cybersecurity in the federal government

Two bipartisan bills were introduced this past spring to help bolster the government’s cyber needs. Also, a CIO at the DoD gets disciplined for leaking information, and the MDA’s approach to cybersecurity testing. 

Scholarships for Service

                At the beginning of June, Democrat Senator Gary Peters of Michigan and Republican Senator John Thune of South Dakota introduced the “AI Scholarship-for-Service Act.” Endorsed by numerous universities and technology associations, the potential law would create a scholarship that pays for undergraduate and graduate education so long as the recipient agrees to work for a federal agency after receiving their degree in a qualified field such as cybersecurity or artificial intelligence. The scholarship could also only be used for students attending one of the stipulated schools, one of which is Dakota State University.

                Along with tuition, a stipend for room and board, and a personal allowance to enable these students to attend job fairs, the proposed scholarship would also provide numerous internship opportunities for recipients. The purpose of the internships would be to prepare them for the transition into public service, and would offer positions at federal, state, local, and tribal agencies. The program is similar to the “CyberCore,” which began in 2000 and was run by OPM.

Civilian Cybersecurity Reserve

                Similarly, another bipartisan bill was introduced into the Senate back on April 22nd. The “Civilian Cybersecurity Reserve Act” was brought to the Senate by Republican Marsha Blackburn of Tennessee and Democrat Jackie Rosen of Nevada. Neither of these bills have progressed since their introduction, but supporters of this cyber-reserve act are hoping to include the pilot program as part of the 2022 Defense Policy Bill. The potential legislation would create a reserve of cybersecurity experts to be utilized across the government’s defense agencies. The program would go into effect 180 days after the law’s passage, and be reviewed for efficacy by the Government Accountability Office (GAO) after 5 years of operation. Essentially, DoD and DHS secretaries would be able to appoint members of this cyber-team to 6-month assignments as needed. Members of the reserve would be voluntary, and by invitation only. The bill comes about as a response to last year’s SolarWinds attack, but more so to address the dire need for cybersecurity professionals. Currently, in the US, across private and public sectors, there are an estimated 13,700 open positions for information security analysts and 320,000 other unfilled jobs that require some cybersecurity skills.

Missile Defense Vulnerability

                The GAO recently released a report about the Missile Defense Agency (MDA) that highlights some other cybersecurity concerns in the Federal Government. The MDA, which is responsible for developing and fielding defense systems for ballistic and hypersonic missiles, disregarded all 17 cybersecurity operational assessments they were supposed to conduct in 2020. In fact, it was revealed that they hadn’t done these tests since 2017. The GAO report does say that the MDA took a new approach- restructuring cybersecurity test planning to align with its “2019 4-phase Cybersecurity Test Concept” that aims to improve and streamline the agency’s cybersecurity assessment process. The GAO did not offer the agency any suggestions, but noted the missile technology is vulnerable to cyber and electronic attacks that could make defense equipment useless.

CIO at DoD Put on Leave

                Last week, the Pentagon revealed that Katie Arrington, the Chief Information Officer for the Acquisition and Sustainment Office at the Department of Defense, was placed on paid leave back on May 11th. While the accusation against Arrington revolves around an “unauthorized disclosure of classified information,” there’s not much more being divulged at this time. Arrington is on paid leave, but she has had her security clearance revoked. Her attorney didn’t have much more information when speaking to the Associated Press, only that there doesn’t seem to be an active investigation into Arrington, at least not at the Defense Counterintelligence and Security Agency.

                Katie Arrington was a Republican lawmaker at the state level in South Carolina from 2016 to 2018, when she beat Rep. Mark Sanford in a surprising primary victory that almost propelled Arrington to Congress. However, she was ultimately defeated by Joe Cunningham in the 2018 election. Cunningham was the first Democrat to represent the 1st district of South Carolina since 1980, but he, in turn, lost his first bid for reelection to Republican Nancy Mace in 2020.

Until Next Time,

**Written by Benjamin Derge, Financial Planner. The information has been obtained from sources considered reliable but we do not guarantee that the foregoing material is accurate or complete. Any opinions are those of Benjamin Derge and not necessarily those of RJFS or Raymond James. Links are being provided for information purposes only. Expressions of opinion are as of this date and are subject to change without notice. Raymond James is not affiliated with and does not endorse, authorize, or sponsor any of the listed websites or their respective sponsors.

cybersecurity in the federal government

Cybersecurity in the Federal Government