/
Sens. Gary Peters, Ron Johnson Introduce Supply Chain Security Training Act
Published on
Sens. Gary Peters, Ron Johnson Introduce Supply Chain Security Training Act

Sens. Gary Peters, D-Mich., and Ron Johnson, R-Wis., have proposed a bipartisan bill that would require the General Services Administration (GSA) to coordinate with the Office of Management and Budget (OMB) and departments of Defense (DOD) and Homeland Security (DHS) to establish a training program to help federal officials protect information technology supply chains against cyberthreats.

The proposed Supply Chain Security Training Act would also direct OMB to come up with guidance on how federal agencies can use the training program and select officials to take part in the program, Peters’ office said Thursday.

“Federal employees need to know how to recognize possible threats when they are purchasing software and equipment that could allow bad actors a back door into government information systems. This bill will help strengthen national security by safeguarding against cybersecurity vulnerabilities and other threats posed by the technology our government uses,” said Peters, chairman of the Homeland Security and Governmental Affairs Committee.

The measure builds on a recent executive order that seeks to facilitate threat information sharing among agencies, improve the security of the federal software supply chain and advance cybersecurity infrastructure modernization.

“Counterintelligence training for federal workers who buy and sell goods and services for the government is critical at a time when our adversaries are probing cyber vulnerabilities to breach our systems and steal information,” said Johnson. “This type of training will help close a potential gap in our cyber and physical security defenses.”

Supply Chain Cybersecurity: Revelations and Innovations

If you want to hear cybersecurity experts talk about how the tech supply chain can reduce the risk of cyberattacks and get ahead of hackers, then check out ExecutiveBiz's Supply Chain Cybersecurity: Revelations and Innovations forum coming up on Oct. 26th. 

To register for this virtual forum and view other upcoming events, visit the ExecutiveBiz Events page.

/
Attorney Rachel Jacobson Nominated to Oversee Army Installation, Environmental Programs
Published on
Attorney Rachel Jacobson Nominated to Oversee Army Installation, Environmental Programs

Rachel Jacobson, a special counsel at Washington, D.C.-based law firm WilmerHale, has been nominated by President Biden to serve as assistant secretary for Installations, Energy and Environment at the U.S. Army. 

She currently works in WilmerHale's energy, environment and natural resources group and previously worked at the Department of Defense as deputy general counsel for environment, energy and installations, the White House said Friday.

Her federal career also includes senior roles at the departments of Interior and Justice, where she served for 18 years. Jacobson, an American College of Environmental Lawyers member, also led a conservation program during her time at the National Fish and Wildlife Foundation.

If confirmed, she will succeed John Suresh, who has been performing the duties of ASA (IE&E) since January.

/
A2LA Updates Requirements for FedRAMP Assessors
Published on
A2LA Updates Requirements for FedRAMP Assessors

The American Association for Laboratory Accreditation (A2LA) has unveiled updated requirements mandatory to third-party assessment organizations (3PAO) of the Federal Risk and Authorization Management Program (FedRAMP). 

The updated version of the R311 policy document features new requirements that will be effective immediately and considered in the next A2LA assessment of each 3PAO, FedRAMP said in a blog post published Wednesday.

The new requirements cover personnel qualifications, training plan time durations and subcontracting. The new policy also tasks 3PAOs that have not completed an assessment within a year to undergo an exercise to maintain their FedRAMP authority.

FedRAMP aims to bolster and standardize the security of cloud products used in the federal government. Third-party assessment organizations work to evaluate the compliance of commercial cloud products with FedRAMP standards.

A2LA serves as the accreditation body for FedRAMP 3PAOs.

/
NIST Seeks Public Feedback on Draft About Commercial Satellite Cybersecurity
Published on
NIST Seeks Public Feedback on Draft About Commercial Satellite Cybersecurity

The National Institute of Standards and Technology asks the public to comment on a new draft document about the cybersecurity of commercial satellite activities.

The document, titled “Introduction to Cybersecurity for Commercial Satellite Operations,” tackles how to manage cybersecurity risks of crewless space activities while considering space vehicle requirements, NIST said Wednesday.

The agency specifically wants feedback regarding the example use cases, corresponding controls and overall approach presented by the document. NIST may also create other publications for other space operation areas, based on the feedback to be received.

