Weekly Wrap-Up
Week of July 19, 2021
(The Hill) The House on Tuesday approved five bipartisan measures designed to enhance various aspects of the nation’s cybersecurity following recent major cyberattacks. 

The cyber-related package passed in a 319-105 vote. It included measures to fund cybersecurity at the state and local level, bolster reporting requirements and test critical infrastructure.

One bill, the State and Local Cybersecurity Act, would establish a grant program to provide $500 million annually to state and local governments over the next five years for cybersecurity needs. Rep. Yvette Clarke (D-N.Y.), chair of the House Homeland Security Committee’s cyber panel, is the lead sponsor of that bill.
NIST Publishes Security Measures and Standards for Cyber EO
(MeriTalk) The National Institute of Standards and Technology (NIST) has released guidance outlining security measures for critical software and minimum standards for vendors’ testing of their software source code as part of the agency’s assignments under the Biden administration’s executive order (EO) on cybersecurity.

The EO on Improving the Nation’s Cybersecurity, released May 12, calls for NIST to complete a series of different cyber-related assignments, including providing an updated definition for “critical software,” which it released last month.
White House Selects Former Fed as NIST Leader
(Nextgov) President Joe Biden nominated biomedical researcher and Maryland-based professor Laurie E. Locascio to steer the National Institute of Standards and Technology.

Locascio was named as Biden’s pick to serve as the Commerce Department’s next Undersecretary for Standards and Technology, among a slew of other nominations Friday. She’s currently the vice president for research at the University of Maryland, College Park and the University of Maryland, Baltimore—schools that collectively garner $1.1 billion yearly in external research funding. 

Prior to her latest work in academia, “Dr. Locascio had a long fruitful career as a researcher, innovator, and scientific leader” at NIST, White House officials wrote in the announcement
White House Announces Ransomware Task Force - and Hacking Back is One Option
(Politico) The Biden administration is unleashing a range of options to stem the growing ransomware threat, a senior administration official said — including offering rewards as high as $10 million for help identifying the perpetrators.

Other options on the table include launching disruptive cyberattacks on hacker gangs, as well as developing partnerships with businesses to speed up the sharing of information about ransomware infections.

The White House has formed a previously unannounced cross-government task force to coordinate a series of defensive and offensive measures against ransomware, as POLITICO first reported Wednesday. The actions follow a series of high-profile hacks that have underscored how cybersecurity weaknesses can wreak havoc on American society.
Agency Reuse of FedRAMP-Approved Cloud Products Climbs with Automation
(FedScoop) Agency reuse of cloud products authorized by the Federal Risk and Authorization Management Program (FedRAMP) continues to increase, with the program management office (PMO) automating parts of the process in fiscal 2021.

Reuse of security authorization packages is up 85% compared to pre-pandemic levels, and agency demand for cloud products grew 60% in the first half of fiscal 2021 compared to the first half of fiscal 2020.

Increases in reuse and demand coincide with the FedRAMP PMO’s work with the National Institute of Standards and Technology to standardize authorization packages and automate their review with the Open Security Controls Assessment Language (OSCAL).
CISA Lacks Insights into Agency Network Defenses
(GCN) The Cybersecurity and Infrastructure Security Agency doesn’t have the data to determine if agencies are segmenting and segregating their networks, according to CISA acting Director Brandon Wales.

In a June 3 response to questions from Sen. Ron Wyden (D-Ore.) about the 2020 SolarWinds attack and the role the EINSTEIN cybersecurity system plays in protecting federal networks, Wales said that while his agency “continues to develop and promulgate guidance to encourage network segmentation,” it does not know the percentage of agencies that have segmented and segregated their internal networks.
Member News
Industry Presses Government to Invest in More Practical Quantum Computing Projects
(FedScoop) With quantum likely in a hybrid state with classic computational computing for another eight years, breakthroughs are still being made in drug discovery, autonomous vehicles communicating with each other and allocating resources for emergency response, said Allison Schwartz, global government relations and public affairs lead at D-Wave Systems.

Still, private sector products remain in the early stages, and its important policymakers make targeted investments to ensure small companies can supply industry with quantum-enabling technologies like lasers and cryogenic cooling moving forward, said Celia Merzbacher, executive director of the Quantum Economic Development Consortium.
FedRAMP Goes Public
(SafeLogic Blog) No, it’s not an IPO. I don’t think FedRAMP can go public like that, even if they wanted to!

But they do want public comments. The FedRAMP Program Management Office (PMO) has repeatedly proven that they are committed to staying agile and evolving to increase alignment between the strategic goals of the program and the industry which it serves. The latest evidence is yesterday’s blog post, where the PMO released their initial draft of the FedRAMP Authorization Boundary Guidance and the opening of a two month public comment period (please submit yours here by September 13, 2021).
If you would like to have your story featured in ADI's Member News, please contact ADI's Policy & Communications Manager, Jaishri Atri.
Questions? Inquiries? Please e-mail: info@hq.alliance4digitalinnovation.org