NASA has selected through the Payloads and Research Investigations on the Surface of the Moon (PRISM) call for proposals three payload suites to support scientific investigations on the lunar surface.

The Lunar Vertex, Farside Seismic Suite (FSS) and Lunar Interior Temperature and Materials Suite (LITMS) payloads will be delivered to the moon through NASA’s Commercial Lunar Payload Services program as part of the Artemis lunar exploration efforts, the space agency said Friday.

“With each new PRISM selection, we will build on our capabilities to enable bigger and better science and prove technology which will help pave the way for returning astronauts to the Moon through Artemis,” said Joel Kearns, deputy associate administrator for exploration at NASA’s science mission directorate. 

David Blewett of the Johns Hopkins University Applied Physics Laboratory will lead the Lunar Vertex joint lander and rover payload suite that is headed to Reiner Gamma, also known as lunar swirl.

Mark Panning of NASA’s Jet Propulsion Laboratory in California will oversee the FSS payload, while Robert Grimm of the Southwest Research Institute will lead the LITMS payload. FSS and LITMS payload suites are both headed to Schrodinger basin, an impact crater on the far side of the moon.

The FSS package will bring two seismometers to investigate tectonic activity on the lunar surface. The LITMS payload suite is composed of the Lunar Magnetotelluric Sounder and the Lunar Instrumentation for Thermal Exploration with Rapidity pneumatic drill that will help study the electrical conductivity and heat flow of the lunar interior in the basin.

NASA and the CLPS office at the Johnson Space Center in Houston will work together to award task orders to facilitate the delivery of the payloads to the lunar surface in the 2024 timeframe.

Chris Inglis, the Biden administration’s nominee for the role of national cyber director, and Jen Easterly, the president’s pick to lead the Cybersecurity and Infrastructure Security Agency (CISA), both described ransomware as a “scourge” that poses a threat to national security and suggested ways on how to protect critical infrastructure during a Senate confirmation hearing Thursday, CyberScoop reported.

Inglis said during the Senate Homeland Security and Governmental Affairs Committee hearing that the U.S. government and its allies should “remove the sanctuary [to ransomware criminals] and bring to bear consequences on those who hold us at risk.” 

He cited the importance of making critical systems defensible and how security personnel can mitigate threats through software patching, multifactor authentication, network segmentation, and other basic cyber practices.

Easterly mentioned CISA’s role in providing threat information and technical guidance and the need to make some standards mandatory to improve cyber protection of critical infrastructure. 

“There probably is some sort of role for making some of these standards mandatory, to include notification,” Easterly said. “I do think it’s important that if there’s a significant cyber incident, that critical infrastructure companies have to notify the federal government, in particular CISA. We have to be able to warn other potential victims.”

If you want to know more about the latest updates about the Cybersecurity Maturity Model Certification, then check out Potomac Officers Club’s CMMC Forum coming up on June 16th. 

CMMC Accreditation Body Chairman Karlton Johnson will serve as the keynote speaker for the Forum to provide his overview and vision of the CMMC Rollout as well as the top priorities for the board and how industry feedback will help to improve the vision behind how the organization develops for the first 100 days.

To register for this virtual forum and view other upcoming events, visit the POC Events page.

The Federal Risk and Authorization Management Program (FedRAMP) office and the National Institute of Standards and Technology (NIST) have introduced a machine-readable standard that works to automate the preparation, authorization and reuse of commercial cloud offerings for the government sector. 

Version 1.0.0 of the Open Security Controls Assessment Language offers (OSCAL) a common programming format for agencies, cloud service providers and third-party assessors that participate in FedRAMP, according to a blog post published Tuesday.

The FedRAMP office expects OSCAL to help vendors prepare and review system security plans faster before they submit content to the government.

OSCAL is designed to also reduce the time it takes for agencies to evaluate security authorization packages and for third-party assessment organizations to report audit work on cloud offerings.

The language features updated stable versions of different models including the catalog and profile, system security plan, component definition, and assessment plans and results for monitoring activities.

OSCAL 1.0.0 also has modernized tools for the conversion of OSCAL, XML and JSON formats. The FedRAMP office first unveiled its project to automate the cloud authorization process in December 2019.

John Mitchell, president and CEO of electronics manufacturing industry association IPC, said the Department of Defense (DOD) should give careful consideration to small and medium-sized businesses seeking to comply with the Cybersecurity Maturity Model Certification (CMMC) program.

“The Pentagon needs to take into consideration that most SMBs do not have dedicated cybersecurity personnel to achieve the prerequisites, and while many commercial electronics manufacturers have considerable business with the defense community, they themselves do not consider themselves a defense contractor,” Mitchell said in a statement published Tuesday.

