The National Institute of Standards and Technology (NIST) has issued a draft special publication that seeks to demonstrate how organizations can use standards-based, commercially available products to help meet their privacy and security needs as they adopt the bring your own device practice.

The draft SP 1800-22 Mobile Device Security: Bring Your Own Device practice guide is intended to help organizations use industry best practices to improve mobile device security and privacy; enhance visibility into mobile device health; and improve the security of mobile devices and applications through the deployment of several technologies, NIST said Thursday.

“This practice guide provides an example solution demonstrating how to enhance security and privacy in Android and Apple smartphone BYOD deployments,” the notice reads.

The draft publication also describes several technologies that support the example platform’s security and privacy goals, including trusted execution environment, enterprise mobility management, virtual private network and mobile application vetting service.

NIST will accept feedback and comments on the draft practice guide through May 3rd.

To register for this virtual forum, visit the GovConWire Events page.

A group of bipartisan House lawmakers sent letters to heads of federal agencies requesting more information related to the SolarWinds cyberattack.

The lawmakers want agencies to submit written responses to eight questions by March 31st “to gain a fuller understanding of the scope of the attack and actions being taken to mitigate its effects,” according to a news release published Wednesday.

Agencies should explain the extent and nature of the compromise, detail the actions taken to investigate and respond to the attack and provide information on their schedule for mitigating the risks associated with the incident.

Lawmakers also want to know how agencies evaluate vendors for cybersecurity risks and whether they have a specific plan in place to reduce the risks of future supply chain attacks.

House Energy and Commerce Committee Chairman Frank Pallone, D-N.J. and Cathy McMorris Rodgers, R-Wash., the House panel’s ranking member, were among the signatories of the letter addressed to several agency chiefs, including Commerce Secretary Gina Raimondo and Energy Secretary Jennifer Granholm.

To register for this virtual forum, visit the GovConWire Events page.

Secretary of Veterans Affairs (VA) Denis McDonough announced a review of the VA’s electronic health record (EHR) modernization in a move welcomed by lawmakers.

“A successful EHR deployment is essential in the delivery of lifetime, world-class health care for our Veterans. After a rigorous review of our most-recent deployment at Mann-Grandstaff VA Medical Center, it is apparent that a strategic review is necessary. VA remains committed to the Cerner Millennium solution, and we must get this right for Veterans,” commented McDonough

The review follows in the wake of a call from the Government Accountability Office (GAO) for the VA to stop the system roll-out to fix critical issues. The issues stem from the EHR system at Mann-Grandstaff VA Medical Center in Spokane, Washington, the first center to launch the new Cerner Millennium built EHR system.

The subsequent roll-out of the system is scheduled for a VA facility in Columbus, Ohio, however, the new 12-week review might alter that plan. The GAO report mentioned several technical issues that should be addressed before the next roll-out.

The EHR itself is a $16 billion, ten-year modernization program created during the Trump Administration. Some lawmakers have questioned this VA contract with Cerner Millennium.

House Veterans Affairs Committee Chairman Mark Takano, D-CA, said, “This strategic review comes at a critical time, and I’m hopeful that it will ensure Secretary McDonough has an opportunity to examine the prior administration’s handling of the project and course correct if necessary.”

The review has bi-partisan support as well. Rep. Cathay Rogers R-WA sent a letter to McDonough welcoming the review and even questioning the EHR program’s entire existence.

The top Republican congressman on the committee’s Technology Modernization Subcommittee, Rep. Matt Rosendale, R-MT concluded “It is not too much to ask that the Cerner electronic health record pass a simple test, that proves it will help doctors and nurses deliver quality and timely care to veterans, before it can be deployed anywhere else. If it cannot do that, we should not continue to spend on the contract.”

The Department of Energy (DOE) has unveiled three research programs aimed at ensuring the security of U.S. energy infrastructure against threats such as adversarial cyber attacks and natural hazards.

DOE said Thursday that its Office of Cybersecurity, Energy Security and Emergency Response (CESER) is funding efforts to expand its portfolio of research programs to include geomagnetic and electromagnetic interference prevention and cybersecurity testing for critical software and hardware.

CESER partnered with Schweitzer Engineering Laboratories for the Cyber Testing for Resilient Industrial Control System effort focused on assessing system vulnerabilities and evaluating digital cybersecurity tools through analytics.

