/
CyberCore Analyzes Supply Chain Risk Reduction; William Von Hagel Quoted
Published on
CyberCore Analyzes Supply Chain Risk Reduction; William Von Hagel Quoted

CyberCore recently highlighted the ways organizations can mitigate supply chain risk, which has significantly increased with the COVID-19 pandemic. The federal government has significantly relied on global sourcing and manufacturing of critical infrastructure products, which has resulted in supply chain threats, including counterfeit products, hacks, trade wars and supply disruption. 

“It is critical to vet your vendors and third-party suppliers to reduce the risk of threats internal to the supply chain,” recommends Dr. William Von Hagel, Jr., CyberCore’s vice president of Solutions and Marketing. 

CyberCore reported that a supply chain can incorporate hundreds of vendors and business partners from dozens of countries. The data flow within the supply chain has contributed to sharing of confidential information with suppliers and third parties, which has exposed organizations to security risks and data breaches. 

These threats have led to the increase of data loss and compromise. The company reported that unprotected supply chains face a rising number of threats, such as theft of proprietary information, attacks on critical infrastructure and purchasing counterfeit, defective or grey market medical products. 

CyberCore noted that traditional supply chain security measures have focused on protecting supply chains from outside threats. Because of this, organizations could be exposed to other threat vectors. The company also reported that poor process management could affect response and delivery times, leading to vulnerabilities in the supply chain.  

To keep organizations safe and competitive, CyberCore has recommended a multilayered security approach to ensure a secure and well-managed supply chain. Additionally, the company reported that a comprehensive risk assessment is critical to ensure that potential threats to the supply chain are discovered in advance and avoided. 

/
IRS Uses Bots to Simplify Contracting Work; Andrea Kadish Quoted
Published on
IRS Uses Bots to Simplify Contracting Work; Andrea Kadish Quoted

The Internal Revenue Service (IRS) employed bots to quickly implement telecommunications security language across all of the agency's contracts, GCN reported Friday. The Digital Accountability and Transparency Act of 2014 prompted IRS to adopt the DATA Act Bot that works to increase the Federal Procurement Data System's accuracy and transparency.

IRS used bot to meet contracting requirements imposed by the National Defense Authorization Act. The DATA Act Bot was originally designed to support compliance with its namesake.

Shanna Webbers, chief procurement officer at IRS, said the agency had to apply the telecommunications security language on 1,466 active contracts. The bot streamlined a process that would've taken nearly a year if done traditionally.

“The overall goal as we’re looking at this is to strengthen our agility by incorporating automated processes that are also streamlined,” said Andrea Kadish, director of the data analytics and technology division within IRS' procurement office.

//
NIST, FEMA Devise Earthquake Recovery Roadmap; Siamak Sattar Quoted
Published on
NIST, FEMA Devise Earthquake Recovery Roadmap; Siamak Sattar Quoted

Congress directed the National Institute of Standards and Technology (NIST) and the Federal Emergency Management Agency (FEMA)to create approaches that may mitigate the potential effects of major earthquakes

The partnership formed a group of over 30 building owners, social scientists, building owners, architects and engineers to explore various options and address concerns in standards, practices and policies, NIST said Wednesday.

The committee urged the government as well as codes and standards organizations to build a national framework that will devise objectives based on buildings' recovery time. The group also recommended an education campaign on earthquake risks as well as the creation of a recovery-based design criteria for lifelines and buildings in a bid to set design parameters.

"The immediate aim of the report is to spark a national conversation about developing a consensus for recovery goals and timelines," said Siamak Sattar, a structural engineer at NIST. "This approach may eventually be reflected in building codes, but first, a considerable amount of research must be tackled," added Sattar.

NIST and FEMA are member agencies under the National Earthquake Hazards Reduction Program.

//
Cybercom Deploys Cyber Defense Teams After SolarWinds Attack
Published on
Cybercom Deploys Cyber Defense Teams After SolarWinds Attack

U.S. Cyber Command (USCYBERCOM) has deployed teams of cyber professionals to assess military networks following a recent attack attributed to SolarWinds software, C4ISRnet reported Saturday. USCYBERCOM’s 68 cyber protection teams comprise a major part of the Department of Defense's cyber troops and serve as a response force in the event of a network breach by adversaries.

