The Federal Risk and Authorization Management Program (FedRAMP) has updated a document that details the roles and responsibilities of each stakeholder in the cyber incident communication process.

The updated FedRAMP Incident Communications Procedures document includes a response to the Cybersecurity and Infrastructure Security Agency’s (CISA) Emergency Directives and the appropriate timeframes for reporting information regarding security incidents, according to a blog post published Thursday.

Cloud service providers (CSPs) must report data security incidents to customers who are impacted, U.S.-Computer Emergency Readiness Team (CERT) and FedRAMP points of contact within one hour of being identified by the information technology department or computer security incident response team.

CSPs should maintain current contact information of FedRAMP POCs, include the required data elements when reporting to US-CERT and collaborate with the program’s POCs when using automated mechanisms for incident reporting. The provider is responsible for managing the recovery phase of the incident response life cycle and providing a post-incident activity report to their FedRAMP POCs.

“Additionally, CSPs are responsible for responding to emergency inquiries from FedRAMP, including those that are the result of the issuance of CISA Emergency Directives,” the document reads.

The guidance document also outlines the actions the Joint Authorization Board reviewers must take upon receipt of notification from a cloud provider. 

To register for this virtual forum, visit the GovConWire Events page.

Sens. Dianne Feinstein, D-Calif., and Bob Menendez, D-N.J., have proposed a bill that would require congressional oversight of the sale of U.S. military systems to foreign governments.

The introduction of the Secure F-35 Exports Act of 2021 comes as the White House looks to proceed with an estimated $23 billion foreign military sale of F-35 fighter jets and drones to the United Arab Emirates, Feinstein’s office said Friday.

“I remain concerned with the implications of a sale of our most advanced fighter jet given numerous outstanding, unanswered questions about the implications of this sale for U.S. national security, our technology interests, and implications for regional stability including the legal parameters of Israel’s Qualitative Military Edge,” said Menendez. 

“This legislation lays out the types of assurances and commitments the United States must have to safeguard this sale,” Menendez added.

The bill would require the president to submit to Congress a full assessment of the risks posed by a particular sale, export or transfer to U.S. security, certify that the provision of the F-35 aircraft to a Middle Eastern country will not compromise Israel’s QME and establish technology security measures prior to delivery, among other provisions.

Frederick Moorefield, deputy chief information officer of the Department of Defense, said Chinese, Russian and other near-peer countries' push for the development of electromagnetic warfare capabilities is one of the reasons why the U.S. should renew its engagement with the development of international law regarding telecommunications standards, Breaking Defense reported Friday.

Speaking at an Association of Old Crows event, he stressed the need for U.S. to contribute to the writing of said legislation to maintain strategic overmatch amid power competition with other countries.

"We must continue to optimize our engagement with the UN International Telecommunication Union World Radio Conference to ensure spectrum policies are favorable to U.S. economic, science, and national security interests,” said Moorefield.

According to him, forming coalition partnerships focused on the electromagnetic spectrum (EMS) is also key to ensuring that future EMS activities are not boxed by non-U.S. capability.

He added that DOD recognizes the importance of having access to the lower 600 mhz bands and 37 ghz bands for the military application of the 5G technology.

"DOD sees a huge opportunity to leverage 5G capabilities and cost efficiencies of the technology for a worldwide range of DOD operations," shared Moorefield.

The Government Accountability Office (GAO) has called on the federal government to address two high-risk areas: ensuring cybersecurity and improving information technology acquisitions and operations.

GAO recommended that the federal government develop and implement a comprehensive strategy for national cybersecurity and global cyberspace, mitigate supply chain risks and improve the federal response to cyber incidents, according to a report published Friday.

When it comes to IT acquisition management, agencies should sustain leadership and broaden capacity to better manage and modernize IT, ramp up efforts to replace obsolete IT systems and address IT acquisition issues, such as the need to reduce duplicative IT contracts, to achieve cost savings.

The congressional watchdog said it has made 4,700 recommendations since 2010 and about 75 percent of those have been implemented by federal agencies. However, agencies have yet to take action on more than 750 cybersecurity-related recommendations and over 400 recommendations on IT management.

