Lloyd Austin, secretary of the Department of Defense and a 2023 Wash100 inductee, has issued a memorandum directing DOD component agencies to immediately assess their compliance with the department’s procedures and standards for protecting classified national security information.

Component agencies should report their findings to the office of the undersecretary of defense for intelligence and security no later than May 2, according to the memo signed by Austin on Monday.

The directive states that agencies should adhere to several standards, including accountability, safeguarding, storage and destruction, transmission and transportation, security education and training, reporting of security incidents involving classified information and cybersecurity protocols.

Austin noted that he directed USD(I&S) to oversee a 45-day review of the department’s security policies, programs and procedures in coordination with the chief information officer and director of administration and management.

The secretary said DA&M will advance initial measures to implement the directive and the CIO will release additional guidance for DOD.

“These actions and measures may include, but will not be limited to: restriction or deletion of distribution lists on classified computer networks, allowing limited physical and electronic access to certain intelligence products, granting printing privileges on the Joint Worldwide Intelligence Communications System by exception, requiring proper information handling procedures including encryption of emails, and increasing inspections when people enter and exit Sensitive Compartmented Information Facilities,” the memo reads.

Sen. John Thune, R-S.D., clarified that a bipartisan bill to regulate information and communications technology such as TikTok does not single out the social media platform, but would establish a review framework for any technology from a foreign-adversary country that could put U.S. national security at risk.

In a testimony before Senate on Wednesday, Thune stated that he wanted to address misconceptions about the Restricting the Emergence of Security Threats that Risk Information and Communications Technology Act, which he co-authored with Sen. Mark Warner, D-Va., a three-time Wash100 recipient.

“Our legislation, which…codifies an executive order issued by President Trump, as well as a subsequent rule by the Trump Commerce Department, would fill in the gaps in current law and ensure that it is possible to address not just traditional risks from foreign-owned companies but the specific threats posed by foreign-owned digital technology,” said Thune, a ranking member of the Senate Subcommittee on Communications, Media, and Broadband.

He noted previous efforts by the U.S. government to crack down on companies including Huawei, ZTE and Kaspersky following evidence showing that their commercial devices were being used by home countries China and Russia to penetrate global communication networks.

He also stressed that the RESTRICT Act would direct the Department of Commerce to conduct a review of such information and comms technology products, develop measures and if possible recommend a ban, to mitigate the risks posed by the products.

“Importantly, our bill would ensure transparency by requiring the commerce secretary to coordinate with the director of national intelligence to provide declassified information on why any measures against technology products from foreign-adversary countries were taken,” Thune explained.

National security agencies from the U.S., the U.K., Canada, Australia and New Zealand have released joint guidance on mitigating cybersecurity threats posed by smart city technologies.

The guide outlines three key recommendations to help communities looking to implement smart city tools: implementing a secure planning and design process, executing a proactive approach to supply chain risk management and applying operational resilience strategies, the Cybersecurity and Infrastructure Security Agency said Wednesday.

According to the Cybersecurity Best Practices for Smart Cities guide, communities must enforce multifactor authentication, implement zero trust architecture, patch systems and safeguard internet-facing services against cyberthreats.

The guidance also recommended that organizations set clear requirements for internet of things supply chains, establish incident response and recovery plans and enhance workforce training.

“The cybersecurity best practices outlined here are designed to help evolving connected communities better protect their infrastructure and sensitive data,” said Jen Easterly, director of CISA and a 2023 Wash100 awardee.