House Panel Passes 2022 NDAA with Eye on Cyber Workforce
By Lauren C. Williams Sep 02, 2021
The House Armed Services Committee passed its version of the 2022 National Defense Authorization Act, 57-2, with a keen eye on improving the cyber workforce, while raising the topline spending limits by about $24 billion.
HASC Chairman Adam Smith (D-Wash.) opened the 16-hour markup session, characterizing this year's bill as transformative in its support of emerging technologies that could help the Defense Department better develop platforms, protect networks and deter adversaries "more cost effectively."
"New innovative technologies are great, but you can also mess up how you use them. So we want to learn from that, put in place a military that can deal with the challenges we face," Smith said.
"Because as we all know and as we've all learned, being able to protect your systems -- information warfare, cyber attacks -- all of that is a lot more threatening than it used to be."
The bill now moves to the House floor for a vote.
Inclusivity in the draft, budget increase transparency
After voting with a significant majority to raise defense spending by $24 billion, the HASC also adopted a provision that directs the defense secretary to submit a publicly available report on the programs Congress authorized or appropriated above the 2022 budget request amounts, specifically above $20 million.
According to Rep. Elissa Slotkin's (D-Mich.) amendment, DOD would have to report any program or activity that it attempted to divest but Congress restored. It would also have to include assessments on whether those listed programs and activities support the National Defense Strategy from 2018 and the Biden administration's Interim National Strategic Guidance.
The panel also voted 35-24 to adopt an amendment presented by Rep. Chrissy Houlahan (D-Pa.) that would require all U.S. persons sign up for the Military Selective Service System regardless of "race, color, sex, or gender."
Eyes on software acquisition
The Defense Department may be required to stand up a band of software acquisition experts by January 2022, according to a provision in the House draft of the NDAA.
A provision by Rep. Anthony Brown (D-Md.) would require DOD's acquisition chief to stand up a "cadre of personnel who are experts in development and acquisition of software" to ensure a consistent and strategic approach. The group would also provide "assistance, and resources to the acquisition workforce" to support the implementation of the Adaptive Acquisition Framework adopted last year.
In that same vein, Rep. Jim Langevin (D-R.I.) offered report language to require the defense secretary to report on whether a new contracting mechanism would help speed up software delivery to the warfighter by Oct. 1, 2022 -- two years after the establishment of the complementary software acquisition pathway. If the answer is yes, DOD would have to make a plan to develop an agile contracting mechanism for rapid software acquisition.
Centering the cyber workforce
Langevin, who chairs the Subcommittee on Cyber, Innovative Technologies, and Information Systems, championed several amendments, including one that prohibits DOD's CIO from being "dual hatted" as the principal cyber advisor. But on the workforce side, one Langevin amendment would improve senior leaders' working knowledge of technologies. The provision would have the defense secretary "establish a short course on emerging technologies" and their application to military and business scenarios for senior executive-level civilian leaders. The class would be taught on a two-year cycle and require at least 20% of enrollees pass the certification in the first year. That requirement would go up 10% each year until reaching an 80% threshold.
The bill also includes a requirement for the defense secretary to report on the feasibility of including training or other duties necessary for cybersecurity operations or missions to protect critical infrastructure by National Guard members.
There's also a push to centralize the Defense Department's cyber education, training and recruitment under a senior DOD official. Slotkin's amendment seeks to conduct a study to evaluate whether creating a "single clearinghouse or point of contact responsible for cyber recruitment and retention" across the department would be viable.
Rep. Ruben Gallego (D-Ariz.), who chairs the HASC's Subcommittee on Intelligence and Special Operations, led an amendment that mandates DOD to create a "national network for microelectronics research and development," tweaking language from the 2021 NDAA. The bill also includes a reporting requirement due by March 31 on DOD's current efforts on the matter.
Partnership with Destination Huntsville
As the Summit returns with face-to-face interactions, Destination Huntsville, North Alabama's only full-service destination management company, is excited to partner with the 2021 National Cyber Summit to offer unique after-hours activities specially curated for Summit attendees.
Destination Huntsville has created four fun-filled experiences that will offer a break from meeting fatigue and provide ways to explore why Huntsville is not only a smart city but a fun place to live. We'll share the sights, sounds, and flavors that make Huntsville so special.
View & Register After-Hour Excursions
Be sure and register for these after-hour excursions, and visit our Huntsville Street Party in the Exhibit Hall for more about this Rocket City in the South.
To learn more about Destination Huntsville, your boots on the ground local experts providing support services for event production, meeting needs, curated experiences, and transportation coordination, please visit us at DestinationHuntsville.com.
The CyBUr Guy Podcast Joins the Summit!
