//
CISA Extends Term of ICT Supply Chain Task Force; Bob Kolasky Quoted
Published on
CISA Extends Term of ICT Supply Chain Task Force; Bob Kolasky Quoted

The Cybersecurity and Infrastructure Security Agency (CISA) has extended the term of a supply-chain security task force for an additional six months to continue efforts to protect the information and communications technology (ICT) sector.

CISA said Thursday the extension will allow the ICT Supply Chain Risk Management (SCRM) Task Force to build on its work detailed in its Year 2 report which covers information sharing, manufacturer evaluation, threat analysis and COVID-19 impacts.

The public-private task force is headed by CISA in partnership with the IT and Communications Sector Coordinating Councils. As part of its extended term, the group will continue promoting partnerships with international allies, stakeholders and other sectors to address issues in ICT supply-chain resilience.

Robert Mayer, co-chair of the task force, said the group has worked to engage government and ICT stakeholders to help secure the global supply chain over the past two years.

Bob Kolasky, assistant director of CISA  and Task Force co-chair, noted that the extension will also ensure that the partnership can “work beyond the normal governmental processes" and address unique ICT issues.

The task force will also build on findings detailed in its Working Group 2 Threat Scenarios Report and continue supporting the Federal Acquisition Security Council.

/
Interagency Cyber Group Releases Document to Educate Public on Ransomware
Published on
Interagency Cyber Group Releases Document to Educate Public on Ransomware

The National Cyber Investigative Joint Task Force (NCIJTF), a partnership between multiple security and intelligence agencies, has published a new fact sheet made to educate the masses on ransomware threats. Subject matter experts from across more than 15 government agencies contributed their input to develop the fact sheet under NCIJTF, the FBI said Thursday.

Ransomware is a type of malware that forcefully encrypts a victim's computer files and demands monetary payment to restore user access. NCIJTF is tasked to disseminate information on cyber threats, and therefore works to educate the masses about issues such as ransomware.

The U.S. government has placed concern on how ransomware attacks can delay critical operations of public safety networks and state and local agencies.

//
Defense Procurement Vet James Geurts to Serve as Navy’s Undersecretary on Acting Basis
Published on
Defense Procurement Vet James Geurts to Serve as Navy’s Undersecretary on Acting Basis

James Geurts, who most recently served as the assistant secretary of the Navy for research, development and acquisition and was a 2020 Wash100 Award recipient, was designated the service’s acting undersecretary on Thursday.

Geurts will also concurrently perform duties as chief operations and management officer of the Department of the Navy (DON), the service said the same day. He oversaw the Navy’s annual $100 billion budget for naval technologies essential to U.S. maritime defense in his most recent role, which ran from late 2017 to early 2019.

His three-decade career includes technology procurement-related work with U.S. Special Operations Command (USSOCOM) and the U.S. Air Force, where he managed programs for missiles, fighter aircraft, avionics systems, unmanned aircraft and other technologies.

“Having supported the military, both in and out of uniform, for the majority of my life, I know that when we are empowered and focused on the mission we can accomplish amazing things,” Geurts said.

//
FBI Awards Telos Risk Assessment Contract to Integrate Xacta
Published on
FBI Awards Telos Risk Assessment Contract to Integrate Xacta

Telos has been awarded a potential $13.5 million contract by the Federal Bureau of Investigation (FBI) to integrate the company’s Xacta solution and establish an interactive, real-time risk assessment capability across its risk management framework workloads, Telos reported on Wednesday.

Xacta has already been leveraged by the Central Intelligence Agency (CIA). With the solution, the FBI wants to shorten the time it takes to grant contractors permission to access its systems, so its assessors can focus on more pressing security issues.

“With its seamless deployment and automation, Xacta was the logical answer to mitigate the challenges. Xacta has been successfully deployed across the federal government including the Intelligence Community, civilian agencies and the Department of Defense, and we are excited to extend this work to the FBI,” said John Wood, CEO and chairman, Telos.

Telos will provide governance, risk management and compliance (GRC) support to the FBI’s Enterprise Information Security Section. The company will also help optimize technology, people and processes.

In addition, Telos will install, integrate and support Xacta within the Commercial Cloud Services (C2S), Secret Commercial Cloud Services (S-C2S) and GovCloud architectures. Xacta offers a customizable user interface, inherited security controls and status visibility.

Telos’ solution features enterprise cyber risk management and compliance automation solutions to meet the challenges of managing IT risk with continuous compliance monitoring, security assessment and ongoing authorization.

