Funding Opportunities – DHS – S&T’s SVIP will be conducting individual calls – Open until May 3, 2018 – describing specific technical areas and issuing use cases.
GAO Reports of Interest
Publicly Released: October 17, 2017.
Upcoming Congressional Committee Hearings of Interest
Homeland Security Committee (Cybersecurity and Infrastructure Protection Subcommittee)| October 24, 2017 2:00 PM | House Capitol Visitor Center (HVC) Room 210
Homeland Security Committee (Border and Maritime Security and Cybersecurity Subcommittees)| October 30, 2017 1:30 PM | Second Floor Of The Port Of Los Angeles Administration Building, 425 South Palos Verdes St., San Pedro, California