At a glance.

  • DOD and CISA may receive additional funding for cybersecurity endeavors.
  • Easterly and Inglis get good notices from Congress. 
  • Indian government limits 5G sales to “trusted sources” only.

DOD and CISA may receive additional funding for cybersecurity endeavors.

The US House Appropriations Committee has finished marking up the fiscal 2023 spending bills and allotted $15.6 billion for federal agency cybersecurity efforts. Roll Call explains that the Defense Department (DOD) would receive the majority of the funds, $11.2 billion, while the Cybersecurity and Infrastructure Security Agency, (CISA) will receive $2.9 billion, $417 million more than requested by the White House. House Appropriations Chair Rosa DeLauro said the “dramatic investments in our nation’s cyber infrastructure” aim “to prevent increasingly pervasive cyber-attacks,” referencing the wave of incidents in 2020 and 2021 that impacted industry giants and federal government agencies. Tom Gann, chief public policy officer at cybersecurity research firm Trellix, says the funding earmarked for CISA will likely support the key services it offers to other federal agencies, including continuous diagnostics and mitigation, endpoint detection, and other cyber support provided through the agency’s National Cybersecurity Protection System. Gann explained, “I think for fiscal year 2023, CISA will be in a good position to ramp up its service provider capabilities and increase its threat hunting capabilities — which is a big initiative — and clearly implement things in meeting the executive order.” 

Easterly and Inglis get good notices from Congress. 

This week marked the one-year anniversary for CISA Director Jen Easterly and National Cyber Director Chris Inglis, and the Washington Post reflects on their accomplishments. Highlights include responding to the log4j software library vulnerability (which Easterly deemed the most serious bug she’d ever seen), warning organizations of the increased cyberattack risk in the wake of Russia’s invasion of Ukraine, leading efforts to remediate the government shortage of cybersecurity workers, and defusing pushback from the Federal Bureau of Investigation about incident reporting legislation. CISA launched the Joint Cyber Defense Collaborative, and the DOD established new laws to help the pipeline, rail, and aviation sectors protect against future attacks. Lawmakers applauded Easterly’s and Inglis’s work so far, with Security Committee Chairman Gary Peters stating, “Thanks to their actions, there is no question our nation is more prepared to deter online attacks and hold foreign adversaries and criminal hackers accountable for targeting our networks.” Representative John Katko, the top Republican on the House Homeland Security Committee, praised their ability to cross the party aisle “to build cooperation, awareness, and support for their critically important work.”

Indian government limits 5G sales to “trusted sources” only.

In anticipation of the launch of the 5G technology standard for broadband cellular networks, anticipated to roll out in early 2023, Asia Financial reports that India is making it more difficult for Chinese IT vendors to sell to local operators. The Department of Telecommunications announced this week that telecom licenses will require operators to purchase equipment from “trusted sources” for both network expansion and upgrade projects, closing a loophole that some operators were using to justify acquiring equipment from Chinese manufacturers like Huawei and ZTE. Unfortunately, the new rules could make it harder for smaller firms to find affordable equipment. Mahesh Uppal, the founder of Delhi-based telecom consultancy firm Com First, explains, “Outsiders, barring the government, have no idea which equipment could be termed as coming from “reliable sources.” For the operators to move away from Chinese equipment would certainly involve higher costs and this is bad news for them.”