Xacta automates 85 percent of and continuously updates its features, which has delivered “very solid” cyber-hygiene, including good passwords, strong user access control and multi-factor authentication, Wood said. Understanding the FBI’s risk posture is critical, following the SolarWinds breach, Wood added.

/
VMware Enhances vRealize Cloud Management to Support Multi-Cloud Environments
Published on
VMware Enhances vRealize Cloud Management to Support Multi-Cloud Environments

VMware has announced innovations across its VMware vRealize Cloud Management portfolio of on-premises and Software as a Service (SaaS) solutions, which will enable customers to securely deploy and operate hybrid and multi-cloud environments, the company reported on Wednesday. Customers have also leveraged VMware vRealize Cloud Management solutions to gain greater IT and business agility to increase business outcomes.

“In today’s uncertain world, enterprises are seeking to increase agility and efficiencies to remain competitive and to drive faster business growth,” said Purnima Padmanabhan, senior vice president and general manager, Cloud Management Business Unit, VMware. 

VMware vRealize Cloud Management will enable customers to deploy and operate applications, infrastructure and platform services, from the data center to the cloud to the edge. The company’s platform will accelerate innovation by providing additional services, efficiency by visibility and automation. The offerings will help control and mitigate risk through unified operations and governance.

The company’s vRealize Automation 8.3 will enhance solutions for critical automation use cases, including self-service multi-clouds, network automation and DevOps with actionable insights, greater security and improved performance. 

Additionally, VMware’s solution will deliver self-driving operations to better optimize, plan and scale private, hybrid and multi-cloud environments. VMware vRealize Operations will be powered by AI and predictive analytics to provide continuous performance, capacity and cost optimization, proactive planning, intelligent remediation and integrated compliance. 

VMware vRealize Network Insight 6.1 and VMware vRealize Network Insight Cloud will provide an end-to-end network view, leveraging data across virtual and physical infrastructure. The company will utilize machine learning for application discovery, as well as assurance and verification capabilities to plan, build and manage complex networks. 

The company’s Skyline product will deliver proactive intelligence across VMware environments to prevent issues and unscheduled downtime. VMware’s Skyline Advisor will feature expanded visibility into the identified vulnerabilities and improve support request visibility. 

“As more businesses pursue cloud as an agility strategy, vRealize Cloud Management helps customers run their applications anywhere while maintaining consistent operations and common governance across all environments,” Padmanabhan added.

//
DOD Spending on OTAs Continues to Ramp Up; Robert Levinson, Rhys McCormick Quoted
Published on
DOD Spending on OTAs Continues to Ramp Up; Robert Levinson, Rhys McCormick Quoted

A National Defense Industrial Association (NDIA) report on the defense industrial base’s health shows that the Department of Defense’s (DOD) use of other transaction authority (OTA) agreements to encourage non-traditional vendors to work with the Pentagon has surged in recent years, National Defense reported Friday.

According to NDIA’s Vital Signs 2021 report, the average amount of DOD’s innovation-related investment per year that used OTAs climbed by approximately 300 percent. Analysts at Bloomberg Government said use of OTAs continued to rise in fiscal year 2020.

“Our data is showing $14.8 billion for DoD and $16.3 billion [for the U.S. government] overall for FY 2020, so the total has gone up over 100 percent over FY 2019 and we’re still waiting on the last month or so of data for DoD,” Robert Levinson, senior defense analyst at BGOV, said in a December email. “The enthusiasm for OTAs continues.”

A recent Center for Strategic and International Studies report showed that DOD recorded $7.7 billion in OTA obligations in 2019, a 75 percent increase from $4.4 billion reported in 2018. The U.S. Army emerged as the leading user of OTAs across the department, according to the CSIS study.

Rhys McCormick, a CSIS analyst, said he thinks the use of OTAs will continue to increase.

“I definitely don’t think the [current] growth rate is sustainable … but I think we’re going to continue to see growth in OTAs in the coming years,” McCormick said. “It just won’t be at that crazy rate that we saw” after the passage of the 2016 National Defense Authorization Act.

//
White House Memo Outlines Structure of National Security Council
Published on
White House Memo Outlines Structure of National Security Council

The White House has issued a new memorandum announcing the renewal of the National Security Council (NSC) system. 

The document published Thursday states that the NSC will help the president integrate all aspects of national security policy by coordinating agencies and executive departments in long-term strategic planning and policy development and implementation.

The memo details the regular attendees of NSC meetings and the structure of the council’s principals committee, deputies committee and interagency policy committees.

