Military and civilian security researchers discovered 238 vulnerabilities within a range of two applications during the third iteration of the Hack the Army challenge of the Defense Digital Service (DDS) and the U.S. Army.

Of those vulnerabilities, 102 were designated critical threats that require immediate remediation, HackerOne said Thursday. The Army and DDS awarded over $150,000 in bug bounties to civilian hackers during the six-week Hack the Army 3.0 challenge that started in Jan. 2021. 

Maya Kuang, Army product manager at DDS, told HackerOne in an interview that the rise in identified vulnerabilities during the challenge could be looked at as an increase in the testing surface and could be attributed to two factors.

“One factor is that the hacker community is pushing the boundaries of what we know in cybersecurity on every engagement and do not hesitate to test out different processes. The other factor on our side when we work with internal partners is the increased understanding of the vetted, crowdsourced testing model and the receptiveness toward it,” Kuang said.

Johann Wallace, compliance division chief at Army Network Enterprise Technology Command (NETCOM), cited the advantages of conducting Hack the Army to the service branch.

“Hack the Army does a tremendous job of exposing content and coding errors that our normal compliance-based scanning had overlooked. Just because a system is patched doesn’t mean that it’s secure, and an engagement like Hack the Army allows us to leverage additional subject-matter expertise to look at more assets faster than we do with our internal vulnerability assessment teams alone,” Wallace said.

If you want to know more about the latest updates about the Cybersecurity Maturity Model Certification, then check out Potomac Officers Club’s CMMC Forum coming up on June 16th. 

CMMC Accreditation Body Chairman Karlton Johnson will serve as the keynote speaker for the Forum to provide his overview and vision of the CMMC Rollout as well as the top priorities for the board and how industry feedback will help to improve the vision behind how the organization develops for the first 100 days.

To register for this virtual forum and view other upcoming events, visit the POC Events page.

Iridium Communications Inc. announced the launch of Operation Arctic Lynx (OAL) on Thursday. The Operation is a series of partnership-driven field exercises deploying Iridium and Iridium-connected technologies that involve over 20 organizations, primarily focused above 60 degrees north latitude and stretching as far as 82 degrees north latitude.  

During the Operation, Iridium and Iridium-connected weather resilient satellite communications technology will be deployed by a mix of on-base, communications-on-the-move (COTM), at-the-halt (ATH) and remote environment applications.  

"Iridium's Arctic and Antarctic communications capabilities have long been a part of the fabric of government, NGO and civil enterprise activities in those regions and now with our upgraded constellation and new technologies developed, we have turbocharged our portfolio of solutions to address an increasing range of polar communication requirements," commented Scott Scheimreif, Iridium’s EVP. 

OAL will take place between June 11th and June 26th, 2021. The international contingent of organizations participating in the Operation includes existing Iridium customers such as the U.S. Department of Defense, U.S. federal agencies, Alaska state and local organizations, Canadian government organizations, scientific research organizations and many aerospace industry companies.

The technologies that will be featured include weather-resilient broadband (Iridium Certus), Iridium Push-To-Talk, various unattended sensors capable of tracking, environmental monitoring, remote control functions and managing data and image delivery and beyond-visual-line-of-sight (Iridium Global Line of SightSM).

Iridium is the only commercial satellite communications company with global coverage and a 20-plus year pedigree of providing reliable Arctic communications.

 "With more than 20 participating organizations, Operation Arctic Lynx will exercise the ability to provide real-time interoperability, communications-on-the-move, command-and-control and develop and maintain a common operational picture in austere polar regions. We're proud to have so many esteemed organizations participating," added Scheimreif. 

The U.S. Army and its partners from the University of Texas at El Paso have developed an integrated platform designed to help analysts evaluate the performance of cybersecurity algorithms in specific situations.

The repeatable experimentation system (RES) virtualizes, emulates, simulates and contains algorithms to help analysts run situation-based assessments, the Army said Thursday. Analysts can use RES to simultaneously run multiple experiments with algorithms in a parallel manner, then render the results for the use of other security researchers.

