//
GAO Report Tackles Restrictive Vendor Licensing Practices
Published on
GAO Report Tackles Restrictive Vendor Licensing Practices

The Government Accountability Office has released a report regarding a review it conducted about the effects of restrictive software licensing and vendor practices on federal agencies working to migrate their data and software to the cloud.

Scope of the GAO Review

The review covered six agencies, namely the Departments of Justice, Transportation and Veterans Affairs; NASA; the Social Security Administration; and the Office of Personnel Management. The agencies were randomly selected.

The review process involved interviewing IT and acquisition officials from the agencies. The process also looked into 11 cloud investments within those agencies and relevant policies and documentation concerning the management of restrictive licensing practices.

Impacts of Restrictive Vendor Practices

According to the report, all the agencies, with the exception of OPM, were impacted by restrictive vendor practices. The negative practices described by the agencies include vendors requiring the repurchase of the same licenses to allow for their use in the cloud; the charging of various additional fees, including for the use of a vendor’s software on a competitor’s cloud service; and encouraging ways of using software, data or cloud services that effectively promoted vendor lock-in.

These practices were found to result in increased costs or limited cloud service or architecture choices.

Shortcomings of the Agencies

The report noted, however, that the agencies inconsistently implemented two key industry activities meant to manage the impacts of restrictive vendor practices. The first activity involves identifying and analyzing the possible impacts of such practices while the second activity involves developing plans to mitigate the impacts. The agencies either partially implemented the activities or failed to demonstrate that either activity was fully implemented.

The report attributes these shortcomings to the agencies’ failure to fully assign the responsibility of identifying and managing restrictive practices, which the agencies did not consider to be a priority in the first place.

GAO called on the agencies to not only assign someone to be responsible for managing the impacts of restrictive vendor practices but also update and implement relevant guidance, particularly when it comes to the effects on cloud computing efforts.

/
Shift5 Joins Forces With Carahsoft to Offer OT Platform
Published on
Shift5 Joins Forces With Carahsoft to Offer OT Platform

Shift5 has partnered with Carahsoft to offer its operational technology platform to Department of Defense customers and state and local transportation agencies.

Carahsoft will make Shift5’s onboard data collection, access and analysis capabilities for OT available through its reseller partners and contract vehicles, Shift5 announced Thursday.

Carahsoft President and ten-time Wash100 Award recipient Craig Abod said, “By combining Shift5’s expertise in OT cybersecurity, predictive maintenance, and compliance for cyber-physical systems with Carahsoft’s offerings, distribution capabilities, and reseller network, we can provide comprehensive protection against emerging threats.”

The Shift5 Platform

The Shift5 platform aims to access the entire ecosystem of onboard data for operations, maintenance and cybersecurity teams, which allows for real-time decision intelligence from the asset level to the fleet scale.

Josh Lospinoso, CEO and co-founder of Shift5, said, “To maintain superiority, our military and commercial operators must be enabled with situational awareness to make decisive, real-time decisions.”

The platform reportedly organizes onboard data developed by commercial and defense fleets. It is deployed by leveraging existing onboard computing services or optional, field-tested, technology readiness level-9 hardware. The platform also supports four modules, including cybersecurity, predictive maintenance, compliance and GPS integrity.

Shift5’s Work With U.S. Service Branches

Through the collaboration with Carahsoft, numerous service branches will continue to gain access to Shift5’s platform. In November, the company received a spot on a potential $975 million contract from the U.S. Air Force Rapid Sustainment Office to advance the development of military operational services using the platform.

Shift5 also partnered with General Atomics Aeronautical Systems in May to improve the MQ-9A reaper using the company’s platform. The initiative aimed to advance mission readiness and cyber survivability for the U.S. Special Operations Command and Air Force Special Operations Command.

//
DOD Selects Additional Capabilities for Replicator Initiative
Published on
DOD Selects Additional Capabilities for Replicator Initiative

Deputy Secretary of Defense Kathleen Hicks has announced new capabilities for the Replicator program, including air and maritime systems and applications to enhance the program’s systems’ autonomy and resilience.

