Business

GOVERNMENT IT REPORT

House GOP Group Seeks to Curb Regulation and Promote Tech

Republican leaders in the House of Representatives are flexing their collective majority muscles in both substance and style. The most significant change resulting from gaining the electoral majority in the House, of course, is that direction of all committees has shifted to Republican hands.

But other significant changes are under way. Last week, House Speaker John Boehner (Ohio) reorganized a lawmaker group dealing with technology issues. Boehner changed the name of the “House Republican High Tech Working Group” to the “House Republican Technology Working Group,” indicating a broader scope of activity for the organization. Boehner also expanded the leadership of the group, which is chaired by Rep. Bob Goodlatte (Va.), to include two additional vice chairpersons: Rep. Cathy McMorris Rodgers (Wash.) and Rep. Michael McCaul (Texas). They will join Rep. Lamar Smith (Texas), the incumbent vice-chair.

The appointments could add some firepower to the group. Rep. Smith chairs the House Judiciary Committee and has had an interest in technology issues, especially patent reform. Rep. McMorris Rodgers has shown an interest in healthcare information technology and in January co-hosted a visit of Microsoft CEO Steve Ballmer with a group of Republican House leaders. Microsoft is based in her home state.

Forming Tech Policy

It appears that Boehner wants the working group to have a significant role in shaping technology policy. “The technology sector is a prime source of innovation and job creation in America,” he said.

“As is the case for many industries, however, tech companies face significant challenges in the form of excessive government regulations that stifle their potential and hurt their competitiveness. This working group will play a critical role in promoting policies that help keep America at the forefront of innovation and unleash the drive and entrepreneurship of our people,” Boehner added.

While legislation is offered through various committees, such as the Judiciary and Commerce panels, it appears that the working group will be the guiding force in the House for all proposals affecting the information technology sector.

“The House Republican Technology Working Group is planning to officially roll out its agenda in the coming weeks.That agenda will likely include such important issues as cybersecurity, patent reform, free and fair trade, and protecting intellectual property,” Rep. Goodlatte told the E-Commerce Times.

For the tech sector, it is likely that no legislation in the House will go forward until the Working Group has taken a position on it. That could slow the momentum on major issues. For example, the Senate recently passed a patent reform bill after some strong debate, with members of both parties keen to see a bill enacted into law this year. But House action will have to wait until the Working Group has made its position clear.

The group was originally formed in 1998 by then-Speaker Newt Gingrich and is composed of more than 40 Republicans.

The Federal Buzz: Notes on Government IT

FSA Seeks Security Vendors: The U.S. Department of Education is seeking vendor assistance in fashioning a major security upgrade of the information collected and processed in its higher education student aid program. The Office of Federal Student Aid (FSA) has asked vendors to respond by March 31 to a request for information. The issuance of an actual contract solicitation will be determined after FSA reviews the responses from vendors.

“This is simply to look at industry best practices in an effort to gain an understanding of what types of technologies are available,” William Taggert, chief operating officer at FSA, told the E-Commerce Times.

As part of its 2011-1015 agency strategy, FSA determined that maintaining the security of its IT assets and infrastructure was a high priority.

“Accordingly, FSA is assessing the capabilities of industry partners in provisioning security services to support the extension of its information security and privacy capabilities, integrate continuous process improvement, expand the use of best practices and supporting tools and technologies, maximize costs savings, and proactively address the changing security and privacy landscape,” FSA says in the RFI notice.

The agency listed four major goals: ensure a secure operational cyberenvironment; maintain mission critical cyberdefenses; advance FSA’s cybersituational awareness and intelligence analysis capabilities, and mature and evolve the agency’s capability to secure its IT assets. Among FSA’s more detailed objectives: 1) end-to-end protection of personally identifiable information (PII); 2) mitigation against keyloggers and other malware designed to disclose PII; 3) firewall management; and 4) cloud security services.

FSA asked vendors to provide statements of capability, including any examples of providing similar solutions to other federal agencies, as well as descriptions of the approaches they would take to addressing agency objectives. While FSA could not provide an estimate of the value of potential contracts, its scope of operations gives some idea of its IT requirements.

FSA supports 13 million students and their families through 30 million aid awards and maintains a US$622 billion loan portfolio. FSA employs 1,000 people and utilizes 10,000 contractors who provide outsourced assistance for customer service, loan serving and collections, which account for 85 percent of the agency’s $1 billion annual administrative budget.

NIST Data Security: The National Institute of Standards and Technology (NIST) has released two updated publications that help organizations find and manage data security vulnerabilities more effectively by standardizing the way breaches are identified, prioritized and reported.

NIST said that the intended audience for the documents not only included government agencies but also commercial firms, especially software developers, systems integrators and product developers. One document, “The Technical Specifications for the Security Content Automation Protocol (SCAP) Version 1.1,” refines the requirements from the SCAP 1.0 version. SCAP is a suite of specifications for standardizing the format and nomenclature by which security software communicates to assess software flaws, security configurations and software inventories.

The update tightens the requirements of the individual specifications in the suite to support SCAP’s functionality and to ensure interoperability. It also adds a new specification — the Open Checklist Interactive Language (OCIL) — that allows security experts to gather information that is not accessible by automated means. The second document, “Guide to Using Vulnerability Naming Schemes,” provides recommendations for SCAP users.

Before these naming schemes were standardized, different organizations referred to vulnerabilities in different ways, which created confusion. These schemes “enable better synthesis of information about software vulnerabilities and misconfigurations,” said co-author David Waltermire.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

More by John K. Higgins
More in Business

E-Commerce Times Channels