The Pentagon’s Cybersecurity Loophole: Other Transaction Authority (OTA)

From: National Defense

By Stew Magnuson


Those with good ideas can take the Air Force money — as long as there is a one-third cost share — and build prototypes without having to use Defense Department-approved accounting standards, adhere to the new cybersecurity rules, or comply with innumerable edicts that add to overhead.

This is all made possible by a once out-of-fashion contracting vehicle known as the “other transaction authority,” or OTA. The OTA has been around for decades. It was intended to allow nontraditional contractors or small businesses to build prototypes for the Defense Department, NASA and other agencies.

Chinese Cybersecurity Law: A Rising Threat

From: Corporate Counsel

By Edward McNicholas and Yuet Ming Tham

Every day seems to bring another regulatory presence in cybersecurity, from the New York Department of Financial Services (NYDFS) to the EU’s General Data Protection Regulation (GDPR). But with so much focus on these new U.S. and EU challenges, many companies may be missing the increasing global importance of the Cybersecurity Law of the People’s Republic of China (the Chinese cybersecurity law), which is already in effect. The Chinese cybersecurity law may pose particular compliance challenges because it approaches cybersecurity with a focus on the protection of the Chinese state in a way that may make supplying information technology to China or merely running a business in China much more complicated for global businesses.

FTC Signals Tougher Stance on Mobile Privacy Protection

Editor’s Note: the Federal Trade Commission report, Mobile Security Updates: Understanding the Issues, is available here. (pdf)

From: E-Commerce Times

By John K. Higgins


“Consumers use their mobile devices for a wide range of activities and want to have confidence that when they use them they will be secure,” said Tom Pahl, acting director of the commission’s Bureau of Consumer Protection.

“Our report found, however, significant differences in how the industry deploys security updates and that more needs to be done to make it easier for consumers to ensure their devices are secure,” he added.

Protecting critical infrastructure from dire threats

From: Federal Times

In this file photo, a concrete pole carrying feeder lines stands outside an electric company substation in the U.S. Hackers likely linked to the North Korean government targeted U.S. electricity grid workers in September 2017, according to a security firm that says it detected and stopped the attacks, which didn’t threaten any critical infrastructure. But the attempted breaches raise concerns. (AP Photo/Gerald Herbert)

IP NETs, a technology that fits well with plug-and-play devices and software, are increasingly the go-to for multiple types of communication. But recent events show that IP NETs have opened communications and operations to truly dire cyber-threats.

Will There Be a Government Standard for IoT Security?

Editor’s Note: The NTAA and OMB Circular A-130 are the guiding legal and policy authorities regulating government development and adoption of standards. See An Updated Look at the Federal Policies Governing How Agencies Use Voluntary Consensus Standards in Regulatory, Procurement, and Science Documents.

From: FedTech Magazine

NIST offers its view on Internet of Things security guidelines, but lawmakers are pressing for mandates that would regulate cybersecurity for IoT devices.

by Phil Goldstein

Federal agencies have been steadily adopting and deploying sensors as part of the Internet of Things, but the security of IoT devices has been a constant concern for government IT leaders, especially at the Pentagon. Now, there’s more momentum than ever to make sure federal IoT environments are secured.