Kevin Cox, Continuous Diagnostics and Mitigation (CDM) program manager at the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA), said the program management office is on schedule to implement the CDM dashboard and related capabilities at 23 CFO Act agencies by the end of fiscal year 2021, Federal News Network reported Monday.

“We’ve been working to get that new dashboard in place and have made great strides this year. We are in the process now starting to take the feeds up from the agencies,” he told FNN’s Ask the CIO. 

Cox said CDM is deploying a dashboard shared service to small and micro agencies and a dashboard-as-a-service offering to some large agencies. 

“Rather than work to deploy an individual dashboard to each of those smaller agencies, and then put the burden on them to manage the individual dashboard, we build out a shared service where their data is similar to the dashboard-as-a-service that we’re offering to the CFO act agencies. Now the shared service platform enables the agencies to feed their data to this shared environment,” he said.

“The environment is scalable, flexible, it’s multi-tenant, and each agency only sees their data,” added Cox, who is leaving CISA for the Department of Justice (DOJ), where he will serve as deputy chief information officer.

CDM has fielded the shared service at 40 small and micro agencies and plans to launch the second version by July to offer more cyber capabilities. With the dashboard-as-a-service offering, agencies do not have to develop a back-end platform to manage and store data.

If you're interested to get the latest updates about the Cybersecurity Maturity Model Certification, then check out Potomac Officers Club's CMMC Forum coming up on June 16. To register for this virtual forum and view other upcoming events, visit the POC Events page.

The Government Accountability Office (GAO) has recommended that the Department of Defense (DOD) implement leading practices for acquiring space systems, including the development of a comprehensive acquisition strategy for the Space Command and Control program and a plan to obtain additional knowledge before launching a new initiative, in order to help accelerate the delivery of new capabilities.

GAO called on DOD to create a plan to obtain additional knowledge before kicking off a new wideband satellite communications initiative, according to a report published Monday.

The congressional watchdog made the recommendations after it found that DOD still faces challenges when it comes to space systems procurement amid major changes to the acquisition environment.

“Some of these changes are external to DOD, such as increased threats to on-orbit space systems. But over the past several years, DOD also initiated substantial organizational and acquisition process changes,” the report states.

One of those initiatives is implementing an incremental approach to buying space launch services, which enabled the Pentagon to minimize risk by allowing lessons learned from “early launch competitions to inform subsequent competitions.”

The Johns Hopkins University Applied Physics Laboratory (APL) has tested research technologies under a Department of Homeland Security-funded pilot that aims to safeguard industrial control systems from cyber-attacks. 

Demonstrations showcased the capabilities of APL-developed technologies to prevent, detect and mitigate cyberattacks on industrial control systems, the not-for-profit, university-affiliated research center said Wednesday.

The pilot used the water treatment testbed in APL's Cyber Physical Resilient Systems Solutions laboratory to demonstrate a Resilient ICS.

David Halla, a cybersecurity engineer who manages the Homeland Integrated Cyber Operations Program in APL’s Asymmetric Operations Sector, said a cyberattack was effective during testing and demonstrations without defensive technologies.

“But when we turn these defensive technologies on, they prevent the attack from happening," he added.

One of the technologies implemented in the CYPRESS testbed is the Out-of-Band over Existing Communication, or OBEC, for detecting changes to water treatment-related values. APL also tested the Network Deception and Response Toolkit and the Mitigating Incidents with Mock Industrial Control Systems.

"[The technologies] can be combined with open-source tools to provide a robust, resilient approach to ICS cybersecurity," said Lauren Eisenberg Davis of APL.

The Small Business Administration (SBA) has teamed up with U.S. foreign aid agency Millennium Challenge Corporation (MCC) in a push to help smaller companies bring emerging technology to international markets for potential use in multiple sectors. 

SBA said Saturday that it signed a memorandum of understanding with MCC to explore innovations that align with country-specific technological needs in renewable energy, agriculture and irrigation, health, water and sanitation.

John Williams, director of innovation at SBA, said the partnership intends to support businesses working on emerging technology to potentially address complex problems in some parts of the world.

The two agencies jointly organized a virtual roundtable in November 2020 and hosted a second event that coincides with the signing of the MoU.

Fatema Sumar, vice president of MCC's compact operations department, noted that the agency partners with other U.S. government organizations to create a joint impact and attract private companies to blended finance initiatives.

SBA, which coordinates Small Business Innovation Research (SBIR) and Small Business Technology Transfer (SBTT) programs across the federal government, awards more than $4 billion in research and development grants annually and helped MCC establish an innovation and technology program.

Lumen Technologies (NYSE: LUMN) will participate in the following virtual investor conferences:

• Maxine Moreau, president of mass markets, will present at the J.P. Morgan 49th Annual Global Technology, Media and Communications Conference on May 26. The presentation is scheduled to begin at 5:10 p.m. EDT.
• Shaun Andrews, executive vice president and chief marketing officer, will present at the Cowen 49th Annual Technology, Media & Telecom Conference on June 3. The presentation is scheduled to begin at 10:30 a.m. EDT.
• Shaun Andrews, executive vice president and chief marketing officer, will present at the Wells Fargo Virtual Media & Telco Day on June 7. The presentation is scheduled to begin at 1:15 p.m. EDT.

About Lumen Technologies

Lumen is guided by our belief that humanity is at its best when technology advances the way we live and work. With approximately 450,000 route fiber miles and serving customers in more than 60 countries, we deliver the fastest, most secure platform for applications and data to help businesses, government and communities deliver amazing experiences.

The National Cybersecurity Center of Excellence (NCCoE) has drafted a document on data classification practices and asks the public for input. 

NCCoE seeks input from industry entities to further develop the draft project titled “Data Classification Practices: Facilitating Data-Centric Security," the National Institute of Standards and Technology said Wednesday.

The project aims to establish and implement standards for defining and communicating data classifications. This effort would need to determine the hardware, software and requirements needed for a laboratory environment.

NCCoE will also attempt to apply the developed approach as a basic proof-of-concept and eventually corresponding craft practice guides. Interested parties may submit responses through June 21.

The U.S. Chamber of Commerce asks Congress and the Biden administration to implement specific measures that internationally address cyber threats targeting businesses.

These measures include the disruption of international ransomware systems, the creation of an international coalition against ransomware and the enhancement of international law enforcement assets, the Chamber of Commerce said Friday.

Christopher Roberti, senior vice president for cyber, intelligence and supply chain security policy at the U.S. Chamber of Commerce, said the government must now respond against cybercriminals that threaten businesses.

“The U.S. and allied governments must work together with the private sector to confront these challenges head-on,” he said.

Josh Corman, senior adviser for the Cybersecurity and Infrastructure Security Agency (CISA), said at the recent RSA conference that organizations must consider appointing an executive who would oversee the security of software products. 

Corman said the need for a chief product security officer (CPSO) arises amid the software-centric nature of recent attacks, Nextgov reported Friday. Corman and Chris Wysopal, founder of Veracode, spoke at the conference about the growing need for CPSOs in organizations.

“The idea is we need this new individual, to do something that, you know, spans many different departments now,” Wysopal said.

Corman noted that a good CSPO would be someone who is bimodal and willing to work with executive stakeholders to develop standards for risk-based hiring.