The capabilities will advance the Pentagon’s objective of equipping warfighters with all-domain attritable autonomous systems by August 2025. They will focus on the scalable production of class-leading systems across multiple domains and critical enabling software, the Department of Defense said Wednesday.

Accelerated Development of Warfighting Capabilities

Replicator enables traditional and nontraditional defense and technology companies to deliver critical capabilities to U.S. warfighters, according to Hicks.

“The Replicator initiative is demonstrably reducing barriers to innovation and delivering capabilities to warfighters at a rapid pace,” the multiple Wash100 Award recipient added.

Additional Systems for Replicator 1.2

Replicator’s second tranche includes Anduril Industries’ Ghost-X and Performance Drone Works C-100 unmanned aerial systems, which will allow the U.S. Army to conduct reconnaissance, surveillance and target acquisition missions with reconfigurable, attritable and modular payload capabilities.

Under the initiative, the DOD also selected Anduril’s Altius-600 for the U.S. Marine Corps to complement AeroVironment’s Switchblade-600 loitering munition that was part of the initial Replicator tranche. The selections enable the USMC to test systems that deliver organic, loitering and beyond-line-of-sight precision strike capability.

In addition, the department will work with Anduril, Integrated Solutions for Systems, Leidos Dynetics and Zone 5 Technologies to prototype the Air Force’s enterprise test vehicle. The companies will demonstrate design variants and the selected ETV prototypes will be accelerated for scaled production.

The DOD selected other systems for Replicator 1.2, such as low-cost long-range strike capabilities and maritime uncrewed platforms, but they remain classified.

//
Space Systems Command’s Tetra-1 Satellite Concludes Mission
Published on
Space Systems Command’s Tetra-1 Satellite Concludes Mission

The Tetra-1 satellite of the U.S. Space Force’s Innovation Development Branch—a function of Space Systems Command—has completed its mission after two years of service.

The SSC said Tuesday the Tetra-1 satellite, launched on Nov. 1, 2022 will now transition to residual operations after helping over 250 U.S. Space Force Guardians, airmen and operators. The satellite was utilized for experimentations and training with different techniques and procedures in geosynchronous Earth orbit, or GEO.

The Tetra-1 Satellite

The Tetra-1 satellite, the first Tetra small satellite, was developed by Millennium Space Systems, a Boeing subsidiary, and fielded by the Innovation Development Branch of SSC’s Innovation and Prototyping Directorate. It was launched into GEO in less than 18 months.

The satellite enabled SSC to utilize non-traditional vendors for on-orbit capabilities. It also allowed space operators to understand how to operate and manage small satellites, which can be potentially used for future GEO missions.

The Tetra-1 was utilized for SCARLET STAR, a testing and training campaign conducted by the 98th Space Range Squadron and 57th Space Aggressor Squadron of Space Training and Readiness Command. The campaign assessed the three USSF field commands’ abilities to coordinate during multiple live on-orbit events.

Tetra-1 Satellite Post-Mission Life

After 18 months, Tetra-1 will now serve as a test bed to determine the lifespan of satellite components.

//
DOE Seeks Info on ICS, OT Cybersecurity Training Needs
Published on
DOE Seeks Info on ICS, OT Cybersecurity Training Needs

The Department of Energy‘s Office of Cybersecurity, Energy Security, and Emergency Response, or CESER, is calling for submissions for the State of Industrial Control System Cybersecurity Training market research opportunity.

Market Research Objectives

CESER said Wednesday that the purpose of the effort is to help focus investments in cybersecurity workforce development by providing key information, including the existing market of cybersecurity training programs for industrial control systems and operational technology; the cybersecurity energy pipeline; and the knowledge, skills and abilities sought by the energy sector in cybersecurity professionals.

The market research opportunity, managed by TechWerx in partnership with DOE, also calls for recommendations that would inform CESER’s cybersecurity workforce development strategy.

Award Details

The government will make about $160,000 available for the effort. The money will be used to finance one or two awards. Interested parties have until Dec. 11 to turn in their submissions.

Commenting on the opportunity, CESER Deputy Director of Preparedness, Policy and Risk Analysis Mara Winn said, “As the Sector Risk Management agency for the energy sector, it is important that we support relevant workforce solutions that improve the ability of our industry partners to protect the nation’s critical energy assets.”