“This technique constantly shuffles or changes system properties in order to nullify any intelligence information that an adversary may have and that may be used to compromise systems," said Jaime Acosta from the Army Research Laboratory (ARL) within the service branch's Combat Capabilities Development Command.

Acosta and his team also developed a standard mechanism that would allow RES users to produce and share experimentation workflows. The International Conference on Security and Privacy in Communication Systems scheduled for Sept. will virtually feature the team's research.

David Koch, chief of research and development at the Defense Logistics Agency (DLA), said DLA will use artificial intelligence to determine an item's demand in supply chain activities, Federal News Network reported Thursday.

Koch said at the Federal Drive show that AI has the potential to help the agency predict warfighters' future demand for items that are currently low-demand.

The future demand of currently high-demand items are easier to predict compared to low-demand items. Koch said AI technology may help DLA reduce the prediction gap between high-demand and low-demand items.

The Department of Defense's Joint AI Center (JAIC) will help DLA harness the technology to forecast item demands. The logistics agency also eyes using AI to manage supply chain risks.

The General Services Administration (GSA) held a virtual event to foster discussion on the federal fleet of service vehicles, with topics that tackle the fleet's electrification.

The FedFleet 2021 event ran from June 7th to 10th with the participation of over 2.200 professionals in the areas of automotive and fleet management, GSA said Thursday.

GSA is working to electrify its fleet, which currently consists of 600,000 non-tactical vehicles in total. The agency has so far implemented 455 charging stations at U.S. federal buildings, as the fleet's electric vehicle infrastructure continues to develop.

Katy Kale, acting GSA administrator and a 2021 Wash100 Award winner, delivered the event's closing remarks.

“GSA is embracing this opportunity to do our part to help make America the global leader in electric vehicle fleet production and adoption,” said Kale. “And we are keeping equity at the center of our work. We want everyone to have access to the benefits and opportunities that come with electrifying the federal fleet including good-paying jobs, improved air quality, and better quality of life.”

The Defense Advanced Research Projects Agency (DARPA) has introduced a program with the goal to produce an interference filter system for wideband active electronically scanned arrays (AESA) used in military radar, communications and electronic warfare platforms.

DARPA said Thursday that the COmpact Front-end Filters at the ElEment (COFFEE) level program will support the agency’s 5G and beyond communications investment effort under its five-year, $1.5 billion Electronics Resurgence Initiative.

The agency is eyeing a new radio frequency filtering technology class for AESA, which takes on a matrix of tiny antennas with individual transmitters and receivers that enable the electronic steering of radio waves in different directions.

Benjamin Griffin, a program manager in DARPA’s Microsystems Technology Office, said that although wideband AESA technology has compelling applications, high-bandwidth receivers in this technology could be prone to electronic jamming due to its dynamic range limits.

“COFFEE aims to develop filters that are on the analog front-end, making the array more robust and resistant to interference before digital processing on the back-end,” Griffin added.

The agency is scheduled to host a Proposers Day on June 17 to discuss its COFFEE initiative and hinted at a broad agency announcement coming soon on the SAM contracting opportunities website.

The Defense Advanced Research Projects Agency (DARPA) will hold a proposers day webinar on July 9th to provide information on the Morphogenic Interfaces program that seeks to enhance the persistence and performance of electrochemical systems that protect and power critical military hardware by addressing microscopic irregularities occurring at the interfaces of such systems.

The Morphogenic Interfaces program (MINT) “is focused on developing novel interface materials that can exploit local gradients to consistently form and reform at the interface,” Vishnu Sundaresan, MINT program manager at DARPA’s Defense Sciences Office,” said in a statement published Thursday.

The program has two application-centric focus areas and the first focuses on solid/solid charge transfer interfaces for solid-state batteries. Solid/liquid and solid/vapor interfaces for corrosion-resistant coatings and alloys will be the second focus area.

“Through this program, I want to spur the scientific community to exploit the mathematical framework offered by morphogenesis models to understand the evolution of morphology in solid/solid, solid/liquid, and solid/vapor interfaces, and extend this understanding to build better solid-state batteries, corrosion-resistant coatings and alloys,” said Sundaresan.

DARPA anticipates releasing a broad agency announcement for the MINT program in June, according to a notice posted Thursday on the SAM website.