April 23rd Daily Policy Monitoring

APR 22 – CISA: CISA Releases Five Industrial Control Systems Advisories

• The Cybersecurity and Infrastructure Security Agency (CISA) has released five Industrial Control Systems (ICS) advisories.
• These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
• The ICS advisories include ICSA-25-112-01 Siemens TeleControl Server Basic SQL; ICSA-25-112-02 Siemens TeleControl Server Basic; ICSA-25-112-03 Schneider Electric Wiser Home Controller WHC-5918A; ICSA-25-112-04 ABB MV Drives.

APR 22 – NextGov: State Department Moves Cyber and Intelligence Bureaus Under Agencywide Reorganization

• The State Department’s Bureau of Cyberspace and Digital Policy (CDP) was moved under the agency’s Economic Growth office following a massive reorganization announced by Secretary of State Marco Rubio Tuesday.
• The changes to CDP were outlined in an org chart provided by the agency.
• Rubio announced the reorganization to staff Tuesday, as employees had anticipated. Some 15% of domestic staff will be eliminated, with 132 offices closed.

APR 22 – House: Mace to Hold Hearing on Unlocking Government Efficiency through IT Modernization

• The Subcommittee on Cybersecurity, Information Technology, and Government Efficiency chairwoman Nancy Mace announced a hearing on “Unlocking Government Efficiency Through IT Modernization,” which will be held on Tuesday, April 29.
• At the hearing, members will examine opportunities to save taxpayers money, enhance security, and achieve efficiencies by building on groundbreaking initiatives started during the first Trump administration to modernize legacy IT systems in the federal government.
• President Trump’s Executive Order 14158 issued earlier this year builds on these efforts by instructing the US DOGE Service Administrator to institute a software modernization initiative to improve the quality and efficiency of government technology.

APR 15 – DOD: Pentagon Publishes Guidance on Using Updated NIST Controlled Unclassified Information Publication for Contracting Officials

• The Pentagon is providing instructions to contracting officials on tailoring the latest version of the National Institute of Standards and Technology (NIST) foundational publication on controlled unclassified information, in a recent memorandum on organization-defined parameters critical to the next iteration of the Cybersecurity Maturation Model Certification program.
• The memo says that “A key reference [in NIST 800-171 Rev. 3] is the inclusion of organization-defined parameters (ODPs), which allow organizations to tailor select security controls to specific security requirements, as determined by unique organizational risk management strategies.”
• The memo was signed by David McKeown, acting deputy DOD CIO for cybersecurity and DOD chief information security officer. It was cleared for open publication on April 15.

APR 15 – ITI: Tech Group Urges FCC to Embrace Interagency Coordination When Addressing National Security of Submarine Cables

• The Information Technology Industry Council (ITI) wants the Federal Communications Commission (FCC) to rely on the expertise of Team Telecom when it comes to making national security decisions on submarine cables, as part of a rulemaking to inform future work on updating the 20-year-old undersea cable system.
• Team Telecom is an interagency group responsible for reviewing “certain FCC applications and licenses for national security and law enforcement risks.” Team Telecom uses the information to advise the FCC on whether the application or license should be granted, denied or granted with conditions for mitigation.
• ITI writes that “FCC licensing decisions should be aligned with and deferential to Team Telecom’s assessments. If there are changed circumstances or new risk factors, the FCC should coordinate directly with Team Telecom to reassess rather than independently determine national security implications.”

April 22nd Daily Policy Monitoring

APR 22 – NIST: Visiting Committee on Advanced Technology Meeting

• The National Institute of Standards and Technology (NIST) Visiting Committee on Advanced Technology (VCAT) is holding an open in-person meeting on Tuesday, June 10 from 9:00 to 5:00 PM ET.
• The primary purpose of the meeting is for the VCAT to review and make recommendations regarding general policy for NIST, its organization, its budget, and its programs within the framework of applicable national policies set forth by the President and Congress.
• The agenda will include an update on major programs at NIST, a session on the changes within the organization, budget considerations, and alignment of NIST programs with Administration priorities.

