/
NCCoE Seeks Public Input on Draft Ransomware Risk Guidance
Published on
NCCoE Seeks Public Input on Draft Ransomware Risk Guidance

The National Cybersecurity Center of Excellence has released an initial public draft of “Ransomware Risk Management: A Cybersecurity Framework 2.0 Community Profile” and is calling for feedback on the publication.

Managing Ransomware Threats

Also known as NIST Interagency Report 8374, the publication is meant to help readers evaluate whether their organization is prepared to counter ransomware threats, mitigate the effects of a ransomware event and develop a ransomware countermeasure playbook, the National Institute of Standards and Technology said Monday.

The publication, which was developed with the help of industry partners, can also be used by readers to identify areas where they could improve their organizations’ defenses against ransomware.

NIST IR 8374 reflects changes to Cybersecurity Framework 1.1 that are now part of CSF 2.0. These changes include objectives that support the management, detection, response to and recovery from ransomware events.

Input From the Public

Concerning public feedback, NIST is interested in determining which parts of the publication are helpful and which need to be improved. Of particular interest to NIST is determining which types of prioritization and control baselines are helpful.

The agency is also interested in finding out about other resources related to ransomware risk mitigation.

Interested parties have until March 14 to provide feedback. Respondents may also provide general feedback regarding the publication.

/
Sean Gainey Reveals USASMDC Future Plans
Published on
Sean Gainey Reveals USASMDC Future Plans

Lt. Gen. Sean Gainey, commanding general of the U.S. Army Space and Missile Defense Command, has announced the future plans of the USASMDC.

The Army said Monday the command is focusing on modernizing the Army’s air and missile defense strategy and has identified three immediate priorities to achieve this goal. This includes the establishment of an Army space branch, advancement of the missile defeat concept and provision of support for the Ronald Reagan Ballistic Missile Defense Test Site.

Air and Missile Defense Modernization

Gainey, also commander of the Joint Functional Component Command for Integrated Missile Defense, led efforts to update the Army’s air and missile defense strategy through the Integrated Air and Missile Defense Strategy 2040. Expected to be released in September, the revised strategy aims to address evolving and emerging threats.

Army Space Branch

The USASMDC is planning to create a space branch within the Army that will enable the command to retain experts with critical skills.

“Space capabilities are integrated into every aspect of modern warfare and play a significant role in successful multidomain operations,” said Gainey. “It’s USASMDC’s job to plan for the establishment of the space branch and to advocate for its implementation.”

Missile Defeat Concept

As JFCC IMD commander, Gainey can advance the missile defeat concept. His goal is to leverage active, attack and passive operations to achieve a holistic approach to missile defense.

Reagan Ballistic Missile Defense Test Site

The initiative to modernize air and missile defense is connected to the Reagan Test Site on Kwajalein Atoll in the Marshall Islands. By modernizing the RTS and its facilities, the test site will be able to provide enhanced capabilities to Space Command and Space Force.

/
NSA, Partners Share Guidance for Selecting Secure OT Products
Published on
NSA, Partners Share Guidance for Selecting Secure OT Products

The National Security Agency, together with the Cybersecurity and Infrastructure Security Agency and other partner organizations, has issued a guidance to assist operational technology owners and operators in selecting secure OT products.

Cybersecurity Information Sheet

The NSA said Monday the Cybersecurity Information Sheet, called “Secure by Demand: Priority Considerations for Operational Technology Owners and Operators in the Selection of Digital Products,” outlines significant security elements needed to purchase OT products such as industrial automation and control systems. The CSI also includes questions to ask manufacturers.

Many OT products don’t have inherent security features or were not developed securely. These products are usually vulnerable to cyberattacks due to weak authentication, shared software weaknesses, limited logging, default settings, default protocols and default credentials.

