The FBI and the Cybersecurity and Infrastructure Security Agency have issued a joint advisory saying hackers trying to exploit vulnerabilities in on-premises Microsoft Exchange Servers include nation-state actors and that the targeted organizations in this breach appear to match the entities that are being zeroed in by threat actors from China, Nextgov reported Thursday.

CISA and the bureau said local governments, nongovernmental organizations, academic institutions and businesses in various sectors, including defense, aerospace, pharmaceutical and power utilities, are being targeted by these cyber hackers.

“This targeting is consistent with previous targeting activity by Chinese cyber actors. Illicitly obtained business information, advanced technology, and research data may undermine business operations and research development of many U.S. companies and institutions,” the joint advisory reads.

The FBI and CISA warned that private companies and federal civilian agencies face “a serious risk” as threat actors exploit weaknesses in Microsoft Exchange in order to secure persistent access and control an enterprise network.

“FBI and CISA assess that adversaries will continue to exploit this vulnerability to compromise networks and steal information, encrypt data for ransom, or even execute a destructive attack. Adversaries may also sell access to compromised networks on the dark web,” the advisory states.

CISA issued an emergency directive requiring agencies to update their on-premises servers with security patches or disconnect the products. Microsoft released those security patches after it found that a state-sponsored threat actor from China, called Hafnium, was targeting defense contractors, policy think tanks, infectious disease researchers, law firms and other entities to steal data by compromising the servers.

First Air Force has been designated as the future air component to U.S. Space Command and is expected to reach initial operating capability by the end of calendar year 2021, the service reported Thursday.

“In this new role, First Air Force will be better able to identify and address gaps and seams when integrating spacepower into the support of the homeland defense mission. This will also inform efforts to better fuse space operations into air operations centers around the globe,” Air Force Chief of Staff Gen. Charles Brown said in a statement published Thursday.

First Air Force oversees air defense and aerospace control operations in the continental U.S., Puerto Rico and U.S. Virgin Islands. It will continue to support U.S. Northern Command and North American Aerospace Defense Command as Air Combat Command works to organize and train the new air component.

“We look forward to supporting USSPACECOM in their efforts to defend against threats to the space domain,” said Lt. Gen. Kirk Pierce, First Air Force commander.

The Potomac Officers Club will hold the 2021 Industrial Space Defense Summit on March 23 to feature discussions on space technology, partnerships and innovation. To register for this virtual summit and view other upcoming events, visit the Potomac Officers Club Events page.

The Federal Emergency Management Agency (FEMA) has teamed up with information technology organizations under the Department of Homeland Security (DHS) to establish cybersecurity controls that could automate security processes, FedScoop reported Wednesday.

FEMA seeks to implement application program interfaces that can generate and standardize system security plans for automation by communicating with authorizing engines. 

According to the report, some government agencies find it difficult to comply with data and privacy controls due to their inability to adopt technologies such as DevSecOps and cloud computing.

Ted Okada, chief technology officer at FEMA, said the agency intends to adopt a zero-trust security posture and handle as well as compute data at the edge.

"The common controls in the existing paradigm of client-server, hub-and-spoke computing, which are still with us even with cloud computing, those controls are fast becoming antiquated," said Okada.

The FBI has released a guidance aimed at helping cybersecurity professionals and the general public identify cases of “deepfake” which adversaries may use to dissuade public opinion.

FBI released the Private Industry Notification guidance on Wednesday in partnership with the Cybersecurity and Infrastructure Security Agency (CISA).

According to the guidance, foreign actors are likely to use synthetic content including deepfakes in the coming months as part of influence campaigns and social engineering tactics.

Deepfakes or generative adversarial network techniques utilize artificial intelligence and machine learning to manipulate digital content for fraudulent activities.

FBI expects malicious actors to use deepfakes to support spearphishing techniques and Business Identity Compromise attacks designed to imitate corporate personas and authority figures.

“Currently, individuals are more likely to encounter information online whose context has been altered by malicious actors versus fraudulent, synthesized content,” the guidance states. “This trend, however, will likely change as AL and ML technologies continue to advance.’ 

Adversaries have used deepfake techniques to create fictitious journalists for false news items since 2017, according to the guidance.

The Department of Energy (DOE) has commenced efforts to design and build a new $75 million facility that would support clean energy research and implementation. The new Grid Storage Launchpad (GSL) will operate from the Richland, Washington-based Pacific Northwest National Laboratory (PNNL), DOE said Wednesday.

“The Grid Storage Launchpad facility will bring together researchers and industry from around the country to modernize and add flexibility to the power grid, advance storage technologies and boost use of clean energy,” said Jennifer Granholm, secretary of energy.

GSL will house collaborative and multidisciplinary research, tests of energy storage systems and accelerated technology development. Thirty laboratories will compose the facility’s research workspace, including testing chambers.

PNNL will select a contractor for GSL’s design and build, as DOE expects construction activities to start later this year. The department also anticipates the future facility to be ready for operations by 2025.

The House Armed Services Committee has formed a task force that will work with the Department of Defense (DOD) to identify critical supplies and address potential vulnerabilities in the supply chain, Nextgov reported Wednesday.

The Defense Critical Supply Chain Task Force falls under the leadership of Reps. Mike Gallagher, R-Wisc., and Elissa Slotkin, D-Mich., and will run for three months.

Slotkin said in a prior press call that she expects the task force to address issues related to critical supplies such as personal protective equipment, semiconductors and advanced battery components.

Slotkin and Gallagher noted that the task force’s work will build on ideas from the Cyberspace Solarium Commission and the National Security Commission on Artificial Intelligence (NSCAI). 

Gallagher added that risks in the supply chain also result from an “extreme geographic concentration” of manufacturing activities in China, particularly on 5G technologies.