Cyber recruiting, a notable election loss, NetCents setbacks and more

NSA director visits Silicon Valley for recruiting tips

National Security Agency Director Adm. Michael Rogers recently made his second trip to Silicon Valley in the seven months since he assumed his dual role leading NSA and U.S. Cyber Command.

Rogers told an audience at Stanford University on Nov. 3 that he generally comes to Silicon Valley for three reasons: to dispel what he said were misconceptions about NSA spying; to hear from innovators "because quite frankly, the days when the Department of Defense drove technical innovation for the U.S. are way behind us"; and to get tips from America's tech giants on recruiting and training because "we're competing for much of the same workforce."

Rogers lauded Silicon Valley as "a primary driver for technical change within the nation and the broader world around us. And so I want to try to make sure I understand that change."

Advocate for data breach notification loses House seat

Rep. Lee Terry (R-Neb.) appears to be a rare Republican casualty in an election that solidly favored the GOP. His loss could mean that backers of nationwide legislation to replace the patchwork of state laws with a nationwide approach to protecting consumer information from data breaches will have to find a new leader.

Terry was active on data breach legislation from his perch on the powerful Energy and Commerce Committee's Commerce, Manufacturing and Trade Subcommittee.

Attorney General Eric Holder called for federal data breach notification legislation in February, and several Senate Democrats have proposed bills.

However, Republicans have been wary of approaches that preempt state law and give enforcement authority to the Federal Trade Commission. Terry did not issue a bill, but he was clear in backing a single, nationwide notification standard for consumers whose information is compromised in hacks.

NetCents-2 contract could be back to square one

The Air Force's Network-Centric Solutions-2 contract hit a serious bump this week when the Government Accountability Office ruled in favor of bid protests filed by "some of the largest IT companies in the market," Washington Technology reported.

GAO recommended that the Air Force reassess the bids and make new source selections. The protests challenged the methodology for evaluating costs, past performance and trade-offs.

DOE IG: Cybersecurity improving, but weaknesses remain

The Energy Department's Office of Inspector General has concluded that the agency improved its cybersecurity posture in the past year but warned that better policies must be developed and implemented to address remaining weak spots.

The IG's report identifies 11 new and 14 unresolved weaknesses at the 24 DOE locations reviewed throughout fiscal 2014, including headquarters. Investigators found problems with patch management at 13 locations, issues related to the system integrity of Web applications at six locations and weaknesses in the configuration management process at four locations.

Furthermore, weaknesses in logical access controls that could allow attackers to disrupt network connectivity and gain access to sensitive data were discovered at eight locations.

"Without improvements, the department's unclassified cybersecurity program will continue to operate at a higher-than-necessary level of risk," the report states. "Continued deficiencies in the areas outlined in this report could adversely affect the department's ability to gain or retain assurance that its systems and data are operated and maintained within acceptable levels of risk."

But the IG also highlighted several major improvements to DOE's cybersecurity efforts, including the development of the information management governance framework, an improved Enterprise Continuous Monitoring Program at the National Nuclear Security Administration and implementation of the Mission Information Protection Program at the Office of Environmental Management.