Interested parties may access the draft and instructions via this link and submit responses through  August 13. 

/
Cypress International Launches “The Cypress Perspective” Podcast; CEO David Halverson Quoted
Published on
Cypress International Launches “The Cypress Perspective” Podcast; CEO David Halverson Quoted

Cypress International announced the launch of a new podcast service on Friday called “The Cypress Perspective,” featuring experts across the defense industry as they discuss the latest challenges and initiatives across the Department of Defense (DOD) as well as defense and aerospace sectors.

“We are proud to bring together subject matter experts, like Admiral (Ret) Jamie Foggo, former Commander Navy Forces Europe and Rear Admiral (Ret) Bob Girrier, former Director Unmanned Systems, Office of the Chief of Naval Operations to share their insights on issues so important to the nation’s defense.” said David Halverson, CEO of Cypress International.

Cypress International revealed that the first podcast will be a three-part series focusing on the U.S. Navy’s needs from industry to enable unmanned systems to more effectively support the warfighter in the evolving distributed maritime operations environment.

This three-part series will be moderated by Jim McCarthy, vice president of Naval Programs at Cypress International. After more than twenty years of executive experience in the sector, McCarthy will share his expertise in Navy budgeting, acquisition and risk management spanning weapons, platforms, networks and system integration on The Cypress Perspective.

“We look forward to sharing regular podcasts on a range of important issues from across the DoD and aerospace & defense Industry on the Cypress International website,” Halverson added.

Visit CypressInternational.com to check out the first three episodes of The Cypress Perspective featuring Jim McCarthy discussing unmanned systems for the U.S. Navy. Stay tuned for more episodes from defense experts in the future.

/
SIEGE Technologies Appoints Tracie Davidson as VP of Contracts; Alex Clary Quoted
Published on
SIEGE Technologies Appoints Tracie Davidson as VP of Contracts; Alex Clary Quoted

SIEGE Technologies announced on Friday that Tracie Davidson, formerly of the Federal Bureau of Investigation (FBI) has joined the company as its vice president of Contracts.

“Tracie’s seasoned background with Government contracting will serve as a collective arsenal of skills and abilities for SIEGE,” says Alex Clary, principal with Braes Capital. “We are excited to have such an experienced professional join our team!”

With the FBI, Davidson performed as a contract specialist and contracting officer, supporting cybersecurity efforts and protecting national security, for the last 24 years.

Over her career, Tracie has established and managed numerous multi-million dollar classified technical/engineering indefinite-delivery, indefinite-quantity (IDIQ) contract vehicles. She recently completed her FAC-C Level II certification.

Davidson is a graduate of Oregon State University (OSU) where she spent two years in Army ROTC. In addition, she served four years with the Army Signal Corps as a Communications-Electronics Staff Officer.

About SIEGE Technologies 

As an advanced research and development company, SIEGE focuses exclusively on offensive and defensive cybersecurity technologies. Since its inception in 2010, the firm has enjoyed consistent year-over-year growth from a diverse customer base spanning US government agencies and commercial organizations funding research, development and acquisition of advanced information security technologies.

/
Senate Bill Seeks to Help Companies Directly Counter Hackers
Published on
Senate Bill Seeks to Help Companies Directly Counter Hackers

Sens. Sheldon Whitehouse, D-R.I., and Steve Daines, R-Mont., have proposed a bill that would direct the Department of Homeland Security to study the potential advantages and risks of allowing private sector organizations to initiate measures against hackers during cyberattacks.

The bipartisan bill would require DHS to submit a report containing its recommendations and findings, including potential impacts on national security and foreign affairs, federal oversight, private entities that would be allowed to take actions, safeguards and level of certainty for attribution, Whitehouse’s office said Wednesday.

“The Colonial Pipeline ransomware attack shows why we should explore a regulated process for companies to respond when they’re targets,” said Whitehouse. “This bill will help us determine whether that process could deter and respond to future attacks, and what guidelines American businesses should follow.”

Current law authorizes the federal government to launch offensive operations against hackers and limits U.S. companies to internal defensive actions. Once the measure becomes law, DHS has 180 days to submit the report.