“This opportunity highlights the importance of understanding industry challenges so our initiatives to develop the cybersecurity workforce in this critical sector are aligned with industry needs,” Winn said.

//
GAO Says HHS Should Implement Healthcare Cyber Recommendations
Published on
GAO Says HHS Should Implement Healthcare Cyber Recommendations

The Department of Health and Human Services continues to face challenges in exercising its cybersecurity responsibilities, according to a new report by the Government Accountability Office.

GAO said Wednesday that although it had already highlighted those challenges in previous work, HHS has yet to implement all of the recommendations to address them. HHS is the healthcare and public health sector lead agency, and in this role, it is tasked with bolstering the sector’s cybersecurity.

Adopting Cybersecurity Practices

One of the challenges faced by HHS involves the adoption of leading cybersecurity practices to overcome various risks, including ransomware. GAO had previously determined that HHS does not adequately monitor the implementation of various cyber risk mitigation practices, including those outlined in the National Institute of Standards and Technology Cybersecurity Framework. A related challenge is HHS’ failure to evaluate the cybersecurity support it provides to the healthcare sector.

To address these issues, GAO recommends that HHS work with various partners, including the Cybersecurity and Infrastructure Security Agency, to establish the extent to which cyber best practices are being implemented by entities within the health sector. HHS should also work to develop a procedure that would measure the effectiveness of the support it offers to the sector.

Assessing IoT and OT Devices

GAO also learned that HHS had not conducted a sector-wide cybersecurity risk assessment of Internet of Things and operational technology devices, which are used to deliver various health care services. To correct the issue, HHS has been called on to include IoT and OT devices in risk assessments.

According to GAO, unless HHS fully implements these and other recommendations, the agency might not only fail to effectively carry out its responsibilities, it may also bring about negative effects on patients as well as healthcare providers.

GAO Says HHS Should Implement Healthcare Cyber Recommendations

The Potomac Officers Club’s 2024 Healthcare Summit will explore the transformative trends and innovations shaping the future of the healthcare sector. Join the event, which will take place on Dec. 11.

/
Six Startups Selected for 14th Catalyst Accelerator Cohort
Published on
Six Startups Selected for 14th Catalyst Accelerator Cohort

The Catalyst Accelerator has revealed the six companies that will be participating in its 14th cohort, which is focused on Space-Based Joint Spectrum. 

The program said Wednesday the six startups were chosen after undergoing a selection process conducted by the Catalyst Accelerator team with guidance from government, industry and academia experts.

The selected companies and their specialties are:

  • Authentrics.ai: Offers a patent-pending service for existing AI/ML pipelines for measuring, controlling and explaining AI through direct neural network and transformer analysis
  • Geist Robotics: Focuses on using electronic warfare for low-cost, portable air defense against drones and airborne threats
  • Origami Space Development: Utilizes generative design and machine learning to develop deployable radio frequency and light detection and ranging architectures for satellite communications and intelligence
  • Orion Edge Group: Advancing navigation warfare capabilities for electromagnetic spectrum dominance
  • Pulsar Space Systems: Measures the ionosphere’s response to solar inputs using in-situ plasma and neutral density instruments
  • Spin Drift Technologies: Develops data transfer outside of traditional radio, microwave or infrared spectrums for modern electronic warfare environments

Space-Based Joint Spectrum Cohort

The Space-Based Joint Spectrum cohort, the first in partnership with the Army Research Laboratory, will gather twice a month from Jan. 28 to April 5, 2025. The six startups will work with subject matter experts and engage with government and commercial partners and undergo a customer discovery process. The companies will present their projects on Demo Day, which will be held on April 24.

The 13th Space Domain Awareness Cohort focused on space launch custody, classifying uncorrelated tracks, classification of object types, operator decision aids, predictive analytics and other areas.

/
Commerce Dept Funds Akash Systems’ Semiconductor Facility
Published on
Commerce Dept Funds Akash Systems’ Semiconductor Facility

The U.S. Department of Commerce has invested up to $18.2 million in Akash Systems for the construction of a new semiconductor manufacturing facility.

