GovCon Updates of the Week Part 9

6/14/2021 - By BDO GovCon Newsletter

The Best Defense Is a Good Offense: On May 27, 2021, the Department of Homeland Security’s (DHS) Transportation Security Administration (TSA) quietly released a directive geared toward preventing the next pipeline system attack. Secretary of Homeland Security Alejandro N. Mayorkas stated, “The recent ransomware attack on a major petroleum pipeline demonstrates that the cybersecurity of pipeline systems is critical to our homeland security.”

The directive requires that critical pipeline owners and operators examine their existing cyber-related practices to identify any gaps, develop corrective actions, and report the results to TSA and the DHS Cybersecurity and Infrastructure Security Agency (CISA) within 30 days. It also requires that they designate a Cybersecurity Coordinator, who will be available 24/7, and that they will report suspected or confirmed cybersecurity incidents to CISA.

TSA is considering additional follow-on requirements, which is likely not a surprise to anyone who has been following the pipeline story. The DHS directive and any subsequent follow-ons are consistent with the Government-wide trend, where Government officials are recognizing that it’s not enough to respond to a cyber-attack after the fact. RaOfficials are calling on Federal agencies and their industry partners to proactively poke holes in their own systems and assess /address gaps before the next attack happens and critical services are brought to a screeching halt, or sensitive information is compromised.

For more information, please click this link.

U.S. Calls for Proposals to Combat Media Repression: As issues related to media censorship and the spread of misinformation continues to rise across the globe, The Defense Advanced Research Projects Agency (DARPA) is looking for new concepts that can help understand how authoritarian regimes control information. DARPA, under a program called Measuring the Information Control Environment (MICE) wants to develop artificial intelligence technology to “measure how digitally authoritarian regimes repress their populations at scale over the internet via censorship, blocking, or throttling,” according to a June 1, 2021 pre-solicitation notice posted on SAM.gov.

As technology evolves and more censorship tools are being used to suppress information, DARPA wants to track these events in real-time and develop certain countermeasures in cyberspace. “MICE-developed technology will continuously and automatically update and feed into easily-understood dashboards in order to develop comprehensive, real-time ground truth understanding of how countries conduct domestic information control.” The document outlining the program listed six topics the proposals must address in order to bolster efforts to combat the repression. These topics include the targeted information environment, scope and granularity of measurement, where and how information will be collected, tracking plan, presentation for end-users, and other uses for the technology developed under MICE.

Proposals for MICE are due June 30, 2021, and awards will be made under other transaction authority (OTA) with a total combined award value for both project phases of up to $1 million.

For more information, please click this link and this link.

No Summer Slump for Congress: Congress is not taking any time off as summer approaches, with numerous bills, ranging from new cybersecurity measures to moving agency operations outside of the Washington, D.C. area, making their rounds through Congress. If these bills make their way to President Biden’s desk and gain approval, they will present wide-ranging impacts to multiple Federal agencies.

Following numerous high-profile cyberattacks including that of the Colonial Pipeline and meat supplier JBS USA, one bill aims to require government contractors to develop and maintain vulnerability disclosure policies (VDP). In 2020, the Department of Homeland Security pushed Federal agencies to develop VDPs which would allow ethical hackers to detect security risks and report them to the organization so they could rectify those gaps before a malicious entity could exploit them. The colloquially named Contractor Cybersecurity Act would now require contractors to do the same, to prevent increasingly complex and disruptive cyberattacks.

Another bill on the docket includes a bill to relocate certain Federal agencies outside of the Washington D.C. area, to bring the Government and associated economic benefits to more Americans. The commission, helmed by various members of the House, Senate, and GSA administrator would be tasked with preparing relocation plans and an economic and workforce development study focusing on low-income communities or other areas that are best suited for various agencies.

Additional bills include ones to allow states and local entities to apply for annual cybersecurity improvement grants, a bill that requires all Federal agencies’ budget justifications and appropriation requests be made available to the public, and a bill to increase funding and Federal support for the National Science Foundation (NSF).

As these various bills make their way through Congress, massive changes may be on the horizon to multiple Federal agencies. It will be interesting to see what, if any, of these bills will make it to the finish line and how their impact may be felt.

For more information, please click this link.