IPC surveyed 108 electronic manufacturers, suppliers and contract manufacturers between Feb. 25th and March 5th and found that 24 percent of respondents said the costs and burdens associated with CMMC compliance may force their companies to exit the U.S. defense market.

According to the survey, 32 percent of respondents said they expect to be ready to undergo a CMMC assessment in one to two years. The majority of the respondents said their companies are willing to spend at least $50,000 on CMMC readiness.

Leslie Weinstein, author of the IPC report on CMMC, said DOD can use existing industry certifications and standards to help reduce the costs and address uncertainties associated with CMMC compliance.

“The DoD recognizes a variety of respected, industry-driven certifications when it comes to hiring cybersecurity professionals,” said Weinstein. “Taking the same approach to certifying suppliers would allow companies to invest more in security than in redundant audits, and it would quickly create a pool of companies who are able to bid on DoD solicitations containing the CMMC DFARS clause. And importantly, it would prevent further erosion of the U.S. defense industrial base.”

If you want to know more about the latest updates about the Cybersecurity Maturity Model Certification, then check out Potomac Officers Club’s CMMC Forum coming up on June 16th. 

CMMC Accreditation Body Chairman Karlton Johnson will serve as the keynote speaker for the Forum to provide his overview and vision of the CMMC Rollout as well as the top priorities for the board and how industry feedback will help to improve the vision behind how the organization develops for the first 100 days.

To register for this virtual forum and view other upcoming events, visit the POC Events page. 

U.S. Indo-Pacific Command in its customary unfunded requirements list sent to Congress contains $889.94 million worth of projects and programs. INDOPACOM’s chief concern is more funding to develop a ballistic missile defense system for Guam. These lists are sent to Congress every year to help guide lawmakers as they decide what might require additional funding, DefenseNews reported on Tuesday.

INDOPACOM’s highest priority, a missile defense system for Guam would require $231.7 million in total. $77.2 million in procurement funding and $154.45 million in research and development.

The Missile Defense Agency (MDA) is planning to use $78.3 million in its FY22 base budget to inspect systems that could support the defense of Guam. The money would support detailed threat and requirements analysis, systems engineering, trade studies and specification updates.

Possible defenses for Guam are from the Aegis Combat System ships and the Terminal High Altitude Defense System (THAAD). They “are all part of that architecture consideration today, and we’re working that hard so that we can come forward and tell you exactly what we’re going to do on Guam,” commented Vice Adm. Jon Hill, MDA’s director, said during a June 9th hearing with the Senate Strategic Forces Subcommittee.

"Basing on Guam is critical to America’s goal to project its offensive power and deter possible threats in the INDOPACOM theater and that means the U.S. military must protect the island," Hill explained. 

Creating a dedicated missile defense capability on Guam would free up Navy ships to return to maneuver forces.

The Cybersecurity and Infrastructure Security Agency (CISA) has released a document to help organizations secure operational technology and control systems from ransomware threats. 

CISA said Wednesday that it advises organizations to develop manual controls that can maintain critical processes and industrial control systems amid ransomware risks.

The agency also recommends the implementation of regular backup procedures and a robust divide between information technology and OT networks.

The document also noted that backup procedures must be isolated from networks and that organizations must conduct continuous monitoring efforts.

CISA issued this guidance in response to recent incidents where cyber disruptions in IT networks also affected operational processes. The agency also advises organizations to report ransomware cases to law enforcement entities such as the FBI.

The National Cybersecurity Center of Excellence (NCCoE) has issued a draft report made to help organizations manage risks related to ransomware attacks.

NCCoE's Cybersecurity Framework Profile for Ransomware Risk Management draft defines security objectives to help parties prevent, address and recover from ransomware attacks, the National Institute of Standards and Technology (NIST) said Thursday.

Ransomware refers to encryption-based cyberattacks that block user access to information until an amount of money is paid. These attacks encrypt and potentially steal critical information, then propose to not leak the stolen data if the sum is paid.

NIST asks the public to comment and provide input on the draft. Interested parties may submit responses through July 9th.

Mike White, the principal director of hypersonics within the Office of the Undersecretary of Defense for Research and Engineering, said the technology he is in charge of is an important part of the military's modernization, DOD News reported Wednesday.

He said hypersonic weapons have the potential to strike high-priority targets and can sustain high-altitude flight at speeds near Mach 5. White said these characteristics make hypersonic missiles effective against long-range targets.

The Department of Defense (DOD) is working on hypersonic weapons applicable for launch from air, maritime and land domains. The three service branches corresponding to these domains, as well as the Missile Defense Agency (MDA), the Defense Advanced Research Projects Agency (DARPA) and other organizations, are working on various hypersonic technology projects.