The CyBUr Guy podcast was started in 2020 and is designed to present cyber issues of the day and discuss cyber investigations featuring retired Special Agent Darren Mott. This podcast discusses current cyber trends and threats with industry and law enforcement leaders and is geared to individuals and businesses alike. Retired FBI Special Agent Darren Mott worked the Cyber Threat and Counterintelligence threats during his 20 years in the FBI and worked in the Charlotte, Cleveland, and Birmingham Field offices as well as spending time at FBIHQ in both the Cyber and Counterintelligence Divisions setting national policy and working with foreign partners from the UK, Russia, Estonia, Germany, The Netherlands, Canada, and Australia to combat cyber threats.
The CyBUr Guy podcast will record interviews with National Cyber Summit participants, vendors, and speakers to discuss cyber issues, cyber solutions, and talk to cyber through leaders live from the Summit floor. You can listen to “The CyBUr Guy Podcast” at https://thecyburguy.com or at any podcast distribution site like Apple, Google Play, Stitcher, Spotify, etc… If you want to participate on the podcast stop by the CyBUr Guy table or email Darren Mott at email@example.com to pre-schedule a time.
The InfoSecSync Podcast began in 2016 and has supported the National Cyber Summit since 2016 providing interviews hosted by Cybersecurity Subject Matter Expert, Nick Thomas. InfoSecSync provides Cybersecurity News, Expertise, and Risk Management topics to the masses as well as industry professionals.
Nick is a Cyber Operations Security Executive with over 20 years of expertise implementing Key Information Assurance solutions. He is a Navy Veteran and current Navy Cryptologic Reservist.
The podcast is available at https://InfoSecSync.com
You can also watch the weekly news on our YouTube Channel: https://www.youtube.com/channel/UCoqQfnE4B8nRHQJSPefGe_g
NCS Job Fair Partner, ClearedJobs.Net | CyberSecJobs.com, Looks Forward to Reconnecting with Summit Attendees in 2021
At ClearedJobs.Net and CyberSecJobs.com, we look forward to hosting the National Cyber Summit Job Fair in Huntsville each year, as longstanding NCS partners. However, these unprecedented times changed the way job seekers would connect with leading Huntsville area employers this year. Instead of the in-person career fair that summit attendees have come to know, we pivoted to a virtual job fair in light of the current environment. Though the National Cyber Summit was postponed till 2021, the Cyber Job Fair moved forward on a virtual platform, allowing professionals from all over the country with an interest in the Huntsville market to participate.
It was our goal to create an online job fair that offered the same features we bring to our in-person events, such as a friendly welcome booth staff and complimentary resume reviews. Though we weren’t able to see each smiling face or shake hands while wishing attendees good luck, the Virtual Cyber Job Fair on June 3, 2020, successfully incorporated all of our favorite elements in an online format.
Job seekers were able to stop by the virtual information booth to say hello or ask questions, connect with employers and find opportunities catering to a variety of cleared and cyber skill sets, participate in resume reviews provided by Still Serving Veterans, and jump in the Huntsville booth to chat with representatives from local Huntsville organizations to learn about living and working in the community. All of these happenings took place in text-based chats, in various virtual booths.
Up to this point, 2020 has largely been about change and how we adapt to it—and individuals in the defense, intelligence, and cyber security communities have stepped up to the challenge, whether it be adapting to remote work, social distancing protocols, or other ‘new normals.’ Many of our attending job seekers and employers were new to the virtual job fair experience, but they were able to adapt, forge connections in a new way, and drive their job search and recruitment efforts forward.
While the circumstances we’ve faced this year motivated us to learn something new and push ourselves into the virtual arena, we’re excited to get back to Huntsville, see all the summit attendees, and host the National Cyber Summit Job Fair on-site next year, on June 9, 2021. The National Cyber Summit is a valuable staple of the cyber security community, and we’re proud to support the mission by helping to connect cyber professionals with cyber opportunities. Here’s to educating, collaborating, and innovating in 2021 – see you in Huntsville!
About ClearedJobs.Net | CyberSecJobs.com
ClearedJobs.Net and CyberSecJobs.com, located in Falls Church, Virginia, are veteran-owned firms providing services and products to the security cleared and cyber security communities. Founded in 2001, the company produces Cleared Job Fairs® and Cyber Job Fairs, posts online security cleared and cyber security jobs, and provides industry information to assist job seekers in their career transitions.
Chinese Military Personnel Charged with Computer Fraud, Economic Espionage and Wire Fraud for Hacking into Credit Reporting Agency EquifaxIndictment Alleges Four Members of China’s People’s Liberation Army Engaged in a Three-Month Long Campaign to Steal Sensitive Personal Information of Nearly 150 Million Americans
A federal grand jury in Atlanta returned an indictment last week charging four members of the Chinese People’s Liberation Army (PLA) with hacking into the computer systems of the credit reporting agency Equifax and stealing Americans’ personal data and Equifax’s valuable trade secrets.
