Scott previously served as associate director for China operations at the Cybersecurity and Infrastructure Security Agency. Entrusted with managing CISA’s China initiatives, Scott oversaw the interdisciplinary team tasked with enhancing cybersecurity efforts against hybrid threats from nation-states.
CISA Director and Wash100 Award recipient Jen Easterly, noting Scott’s pivotal role at the agency, said, “Andrew was instrumental in working across the agency to develop a comprehensive multi-year plan to address the threat posed by PRC cyber actors to U.S. critical infrastructure.”
Before joining CISA, Scott was with the National Security Council as senior director for cyber policy. He served as the special assistant to the president at the same time. In addition, Scott held various positions for the State Department including deputy director for information technology of the executive secretariat.
Scott’s appointment comes on the heels of the hacking perpetrated by the Volt Typhoon, a group of Chinese government-linked hackers that managed to break into U.S. internet service providers.
At a recent summit, Scott emphasized the need for the U.S. to prepare for China’s evolving digital threats in the event of a conflict between the two nations.
Register here and join the Potomac Officers Club as they present the 2024 Intel Summit, where top IC officials, government decision-makers and industry executives will discuss the future of American intelligence.
The White House Office of the National Cyber Director is seeking to mitigate the internet security weaknesses of the Border Gateway Protocol through the guideposts of its report titled ”Roadmap to Enhancing Internet Routing Security”.
According to the 19-page report issued on Tuesday, the main technology routing internet traffic across independent networks provides inadequate security to current threats.
The ONCD report recommends that internet service providers and entities operating enterprise networks or internet protocol address resources adopt a Resource Public Key Infrastructure to mitigate BGP vulnerabilities.
The roadmap builds upon ONCD’s Implementation Plan of the National Cybersecurity Strategy that includes a requirement for registration service agreements for federal agencies’ IP space, which will lead onward to federal networks’ establishment of route origin authorizations, or ROAs.
In line with one of the roadmap’s key guideposts, ONCD is establishing an Internet Routing Security Working Group in partnership with the Cybersecurity and Infrastructure Security Agency and the Communications and Information Technology Sector Coordinating Councils.
The working group’s tasks include providing network operators with a risk assessment framework for prioritizing IP address resources and route originations to apply routing security measures, such as ROAs and route origin validation.
The Federal Risk and Authorization Management Program plans to hold small focus groups to gain input from agencies, cloud service providers and independent assessors regarding the configuration of a platform it had acquired to advance its modernization efforts.
FedRAMP said Tuesday that the platform will work to automate the authorization process, expand continuous monitoring capabilities, facilitate collaboration and communication and deliver better FedRAMP Marketplace metrics.
The modernization push is expected to result in improved FedRAMP trustworthiness and superior security outcomes.
Concerning feedback about the platform, of particular significance to the program is input from individuals with visual or hearing impairments or those with upper-motor disabilities. Input from such individuals will help test and refine FedRAMP’s ability to comply with the requirements of Section 508 of the Rehabilitation Act.
Interested parties have until Sept. 15 to indicate their desire to participate.
The Department of Defense’s Office of the Chief Information Officer has released a document establishing policy to manage access to DOD’s information technology resources hosted by systems and system components as part of efforts to ensure security of the department’s information systems.
The latest DOD Instruction, which took effect Tuesday, Sept. 3, outlines the responsibilities of the DOD CIO, director of the Defense Information Systems Agency and the chief data and artificial intelligence officer, among other officials, to facilitate access management for the department’s IT systems.
The document, for instance, directs the CIO to provide guidance to facilitate the implementation of access management procedures; coordinate with heads of other DOD components to build and maintain requirements for identity, credential and access management platforms; and work with CDAO and other component heads to track migration to dynamic access to meet mission requirements.
The new policy also covers IT resource and system protocols, enterprise authoritative services approval processes and implementation procedures for access requirements, authoritative attribute service requirements and non-person entity access, among others.
The National Geospatial-Intelligence Agency is expected to open a $700 million opportunity for industry to provide artificial intelligence and data labeling capabilities, SpaceNews reported Tuesday.
Under the multi-vendor indefinite-delivery/indefinite-quantity contract, the agency will look to improve machine learning systems designed to examine satellite imagery and other geospatial data.
Vice Adm. Frank Whitworth, director of NGA and a multiple Wash100 Award winner, said, “This represents a significant investment in computer vision, machine learning and AI.”
“NGA will engage with commercial partners to navigate the challenges posed by increasing levels of geoint data,” Whitworth added.
The IDIQ contract will prioritize deciphering raw data, including images and videos, to make findings comprehensible for machine learning models. The NGA also aims to manufacture computer vision programs to classify these objects in new unlabeled images. In terms of satellite imagery, specific objects like buildings, roads and vegetation will be labeled.
Whitworth told reporters that a request for industry bids should be released by the end of September. The IDIQ contract represents the NGA’s most ambitious data labeling initiative to date.
