IG's oppose records proposal, Congress concerned about car hacks and more
News and notes from around the federal IT community.
IG group opposes DOJ records proposal
A group representing federal inspectors general has written a letter to senior lawmakers firmly opposing a Justice Department proposal the group says is too narrow in its pursuit of access to records.
The DOJ proposal "only applies to the DOJ inspector general's access to records and fails to ensure that all other federal inspectors general have the same independent access at their respective agencies," said the letter from the Council of Inspectors General on Integrity and Efficiency. The letter went to the chairmen of the House and Senate judiciary committees and other lawmakers.
The DOJ has proposed amending the Inspector General Act of 1978 in response to a July memo from the department's own Office of Legal Council that found that the DOJ was justified in withholding or putting conditions on the release of grand jury, credit and wiretap information.
DOJ Inspector General and CIGIE Chair Michael Horowitz has been outspoken about what he says is a lack of access to certain materials needed to conduct oversight, including grand jury testimony and wiretap transcripts.
Private sector torn on cybersecurity regulation
In a survey of directors and officers of 276 publically traded companies released Nov. 5, Veracode found broad recognition that firms are responsible for protecting data – but a mixed response on regulation.
Nearly all of the private sector respondents -- 89 percent -- said regulators should hold companies liable for breaches that came about because the companies didn't make a reasonable effort to secure data.
And what's a "reasonable effort"? That's the golden question, said Chris Wysopal, Veracode's co-founder, CTO and chief information security officer.
"Everybody thinks they're making reasonable efforts," he said. "They think it's the other guy [who isn't]."
For 43 percent of respondents, the threat of civil lawsuits, rather than federal regulation, should be enough to keep companies on the cybersecurity straight and narrow.
Almost half of the respondents said they'd been making cybersecurity decisions with the Federal Trade Commission's case against Wyndham Hotels, which established the FTC's authority in this area, in mind. As the FTC, SEC and even FDA consider beefing up regulations that apply specifically to cybersecurity, Wysopal said, it won't be smooth sailing, despite everybody recognizing the problem.
"There's going to be a huge amount of pushback from industry," he said.
Lawmakers look to study car hacking
As concerns about the cyber vulnerabilities of advanced automotive operating systems grow, Representatives Ted Lieu (D-Calif.) and Joe Wilson (R-S.C.) plan to present legislation to study automotive cyber vulnerabilities.
The Security and Privacy in Your Car Study Act of 2015, called the SPY Car Study Act by its sponsors, would require the National Highway Traffic Safety Administration and the Federal Trade Commission to identify and recommend measures to protect against potentially lethal hackings and to enhance driver privacy.
The bill also stresses the need for partnership between the auto industry and government agencies, and includes the Department of Defense and National Institutes of Standards and Technology in its provisions along with the NHTSA and FTC.
Lieu emphasized the need for this collaboration, stating that the bill "is a first step in bringing industry, advocates and government together to strike a balance between innovation and consumer protection to ensure that car navigation, entertainment and operating systems are safe and the data gleaned from such systems kept private."
The bill follows similar legislation proposed in the Senate by Sens. Richard Blumenthal (D-Conn.) and Ed Markey (D-Mass.) in July.