“The federal government should do more to empower the private sector to directly counter cyber threats from across the globe rather than tie their hands," said Daines.

/
Air Force Plans Close-Air Support Transition With A-10 Retirement; John Roth Quoted
Published on
Air Force Plans Close-Air Support Transition With A-10 Retirement; John Roth Quoted

The Department of the Air Force plans to begin retiring older A-10 Warthog aircraft units and transfer close air support and rescue missions from Nellis AF Base in Nevada to Davis-Monthan AFB in Arizona starting next fiscal year.

The military branch said Wednesday the transition effort is included in the department's fiscal year 2022 budget request and contingent on Congress' approval of the A-10 retirement proposal.

“This realignment will consolidate all A-10 and HH-60 test, training, and weapon school activity at one location, allowing Airmen in these mission areas to train together for future threats," John Roth, acting secretary of the Air Force.

Roth added that the Air Force wants to transform Davis-Monthan into the branch's center of excellence for close air support and rescue operations.

The plan involves the transfer of A-10 Thunderbolt II and HH-60 Pave Hawk aircraft squadrons, one maintenance team and all supporting personnel after requisite environmental analyses are completed.

Boeing secured a potential 11-year, $999M contract in August 2019 to manage the production of up to 112 wing sets and spare kits for the Thunderbolt Advanced Continuation Kitting program.

The service noted that Nellis AFB will receive Lockheed Martin-built F-35 jets to support fighter aircraft operational tests and additional F-35A and F-22 units from other military bases.

/
Jon Rychalski: VA to Conduct Enterprisewide IT, Physical Infrastructure Review for EHR Program
Published on
Jon Rychalski: VA to Conduct Enterprisewide IT, Physical Infrastructure Review for EHR Program

The Department of Veterans Affairs completed a strategic review of its electronic health record modernization program and Jon Rychalski, VA’s chief financial officer, told lawmakers Thursday that the department will also carry out an enterprisewide assessment of information technology and physical infrastructure needs for the EHR initiative, Federal News Network reported.

VA is establishing its IT investment board and Rychalski said the board is already helping the department better manage its tech initiatives and make decisions about its EHR modernization effort.

“We’re working more of these issues through the IT investment board, because they obviously have cross-program effects into IT and into VA infrastructure,” Rychalski told members of the House Veterans Affairs Technology Modernization Subcommittee Thursday.

“We have a pretty good sense across the organization from a finance, IT and acquisition standpoint what’s going on. We consider them in that venue, and we have a broader audience there as well. If there are residual impacts on other parts of the organization, we all have a better sight picture into [what’s] going on,” he added.

VA Secretary Denis McDonough, who announced a 12-week strategic review of VA’s EHR modernization effort to address issues in March, spoke to reporters Wednesday following the completion of the EHR review.

“We’re very close to finalizing the next steps, including changes to the deployment effort to ensure that we come in on time, on budget and, most importantly, provide the best care for our vets and the best experience for our providers,” McDonough said.

/
Joint Advisory Sheds Light on Russian Intell Agency’s Brute Force Cyber Campaign
Published on
Joint Advisory Sheds Light on Russian Intell Agency’s Brute Force Cyber Campaign

The FBI, National Security Agency, Cybersecurity and Infrastructure Security Agency and the U.K. government’s national cybersecurity center have issued a joint advisory on a brute force campaign by Russian military intelligence against U.S. and foreign organizations.

The malicious cyber activities by the Russian general staff main intelligence directorate 85th main special service center targeted government and military organizations, political organizations, defense contractors, think tanks, media companies, law firms, logistics and energy companies and higher education institutions, the FBI said Thursday.

The brute force capability enables threat actors to gain access to email and other protected data and identify valid account credentials through password guessing and other extensive login attempts.

The agencies said the exploitation efforts are still ongoing. They also listed in the advisory some of the known tactics, techniques and procedures of the threat actors involved in the brute force campaign.

The FBI, CISA, NSA and U.K.’s NCSC outlined several measures organizations can take to counter the cyberthreat, including the use of multifactor authentication, enabling time-out and lockout features whenever password authentication is needed, changing all default credentials and employing network segmentation and restrictions.

1 1,041 1,042 1,043 1,044 1,045 2,609