APR 22 – GAO: Artificial Intelligence: Generative AI's Environmental and Human Effects

• The Government Accountability Office (GAO) has released a report on the environmental and human impacts of Generative AI, including the potential benefits and risks.
• The GAO examined the potential environmental effects of generative AI technologies, potential human effects of generative AI technologies, and what policy options exist to enhance the benefits or mitigate the environmental and human effects of generative AI technologies.
• The GAO highlights five risks and challenges from generative AI that could result in negative human effects: lack of accountability, unintentional bias, unsafe systems, lack of data privacy, cybersecurity concerns. However, due to the rapidly evolving nature of generative AI, the report highlights that there are challenges in defining the specific risks and challenges from generative AI, as well as their impacts.

APR 21 – FCC: FCC to Hold Open Commission Meeting

• The Federal Communications Commission (FCC) will hold an open meeting on Monday April 28 at 10:30 AM.
• The FCC will consider a Notice of Proposed Rulemaking that would promote efficient spectrum sharing between geostationary and non-geostationary satellite systems. This will include the review of power limits developed in the 1990s on non-geostationary satellite orbit and fixed satellite service systems for the protection of geostationary satellite networks.

APR 21 – DOT: FAA Accelerates Critical Technology Upgrade

• The Federal Aviation Administration (FAA) is accelerating the modernization of a critical safety system that alerts pilots and flight planners about airspace changes and will deploy a new Notice to Airmen (NOTAM) service this year.
• NOTAMs communicate temporary changes such as runway closures and airspace restrictions to pilots and flight planners. More than 4 million NOTAMs are issued annually.
• The modernization will provide near-real-time data exchange, enabling efficient dataflows and better stakeholder collaboration. The system will be securely hosted in the cloud, and it will have a scalable resilient architecture.

APR 18 – GAO: Priority Open Recommendations: Department of Energy

• In June 2024, the Government Accountability Office (GAO) identified 27 priority recommendations for the Department of Energy (DOE).
• Since then, the DOE has implemented three of those recommendations, including issuing a revised cybersecurity policy and revising its insider threat program order.
• In March 2025, GAO identified seven additional priority recommendations for DOE, including addressing insider threats and cyber security risks and enhancing energy reliability, security, and resilience.

APR 18 – White House: Trump Creates New Federal Employee Category

• The Office of Personnel Management (OPM) filed proposed regulations that would formally revive Schedule F, which would strip federal workers of their civil service status, making them effectively at-will employees.
• The proposal, which will be published in the Federal Register on April 23, outlines the new expected service category, now called Schedule Policy/Career, purports to remove “cumbersome adverse action procedures” for employees in what the administration deems to be policy-related jobs and accused the Biden administration, which filed its own regulations last year seeking to prevent Schedule F’s return, of “protecting poor performers.”
• OPM estimates that around 50,000 federal workers will be placed in the new job category, or around 2% of the civilian workforce.

APR 17 – BIS: Darryl Chan: Opening Remarks – International Conference on Generative Artificial Intelligence

• Darryl Chan, the Deputy Chief Executive of the Hong Kong Monetary Authority gave the opening remarks at the International Conference on Generative Artificial Intelligence.
• The event was co-organized by the Hong Kong Monetary Authority (HKMA), the Academy of Finance (AoF), the Hong Kong Institute for Monetary and Financial Research (HKIMR) and the Centre for Economic Policy Research.
• In the speech, Chan explains that the Government of Hong Kong is adopting a policy stance that promotes the adoption of AI in the financial services sector while also addressing the challenges related to cybersecurity and data privacy.
• Chan further highlights the importance of transparency, data privacy, and governance in ensuring the responsible adoption of Gen A.I., especially in the financial sector.
• In support of the responsible adoption of AI the HKMA has provided guidance to ensure appropriate safeguards for consumer protection. These safeguards include a "human-in-the-loop" approach to Gen A.I. adoption.

APR 16 – OSTP: OSTP Taps Policy Scholar Dean Ball as AI, Emerging Tech Advisor

• Dean Ball is joining the Trump administration Office of Science and Technology Policy (OSTP) as a senior policy advisor on artificial intelligence and emerging technology.
• Ball comes to OSTP from the Mercatus Center at George Mason University, where he has served as a research fellow for the past year.
• His past experience includes serving as a senior program manager for Stanford University’s Hoover Institution, an executive director for the Calvin Coolidge Presidential Foundation, and the director of the Adam Smith Society at the Manhattan Institute.

