The National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA) and the Office of the Director of National Intelligence (DNI) have released an analysis paper that assesses vulnerabilities associated with the adoption of 5G technology. 

The document analyzes the major threat vectors across 5G domains and those are policy and standards, supply chain and 5G systems architecture, NSA said Monday. Under the three threat vectors, the paper outlines the sub-threats that describe additional vulnerabilities that cyber actors can exploit and potential threat scenarios.

Standards sub-threat vectors include open standards and optional controls, while supply chain sub-threats cover counterfeit and inherited components. For 5G systems architecture, software, network security, legacy communications infrastructure and spectrum sharing are some of the sub-threat vectors described in the paper.

The Potential Threat Vectors to 5G Infrastructure analysis paper was developed by the 5G Threat Model Working Panel, which seeks to explore potential threat vectors that may be linked to the use of 5G non-standalone networks.

The working panel was established through the Enduring Security Framework, which was created to help assess risks and vulnerabilities to 5G infrastructure as one of the lines of effort of the National Strategy to Secure 5G.

To register for this virtual forum, visit the GovConWire Events page.

Some industry experts have expressed their views on the Transactional Data Reporting pilot program after the General Services Administration reported steady progress with TDR, Federal News Network reported Monday.

In late April, Jeff Koses, senior procurement executive at GSA’s office of government-wide policy, wrote in a blog post that the TDR pilot exceeded targets in three of nine evaluation metrics for fiscal year 2020: contract-level pricing, small business performance and data completeness.

Larry Allen, president of Allen Federal Business Partners, said TDR has developed into a “viable option” for many business entities.

“I will admit to having been a skeptic, but I think that, so long as a company keeps good records on what they provide to their GSA contracting officer, TDR can be a good way for some companies to obtain a schedule contract that otherwise might not be able to,” Allen said in an email to FNN. “GSA may have even been a little ahead of the curve here in terms of TDR attracting non-traditional contractors, something that is very sought after now in Defense Department and even civilian agencies.” 

Alan Thomas, chief operating officer at IntelliBridge, said the agency should come up with a strategy for working with the GSA inspector general once it decides to transition the TDR pilot to full implementation phase.

“The claims in the blog post are great but will be even more compelling with accompanying data,” he said in an email. “Stepping back from the pilot and thinking about full implementation, GSA is going to need a strategy for working with the inspector general on TDR. The IG has a lot invested in the current price reduction clause regime and won’t move away easily from it.” 

Thomas, former commissioner of GSA’s Federal Acquisition Service, noted that GSA should provide contracting officers access to TDR data to help facilitate the decision-making process by using pricing information with process automation software and analytic tools.

Forcepoint announced on Thursday that it has acquired Cyberinc. Cyberinc’s Smart Isolation capability technology gives administrators granular control to minimize risk without impeding user productivity.  Forcepoint will integrate Smart Isolation capabilities within its Data-first SASE architecture to strengthen its information technology portfolio.

"Forcepoint is executing on our vision for the industry's most comprehensive Data-first SASE offering that delivers risk-based data security everywhere, over every channel, to give customers consistent enforcement anywhere their people work," commented Manny Rivelo, CEO of Forcepoint. 

"The acquisition of Cyberinc's Smart Isolation capabilities is the first of many investments Forcepoint will make to enhance user productivity, lower operational burdens and eliminate traditional monolithic products through a best-in-class SASE cloud service," Rivelo added. 

Information technology services are more distributed than ever before, prompting commercial cybersecurity teams to adapt to evolving hybrid workforces and ever-expanding SAAS applications. Secure Access Service Edge (SASE) architecture, which reimagines fragmented networking and security products as converged, cloud-native services, provides a gripping path forward. 

In the distributed IT environment, Forepoint’s  Data-first SASE platform enables enterprises to use the cloud to transform their network and security architectures. The SASE platform places data security first and simplifies connectivity and unifies security policy enforcement everywhere employees, partners and customers use data across the distributed enterprise. 

Cyberinc developed the first-ever Smart Isolation capability that is context-aware and adapts browsing experience with dynamic risk assessment. The Cyberinc Threat Intelligence Service powers Smart Isolation. This new capability adapts web rendering according to the risk levels of the page or web element with two complementary approaches to rendering. Those two approaches being Secure Streaming and UX Optimized. 

Forcepoint aims to integrate Cyberinc's Smart Isolation capabilities within the company's current SASE offering, including Cloud Security Gateway, Private Access, Email Security gateway and Next-Generation Firewall to offer enterprises of all sizes better visibility and control to protect against cyberthreats as well as theft or loss of sensitive data.

"Like Forcepoint, Cyberinc understands the key to modern security is to get ahead of the threat and prevent breaches before they happen. Our shared vision is to intelligently adapt to the changing levels of risk posed as employees click on links or web pages while balancing a better native user experience and security," stated Samir Shah, CEO of Cyberinc.

"Forcepoint has the broadest portfolio and the best expertise to deliver a data-first SASE experience today. I look forward to working with their engineering and development teams to rapidly advance integration of our industry-first smart isolation technology with the rest of Forcepoint's security offerings," concluded Shah. 

The Defense Innovation Unit (DIU) is interested in using commercial multifactor authentication to facilitate secure access to industrial systems not directly connected to U.S. military networks, C4ISRnet reported Friday.

DIU is in search of a tool that would verify identities on platforms not accessible via a military-issued common access card.

The organization said in a source sought to notice it requires a tool to protect the military's access to non-government, cloud-based information systems within the commercial sector.

These commercial systems are not linked to the Department of Defense's CAC, and thus require DOD to use alternative means of secure access. DIU intends to this tool to securely collaborate with commercial partners.

Jennifer Granholm, secretary of Energy, said the Department of Energy (DOE) will prioritize research and development on cybersecurity in fiscal year 2022, FCW reported Friday. 

Granholm spoke at a hearing with the House Appropriations subcommittee in response to Rep. Mike Simpson, R-Idaho, who questioned the lack of cybersecurity-related components in DOE's budget overview.

She said the department is committed to providing the resources and response efforts needed to help industry partners address cyber threats.

The energy secretary also said she is tasking DOE's Office of Cybersecurity, Energy Security and Emergency Response to provide grid operators the needed response tools and threat intelligence.

Comtech Telecommunications Corp. (NASDAQ: CMTL), a world leader in secure wireless communications technologies, announced today, that during its third quarter of fiscal 2021, its Space & Component Technology Group, which is part of Comtech’s Government Solutions segment, was awarded a $3.0 million order from an overseas agency for ground station maintenance and support.

“We are pleased that our customer continues to place its faith in our Ground Stations Group for support and maintenance of their downrange tracking stations,” said Fred Kornberg, Chairman of the Board and Chief Executive Officer of Comtech Telecommunications Corp.

For over 40 years, Comtech’s Space & Component Technology (“SCT”) division, located in Cypress, California, has specialized in the supply of high reliability microelectronics, supplying EEE parts for use in satellite, launch vehicle and manned space applications.