Each team is comprised of 39 cyber professionals that will first handle attack vectors, detect anomalous behavior and identify impacted network segments and machines. Capt. Katrina Cheesman, spokesperson for USCYBERCOM, said there is no indication that DOD networks have been breached following the recent attack.

Andrew Hall, former director of the U.S. Army Cyber Institute, noted that the DOD must think of the cyber attack from both defensive and offensive positions.

“The time that you spent trying to work on a network as an offensive person is going to help you understand where you might want to look defensively,” he said.

Experts have noted that assessing the extent of damages form any cyber attack could span months, according to the report.

//
GSA Creates Digital Worker Identity Mgmt Guide
Published on
GSA Creates Digital Worker Identity Mgmt Guide

A new playbook developed by the General Services Administration (GSA) provides guidance for government information technology departments to monitor automated tools that perform business processes similar to a human worker.

The Digital Worker Identity Playbook outlines a process for determining potential security risks from software-based platforms and agents, Daria Medved, deputy director of emerging technologies at GSA, wrote in a joint blog post with information technology specialist Ken Myers.

The guidance document also outlines risk-based identity governance requirements and accountability metrics for automated systems. Medved and Myers noted the interaction between digital worker technology and sensitive data in high-risk work may affect missions.

They said agency IT teams can manage security practices, audits and incident response approaches through the enforcement of least privilege and user access recertification for digital agents.

//
GAO: NIH Awarded Most SBIR Funding to Venture-Backed Companies in FY 19-20
Published on
GAO: NIH Awarded Most SBIR Funding to Venture-Backed Companies in FY 19-20

The Government Accountability Office (GAO) has found that the National Institutes of Health (NIH) and the departments of the Navy and Education awarded $31.6 million in obligations to nontraditional companies in fiscal years 2019 and 2020.

GAO said Friday the Department of Health and Human Services (HHS) component accounted for the most awards to companies backed by private equity firms, venture capitalists and hedge funds during that time period as part of the Small Business Innovation Research (SBIR) Program.

The three agencies issued a total of 45 SBIR awards in a push to drive innovation and research in topic areas that have seen limited private funding, the watchdog noted.

According to GAO’s report, the Department of Energy's Advanced Research Projects Agency-Energy was able to open applications to small businesses but did not award contracts in FY 2019 and 2020. NASA and the Department of Homeland Security have reported lack of interest from qualified small businesses as a reason for not pursuing SBIR projects in FY 19 and 20.

The Department of the Air Force said it seeks to use SBIR funding for dual-use technology development while the Department of the Army is considering issuing awards to qualified small businesses.

/
SDA Director Derek Tournear: Military May Need Different Approach to Implement Space Machine Learning
Published on
SDA Director Derek Tournear: Military May Need Different Approach to Implement Space Machine Learning

Derek Tournear, director of the Space Development Agency, said the military will need to consider certain technical limits before implementing machine learning technology across space systems.

He spoke at a Defense One webinar about space-based ML's potential to augment the military's data operations and situational awareness in the future, as well as factors that make the technology difficult to achieve, Nextgov reported Friday.

ML and artificial intelligence in space would require supercomputers in low Earth orbit to generate the needed amount of computing power. However, the space environment presents a physical limit to how much heat can be produced in orbital systems.

Tournear said to address this issue, he plans to test ground-based target-recognition systems that would then port into a space network. This testing would happen in four years.

“It’s really got to be done on the ground first and then ported to space where you’re power- and thermal- constrained," he stated.

/
USAF Adds Lockheed Martin to Platform One DevSecOps Software Program; Nic Chaillan Quoted
Published on
USAF Adds Lockheed Martin to Platform One DevSecOps Software Program; Nic Chaillan Quoted

The U.S. Air Force has added Lockheed Martin to Platform One, a software development program that works to develop and deliver new software applications for defense missions, the company reported on Monday. 

Platform One manages Air Force software factories and provides DevSecOps managed services with collaboration tools, cybersecurity tools, open source code and artifact repositories, development tools, and DevSecOps as a Service. 

“It’s clear from their actions that Lockheed Martin is embracing DevSecOps and is committed to advancing Platform One capabilities,” said Nic Chaillan, the Air Force’s chief software officer

The Department of Defense’s (DOD) Platform One is a standardized and mandated DevSecOps Infrastructure program that has been leveraged for software development. The platform has enabled faster software development and deployment with continuous updates to warfighters.