The Department of the Air Force plans to elevate cyber functions by dividing the offices of the deputy chief of staff for intelligence, surveillance and reconnaissance, known as A2, and the deputy chief of staff for information dominance, called A6, Federal News Network reported Monday.
Lt. Gen. Leah Lauderback, who has been deputy chief of staff of ISR and cyber effects operations at the Air Force since 2022, said she hopes the Senate will confirm a three-star officer by the spring of 2025 to lead the newly created A6, which will focus on cyber issues.
She added that she expects A2 to return to its function of overseeing ISR efforts at the department.
The move is one of the 24 changes proposed by the department’s senior leaders in February to reoptimize the Air Force and Space Force for great power competition.
According to the lieutenant general, the move to split A6 from A2 aligns with Air Force Secretary Frank Kendall’s efforts to transition Air Forces Cyber into a standalone service component command.
“It needs to be elevated so that it is on par with air superiority, with mobility superiority, with electromagnetic superiority,” Lauderback said of the move.
“I think that this elevation of both the 6 and then of AFCYBER is going to put this at the forefront of all of the senior leadership within the Department of the Air Force so that they understand you can’t work without comms and you can’t work without cyber operations, attacking the enemy and defending from the enemy,” she added.
The Defense Innovation Unit has posted a solicitation for a commercial solution to securely transmit data across various Department of Defense network enclaves, which communicate through routing protocols and devices.
According to the solicitation notice, DOD requires a data distribution prototype to manage the transport and caching of information across a globally distributed infrastructure using an asynchronous publisher-subscriber messaging system.
The agency expects that the prototype will run on government-issued equipment, use government-provided authentication methods and can be readily integrated with enterprise data meshes to enhance interoperability between systems.
Interested businesses are invited to submit their proposed solutions with technical details and examples of previous deployments in the commercial sector.
DIU noted that proposals that specifically address the problem statement and product requirements will be prioritized, adding that submitters should indicate if they will work on the project with partners or subcontractors.
Congress will settle on a $833 billion defense spending topline for fiscal 2025, one House leader says. But in typical fashion, it won’t be on time—so lawmakers are readying a budget extension.
“It looks like there’s going to be another continuing resolution that will come up next week, probably the middle of next week. The debate has been: how long should that CR go?” Rep. Rob Wittman, R-Va., vice chairman of the House Armed Services Committee, said Wednesday at a Defense News event.
Translated, that means the budget won’t be passed before the start of the new fiscal year—Oct. 1—so Congress will temporarily fund the Defense Department at 2024 levels for an as-yet-undetermined time. Since it’s an election year, lawmakers may well punt the final decisions on 2025 spending until a new Congress has taken office in January.
Continuing resolutions are a reality, but Wittman said they are “the worst way for us to be able to manage the defense enterprise.” Pentagon officials regularly bemoan the costs of a continuing resolution, which costs the department billions in buying power and prevents the services from starting new initiatives.
Lawmakers, now returning from August recess, have much to negotiate in both the defense authorization and appropriations bills. The full Senate has yet to approve its versions, which differ on both policy provisions and the overall top line from the House versions largely crafted by GOP lawmakers.
Despite many differences, and whether it happens in the 118th Congress or 119th, Wittman said lawmakers will settle on $833 billion for the topline, which falls in line with the requirements of last year’s Fiscal Responsibility Act.
The Pentagon “should be able to do most of the things that it needs to do with that number,” he said. “I think that’s the number you’re actually going to have to live with.”
But Wittman also said lawmakers might consider adding more funding later in fiscal 2025.
Pentagon officials have signaled that another supplemental funding package will be needed if wars in Europe and the Middle East continue. Congress passed a $95 billion supplemental package earlier this year to fund weapons for Ukraine, Israel, Taiwan, and support Indo Pacific security needs.
The chance of Congress passing another supplemental bill depends on what’s in it, Wittman said, but cautioned that it wouldn’t happen anytime soon because getting it through a lame duck Congress is a “complicated process.”
“I think if it was very focused, and there was an explanation about why it was critical to this nation, in relation to the threat from China or Russia or otherwise, it might have a chance. I think anything that gets spread wider than that really has a difficult time, especially in relation to the whole debate that took place with the FRA and the issue about managing this nation’s spending,” Wittman said.
The White House’s Office of the National Cyber Director announced a new hiring sprint for the nearly half a million cyber jobs across the United States on Wednesday.
The effort, dubbed Service to America, will last through October. ONCD is collaborating with the Office of Management and Budget and Office of Personnel Management on the sprint.
“Throughout our history, generation after generation of Americans have stepped up to meet the challenges of their day, protecting and serving our nation in a variety of ways,” Harry Coker, national cyber director, wrote in a blog. “Today, we face a new challenge and with it a new opportunity to serve: defending cyberspace.”
There are currently approximately 470,000 cyber jobs in the United States, per Cyberseek.