To register for this virtual forum, visit the GovConWire Events page.

Congress is pushing for the Department of Defense (DOD) to improve its workforce in the highly specialized quantum computing field. Sen. Maggie Hassan, D-N.H. and Sen. John Thune, R-S.D have introduced two bills aimed at streamlining pipelines for the DOD and the private sector to acquire students graduating with quantum-related degrees.

The two bills are the QUANTUM for National Security Act and Quantum Network Infrastructure and Workforce Development Act. Congress believes the DOD needs to incorporate a new generation of powerful quantum computers. This sentiment is growing in part from threats posed by China, C4isrnet reported the story on Friday. 

Sen. Hassan commented that “Quantum mechanics play a critical role in our national security and economy  and will be at the forefront of innovative defense technologies that will help to maintain our military edge over China.” 

If the two bills become laws they will add DOD research efforts into the National Quantum Initiative, a program established in 2018 to catalyze quantum research and development. The initiative is currently made up of the National Institute of Standards and Technology (NIST), National Science Foundation, and the Department of Energy (DOE).

Advanced quantum computers are a major to national security because they could break current encryption capabilities, meaning secure communications under current systems will be nearly impossible. If this were to happen, it would be incredibly detrimental to all military operations. 

Alternatively, if the U.S. military has powerful quantum computers, it could intercept and capture an enemy's communications. This capability would only be preventable for enemies unless they develop their own quantum computers. 

“I am glad to join Sen. Thune in introducing these bipartisan bills that will strengthen Department of Defense (DOD) and DOE efforts in quantum research and help encourage more young people to get into this critical field so that we can create jobs and keep America safe, secure, and free,” concluded Hassan.

Army Research Laboratory (ARL) wants the service to use low-cost threat simulation technologies that train warfighters to address dynamic threats. ARL believes low-cost threat emitters can work with existing, similar technologies that support training and research at Fort Huachuca's Army Intelligence Center of Excellence and other military sites, the Army said Thursday.

These emitters simulate a battlefield with dynamic scenarios. The concept aims to augment how the Army visualizes, replicates and presents electromagnetic threats.

“Multi-domain battles are centered on knowing the enemy and the battlefield, and adapting to their strengths and weaknesses using all the domains available to conduct intelligence, surveillance and reconnaissance, targeting and determining the impact of actions taken," said Eric Holder, a research psychologist at U.S. Army Combat Capabilities Development Command, which ARL is part of.

David McKeown, the Department of Defense's (DOD) equivalent of a chief information security officer, said DOD is looking to establish a portfolio management office that specializes in zero-trust cybersecurity, C4ISRnet reported Thursday.

The office's creation would help DOD centralize and manage efforts to implement a zero-trust architecture, which strictly imposes requirements before one is able to access the defense network.

McKeown told Congress Wednesday that the office would consolidate network and cybersecurity talent from across DOD to support zero-trust adoption.

The DOD cybersecurity official also told Congress about a new identity, credential and access management tool made by the Defense Information Systems Agency. DOD plans to use this ICAM tool as part of the zero-trust adoption effort.

The Department of Energy (DOE) will invest $162 million in a pair of new funding opportunities that aim to reduce the carbon emissions of everyday land vehicles. DOE said Thursday it will finance two initiatives that aim to develop electric vehicles, corresponding infrastructure and low-emission technologies for on- and off-road vehicles.

These efforts include the third iteration of the SuperTruck program, which aims to deliver electric freight trucks. DOE's Office of Energy Efficiency and Renewable Energy will allot $100 million across four years for SuperTruck 3.

Jennifer Granholm, secretary of energy, said the funding triples down on the progress made under the first two SuperTruck initiatives, which had America's biggest truck producers significantly improve fuel efficiency.

The second funding opportunity, titled “Low Greenhouse Gas Vehicle Technologies Research, Development, Demonstration and Deployment," brings $62.75 million to projects aiming to reduce the emissions of land vehicles, both on and off-road. The opportunity will also focus on infrastructure development for electric vehicles.

“Getting to net-zero carbon emissions by 2050 means we must aggressively cut down the largest source of emissions: the transportation sector," Granholm said.