According to the CSI, OT owners and operators should select products that feature vital security elements, such as:

  • Configuration management
  • Logging in the baseline product
  • Open standards, ownership
  • Protection of data
  • Secure by default
  • Secure communications
  • Secure controls
  • Strong authentication
  • Threat modeling
  • Upgrade tooling
  • Vulnerability handling

Aside from NSA and CISA, the other partner organizations include the FBI, Department of Energy, Environmental Protection Agency, Transportation Security Administration, European Commission, Australian Signals Directorate’s Australian Cyber Security Centre, Canadian Centre for Cyber Security, Germany’s Federal Office for Information Security, Netherland’s National Cyber Security Centre, New Zealand’s National Cyber Security Centre and the United Kingdom’s National Cyber Security Centre.

Dave Luber, director of cybersecurity at NSA, said, “The guidance not only helps owners and operators of critical systems secure their OT procurement lifecycles, it also sends a message to manufacturers to establish a more resilient and flexible cybersecurity foundation in their products.”

/
Deputy Defense Secretary Highlights 4 Priorities for Competition With China
Published on
Deputy Defense Secretary Highlights 4 Priorities for Competition With China

Deputy Defense Secretary Kathleen Hicks, a 2024 Wash100 awardee, has outlined a plan to be successful in strategic competition with China.

During a keynote address at the John Hopkins School of Advanced International Studies in Washington on Friday, Hicks spoke on the top four lessons she views as vital for staying ahead of China as one of the United States’ most significant competitors.

Focusing on Top Priorities 

With the department monitoring China’s attempts to build a modern military for the past 25 years, Hicks believes the DOD must focus on priorities like creating a strategy to battle China’s military. 

“So, [current defense policy makers] came into office determined to build on the progress of our predecessors — from both parties — and to unlock necessary changes,” Hicks said. 

“Senior decision makers must rigorously align ends, ways and means to ensure the strategy itself remains right and DOD can deliver on it,” she continued. 

Execution & Delivery

Throughout the intensifying strategic competition with China, the U.S. military has executed and delivered various capabilities.

“From day one, we’ve focused relentlessly on driving changes needed to outpace the PRC and ensure our enduring military advantage,” Hicks stated. “The result has been a more modernized, lethal, agile force across our capabilities, operational concepts, posture and much more.”

However, Hicks additionally highlighted China’s ability to be a “fast follower” and urged defense leaders to use discretion with strategies and efforts related to strategic competition.

Competitive Advantage 

Hicks emphasized how the nation’s strong network of allies across the world will serve as a competitive advantage over China. 

“Around the world, America’s friends and allies have been substantially contributing to the common defense … And when Beijing sees — as they did last year — navy ships from Canada, Germany and [other countries] peacefully sailing through the Taiwan Strait, they’re reminded that America is hardly the only democracy that wants to see stability and prosperity prevail over chaos and conflict,” Hicks said.

She went on to note that the DOD’s partnership with government, industry, academia and non-profits is also an advantage.

/
OPM Appoints Melvin Brown II as CIO
Published on
OPM Appoints Melvin Brown II as CIO

The Office of Personnel Management has promoted Melvin Brown II, deputy chief information officer, to CIO.

Brown announced his appointment in a LinkedIn post published Sunday.

He succeeded Guy Cavallo, who retired from federal service after over two decades in government.

Melvin Brown II’s Career Background

According to his profile on the professional networking site, he previously served as a director at the Small Business Administration before joining OPM as deputy CIO in 2021.

Brown spent nearly eight years at the Department of Homeland Security, where he served as a senior adviser to the Presidential Transition Office, program manager for the Supply Chain Management Initiative and program manager for the Performance and Learning Management System.

The U.S. Marine Corps veteran also served as chief of staff within the U.S. Citizenship and Immigration Services’ Office of Information Technology and program manager for the Knowledge Services Network at the Federal Aviation Administration.

He additionally served as an adjunct professor at the University of Phoenix for 14 years.

//
Marine Corps Issues Generative AI Guidance
Published on
Marine Corps Issues Generative AI Guidance

The U.S. Marine Corps has released new guidance on the development, deployment and use of large language models and other generative artificial intelligence technologies within the service branch, Breaking Defense reported Friday.

