As US Cyber Command Grows, So Does Its Acquisition Strategy
Last year, US Cyber Command was elevated to a unified combatant command. This year, it continues to grow and evolve—and that growth includes its acquisition strategy. FCW, reporting on the recent Billington Cybersecurity Summit, quoted from Stephen Schanberger, command acquisition executive for U.S. Cyber Command, in a recent article. According to FCW, “Cyber Command has only had acquisition authority for two fiscal years, but Congress extended that authority through 2025 in the fiscal year 2019 National Defense Authorization Act. That advances the authority four years from the original sunset date of 2021. […] Schanberger seeks to more than triple Cyber Command's acquisition to $250 million to allow for multi-year contracts. Congressional scrutiny has been the main impediment to securing additional acquisition funds because the command needs to prove its contracting abilities, but Schanberger said increasing staff and getting things right will help.”
Internet Association Seeks to Head Off Flurry of State Data Privacy Laws
Similar to how states enacted 50 different data breach notification laws instead of Congress creating one national law, data privacy laws may head in the same direction. The California Consumer Privacy Act possibly sets a precedent for other states, and that’s what the Internet Association wants to avoid. According to SC Media, “The Internet Association, which represents more than 40 companies, including Facebook, Alphabet, Microsoft and Twitter, came out [last] Tuesday in favor [of] ‘an economy-wide, national approach to regulation that protects the privacy of all Americans’ rather than adhere to a bundle of individual state laws like the recently passed California Consumer Privacy Act. The group seeks ‘meaningful controls over how personal information they provide [is collected, used, and shared],’ and supports the rights of consumers to delete information…”
Committee Passes Data Security and Notification Requirement Bill
According to a press release, the House Financial Services Committee passed H.R. 6743, the Consumer Information Notification Requirement Act, last Thursday. The legislation, sponsored by Subcommittee on Financial Institutions and Consumer Credit Chairman Blaine Luetkemeyer (MO), will institute a new statutory requirement that all financial institutions notify consumers in the event of a breach involving their personal information. In an earlier press release, Rep. Luetkemeyer said, “My bill […] enhances the Gramm-Leach-Bliley Act, ensuring customers of financial firms are protected and informed in the event of a breach.”
Proposed Cyber Ready Workforce Act Will Help Fill Critical Cybersecurity Talent Shortages
Cybersecurity talent is hard to find. As the cybersecurity industry grows and jobs are created, there are not enough people to fill the necessary roles. Last Thursday, Rep. Jacky Rosen (D-Nev.) introduced the Cyber Ready Workforce Act that proposes to “establish a grant program within the Department of Labor to support the creation, implementation, and expansion of registered apprenticeship programs in cybersecurity.” According to The Hill, “Under the bill, the programs would be required to offer certain cybersecurity certifications and help connect participants with local businesses or other entities for apprenticeships in hopes to boost the number of qualified workers for federal cyber jobs.”
Cybersecurity Reports and Surveys Roundup
We’ve rounded up a few of the best cybersecurity reports and surveys released last week: