The head of the Department of Homeland Security’s Continuous Diagnostics and Mitigation Program has said that the CDM team seeks to collaborate with client federal agencies to determine cybersecurity solutions appropriate to their unique organizational requirements, Federal News Network reported Wednesday.

CDM Program Manager Kevin Cox told Federal News Network in a recent interview that “we want to make sure we are working with the agencies to understand” what they need to strengthen their systems and networks against cyber threats and “in the long run meet those requirements.”

The Homeland Security official also sought to dispel the notion that the CDM seeks to foist solutions on agencies, insisting, again, upon a focus on requirements, adding that “if an agency can show those requirements, then we will take the data from that system to meet the requirement.”

Cox went on to emphasize the importance of building partnerships for the effectiveness and success of the CDM program.

The Continuous Diagnostics and Mitigation Program aims to minimize cybersecurity risks to government information networks and systems by providing requisite tools, capabilities and services.

The CDM was established by Congress.

The Office of the Director of National Intelligence has said efforts to combat hackers at federal agencies are paying off even with the landscape evolving since the National Insider Threat Program was established in 2011, Federal News Network reported Monday.

Nicole Ogrysko writes that the National Insider Threat Task Force believes responses to the challenge require newer methods, adaptable approaches and fresher insights.

However, Dean Boyd, spokesman for ODNI’s National Counterintelligence and Security Center, said federal agencies are already responding to threats to network security.

“The federal government as a whole has made significant progress in the past year,” Boyd told Federal News Network.

“These challenges are increasingly being addressed as formal training of insider threat personnel becomes more prevalent,” he added.

The task force on Oct. 24 released the Insider Threat Program Maturity Framework, which stipulates requirements for personnel insider threat training and monitoring employee activities and behavior.

 

The Department of Transportation‘s inspector general has announced that it will conduct an audit of the Federal Aviation Administration’s role in authorizing operations of small unmanned aircraft systems in U.S. airspace.

The DOT IG said in a memo that it will begin the assessment in November at the FAA’s headquarters, at air traffic facilities and airports across the U.S.

The audit will focus on the impact of the agency’s recently-launched Low Altitude Authorization and Notification Capability for automated airspace authorizations and how the agency coordinates UAS airspace approvals and notifications between airports, FAA air traffic facilities, LAANC service suppliers and UAS operators.

The FAA launched LAANC in April in partnership with the private sector to speed up approval for use of drones in U.S. airspace. 

The move comes amid efforts of the agency to address the challenges with the growing volume of requests for UAS authorizations in controlled airspace near airports. Since December 2015, the FAA has processed over 1.1M registrations. 

“The continuing growth of UAS within the national airspace system presents challenges for the FAA in maintaining the world’s safest aviation system while fostering innovation,” said the DOT IG.

The Aspen Cybersecurity Group has issued seven principles to bolster the security of Internet-of-Things devices, calling on manufacturers to increase investment, accountability and transparency in their products’ security, to design devices with “updateable” security and to build a multi-layered IoT defense, The Washington Post reported. 

“When left unsecured, however, these devices also carry increased risks to public health and safety, business operations and individual privacy,” the ACG said in a recently-released memo. “As the attack surface continues to expand, there is an acute need to ensure the benefits of IoT— and technological innovation more broadly — are nurtured while simultaneously mitigating against the associated risks.”

ACG’s IoT Security First Principles:

1. Manufacturers should incorporate security at the design phase of IoT devices.
2. Transparency should include details on the security attributes of products and services for the consumer’s awareness.
3. Developers should provide information on product privacy.
4. Manufacturers should be held accountable for the security of their devices.
5. IoT devices should have updateable security to keep up with changing security risks.
6. Products should have multi-layered security and countermeasures that function 
without degrading in the absence of connectivity.
7. Manufacturers should limit device features to “necessity.”

“Changing the dynamic requires an environment that incentivizes products to be secure-by-design and increases transparency to give consumers an opportunity to consider the security and privacy impacts of a product in their purchasing decisions,” the group said. 

The ACG also provided recommendations for increasing the size of the U.S. cybersecurity workforce and a framework to improve cybersecurity collaboration between the federal government and the industry.

The Aspen Institute established the group in 2017, which consists of lawmakers, former government officials, technology experts, scholars and other cybersecurity professionals.

The State Department has announced a plan to relax rules on the sale of some key technologies used on drones and 5G telecommunications devices, which the government currently considers as potential risks, or sensitive, to national security, Defense One reported.

The agency said it will remove some restrictions on the distribution of advanced Monolithic Microwave Integrated Circuits chips, which provide higher data rates for mobile phones, sensors and other Internet-of-Things devices. 

Under the plan, MMICs would be removed from the Defense Department’s strictly regulated U.S. Munitions List and would be transferred to the Commerce Department’s less stringent Commerce Control List. 

An unnamed State official said such advanced chips “use quite a bit less power than the ones we use in the military arena” for radar and other applications.” 

Meanwhile, the State Department is also considering relaxing rules on the sale of unmanned vehicles with anti-collision radar. 

The planned changes would mainly allow manufacturers to sell “hunter-killer drones” that can detect and disable other autonomous aerial systems. 

U.S. military officials have said it is important to modernize its explosive ordnance disposal technology, National Defense reported Friday.\n

Lt. Gen. Reynold Hoover, deputy commander of the U.S. Army’s Northern Command, said aside from being prepared for counterterrorist operations against insurgents from Iraq and Afghanistan, the country’s military forces must also be ready to demonstrate their weapons capabilities to adversaries Russia and China.

Hoover said during the Global EOD Symposium and Exposition in Bethesda, Md., that enemies often infiltrate the “gray zone”, which “represents challenges and opportunities for our EOD forces that will require strong government and industry cooperation, active academic research and development, and close collaboration between military and civilian law enforcement, the intelligence community and military services”.

He added the importance of not only upgrading military hardware but also boosting troop organization and implementing changes to how warfighters gather and disseminate information.

Military space programs are prioritizing the construction of spacecraft ground segment systems to avoid instances wherein a satellite cannot perform at its optimum capacity because of insufficient ground segment capability, Space News reported Thursday.

Deanna Ryals, chief partnership officer at the Air Force Space and Missile Systems Center, said a Wideband Analysis of Alternatives study conducted by the U.S. Air Force this summer showed the need to prioritize ground system establishment for future space missions.

The Government Accountability Office identified significant ground segment delays in the GPS III and the Mobile User Objective System satellite programs.

The GPS III’s launch was rescheduled to April 2022.

Andrea Loper, space vehicles directorate acquisition program manager at the Air Force Research Laboratory, said the lab aims to have its ground segment system – which consists of user terminals, command and control platforms and network operations – support as many space missions as possible.

 

The National Cybersecurity Center of Excellence, in cooperation with the National Institute of Science and Technology‘s Engineering Laboratory, has introduced a system that shows how a manufacturing firm can update the security of its industrial control systems via behavioral anomaly detection (BAD).

According to the report published this month, BAD capabilities can help prevent malware attacks and other operational data threats.

The BAD initiative was able to demonstrate threat detection processes based on three different methods: network-based, agent-based and operational historian/sensor-based.