Guidance for GenAI System Owners, Developers

Unveiled in December, the USMC Guidance on Generative Artificial Intelligence states that GenAI system owners and developers should obtain appropriate approvals for processing classified and sensitive information in compliance with existing software and container security policy and develop processes to document the source and attributes of training data before building or fine-tuning a GenAI model.

They should also test and evaluate GenAI systems in a controlled environment to ensure that such tools operate as expected and provide transparency and explainability for model outputs as required.

Instructions for GenAI System Users

GenAI system users should “distrust and verify all outputs prior to use” and use their best judgment when determining whether to add a citation.

The guidance holds users responsible for the data they input into publicly accessible GenAI tools. Users should also adhere to cybersecurity, legal, operational security, information and classification policies.

Establishment of AI Task Forces

The document directs commands to establish AI task forces or cells to help evaluate existing and in-development GenAI tools for applicability for use within the military branch.

Commands should also come up with a list of forthcoming preferred GenAI systems aligned with common use cases as a reference for USMC organizations seeking to meet their mission requirements with GenAI platforms.

According to the guidance, commands should ensure that developers, system owners and users use appropriate risk assessment frameworks for GenAI systems.

//
CDAO Scales Digital Tools Through Open DAGIR
Published on
CDAO Scales Digital Tools Through Open DAGIR

The Department of Defense’s Chief Digital and Artificial Intelligence Office has scaled AI, data capabilities and other digital tools since launching the Open Data and Applications Government-owned Interoperable Repositories, or Open DAGIR, construct in May 2024.

“Over the last six months, CDAO has created a modular, interoperable ecosystem of digital capabilities for different use cases at the DoD,” Chief Digital and AI Officer Radha Plumb said in a statement published Friday.

“From enterprise analytics to strategic command and control to the tactical edge, the Open DAGIR approach is paying dividends in getting our warfighters the digital capabilities they need,” she added.

Applying Open DAGIR Across 3 Lines of Effort

In the past six months, CDAO said it has implemented the Open DAGIR approach across three lines of effort: strategic command and control; enterprise analytics; and edge data integration services.

Under the first line of effort, the office created onboarding pathways for capabilities from the government and third-party vendors onto the Maven Smart Systems data environment.

For enterprise analytics, DOD is moving from a single-award contract for its platform of record, Advana, to a multiple-award, indefinite-delivery/indefinite-quantity contract and has invested in the DevSecOps pipeline to accelerate updates and boost throughput from various developers.

For the third line of effort, CDAO is scaling a tactical edge data integration services platform that will allow warfighters to share data during command and control. The office is advancing the development of an app store and a common development environment to enable end users to access various apps.

AI Infrastructure: CDAO’s Next Line of Effort

“Our next line of effort focused on investing in AI infrastructure will help accelerate the Department’s ability to leverage frontier AI capabilities in months instead of years, translating to continued and enduring advantage for our military,” Plumb stated.

In mid-January, CDAO plans to release an initial draft of metrics to monitor progress to actioning Open DAGIR principles to drive data-based decision-making and transparency.

In the spring, the office will host an industry day to accelerate DOD’s partnerships with AI infrastructure providers and AI labs.

What Is Open DAGIR?

In May 2024, CDAO launched Open DAGIR as a multivendor ecosystem that could enable government and industry to integrate and scale data, AI and analytics capabilities as well as protect industry’s intellectual property and government data ownership.

/
New CISA Report Reveals Improved Cybersecurity Across CI Sector
Published on
New CISA Report Reveals Improved Cybersecurity Across CI Sector

The Cybersecurity and Infrastructure Security Agency has reported significant progress in improving critical infrastructure cybersecurity and resilience since the implementation of its cross-sector Cybersecurity Performance Goals. The agency on Friday published the results of its analysis of 7,791 critical infrastructure organizations enrolled in its vulnerability scanning service from 2022 through 2024.

