Congress Studies the 3 Rs: Re-org, Re-clearance, Reauthorization

Lucky-photographer/Shutterstock.com

The bill that would name and shame hackers that attack U.S. targets also advanced.

Lawmakers pushed plenty of cyber and tech bills before they headed out for July 4th recess (though the Senate will have some pro-forma sessions this week). Here’s what you shouldn’t miss:

First, Those Reorganization Plans

House Oversight and Government Reform Committee lawmakers from both parties pushed the White House to defend its governmentwide reorganization plans, which include shrinking the Office of Personnel Management, privatizing the Postal Service and phasing out paper processes for digital ones.

Office of Management and Budget Deputy Director for Management Margaret Weichert faced criticism—and some testy exchanges—for the proposal’s lack of detail. She said OMB wanted to put its ideas out first and then seek feedback from stakeholders, including lawmakers and federal employee unions. She estimated it would take three to five years to implement the plans if approved.

Senate Homeland Security Chairman Ron Johnson, R-Wisc., and Sen. James Lankford, R-Okla., meanwhile, introduced legislation to put the reorganization plans into action.

Clear the Decks

The Senate Intelligence Committee forwarded its annual Intelligence Authorization bill Tuesday with major changes to the security clearance process. Chief among the changes is a mandate that 90 percent of intelligence community clearance holders be reviewed by continuous checks of public records rather than reinvestigations every five or 10 years.

The bill also requires agencies to do a better job of accepting each other’s clearances and orders up a report on the possibility of reducing the number of clearance levels from five to three.

‘A Very Particular Set of Cyber Skills’

The House version of the Intelligence Authorization Act would increase pay for “certain employees with unique cyber skills,” according to a press release from House Intelligence Chairman Devin Nunes, R-Calif.

The bill also creates a new infrastructure security center for threats to the energy sector and orders up reports on intelligence agency leaks, such as the Vault 7 leak of CIA tools and the Shadow Brokers leak of National Security Agency hacking tools.

The Name and Shame Game

The president would be required to name and shame nations and individuals that hack U.S. targets under a bill forwarded by the House Foreign Affairs Committee Thursday. The bill, sponsored by Rep. Ted Yoho, R-Fla., also lays out a slate of sanctions the president can impose on foreign hackers, including canceling non-humanitarian aid and security assistance and denying visas.

Just two days earlier, the Senate Foreign Relations Committee advanced its version of a House-passed bill that would require reinstating a cyber coordinator office at the State Department.

So This VA Health Records Project Will Save Us Money, Right?

Lawmakers on the House Veterans Affairs Committee made it clear that they’ll be watching the Veterans Affairs Department’s electronic health management modernization project closely. Chairman Phil Roe, R-Tenn., and ranking member Tim Walz, D-Minn., announced a new subcommittee will provide oversight for the department’s technology efforts.

VA acting Secretary Peter O’Rourke shared initial plans for the implementation of the $16 billion project—$10 billion of which will fund the EHR platform Cerner will provide while another nearly $6 billion will go to infrastructure upgrades. O’Rourke told lawmakers they expect the project to stay within the budget and the 10-year timeframe and are working closely with Defense Department counterparts rolling out MHS Genesis EHR platform with Cerner.

One question that O’Rourke and Cerner President Zane Burke couldn’t answer is what the savings will be once the system is in maintenance mode.

“I sure hope it’s a whole hell of a lot less than the $1 billion we currently spend,” Government Accountability Office Director of IT Operations Dave Powner said, referring to the amount it costs the department annually to operate its VistA EHR system. He suggested the department reconsider how it hosts systems and optimize its data centers to ensure lowering costs.

Pentagon Goes All In on AI

The Senate Appropriations Committee forwarded a slate of bills this week, including a Defense funding bill that commits $308 million for Pentagon artificial intelligence projects, including $83 million to establish a Joint Artificial Intelligence Center.

The bill also devotes $356 million in cyber research funding, including $116 million toward Missile Defense Agency cybersecurity enhancements.

NIST’s Marching Orders

The House Science Committee forwarded a bill Wednesday reauthorizing the Commerce Department’s cyber standards agency, the National Institute of Standards and Technology.

Among other mandates, the bill orders NIST to offer additional training to federal agencies implementing the agency’s cybersecurity framework.

The committee also forwarded a bill ordering the president to launch a 10-year investment program in quantum computing with a White House coordinating office. Experts fear the U.S. is falling behind China in the race toward quantum computing, which will massively increase computing power.

DOJ’s OPM Oopsie

The Justice Department belatedly clarified a plea agreement last week that left lawmakers and a lot of other people scratching their heads.

The June 18 release described a woman pleading guilty to identity theft at the Langley Federal Credit Union using data from the 2015 Office of Personnel Management breach. That prompted confused letters from Sen. Mark Warner, D-Va., and Rep. Gerry Connolly, D-Va., wondering how the heck she got her hands on OPM data.

The government line has been that the breach of more than 20 million current and former federal employees’ sensitive security clearance information was conducted by the Chinese government and that the information was locked in a vault in Beijing—a place your everyday identity thief typically doesn’t have access to.

The Justice Department clarified that, while many of the Langley credit union victims were also OPM victims—for the obvious reasons—“the government continues to investigate the ultimate source of the [personally identifiable information] used by the defendants.”

Because consumer information is swept up in so many data breaches, it’s difficult to trace the origin of a lot of breached information.

The ZTE Fight Continues

The Trump administration came out swinging Tuesday against a provision in this year’s National Defense Authorization Act that would reverse Trump’s reversal of a ban on U.S. companies working with the Chinese telecom giant ZTE.

U.S. intelligence officials say ZTE tech could be used to spy on Americans, but the Trump administration said canceling the ban would violate the separation of powers and eliminate concessions the Commerce Department wrangled out of ZTE.

The administration would support a separate part of the provision, which bans ZTE and Huawei, another Chinese telecom, from U.S. government networks, provided it’s written in a way “that provides flexibility in implementation to maintain the ability of executive departments and agencies to accomplish their missions,” according to a policy statement.

The defense policy bill has been approved by both chambers in different versions and is heading into conference.