According to the document, the principals committee will serve as the “senior interagency forum for consideration of policy issues affecting national security” with the national security adviser acting as chair.

The deputies committee will help monitor and review the NSC interagency process-related work and address national security-related policy issues. This panel will be chaired by the principal deputy national security adviser.

The interagency policy committees will oversee the development and implementation of national security policies by multiple government agencies. 

“They shall provide policy analysis for consideration by the more senior committees of the NSC system and ensure timely responses to decisions made by the President. The IPCs shall be established at the direction of the National Security Advisor, and be chaired by his or her designees,” the memo reads.

/
Brig. Gen. Heather Pringle on Air Force’s Golden Horde Swarming Bombs Program
Published on
Brig. Gen. Heather Pringle on Air Force’s Golden Horde Swarming Bombs Program

Brig. Gen. Heather Pringle, commander of the Air Force Research Laboratory (AFRL), said the service will conduct a second test of the Golden Horde swarming bombs later in February 2021, Defense News reported Thursday.

“We’re looking forward to two more flights this month, in fact, with four collaborative small diameter bomb weapons, and I’m looking at time on target to try to up the game a little bit,” Pringle said Thursday at a Mitchell Institute for Aerospace Studies-hosted event. “This program is still progressing, and we’re really excited about where it’s going in 2021.”

One of AFRL’s top three priorities, the Golden Horde program involves a swarm of networked munitions equipped with an operational playbook that contains a collection of predetermined rules to facilitate autonomous operations.

The service carried out its first test of the program in Dec. 2020, meeting nine of the 13 objectives. However, the swarming bombs failed to send guidance commands to the navigation systems due to software issues, resulting in the munitions hitting a failsafe target location.

Pringle said she plans to meet with Brig. Gen. Heath Collins, the service’s program executive for weapons, to discuss the Golden Horde program, including its transition into an operational platform.

NOAA Teams up With Southern Mississippi University to Further Uncrewed System R&D
Published on
NOAA Teams up With Southern Mississippi University to Further Uncrewed System R&D

The National Oceanic and Atmospheric Administration (NOAA) will work with the University of Southern Mississippi (USM) to advance research and development of uncrewed systems and enable enhanced operation of the platform for better environmental data collection.

The agency said Thursday the 10-year agreement with USM also includes UxS testing and evaluation and serves as a framework for collaborative work between scientists from NOAA and operators of the said sensor-equipped vehicles.

NOAA uses UxS to inform extreme event forecasting with information gathered through at-sea observations. The vehicles are also capable of assisting the agency in marine mammal and fishery stock assessments, ocean exploration and seafloor and habitat mapping efforts.

"The use of uncrewed systems increases safety and productivity and allows us to expand coverage and access of ocean space, especially in remote, hazardous or extreme environments," said Kelly Lucas, associate vice president for research, coastal operations at USM.

Lucas also noted the possibility of uncrewed systems transforming data collection and processes if augmented with artificial intelligence and machine learning.

Rear Adm. Nancy Hann, deputy director for operations for NOAA’s Office of Marine and Aviation Operations and deputy director of the NOAA Commissioned Officer Corps, said the agency will help drive innovation in Mississippi. The state could be "a major hub for ocean research and innovation," according to her.

The partnership is in line with NOAA's efforts to work with the U.S. Navy, other federal agencies, industry and academia on UxS research, testing and acquisition as required by the Commercial Engagement Through Ocean Technology Act.

//
Idaho National Laboratory Introduces Engineering-Based Cybersecurity Approach
Published on
Idaho National Laboratory Introduces Engineering-Based Cybersecurity Approach

Idaho National Laboratory (INL) created an approach that employs engineering design principles to mitigate cyberattacks on utility operations.

Developed by INL in partnership with industry, government and the academia, the Consequence-driven Cyber-informed Engineering (CCE) method is a think-like-the-adversary approach that recognizes gaps on online services and technologies, the laboratory said Tuesday.

INL Cybersecurity Researchers Sarah Freeman and Andy Bochman released a book that tackles the approach in an effort to train employees at public utilities in defending from cyberattacks.

INL received $20 million in funds from Congress and the Department of Energy (DOE) in 2018 to continue the development of the CCE method. The laboratory supported hands-on security activities with large utilities and worked with utility operators to help enhance understanding of targeted cyberattacks and create mitigation measures.

The laboratory provided California-based firm West Yost a license to use the CCE method.

1 1,192 1,193 1,194 1,195 1,196 2,631