The nine-count indictment alleges that Wu Zhiyong (吴志勇), Wang Qian (王乾), Xu Ke
(许可) and Liu Lei (刘磊) were members of the PLA’s 54th Research Institute, a component of the Chinese military. They allegedly conspired with each other to hack into Equifax’s computer networks, maintain unauthorized access to those computers, and steal sensitive, personally identifiable information of approximately 145 million American victims.
“This was a deliberate and sweeping intrusion into the private information of the American people,” said Attorney General William P. Barr, who made the announcement. “Today, we hold PLA hackers accountable for their criminal actions, and we remind the Chinese government that we have the capability to remove the Internet’s cloak of anonymity and find the hackers that nation repeatedly deploys against us. Unfortunately, the Equifax hack fits a disturbing and unacceptable pattern of state-sponsored computer intrusions and thefts by China and its citizens that have targeted personally identifiable information, trade secrets, and other confidential information.”
According to the indictment, the defendants exploited a vulnerability in the Apache Struts Web Framework software used by Equifax’s online dispute portal. They used this access to conduct reconnaissance of Equifax’s online dispute portal and to obtain login credentials that could be used to further navigate Equifax’s network. The defendants spent several weeks running queries to identify Equifax’s database structure and searching for sensitive, personally identifiable information within Equifax’s system. Once they accessed files of interest, the conspirators then stored the stolen information in temporary output files, compressed and divided the files, and ultimately were able to download and exfiltrate the data from Equifax’s network to computers outside the United States. In total, the attackers ran approximately 9,000 queries on Equifax’s system, obtaining names, birth dates and social security numbers for nearly half of all American citizens.
The indictment also charges the defendants with stealing trade secret information, namely Equifax’s data compilations and database designs. “In short, this was an organized and remarkably brazen criminal heist of sensitive information of nearly half of all Americans, as well as the hard work and intellectual property of an American company, by a unit of the Chinese military,” said Barr.
The defendants took steps to evade detection throughout the intrusion, as alleged in the indictment. They routed traffic through approximately 34 servers located in nearly 20 countries to obfuscate their true location, used encrypted communication channels within Equifax’s network to blend in with normal network activity, and deleted compressed files and wiped log files on a daily basis in an effort to eliminate records of their activity.
“Today’s announcement of these indictments further highlights our commitment to imposing consequences on cybercriminals no matter who they are, where they are, or what country’s uniform they wear,” said FBI Deputy Director David Bowdich. “The size and scope of this investigation — affecting nearly half of the U.S. population, demonstrates the importance of the FBI’s mission and our enduring partnerships with the Justice Department and the U.S. Attorney’s Office. This is not the end of our investigation; to all who seek to disrupt the safety, security and confidence of the global citizenry in this digitally connected world, this is a day of reckoning.”
The defendants are charged with three counts of conspiracy to commit computer fraud, conspiracy to commit economic espionage, and conspiracy to commit wire fraud. The defendants are also charged with two counts of unauthorized access and intentional damage to a protected computer, one count of economic espionage, and three counts of wire fraud.
The investigation was conducted jointly by the U.S. Attorney’s Office for the Northern District of Georgia, the Criminal and National Security Divisions of the Department of Justice, and the FBI’s Atlanta Field Office. The FBI’s Cyber Division also provided support. Equifax cooperated fully and provided valuable assistance in the investigation.
Assistant U.S. Attorneys Nathan Kitchens, Samir Kaushal, and Thomas Krepp of the Northern District of Georgia; Senior Counsel Benjamin Fitzpatrick of the Criminal Division’s Computer Crime and Intellectual Property Section; and Trial Attorney Scott McCulloch of the National Security Division’s Counterintelligence and Export Control Section are prosecuting this case. Attorneys with the Office of International Affairs provided critical assistance in obtaining evidence from overseas.
The details contained in the charging document are allegations. The defendants are presumed innocent until proven guilty beyond a reasonable doubt in a court of law.
The year 2020 marks the 150th anniversary of the Department of Justice. Learn more about the history of our agency at www.Justice.gov/Celebrating150Years.
Non-profit organizations encouraged to exhibit at National Cyber SummitThe National Cyber Summit invites non-profit entities to participate in the nation’s fastest growing cyber security summit on June 2-4, 2020, in Huntsville, Alabama. Non-profit organizations are offered a discounted rate of $400 to exhibit at the summit by registering by January 31, 2020.
By participating in the National Cyber Summit, your organization will be among the first to see innovative research and technologies that are changing the face of cyber industries, as well as make face-to-face connections with industry leaders.
Visit https://tools.eventpower.com/speaker_management/index/20NCS-NP to submit your request to be eligible to receive the discounted rate.