James Burd, formerly the Cybersecurity and Infrastructure Security Agency's (CISA) acting chief privacy officer (CPO), has been appointed to fill the CPO role on a full-time basis. Burd has been with CISA since November 2018 when he joined the agency as acting CPO, according to his LinkedIn profile.

He concurrently served as CISA's deputy CPO and acting CPO over a term of over two years. His past experience includes work with the National Protection and Programs Directorate, CISA's predecessor agency, where he held privacy officer and analyst roles.

Burd began his engagement with the federal government in 2002 when he joined NASA as an intern.

CohnReznick has become one of the first organizations to be recognized with a CMMC Third-Party Assessment Organization (C3PAO) and a Registered Provider Organization (RPO) by the Cybersecurity Maturity Model Certification (CMMC) accreditation body, the company announced on Friday.

“CohnReznick is excited to advance within the CMMC-AB ecosystem, enabling us to assist our clients in taking the next step toward CMMC compliance,” said Bhavesh Vadhani, National Director of CohnReznick’s Cybersecurity, Technology Risk, and Privacy Practice and a CMMC-AB Registered Practitioner.

Through its C3PAO certification, CohnRenick can now sponsor CMMC assessments, engage certified assessors, review assessment quality and submit assessment results to CMMC-AB for approval. In addition, its RPO certification verifies that the company is familiar with the basic constructs of the CMMC Standard and delivers non-certified CMMC consulting services.

CohnReznick can guide and prepare organizations toward CMMC compliance as an RPO. The certifications also authorize CohnReznick to help Department of Defense (DOD) contractors achieve CMMC compliance.

“These credentials give us the opportunity to advise defense contractors throughout their journey in becoming CMMC-certified while helping to protect the DOD’s sensitive data and also playing a critical role in protecting our nation against cybersecurity threats from the adversaries,” Vadhani added.

About CohnReznick

As a leading advisory, assurance, and tax firm, CohnReznick helps forward-thinking organizations achieve their vision by optimizing performance, maximizing value, and managing risk. Clients benefit from the right team with the right capabilities; proven processes customized to their individual needs; and leaders with vital industry knowledge and relationships.

Admiral Philip Davidson, commanding general of the Indo-Pacific Command, emphasized before the House and Senate Armed Services committees on Wednesday that the funding Mission Partner Environment (MPE) is a critical element of geo-political strategy to hinder adversarial military interests. The MPE will allow Allied partner nations to link into U.S. military systems and communications.

Adm. Davidson’s command encompasses the entire pacific region, from the North Korean Border to New Zealand. China is the U.S.’s primary threat in the area. Davidson argued before Congress that U.S.’s most vital asset in the region is its partnership with allies such as South Korea, Japan and the Philippines. 

The MPE is the essential operational capacity to deepen those ties. By linking communications and tactical data networks with friendly countries, the U.S. and its allies will counter hostile threats more effectively and efficiently. 

The Department of Defense (DOD) is currently struggling to link data from the different services and domains for similar tactical reasons, even linking military networks between other countries will be an even more challenging endeavor due to language barriers. However, Davidson’s written testimony stated that  the MPE is critical to Pacific operations because it “provides universal battle management and automated decision making by accessing a multi-domain sensor network.”

If more funding is authorized in the 2022 Fiscal Budget, the money will flow to the MPE through the Pacific Deterrence Initiative (PDI). The PDI is a pool of money used to fund troop deployments and deterrence activities in the Pacific region. 

The FBI and the Cybersecurity and Infrastructure Security Agency have issued a joint advisory saying hackers trying to exploit vulnerabilities in on-premises Microsoft Exchange Servers include nation-state actors and that the targeted organizations in this breach appear to match the entities that are being zeroed in by threat actors from China, Nextgov reported Thursday.

CISA and the bureau said local governments, nongovernmental organizations, academic institutions and businesses in various sectors, including defense, aerospace, pharmaceutical and power utilities, are being targeted by these cyber hackers.

“This targeting is consistent with previous targeting activity by Chinese cyber actors. Illicitly obtained business information, advanced technology, and research data may undermine business operations and research development of many U.S. companies and institutions,” the joint advisory reads.

The FBI and CISA warned that private companies and federal civilian agencies face “a serious risk” as threat actors exploit weaknesses in Microsoft Exchange in order to secure persistent access and control an enterprise network.

“FBI and CISA assess that adversaries will continue to exploit this vulnerability to compromise networks and steal information, encrypt data for ransom, or even execute a destructive attack. Adversaries may also sell access to compromised networks on the dark web,” the advisory states.

CISA issued an emergency directive requiring agencies to update their on-premises servers with security patches or disconnect the products. Microsoft released those security patches after it found that a state-sponsored threat actor from China, called Hafnium, was targeting defense contractors, policy think tanks, infectious disease researchers, law firms and other entities to steal data by compromising the servers.

First Air Force has been designated as the future air component to U.S. Space Command and is expected to reach initial operating capability by the end of calendar year 2021, the service reported Thursday.

“In this new role, First Air Force will be better able to identify and address gaps and seams when integrating spacepower into the support of the homeland defense mission. This will also inform efforts to better fuse space operations into air operations centers around the globe,” Air Force Chief of Staff Gen. Charles Brown said in a statement published Thursday.

First Air Force oversees air defense and aerospace control operations in the continental U.S., Puerto Rico and U.S. Virgin Islands. It will continue to support U.S. Northern Command and North American Aerospace Defense Command as Air Combat Command works to organize and train the new air component.

“We look forward to supporting USSPACECOM in their efforts to defend against threats to the space domain,” said Lt. Gen. Kirk Pierce, First Air Force commander.

The Potomac Officers Club will hold the 2021 Industrial Space Defense Summit on March 23 to feature discussions on space technology, partnerships and innovation. To register for this virtual summit and view other upcoming events, visit the Potomac Officers Club Events page.

The Federal Emergency Management Agency (FEMA) has teamed up with information technology organizations under the Department of Homeland Security (DHS) to establish cybersecurity controls that could automate security processes, FedScoop reported Wednesday.

FEMA seeks to implement application program interfaces that can generate and standardize system security plans for automation by communicating with authorizing engines. 

According to the report, some government agencies find it difficult to comply with data and privacy controls due to their inability to adopt technologies such as DevSecOps and cloud computing.

Ted Okada, chief technology officer at FEMA, said the agency intends to adopt a zero-trust security posture and handle as well as compute data at the edge.

"The common controls in the existing paradigm of client-server, hub-and-spoke computing, which are still with us even with cloud computing, those controls are fast becoming antiquated," said Okada.

The FBI has released a guidance aimed at helping cybersecurity professionals and the general public identify cases of “deepfake” which adversaries may use to dissuade public opinion.

FBI released the Private Industry Notification guidance on Wednesday in partnership with the Cybersecurity and Infrastructure Security Agency (CISA).

According to the guidance, foreign actors are likely to use synthetic content including deepfakes in the coming months as part of influence campaigns and social engineering tactics.

Deepfakes or generative adversarial network techniques utilize artificial intelligence and machine learning to manipulate digital content for fraudulent activities.

FBI expects malicious actors to use deepfakes to support spearphishing techniques and Business Identity Compromise attacks designed to imitate corporate personas and authority figures.

“Currently, individuals are more likely to encounter information online whose context has been altered by malicious actors versus fraudulent, synthesized content,” the guidance states. “This trend, however, will likely change as AL and ML technologies continue to advance.’ 

Adversaries have used deepfake techniques to create fictitious journalists for false news items since 2017, according to the guidance.