Weekly Wrap-Up
Week of August 30, 2021
Federal News
The First National Cyber Director Has Big Plans to Toughen U.S. Digital Defenses
(Politico) America’s first-ever national cyber director holds a post the Biden administration didn’t want, and he has limited authority to force change. But Chris Inglis says he has a strategy to get government agencies to toughen up their digital defenses.

In his first in-depth interview since the Senate confirmed him in June, Chris Inglis told POLITICO he aims to use the soft power that comes with his high-profile White House position to prod agencies to better protect critical infrastructure together, strengthen long-term resilience and prioritize cybersecurity in their budgets.
OMB Directs Agencies to Increase Log Sharing to Combat Cyber Incidents
(FedScoop) The Office of Management and Budget directed federal agencies to increase their sharing of information system logs needed to accelerate cybersecurity incident response, in a memo issued Friday.

The memo contains a maturity model for event log management intended to guide agencies implementation of its requirements across four event logging (EL) tiers: not effective, basic, intermediate, and advanced.

Following the SolarWinds hack that compromised agencies, President Biden issued a cybersecurity executive order — Section 8 of which lays out logging and log retention. The EO also outlined the management requirements that OMB‘s memo addresses.
Deputy Attorney General Lisa Monaco Announces Creation of New Cyber Fellos Positions
(U.S. DoJ) Today, Deputy Attorney General Lisa Monaco announced the creation of a new Cyber Fellowship program, designed to develop a new generation of prosecutors and attorneys equipped to handle emerging national security threats.

“As we have witnessed this past year, cyber threats pose a significant and increasing risk to our national security, our economic security, and our personal security,” said Deputy Attorney General Monaco. “We need to develop the next generation of prosecutors with the training and experience necessary to combat the next generation of cyber threats. This Fellowship gives attorneys a unique opportunity to gain the well-rounded experience they need to tackle the full range of those threats.”
White House Rallies Private Industry in Cyber Battle
(The Hill) A meeting between President Biden and more than two dozen key leaders from a variety of industries this week has increased momentum for plans to quickly address rising cyber threats.

Leaders from the fields of tech, energy, insurance and education attended the event Wednesday, including the CEOs of Alphabet, Apple, Amazon, IBM, Microsoft, JPMorgan and Bank of America.

For the Biden administration, the summit also served to highlight the federal government's efforts to tackle cybersecurity challenges following months of massive attacks on public and private groups that have pinched key industries while laying bare the scourge of cybercrime.
Tech Giants Pledge Billions in Cybersecurity Investments Amid White House Push
(Chicago Sun-Times) Some of the country’s leading technology companies are promising to invest billions of dollars to strengthen cybersecurity defenses and to train skilled workers.

The Biden administration has been urging major corporations to do their part to protect against increasingly sophisticated attacks.

Before meeting privately at the White House in recent days with top tech CEOS, Biden called cybersecurity a “core national security challenge.”

“Most of our critical infrastructure is owned and operated by the private sector, and the federal government can’t meet this challenge alone,” Biden said, telling the tech leaders they “have the power, the capacity and the responsibility, I believe, to raise the bar on cybersecurity.”
Zero Trust News
'Trust of Citizens' is Most Important Part of Zero Trust, Washington CISO Says
(StateScoop) As more governments move toward zero-trust security architecture, the most important trust to aim for is that of the people whose data is being safeguarded, Washington Chief Information Security Officer Vinod Brahmapuram said Tuesday.

Speaking during an online event hosted by Scoop News Group, Brahmapuram said zero-trust security — in which security measures are implemented on every level of a network and all devices and users are considered potentially malicious — should be included as part of any modernization effort as state governments grow more careful of online threats.

“It’s part of what we should all be doing, which is modernization,” said Brahmapuram, who is currently overseeing a consolidation of cybersecurity practices across state government.
DOD to Establish New Zero Trust Management Team This Fall
(FedScoop) The Department of Defense is standing up a new portfolio management team to oversee the implementation of zero trust architecture, acting CIO John Sherman announced Wednesday.

Sherman said the team would be up and running by the fall and be overseen by the chief information security officer, Dave Mckeown. According to Sherman, the new team will help boost a new approach to security, which he says is a top priority.

“You don’t just buy zero trust, it’s not a tool or a technology, it really is a new strategy,” he said during FedScoop’s FedTalks conference. “We have got to run a new … defense, and zero trust is going to be it.”
Zero Trust is Not Enough: The Case for Continuous Control Validation
(GCN) From SolarWinds to the Colonial Pipeline and Kaseya ransomware incidents, there has been a notable uptick in the frequency and severity of cyberattacks. A complete cybersecurity overhaul is needed, and nowhere is that more apparent than with one of the most prominent targets in cyberspace -- the federal government.

In mid-May, President Joe Biden signed an executive order that calls for a zero-trust architecture for all federal agencies. While this move is an important step that gives security teams a pathway to achieving comprehensive control over their security, it is only half the battle. The other core capability is testing defenses continuously and at scale to generate performance data and validate security effectiveness.
Member News
Vote Now for the CyberScoop 50 Awards!

Please join us in congratulating ADI member companies AWS, IronNet Cybersecurity, Telos Corporation, Tenable, Palo Alto Networks, and VMware for being represented among the nominees for the 2021 CyberScoop 50 Awards!

Voting is open through October 8 and we invite you to support our industry leaders whose hard work is deserving of recognition:
If you would like to have your story featured in ADI's Member News, please contact ADI's Policy & Communications Manager, Jaishri Atri.
Questions? Inquiries? Please e-mail: info@hq.alliance4digitalinnovation.org