Take a look
- The Department of Defense launches a new cyber workforce strategy.
- The FCC calls for a rule change for telecommunications cyber incident response.
- US Senator Urges Department of Education to Contract with Cybersecurity Software Vendors.
The Department of Defense launches a new cyber workforce strategy.
US Assistant Secretary of Defense Dr. Kathleen Hicks signed the Department of Defense (DoD) Cyber Workforce Strategy 2023-2027. Developed in coordination with the Joint Chiefs of Staff, US Cyberspace Command, and the military services, the strategy outlines how the DoD will cultivate a cyber workforce to support its cyber missions. “The strategy will enable the Department of Defense to close the gaps in workforce development, workforce resource management and development initiatives, stay ahead of technological advances, deliver resilient systems safely and quickly. , and transform into a data-centric enterprise with optimized workforce analytics,” a Defense Department press release states. The plan outlines four pillars of human capital: identification, recruitment, development and retention, which will provide the foundation for the objectives of the strategy. The Biden Administration’s 2022 National Defense Strategy instructed the Department to “Cultivate the workforce we need,” and the new plan focuses on hiring a diverse and qualified stable of cybersecurity professionals, as well as equipping them with the resources and partnerships necessary for growth. Mark Gorak, Senior Director of Resources and Analytics, stated, “This strategy, in combination with our current portfolio, will help unify cyber workforce management efforts across the Department of Defense and ensure our workforce is continuously developed across of training and skills development opportunities.
The FCC calls for a rule change for telecommunications cyber incident response.
The US Federal Communications Commission (FCC) has proposed a rule change that would broaden the definition of the term “data breach” so that communications carriers include any incident that compromises the confidentiality of customer data, including if there is no harm to customers. FCC Chairwoman Jessica Rosenworcel explained that the growth in volume and sophistication of data breaches has prompted the FCC to reevaluate its incident response rules. “This new procedure will take a much-needed fresh look at our data breach reporting rules to better protect consumers, increase security, and reduce the impact of future breaches,” she states. Currently, telecom carriers must notify federal authorities of all data breaches within seven business days, and inform consumers seven days after that. The new rule would eliminate this seven-day waiting period between notifying police and notifying customers. By updating the definition of a breach, the FCC hopes to encourage companies to reevaluate their breach response plans to proactively prevent incidents in the first place. Venkat Gupta, Portfolio Leader of Data State Modernization at Sogeti, told Dark Reading: [rule] half [communications] carriers would be required to report any unauthorized access or disclosure of customer information, even if the breach was unintentional or malicious. Everyone should be concerned because data breaches can happen in many different ways, and even unintentional breaches can have far-reaching consequences.”
US Senator Urges Department of Education to Contract with Cybersecurity Software Vendors.
On Monday, US Senator Ron Wyden, D-Oregon, wrote a letter to the Department of Education calling for better cybersecurity software for the nation’s schools.
Wyden suggested that the Department could reduce the financial burden on schools by negotiating contracts with educational software providers. The letter states: “Educators should not have to choose between student learning and their privacy: model contracts could help level the playing field between big tech companies and poor school administrators who must negotiate with them.” “. These contracts, Wyden suggests, would also include provisions prohibiting telecommunications companies from selling student data to third-party intermediaries. GCN explains that American schools, with their limited resources and large volume of sensitive data, have increasingly become a target for cyberattacks, especially as education has become more technology-oriented as a result of the COVID pandemic. -19. This expanded attack surface has made it much easier for attackers to exploit security breaches in school networks, increasing the need for robust cybersecurity software. Wyden continues: “A national approach supported by the Department would give schools greater leverage when dealing with the biggest edtech players. These companies have little incentive to bargain and instead exploit their market power by telling school districts to ‘take it or leave it’ when it comes to invasions of their students’ privacy.”