“Collaboration with industry is key to the success of Platform One and other advanced cloud and software efforts, and we look forward to working with the Defense Industrial Base to improve the way we deliver fast, secure and high-quality code to warfighters,” Chaillan added. 

Lockheed Martin was recently awarded a Basic Ordering Agreement (BOA) for Platform One Software DevSecOps Services to support DevSecOps engineering, software development, cybersecurity, operations and IT support. The award has strengthened the company’s work with the Platform One team. 

The Platform One BOA can also be used for task orders for U.S. Cyber Command, including Joint Cyber Warfighting Architecture DevSecOps development critical to multiple programs such as Joint Cyber Command and Control. 

“Platform One is a truly innovative approach that is propelling the DoD’s DevSecOps evolution, and the collaboration with industry has helped us build infrastructure and capabilities that are well-aligned to the DoD’s vision,” said Yvonne Hodge, senior vice president of Enterprise Business Transformation at Lockheed Martin.

/
NASA Appoints Leaders to Senior Agency Positions
Published on
NASA Appoints Leaders to Senior Agency Positions

NASA has appointed new leadership to senior agency positions, the agency reported on Monday. Of the appointments, Bhavya Lal will serve as acting chief of staff. Lal will also be the senior advisor for budget and finance at NASA.

Lal has deep experience in engineering and space technology, previously serving as a member of the research staff at the Institute for Defense Analyses and Science and Technology Policy Institute (STPI) before joining the agency. 

With STPI, Lal led the analysis of space technology, strategy and policy for the White House Office of Science and Technology Policy and National Space Council (NSC), as well as federal space-oriented organizations, including NASA, the Department of Defense (DOD), and the intelligence community (IC).

Lal served two consecutive terms on the National Oceanic and Atmospheric Administration (NOAA) Federal Advisory Committee on Commercial Remote Sensing. She was also an external council member of NASA's Innovative Advanced Concepts Program and the Technology, Innovation and Engineering Advisory Committee of the NASA Advisory Council. 

Before joining STPI, Lal served as president of C-STPS. She previously served as the director of the Center for Science and Technology Policy Studies at Abt Associates. 

NASA has also appointed Phillip Thompson as  White House liaison. Thompson will join NASA after serving as the coalitions advisor under the campaign that led Sen. Jon Ossoff and Sen. Rafael Warnock’s U.S. Senate elections. In the general election, Thompson served as Georgia coalitions director for President Biden

Thompson also has advised state and local officials on public engagement in Arizona, California, Texas and Hawaii, as director of candidate development for the Leadership for Educational Equity. Thompson is a former partner at The Maccabee Group. With the organization he  advised members of Congress in New Mexico and Nevada, as well as efforts in Ohio and North Carolina. 

In addition to the appointments of Bhavya Lal and Phillip Thompson, NASA named four leaders to senior agency positions, including: 

  • Alicia Brown, associate administrator for the Office of Legislative and Intergovernmental Affairs.
  • Marc Etkind, associate administrator for the agency's Office of Communications.
  • Jackie McGuinness, press secretary.
  • Reagan Hunter, special assistant for the agency's Office of Legislative and Intergovernmental Affairs.
/
NASA to Conduct Second Green Run Hotfire Test of Space Launch System Core Stage
Published on
NASA to Conduct Second Green Run Hotfire Test of Space Launch System Core Stage

NASA will perform a second hotfire test of the core stage of the Space Launch System (SLS) at the Stennis Space Center in Mississippi no earlier than the last week of February, SpaceNews reported Friday.

The second static fire test of four RS-25 engines of the SLS core stage is the final step in the Green Run test campaign that kicked off a year ago. The test rerun was planned after the initial hotfire test fell short of the planned 485 seconds when a hydraulic system for one of the engines reached an “intentionally conservative” limit that prompted the flight computer to trigger a shutdown during the test.

NASA said engineers will upgrade the conservative logic parameters for the upcoming test, which will run for at least four minutes, and that it will take about a month to refurbish the SLS core stage following the second Green Run static-fire test before delivering it to Kennedy Space Center in Florida.

The SLS core stage will be part of the Artemis 1 unmanned lunar orbital test flight, which is expected to launch in November 2021.

1 1,270 1,271 1,272 1,273 1,274 2,703