Week ahead: Crunch time for defense bill’s cyber reforms | Equifax under scrutiny

The House is out in the coming week and all eyes will be on the Senate as the upper chamber looks to finally pass its version of the annual defense policy bill.

The Senate version of the fiscal 2018 National Defense Authorization Act (NDAA) has several cyber-related provisions, including some incorporated into a substitute amendment offered by Armed Services Committee Chairman John McCain (R-Ariz.).

Among those is language that would codify into law the Department of Homeland Security's newly issued ban on anti-virus software from Moscow-based cybersecurity firm Kaspersky Lab. The ban would apply to all federal agencies and departments. It was first proposed by Sen. Jeanne Shaheen (D-N.H.).

Kaspersky has come under increased scrutiny over alleged ties to Russian intelligence, though the company has long described the allegations as baseless. Kaspersky intends to produce a written statement to Homeland Security addressing concerns about its products. Eugene Kaspersky, the company's CEO, has also agreed to testify before Congress in the wake of the Homeland Security ban.

McCain's substitute amendment also incorporated language directing the Pentagon to report on significant security risks to defense critical electric infrastructure posed by "malicious cyber-enabled activities."

Several cyber-related amendments have been offered to the Senate version of the annual defense policy bill, though they risk not getting added.

As in years past, the defense bill again sparked a fight over which amendments would get votes and a number of more controversial measures were dropped.

On the cyber front, Sens. Tim Kaine (D-Va.) and Roger Wicker (R-Miss.) have proposed language that would update and expand an existing federal cyber scholarship-for-service program run by the National Science Foundation.

Sen. Amy Klobuchar (D-Minn.) along with other Democrats has offered an amendment that would bar a joint cybersecurity initiative between the United States and Russia, a proposal floated by President Trump earlier this year. Trump, though, quickly backed away from the idea after criticism from both parties.

Additionally, Sen. Cory Gardner (R-Colo.) has offered a measure prohibiting the Pentagon from contracting with telecommunications firms that support North Korean cyberattacks. An identical measure offered by Rep. Robert Pittenger (R-N.C.) made its way into the House version of the bill passed in July.

The Senate is poised to wrap up debate on the NDAA Monday evening, having voted Thursday to end debate on the substitute amendment.

The bill fully funds Trump's budget request for U.S. Cyber Command, the Pentagon's offensive cyber unit that the administration officially elevated into its own warfighting unit in August.

The coming week is also likely to produce more scrutiny of Equifax over the data breach that the credit reporting firm says exposed personal information on as many as 143 million Americans to hackers.

Lawmakers from both parties have sent letters and requests for testimony to Equifax executives, demanding answers on the circumstances surrounding the massive security breach. The issue has also triggered legislation addressing credit reporting and data security.

On Thursday, the Federal Trade Commission (FTC) disclosed that it has launched an investigation into the breach, which exposed consumers' Social Security numbers, birth dates, and some credit card numbers.

Some cyber-related news could be made off Capitol Hill next week, with former FBI Director James Comey slated to speak at Howard University's opening convocation on Friday.

It was just over three months ago that Comey captivated the nation with his testimony before the Senate Intelligence Committee, amid rampant speculation about the circumstances of Trump's decision to remove him.

In case you missed them, here are some of our recent articles:

DOJ: Google no longer contesting most cross border data warrants

Senators propose 9/11-style commission on Russian interference

Bipartisan House bill would save State Department's cyber office

Feds move to ramp up cyber hiring

Equifax feels the heat in Washington for breach

Homeland Security sued over warrantless phone, laptop searches at border

Government warns of Equifax phishing scams

US sanctions Iranian nationals for cyberattacks against banks

View desktop version