The Senate has passed a bill to create a government-wide council that would establish regulations for federal supply chain risk management, FCW.com reported Wednesday.

The Federal Acquisition Supply Chain Security Council will help the National Institute of Standards and Technology develop supply chain guidelines including protocols on information sharing between federal and non-federal parties.

The inter-agency council will also oversee the implementation of applicable contracting strategies and establish criteria for the removal of software to mitigate supply chain threats.

The Department of Homeland Security secretary will be responsible for issuing removal or exclusion orders for civilian federal agencies, while the Department of Defense secretary and director of national intelligence will have the same authority for their respective agencies.

Sen. Claire McCaskill, D-Mo., originally sponsored the bill which must still pass the House before being signed by the president.

The U.S. Coast Guard expects another delay in its $750M polar icebreaker program after the Department of Homeland Security failed to secure full funding for the 2019 fiscal year from Congress, USNI News reported Wednesday.

This week, the Senate approved a continuing resolution that would only provide funding to the government through February of next year. The decision puts the Coast Guard under extended 2018 funding levels rather than the requested 2019 budget that includes funding for the service’s icebreaker program. The Coast Guard originally planned to buy its first icebreaker in FY19 to replace its aging heavy icebreaker already approaching the end of its service life.

Officials said the funding delay comes as the new appropriations bill for the DHS prioritized the construction of President Trump’s border wall between the U.S. and Mexico. The Senate version of the bill only provided funding for border security enhancements, while the House reduced money for various DHS programs including the icebreaker to provide $5B for the wall. 

Ellen Lord, the top acquisition officer at the Department of Defense, has said the agency plans to simplify some processes in buying technologies for the military in 2019, National Defense Magazine reported Tuesday.

The undersecretary of defense for acquisition and sustainment said the effort mainly aims to increase partnerships with the industry and to speed up how the Pentagon acquires commercial products. 

The DoD wants to create more commonality in intellectual property policies, release scorecards to monitor contractor performance, simplify compliance with federal acquisition rules and regulations, and seek new acquisition authorities from Congress.

Lord said her office will also look to rewrite the Defense Federal Acquisition Regulation Supplement next year to reduce the compliance burden for contractors.

She noted the changes would help the industry have control of their products, guide the DoD in future contract awards and requirements, and help contractors understand and utilize rapid acquisition authorities.

The Defense Advanced Research Projects Agency conducted the Spectrum Collaboration Challenge’s second and final preliminary event on Dec. 12 at the Johns Hopkins University Applied Physics Laboratory in Maryland, DARPA said Wednesday.

The qualifier saw teams comprised of academic, commercial and defense representatives utilize machine-intelligence technologies for various scenarios involving radio frequency operations.

Six of the eight teams that garnered top scores won $750K each as part of the SC2 event, which covered a wide range of RF scenarios including interference mitigation, high-traffic spectrum demands and other connectivity issues.

DARPA selected the six winners based on the sixth scenario, which saw competitors develop autonomous RF capabilities such as those enabling radios to carry wireless applications without relying on handcrafted spectrum plans.

Paul Tilghman, DARPA’s program manager for SC2, said the six scenarios were aligned to actual situations that involve both defense and commercial systems.

All the 15 participating teams were invited to compete for the SC2 grand finale which will be held concurrently with MWC19 in Los Angeles, Calif., on Oct. 23, 2019.

DARPA partnered with trade association CTIA for the MWC19 event.

The Senate has approved a seven-week continuing resolution for 2019 in an effort to prevent a potential government shutdown by end of the week, Federal News Network reported Wednesday. 

The resolution would provide a budget through Feb. 8 to the agencies still operating without full-year 2019 appropriations.

However, the measure filed by Senate Majority Leader Mitch McConnell, R-Ky., does not include the proposed 1.9 percent pay raise for civilian employees in the coming year. 

But Sen. Chris Van Hollen, D-Md., said he plans to propose an amendment to the resolution to include the increase. 

