Welcome to MeriTalk News Briefs, where we bring you all the day’s action that didn’t quite make the headlines. No need to shout about ‘em, but we do feel that they merit talk.
NTIA Seeks to Block Chinese Telecom Firm From U.S. Market
The National Telecommunications and Information Administration (NTIA) said Monday in a filing with the Federal Communications Commission that China Mobile–the world’s largest mobile network operator–should be banned from entering the U.S. market. NTIA head David Redl said in a statement that “concerns about increased risks to U.S. law enforcement and national security interests were unable to be resolved.” The NTIA recommendation to bar China Mobile stems from the company’s 2011 license application to offer telecommunications service from within the United States. The move to block China Mobile’s access to the U.S. market follows ongoing pressure across Congress and the administration to prevent major Chinese telecommunications firms from operating in the United States and working with Federal agencies.
Protecting Consumer Data at the Consumer Financial Protection Bureau
The Inspector General (IG) for the Consumer Financial Protection Bureau (CFPB) and Board of Governors of the Federal Reserve System released a brief report on Monday regarding cybersecurity concerns with the CFPB’s Mosaic system. Mosaic is public-facing system used by CFPB to centrally collect, monitor, and respond to complaints about consumer financial products and services. “Overall, the security controls we tested were effective, as were components of the planning, development, and delivery processes used for the system as they relate to the Bureau’s risk management program,” the IG report says. “However, stronger identity and access management controls can ensure that the security control environment for Mosaic remains effective.” The report includes one recommendation, as well as “several matters for management’s consideration in the areas of audit and accountability, contingency planning, and configuration management.” Due to the sensitivity of information security reviews, the full report was not made public.
DoE Funds Four Infrastructure Cybersecurity Programs
The Department of Energy (DoE) has selected four research and development projects to receive grant funding aimed at improving cybersecurity infrastructure. The four projects are part of a larger group of 15 receiving nearly $8.8 million in Federal funding “to develop innovative technologies that enhance fossil energy power systems,” DoE said. The first cyber project tasks the Electric Power Research Institute with developing a comprehensive risk reduction framework, which will identify technologies, programs, and processes that increase threat resilience. The second will allow General Electric to improve industrial control systems, potentially “providing more reliable power generation to the grid.” For the third project, Siemens will “develop a technology framework that integrates cyber-physical security solutions and connected sensors within fossil fuel power plants.” For the final project, Southern Company will implement a monitoring system that uses existing plant data to respond to operational network anomalies. Each project will receive roughly $312,000 in funding.
New Report on Agency IT Spending
The Governmentwide Category Management Project Management Office (PMO) today released its monthly newsletter announcing new Agency Profile Reports (APRs) for IT. The reports aim to help technology and acquisition professionals at Federal agencies get the best deals out of new IT contracts by providing a detailed accounting of existing IT contracts and spending activity. The APRs profile agencies’ top IT spend and contract activity, so Federal employees can identify “opportunities to consolidate, aggregate, and maximize the best value to the government,” the PMO said. The reports also offer “a goal-tracker view of Office of Management and Budget-published agency spend under management and Best-in-Class goals, and showing IT’s contribution to those goals.” The reports can be accessed via the Acquisition Gateway.
Reading Materials Available for NIST Workshop
The National Institute of Standards and Technology released a preliminary reading document for its Considerations for Managing IoT Cybersecurity and Privacy Risk Workshop, to be held July 11 in Gaithersburg, Maryland. The document is being provided to help direct conversations at the workshop. It also provides a fairly exhaustive list of privacy and security considerations for Internet of Things connected devices, including challenges that manufacturers and consumers will face with the technology. The deadline for registration for the workshop is tomorrow, July 4.