*** David Redl resigned as head of the National Telecommunications and Information Administration on May 9. NTIA manages federally-held spectrum and is partner to the Federal Communications Commission which oversees commercial spectrum. The Department of Commerce announced that Diane Rinaldo will take over as NTIA Administrator on an acting basis.
*** Sens. Ron Johnson (R-Wis.) and Gary Peters (D-Mich.), the chairman and ranking member of the Senate Homeland Security Committee, introduced legislation May 10 to ensure feds who have responsibility over supply chain risk management processes receive adequate training against counterintelligence threats.
The bill tasks the heads of the Office of Management and Budget, the Office of the Director of National Intelligence, the Department of Homeland Security and the General Services Administration with developing a government-wide counterintelligence training program for executive branch agencies, focusing on threats in the procurement space and throughout the information and communications technology lifecycle. The bill would also require agencies to regularly update Congress on the program to inform future improvements.
*** A new watchdog report suggests Congress should consider empowering the IRS to set cybersecurity rules of the road for third-party private tax organizations who handle sensitive tax data.
While the IRS is required by federal law to protect financial and taxpayer data, the Government Accountability Office found that in 2018, 90 percent of individual taxpayers had their tax returns electronically filed by third-party paid preparers or used software to file their own taxes.
That means that no matter what protections the agency has in place for taxpayer data after they are fed into their systems, the vast majority could still be vulnerable on the front end when they're handled by companies or individuals who are not subject to nearly the same regulatory scrutiny when it comes protecting their IT systems.
Since IRS does not have explicit authority to set minimum baseline cybersecurity standards for how third parties should protect their IT systems and data, the GAO recommends that Congress consider legislation giving it to them, while also recommending IRS set up a formal structure for developing and communicating those standards.
Posted on May 13, 2019 at 12:48 AM