The federal government alone had 3,000 open jobs in the 2210 occupational series — which encompasses IT work, including some cyber jobs — in fiscal 2024.
That’s per an inventory the White House’s cyber office is fielding with OMB and OPM, Seeyew Mo, assistant cyber director for workforce, education and awareness at ONCD, told Nextgov/FCW.
The hiring push is the latest in the administration’s efforts to fill in the national cybersecurity workforce.
The White House’s cyber office released a workforce-specific strategy last year. Since then, it’s also garnered commitments from organizations to train and expand the cyber workforce and remove four-year degree requirements from cybersecurity jobs — a move the federal government is also pursuing for its own cyber hiring.
The government’s HR agency has also pitched lawmakers on a legislative revamp of cyber hiring and pay, although that effort doesn’t appear to have piqued the interest of lawmakers yet, at least publicly.
The new campaign is meant to both raise awareness for jobseekers who may not know of opportunities in cyber, as well as engage with public and private sector employers, said Mo.
“We’re trying to connect more Americans to good paying, meaningful jobs in cyber,” said Mo. “We need more Americans to be interested in this work.”
Part of the battle is perception, wrote Coker.
A highly technical background or cybersecurity degree isn’t necessary to work in the field, he wrote. Still, there are barriers to entry for some, including requirements for degrees, years of experience and cybersecurity certifications.
Removing those obstacles is something the administration says it’s been focused on.
Last spring, ONCD and OPM announced that they would be rewriting requirements for the federal government’s IT workforce in an effort to enable agencies to hire feds without college degrees that learned skills on the job.
The Labor and Commerce Departments also fielded a push for cybersecurity apprenticeships in 2022.
As for the latest effort, the cyber czar’s office will be coordinating with other federal agencies to recruit and hire at career fairs, said Mo. The first one, targeted at military spouses, will take place Thursday.
ONCD is also encouraging both agencies and private sector counterparts alike to use best practices like removing degree requirements and offering entry level cyber jobs, apprenticeships and paid internships, said Mo.
“We are trying to open up opportunities for each and every American who wants to serve their nation,” he said. “It’s about broadening pathways and removing barriers.”
The administration has also been seeking to hire AI professionals into the government after Biden signed an executive order focused on the technology last fall.
The landing page for the new OCND effort includes links to tech and AI jobs, in addition to cybersecurity. The efforts are complementary, Mo said.
“Cyber is more than cybersecurity,” he noted. “You don’t need a ‘cyber’ in your title to be doing cyber work.”
Congresswoman Eleanor Holmes Norton, D-D.C., the nation’s capital’s non-voting House lawmaker, last week reintroduced legislation that would grant congressional employees whistleblower protections and an additional form of paid leave.
Employees of the government’s legislative branch — including lawmakers’ staffs, employees of agencies like the Government Accountability Office, Congressional Budget Office and U.S. Capitol Police officers — are covered by the Congressional Accountability Act, which confers abridged workplace protections that federal employees enjoy under laws governing whistleblowers, workplace safety and labor issues.
The Office of Congressional Workplace Rights is the agency tasked with enforcing those various laws. In each of its two most recent biennial reports to Congress, the agency recommended improving whistleblower and Occupational Safety and Health Act protection and enforcement.
“Federal law provides broad employment protection to executive branch employees who disclose information that the whistleblower reasonably believes evidences a violation of law, rules or regulations, or mismanagement, gross waste of funds, abuse of authority or a substantial and specific danger to public health and safety,” the office wrote in December 2022. “There are no analogous protections for legislative branch employees, even those who would raise an issue with a committee of jurisdiction or other appropriate legislative branch official. The lack of statutory protection leaves legislative branch employees who would provide critical information at risk for retaliation.”
The Congress Leads by Example Act (H.R. 9420) would apply some of the Office of Congressional Workplace Rights’ latest recommendations for updating the Congressional Accountability Act to provide whistleblower and OSHA retaliation protections to legislative employees, and grants the office with subpoena authority to investigate alleged OSHA violations. Additionally, the bill would grant congressional workers with parental bereavement leave, in line with the two weeks per year afforded to executive branch employees.
In a statement, Norton said her legislation would continue the work that Congress started in 2018 when it amended the Congressional Accountability Act to update how Congress handles accusations of misconduct and extended protections to unpaid staff and interns, following the #MeToo movement and reports of sexual harassment on Capitol Hill.
“Congress must abide by the laws it imposes on the American people and their workplaces,” she said. “Congress already acknowledged the importance of accountability in the legislative branch workplace when it passed the Congressional Accountability Act of 1995 and further confirmed it when it passed the Congressional Accountability Act of 1995 Reform Act in 2018. As a former chair of the U.S. Equal Employment Opportunity Commission, I take issues of workplace discrimination and abuse very seriously. My bill builds on the protections in previous laws, bringing the protections for legislative branch employees in line with those for other workers.”