CISA passes Senate, Census seeks CIO and more

Senate passes CISA

 The Senate on Oct. 27 passed a long-stalled and controversial information-sharing cybersecurity bill by a vote of 74-21. Lawmakers will next try to reconcile the Senate's Cybersecurity Information Sharing Act of 2015 with a pair of information-sharing bills the House passed in April.

CISA is the latest in a long line of legislative efforts to encourage private firms to share more cyber threat data amongst themselves and with the government. The bill encourages this by giving firms certain protections from antitrust and consumer privacy liabilities when they report threat information.

 CISA's passage left privacy advocates, who have long decried the bill as an expansion of government surveillance, wondering what went wrong in their long campaign against the bill. Multiple amendments designed to alleviate privacy concerns failed in the run-up to final passage.

Greg Nojeim, senior counsel at the Center for Democracy and Technology, a digital rights group, called the bill's passage "a huge step backwards" for American privacy rights. "Now, more personal information will be shared with the NSA and with law enforcement agencies, and that information will certainly be used for purposes other than enhancing cybersecurity," he said in statement.

The Chamber of Commerce, a big backer of CISA, issued a statement urging swift reconciliation of CISA with the House bills. "We need to get the job done now — nation-states or their proxies and criminal groups are attacking American enterprise with impunity, and that has got to stop," Chamber President Thomas Donohue said in a statement.

Pentagon tinkers with cyber acquisition guidance

Defense Department officials are preparing an addendum to acquisition guidance that would give program managers a clearer sense of vulnerabilities to look for during the life cycle of a product, said Melinda Reed, deputy director for program protection in the Office of the Deputy Assistant Secretary of Defense for Systems Engineering.

The addendum, or "enclosure," to acquisition guidance issued in January is "still a work in progress" and could be out in the coming months, Reed said Oct. 27 at a National Defense Industrial Association conference in Springfield, Va.

Speaking generally of cyber-related guidance for acquisition, Reed said, "We're going to take a hard look at how do we make everything more consistent because if you take a look at our guidance I think, across the board, there [are] some inconsistencies, and I think we recognize that within the working group that was established for this."

Census seeks CIO

The Census Bureau posted a job listing for a new associate director for IT and CIO on Oct. 26.

The pay range is $121,956 to $183,300, and the gig requires a top secret clearance -- along with the ability to help keep the 2020 census on track technologically.

The bureau has lacked a permanent CIO since Brian McGrath moved to the Justice Department at the end of July. Deputy CIO Harry Lee has been filling in since then.

Ex-NSA, CIA boss calls for more comprehensive cyber strategy

Retired Gen. Michael Hayden, the former head of the National Security Agency and the CIA, has called for the government to craft a more comprehensive cyberspace strategy that balances the private sector's ownership of digital assets with the government's responsibility to protect them.

Such a strategy could eventually mean "giving the private sector more freedom to act in its own defense," Hayden wrote in an op-ed for Real Clear Politics. The retired general, now a principal at the Chertoff Group, also cautioned against legitimizing the authoritarian approach to the Internet taken by countries like China and Russia in the name of security.

As NSA director after the Sept. 11, 2001, attacks, Hayden oversaw a controversial expansion of the agency's surveillance via the collection of metadata on phone calls. NSA is set to stop accessing that data in November.

Mapping cyber jobs

The National Institute of Standards and Technology's National Initiative for Cybersecurity Education is investing funds in developing a cybersecurity jobs heat map.

NICE announced the award of $249,000 in first-year funding to the nonprofit trade association CompTIA, which will work with Burning Glass Technologies to develop the map.

It will show supply and demand for various cybersecurity positions nationwide, in keeping with NICE's National Cybersecurity Workforce Framework.

The map is expected to be available late next year.