Editor’s Note: For information about a forthcoming presentation on the limits of executive authority, see here.
By ZACHARY FRYER-BIGGS
WASHINGTON — Following up on President Barack Obama’s State of the Union theme of executive action regardless of congressional approval, the Defense Department (DoD) and General Services Administration (GSA) announced late Wednesday they were moving ahead with six “planned” reforms to improve cybersecurity in the federal acquisition system.
The announcement of the reforms coincided with the release of “Improving Cybersecurity and Resilience Through Acquisition,” a joint DoD/GSA report dated November 2013. That report outlines suggestions for training and accountability for cyber to make sure security is baked into products, but most importantly, includes the idea of instituting “baseline” security requirements for contractors.
DoD has flirted with adding language to the defense specific federal acquisition regulations to create security requirements, but industry has been resistant to the changes. Congress also dabbled in the requirements game, with former Sen. Joe Lieberman, I-Conn., leading the charge to create basic security standards in sweeping cybersecurity legislation, but his repeated attempts to pass a bill were thwarted by aggressive lobbying from businesses through the US Chamber of Commerce, which described the cost associated with cybersecurity as burdensome.