April 21st Daily Policy Monitoring

APR 18 – NIST: Request for Nominations for Members to Serve on NIST Technical Information Service Federal Advisory Committees

• The National Institute of Standards and Technology (NIST) and the National Technical Information Service (NTIS) has published a notice inviting and requesting the nomination of individuals for appointment to ten existing Federal Advisory Committees.
• The relevant committees include the National Artificial Intelligence Committee, the Information Security and Advisory Board, and the Visiting Committee on Advanced Technology.
• Nominations for all Committees will be accepted on an ongoing basis.

APR 16 – BPI: BPI Supports Reauthorization of Cyber Threat Information Sharing Law

• The Bank Policy Institute (BPI) has issued a statement in support of legislation to reauthorize the Cybersecurity Information Sharing Act of 2015, before it expires on September 30, 2025.
• The Cybersecurity Information Sharing Act has helped safeguard the financial system for over 10 years by enabling banks to share timely information to identify and defend against cyber threats.
• The law appropriately balances privacy and security and letting it lapse could make America’s financial system more vulnerable to emerging cyber risks.

APR 16 – Congress: A Bipartisan Bill to Extend Information Sharing Provisions that Help Address Cybersecurity Threats

• U.S. Senators Gary Peters, Ranking Member of the Homeland Security and Governmental Affairs Committee and Mike Rounds introduced a bipartisan bill to extend provisions that encourage businesses to share the information about ongoing cybersecurity threats with the federal government to strengthen our nation’s cybersecurity defenses.
• The bill, which will extend provisions that were originally signed into law through the Cybersecurity and Information Sharing Act of 2015, incentivizes companies to voluntarily share cybersecurity threat indicators, such as software vulnerabilities, malware, or malicious IP addresses with the Department of Homeland Security to protect Americans’ personal information and ensure that both the federal government and companies can take collaborative steps to prevent data breaches or attacks from cybercriminals and foreign adversaries.
• Peters and Rounds introduced the bill to extend these provisions for another 10 years. Without this, the law will expire in September

UPCOMING EVENTS

APR 21 – IAPP: IAPP Global Privacy Summit 2025

• The International Association of Privacy Professionals (IAPP) Global Privacy Summit starts today, April 21 and runs through Thursday, April 24.
• The first two days are focused on trainings and workshops.
• The conference portion starts on Wednesday. Highlights include a panel on the Trump Administration’s approach to cyber policy and law with the R Street Institute’s Brandon Pugh, the Aspen Institute’s Sasha O’Connel and retired Rear Adm. Mark Montgomery of the Foundation for Defense of Democracies, as well as a session on the Justice Department’s recently launched Data Security Program.

APR 22 – INSA: Spring Symposium – Integrating Emerging Tech: Challenges and Solutions

• The Intelligence and National Security Alliance (INSA) is hosting its spring symposium on Tuesday, April 22.
• This year’s program will convene 250-300 senior leaders from government, leading defense contractors, academic institutions, and technology firms supporting the U.S. national security mission.
• Topics for discussion include counterintelligence challenges in an evolving threat landscape, harnessing emerging technologies for strategic gain, leveraging AI for competitive advantage, and rethinking acquisition strategies for speed and agility.

APR 22 – FedSoc: Regulatory Reform for 5G Deployment: Infrastructure and Policy Perspectives

• The Federalist Society is hosting a webinar on Tuesday, April 22.
• The webinar will examine potential telecom deregulation and the roles of the Federal Communications Commission (FCC), the National Telecommunications and Information Administration (NTIA), and Congress in 5G deployment.

APR 22 – NSI: Cracks in the Network: Cybersecurity Failures, SALT Typhoon and U.S. Cyber Leadership

• The National Security Institute (NSI) and the Center for National Interest (CFTNI) are hosting an event on the cyber challenges faced by telecom networks and the broader impacts of Salt Typhoon on national security.
• The event will begin with opening remarks from Congressman Jim Himes, Ranking Member of the House Permanent Select Committee on Intelligence, followed by a panel discussion with key voices from the cybersecurity and policy communities.

APR 24 – DGI: Zero Trust Workshop

• The Digital Government Institute (DGI) is hosting a zero trust workshop on Thursday, April 24.
• The workshop will delve into critical lessons and best practices derived from real-world Zero-Trust security implementations within government agencies.
• The workshop will cover key topics such as the foundational principles of Zero Trust, step-by-step implementation strategies, and the unique considerations faced by government entities.