The department said Wednesday it signed a non-binding preliminary memorandum of terms with the Oakland-based startup to turn an existing building’s 40,000-square-foot cleanroom space into a new manufacturing facility. The proposed project will be funded under the CHIPS and Science Act. It will also receive funding from Akash, venture capital firms and other private investors.

Akash Systems’ New Semiconductor Facility

The new semiconductor facility will be utilized for manufacturing diamond cooling substrates, devices and systems at scale. It will be constructed in West Oakland, California and will cost a total of $121 million. The proposed project is expected to generate up to 400 new jobs in direct manufacturing and construction.

Akash Systems will utilize its understanding of semiconductor technologies, particularly its own innovations, in serving crucial end markets including defense and communications. The company specializes in integrating synthetic diamond substrates with compound semiconductor materials like gallium nitride.

What Is Diamond Cooling?

Diamond cooling technology is an emerging technology developed by Akash. It is used to enhance the thermal performance of semiconductors, especially in challenging environments. It helps manage the heat dissipation of semiconductor devices in high-performance systems.

Secretary of Commerce Gina Raimondo, stated, “Through this proposed investment in Akash, we are taking a critical step forward to fulfill that mission. With the support of this proposed funding, the Biden-Harris Administration is helping to accelerate innovation, advance U.S. technology leadership in semiconductor manufacturing and spur good-paying jobs and increased economic opportunities.”

/
Verizon to Advance Knightscope’s Security Robot Capabilities
Published on
Verizon to Advance Knightscope’s Security Robot Capabilities

Verizon Business will provide 4G LTE connectivity to the K5 autonomous security robots of Knightscope under a partnership agreement between the two firms. Their collaboration also includes Verizon connectivity integration for Knightscope’s wireless emergency communication devices, or ECDs, for first responders, Verizon said Wednesday.

Knightscope’s K5 robots hold a moderate authority to operate under the Federal Risk and Authorization Management Program, a security compliance endorsed by the Department of Veterans Affairs.

First Responders’ Tool

FedRAMP authorization has also been granted to the Knightscope’s ECDs—K1 Blue Light Tower and Blue Light E-Phones—covered by the partnership agreement. The devices are designed for 24/7 independent operations to provide first responders with voice connectivity, alerts and illumination. With the Verizon-Knightscope partnership, first responders using the ECDs will gain access to the Verizon Frontline network.

The 4G Verizon connectivity for the Knightscope security robots, planned for an upgrade to 5G, enables real-time data transmission and monitoring in the ASRs’ patrols even during extreme weather conditions.

William Santana Li, Knightscope CEO, said that the company’s robots are transforming their safety and security capabilities with the integration of Verizon’s connectivity.

“Additionally, Verizon is enabling Knightscope to provide one-touch access to services such as police, fire and EMS at hospitals, universities and corporate campuses in times of danger, personal crisis or medical emergencies,” he noted.

/
NIST Soliciting Input on Enhanced Protection for CUI
Published on
NIST Soliciting Input on Enhanced Protection for CUI

The National Institute of Standards and Technology is seeking comments on the initial public draft of its proposed protection measures on the confidentiality of controlled unclassified information, or CUI, of high asset value or critical in nonfederal systems. 

The measures are designed for federal agencies’ screening of agreements or contracts with nonfederal organizations, NIST said Wednesday. The draft’s recommendations strengthen organizations’ defense capability against advanced persistent threats and help ensure system resilience, the agency added. 

Stronger Countermeasures Against Cyberattacks

Compiled in the NIST Special Publication 800-172r3, titled “Enhanced Security Requirements for Protecting Controlled Unclassified Information,” the proposed mechanisms include additional and stronger countermeasures based on the latest threat intelligence and cyberattack data.

New security requirements were also included for consistency with NIST’s updated guidance on CUI protection, released in May. The new measures in the public draft cover planning, system and services acquisition, and supply chain risk management. In addition, the draft further spelled out security requirements to clear ambiguity and pave the way for better implementation.

Comments on the draft are open for submission to 800-171comments@list.nist.gov until Jan. 10, 2025.

1 167 168 169 170 171 2,619