The office’s Cybersecurity for Energy Delivery Systems division is also looking into partnering with academic and industry entities on security-focused projects involving cyber and physical infrastructure.

Jennifer Granholm, secretary of DOE, said the projects are meant to mitigate emerging threats from foreign actors, hackers and natural catastrophes while addressing the Biden administration’s clean energy initiatives.

DOE noted that it is also continuing efforts under nine projects focused on electromagnetic pulse and geomagnetic disturbance phenomena.

Joyce Corell, an official at the Office of the Director of National Intelligence (ODNI), said the U.S. must execute risk-based supply chain security management strategies following the SolarWinds cyber attacks, Breaking Defense reported Thursday.

Corell, who serves as assistant director for supply chain and cyber directorate at ODNI’s National Counterintelligence and Security Center (NCSC), told attendees at an Institute for Critical Infrastructure Technology event that the private and public sectors must address vulnerabilities in the information and communications technology supply chain in the wake of aggressive Chinese and Russian cyberespionage activities.

Corell’s comments come after the Defense Advanced Research Projects Agency (DARPA) and Intel announced a partnership to produce Application Specific Integrated Circuit chips for commercial and military aviation systems.

Under the Structured Array Hardware for Automatically Realized Applications (SAHARA) partnership, DARPA and Intel will work with academic entities to optimize the semiconductor's use.

Jose Roberto Alvarez, senior director for the office of the chief technology officer at Intel's Programmable Solutions Group, noted that SAHARA’s goal is to promote U.S.-based semiconductor manufacturing “from beginning to end”.

SAHARA is also looking into potentially developing ASIC for zero-trust environments or applications such as countermeasures technologies for protecting intellectual property and data against counterfeiting and reverse engineering.

The Cybersecurity and Infrastructure Security Agency (CISA) has earmarked $650 million from its  American Rescue Plan Act funding to transition its EINSTEIN threat intelligence system to various programs, FedScoop reported Thursday.

Brandon Wales, acting director of CISA, said at a hearing with the Senate Homeland Security Committee that the agency is prioritizing efforts to detect suspicious activity on networks handling unencrypted data to enable faster response to supply chain attacks.

CISA is also partnering with the Office of Management and Budget (OMB) on streamlining the federal government's contracting process and allocating ARP funding for endpoint detection capabilities as well as other tools to rapidly prevent anomalous behavior from entering networks, noted Wales.

The agency is additionally working to complete the Continuous Diagnostics and Mitigation (CDM) effort’s phases one and two which are slated to conclude in 2021, according to Wales.

“There’s a lot that we need to do through the federal contracting process to ensure that the vendors providing IT products and services for the federal government have the appropriate level of cybersecurity in place, based upon the information and their place within the networks that they are supporting,” he said.

The Government Accountability Office (GAO) has recommended that the Department of Defense (DoD) update the F-35 fighter jet program's schedule for the Block 4 software and hardware modernization effort in order to reflect realistic time frames.

DOD should implement tools to automate collection of data on software development performance to help inform program decisions and establish software performance target values as it initiates steps to determine additional metrics for software development, GAO said in a report published Thursday.

GAO made the recommendations after it found that the Pentagon's F-35 program “routinely underestimated the amount of work” necessary to build Block 4 capabilities, leading to additional delays.

“Unless the F-35 program accounts for historical performance in the schedule estimates, the Block 4 schedule will continue to exceed estimated time frames and stakeholders will lack reliable information on when capabilities will be delivered,” the report reads.

Maj. Gen. Wally Rugen, director of the U.S. Army Future Vertical Lift Cross-Functional Team, said the branch's requirements oversight council is scheduled to review iterative designs of the Future Attack Reconnaissance Aircraft from Bell and Sikorsky next month, Defense News reported Thursday.

The two vendors won other transaction agreements in March 2020 to develop FARA prototypes and completed final design readiness assessments with the military branch in December.

“What we saw back on the final designs from industry were impressive to the government team. Industry really did more," Rugen told Defense News.

Army reviewers seek to determine whether the Bell 360 Invictus and Sikorsky Raider X offerings are ready to join a fly-off event planned for late 2022, according to the publication.

The branch said last year it structured the FARA program into three phases that would take place before the aircraft production phase and intends to select a winning builder after the competitive exhibition.

FARA is intended to fill a capability gap the service faced after its decision to retire the OH-58D Kiowa Warrior light observation and reconnaissance aircraft, the report noted.