FCW Insider: June 13

Customs and Border Protection's email migration project showed the power of robotics process automation. The emerging tech reduced processing time for a terabyte of data from two months to one day. Mark Rockwell has more.

Lawmakers are worried that a DOD-VA plan for a joint governance board on implementation of their commercial electronic health record systems is just a name change and not a game change when it comes to leadership and decision making. Adam Mazmanian has the story .

The House of Representatives is set to vote on a legislative package that includes cybersecurity-related research and development initiatives at the Department of Energy that are designed to tighten up protection to the electric grid and other energy systems. Derek B. Johnson reports.

Quick Hits

*** A House bill to leverage the federal government's buying power to help secure the internet of things ecosystem advanced in committee on Wednesday. The Internet of Things Cybersecurity Improvement Act of 2019, introduced in March by Reps. Robin Kelly (D-Ill.) and Will Hurd (R-Texas) requires IoT devices purchased by the federal government to meet minimum security requirements covering patching, identity management and configuration management. The requirements aren't spelled out in the bill and would be developed by the National Institute of Standards and Technology, but at a minimum the provisions would likely prohibit hard-coded passwords that can't be changed by end users and require that connected devices be able to receive software and firmware updates over the air. The bill passed the House Oversight and Reform Committee on June 12. A similar measure has been backed in the Senate by Sens. Cory Gardner (R-Colo.) and Mark Warner (D-Va.).

*** The National Institute for Standards and Technology released a new draft white paper outlining best practices for secure software development. The document outlines 19 practices, such as conducting regular code reviews, defining your security requirements ahead of software development, and reusing existing, well-secured software, that stakeholders need to keep in mind throughout the software development lifecycle.

Because the practices are designed to apply to a broad range of public and private sector entities, NIST opted not to set down hard and fast rules around how organizations should implement them, though the paper does offer examples.

"The most important thing is implementing the practices and not the 119 mechanisms used to do so," the paper states. "For example, one organization might automate a particular step, while another might use manual processes instead."

*** Don't forget to submit your 2019 Government Innovation Award nominations. We're looking for individual Rising Stars, innovative public-sector projects and industry partners that are disrupting government IT.