The CPG, issued in October 2022, is a set of voluntary practices designed to empower critical infrastructure operators to defend their networks against cyberthreats. The CPG offers guidance for organizations that may lack the knowledge and resources to adopt tools or roll out programs that could strengthen their network resilience. 

CISA Shares Cyber Hygiene Enrollment Rate

CISA’s Cyber Hygiene service enrollment rate over the past two years increased by 201 percent. The communications sector saw the largest enrollment jump at 300 percent, with enrollments across emergency services, critical manufacturing, and water and wastewater system sectors also seeing over 200 percent growth. 

Improved Cybersecurity Across US Critical Infrastructure Sector

One of the progress points the agency shared in the report is the decline in known exploited vulnerabilities, or KEVs, among entities enrolled in the government’s vulnerability scanning service. Since 2022, the average number of KEVs in assets accessible to the internet among critical infrastructure organizations declined. The trend shows that companies are prioritizing the remediation of network flaws based on CISA’s KEV catalog. 

The agency also saw improvements in Secure Sockets Layer misconfigurations, which decreased on average from 3.8 in the first 11 months of the CPG implementation to 2.5 in the past 12 months. 

Also highlighted in the report the persistence of operational technology protocols exposed to the internet. The government, according to the agency, accounts for the highest OT/Industrial Control System protocols exposed to the public internet at 63 percent. IT, energy, healthcare and public health, and financial services make up the top five of the sectors with the highest occurrences.

//
NRO Launches NROL-153 Mission
Published on
NRO Launches NROL-153 Mission

The National Reconnaissance Office launched the NROL-153 mission from Space Launch Complex-4 East at Vandenberg Space Force Base in California on Jan. 9.

The agency said Thursday it collaborated with Space Force Space Launch Delta 30 and SpaceX for the launch of the NROL-153 mission aboard a SpaceX Falcon 9 rocket.

NROL Missions

NRO is reportedly working to enhance its intelligence, surveillance and reconnaissance, or ISR, capabilities. It is scheduled to launch 12 missions in 2025 with the goal of advancing the agency’s proliferated architecture by adding additional proliferated launches until 2028 that will ensure sustained growth and innovation.

The latest launch is the seventh mission in support of NRO’s proliferated architecture. It is also the first of the 12 planned 2025 missions. The NROL-153 follows the recent launch of the NROL-149 on Dec. 17 last year, one of almost 100 satellites deployed in orbit.

//
HHS Publishes AI Strategy Roadmap Focused on Innovation, Safe Use
Published on
HHS Publishes AI Strategy Roadmap Focused on Innovation, Safe Use

The Department of Health and Human Services has announced four objectives guiding its new artificial intelligence strategy’s implementation, with a push on innovation as one of the initiatives lined up. The AI Strategic Plan supports the department’s goal of protecting and enhancing Americans’ health, while also pursuing the responsible use of emerging technologies, HHS said Friday.

The plan’s drive toward AI innovation aims at expanding the technology’s use across value chains and infrastructure modernization and public-private partnerships to support AI adoption. To advance the roadmap’s work on AI safety and responsible use, the initiatives include the development of HHS standards on the utilization of federal resources for trustworthy AI use.

Information-Sharing and Partnerships

In addition, the strategic plan is geared to support information-sharing methods on standards, best practices and potential partnerships. The roadmap’s objectives also include the development of open-source AI tools with user-friendly and customizable features to democratize access to the technology.

As its fourth objective, the HHS plan will pursue measures to grow AI-empowered workforces and organizations to enable staff to make the best use of the technology.

Deputy HHS Secretary Andrea Palm expressed optimism for AI’s transformational potential to support U.S. health services delivery.

“These technologies hold unparalleled ability to drive innovation through accelerating scientific breakthroughs, improving medical product safety and effectiveness, improving health outcomes through care delivery, increasing access to human services, and optimizing public health,” she said.

1 134 135 136 137 138 2,621