House Republicans said in October that they also agreed with Senate counterparts to provide civilian employees across the government the 1.9 percent raise. 

The House is expected to vote on the continuing resolution on Thursday and President Trump must sign the measure on Friday to avoid the partial government shutdown on Dec. 22.

“Some kind of way, we will avoid the shutdown,” said Rep. Elijah Cummings, D-Md. “There is pressure coming from a number of places.”

The National Institute of Standards and Technology issued the draft document detailing its latest guidelines on how federal agencies could secure better networks against large-scale Distributed Denial of Service attacks. The NIST said in a notice that routing control plane anomalies such as Border Gateway Protocol, prefix hijacking and route leaks have been disrupting services and causing damage across the government in recent years. 

The document aims to guide information security officers and managers, services providers, enterprise and transit network operators and equipment vendors working with the government in securing federal networks. 

The NIST provided a list of technologies that could help agencies enhance security and robustness of interdomain traffic exchange, including:

\n\n

• Resource Public Key Infrastructure 
• BGP origin validation 
• Prefix filtering
• Access Control Lists 
• Unicast Reverse Path Forwarding
• Remotely Triggered Black Hole filtering
• Flow Specification 
• Response Rate Limiting

\n\n

These technologies were designed to secure interdomain routing control traffic, prevent IP address spoofing, detect and mitigate DoS or DDoS and share routing control messages. 

“It is expected that the guidance and applicable recommendations from this publication will be incorporated in the security plans and operational processes of federal enterprise networks,” the NIST said. 

The agency also hopes other agencies will apply the recommendations in contracts for hosted application and Internet transit services. The NIST is accepting public comments on the draft document through Feb. 15, 2019.

The Department of Defense‘s inspector general released the audit results to determine how the U.S. Navy, U.S. Marine Corps and U.S. Air Force rationalize software and manage obsolete and duplicate applications. The audit found the three service branches did not consistently handle software rationalization. However, the USMC and Navy observed processes to prevent software duplication, the inspector general said Dec. 13th in a report.

His report also noted the U.S. Fleet Forces Command was the only reviewed component with an implemented procedure to remove obsolete and duplicate software from its inventory. The lack of implemented processes increases the cybersecurity risks surrounding the DoD’s information network.

The inspector general recommends the DoD’s chief information officer implement an enterprise-wide process for software rationalization, guide and periodically conduct assessments across components.

The Federal Aviation Administration is investing $205M in grants to support infrastructure projects at small airports across 34 states, with a focus on rural areas. Initial funds would support runway reconstruction and facility maintenance efforts at 37 airports, the Department of Transportation said Wednesday.

“This $205M in Airport Improvement Program grants directly addresses the need for improved aviation infrastructure – especially in rural communities,” said Elaine Chao, U.S. secretary of transportation.

These new funds add to the $3.31B obligated under AIP for fiscal year 2018, with a remainder of $1B to follow in fiscal years 2019 and 2020. The Consolidated Appropriations Act of 2018 provides for these supplemental funds, and directs the FAA to oversee corresponding efforts through fiscal 2020. The agency would prioritize smaller and rural airports with regard to the funds.

The full list of AIP grants can be found here.

The DOT also looks to invest $10B to develop new transportation infrastructure across the nation during the current fiscal year.

NASA discovered a potential compromise of servers storing personally identifiable information of current and former employees. The agency said it initially found that one of the servers containing Social Security numbers and other PII data of its workers was potentially affected by the cyber incident in October, according to an internal memo obtained by SpaceRef.

NASA noted the compromised information may include those from employees who entered or left the agency between July 2006 and October 2018. Bob Gibbs, assistant administrator of NASA’s Office of the Chief Human Capital Officer, said the investigation is ongoing to find other affected servers. 

“NASA and its federal cybersecurity partners continue to examine the servers to determine the scope of the potential data exfiltration and identify potentially affected individuals,” he said in the memo. 

However, Gibbs noted the process “will take time” and the investigation is a top agency priority. NASA intends to provide identity protection services to those affected by the incident.