The Cybersecurity and Infrastructure Security Agency (CISA) has issued an analysis report in response to cyber attacks on cloud services of various organizations. The agency also found that hackers take advantage of email forwarding rules created by users to gain access to sensitive data.

Threat actors used several techniques such as brute force login attempts, phishing and a “pass-the-cookie” attack to bypass multifactor authentication and exploit vulnerabilities in the organizations’ cloud security practices, CISA said in the report published Wednesday.

“These types of attacks frequently occurred when victim organizations’ employees worked remotely and used a mixture of corporate laptops and personal devices to access their respective cloud services. Despite the use of security tools, affected organizations typically had weak cyber hygiene practices that allowed threat actors to conduct successful attacks,” the report reads.

CISA has recommended several measures to help organizations protect cloud environments, such as implementing conditional access policies, reviewing user-created email forwarding alerts and rules and assessing active directory sign-in logs and unified audit logs for malicious activity.

The Department of Defense’s (DoD) testing office said DoD has stopped the rollout of a $2 billion cybersecurity project called the Joint Regional Security Stack (JRSS) to classified networks due to its inability to help defenders safeguard component networks from “operationally realistic cyber attacks,” Bloomberg reported Thursday. 

JRSS is intended to provide DoD with attack prevention, intrusion detection and other network security capabilities.

Robert Behler, the Pentagon’s testing chief, recommended that the department’s chief information officer continue developing alternatives to the security stack and halt the program’s deployment to unclassified networks “until the system demonstrates that it is capable of helping network defenders to detect and respond to operationally realistic cyber attacks.” 

Russell Goemaere, a spokesman for DoD, said the department has not paused the deployment of JRSS to unclassified networks but has postponed the rollout to classified networks to have more time to mature joint procedures and techniques for midpoint security and improve the operational requirements.

Julie Dunne, outgoing commissioner of the General Services Administration’s (GSA) Federal Acquisition Service (FAS), said her team’s consolidation of the Multiple Award Schedule (MAS) contract vehicle boosted sales from $32 billion to $36 billion between 2019 and 2020.

Dunne said her successor must sustain the consolidation’s results and complementary catalog management work, FCW reported Tuesday. GSA will continue the consolidation with the release of a new common catalog platform through which the agency and contractors would manage offerings in a common user interface.

The FAS leader also mentioned her team’s efforts to integrate supply chain risk management into MAS procurements.

“We’re trying to initiate processes and understand what the threats are and how to deliver the best acquisition solution,” Dunne told FCW.

The Japanese government has inked an agreement with NASA to provide capabilities to sustain the habitation module of the agency's Gateway orbital outpost as part of the Artemis program. 

The Japan Aerospace Exploration Agency (JAXA) will deliver life support technologies and additional workspace to help Gateway crew members carry out work and research efforts inside the International Habitation module, NASA said Wednesday. 

Northrop Grumman partnered with the Japanese government to deliver batteries that will power Gateway's Habitation and Logistics Outpost module. Japan will also study potential updates for the HTV-X spacecraft in a bid to support Gateway's logistics resupply activities. 

"We’re honored to announce this latest agreement with Japan to support long-term human exploration on and around the Moon as part of the Artemis program," said Jim Bridenstine, NASA administrator and 2019 Wash100 Award recipient. 

Gateway is designed to support scientific research efforts and function as a rendezvous point for astronauts that will fly to the Moon via the Space Launch System and the Orion spacecraft. The orbital outpost will also test technologies that will support manned missions to the Red Planet. 

The European Space Agency (ESA) and NASA entered into an agreement to incorporate Gateway's life support capabilities into the outpost. 

The U.S. Air Force is looking to enhance its cybersecurity in response to the service branch's remote work setup by moving its mission-critical applications into a zero-trust environment, Fedscoop reported Tuesday.

USAF will establish a task force to explore the migration of applications from a defense-parameter setup to an environment that will authenticate all users equally to secure the service branch's technology infrastructure.

According to the report, the Defense Information Systems Agency (DISA) plans to launch a zero-trust reference framework in 2021 to push the Department of Defense's (DoD) agencies in updating their security networks.

The Air Force also rolled out pilot efforts to assess potential migrations to a zero-trust setup amid the COVID-19 pandemic.