//
NIST Releases Draft Guide to Help Organizations Address Emerging Cybersecurity Risks
Published on
Cybersecurity. NIST seeks feedback on an initial public draft of a new quick-start guide for using the CSF 2.0.

The National Institute of Standards and Technology has released an initial public draft of a new quick-start guide for using the Cybersecurity Framework 2.0. NIST said the document provides organizations with practical steps to improve their management of emerging cybersecurity risks.

NIST’s New Quick-Start Resource

The draft guide, NIST Special Publication 1331 ipd, is the latest in a series of quick-start resources developed to make the updated cybersecurity framework more accessible to different audiences and actionable. NIST said the guide explains how organizations’ existing enterprise risk management can be paired with CSF 2.0 to help organizations prepare for risks that are either not yet well understood or entirely unknown.

Defining Emerging Risks

According to the publication, emerging risks fall into two categories: those that are already known to some organizations but not others and those that are unknown to all. The guide notes that while traditional threats such as ransomware and distributed denial-of-service attacks fall into the first category, the second involves novel risks with no existing mitigation strategies.

Preparing Through Resilience and Governance

Besides integrating the cybersecurity practices under CSF 2.0 with enterprise risk management programs, the guide recommends adopting multidisciplinary approaches when facing emerging risks, emphasizing that preparation should focus on resilience, governance structures and organizational adaptability, allowing enterprises to maintain or restore operations when unexpected risks materialize.

Organizing Management of Risks

The draft organizes management of emerging risks into proactive and reactive phases aligned with CSF 2.0’s functions. The Govern, Identify and Protect functions are primarily used before risks are realized, while Detect, Respond and Recover support actions after risks occur. NIST highlights the importance of continuous improvement across all phases, stressing that lessons learned must be analyzed, prioritized and used to inform all functions.

Public Feedback Sought

Authors of the draft are NIST’s Stephen Quinn, Matthew Barrett of CyberESI Consulting Group, Robert Gardner of New World Technology Partners, Kelly Hood of Optic Cyber Solutions and Matthew Smith of Seemless Transition.

NIST is accepting public comments on the draft until Sept. 21. Feedback must be sent to csf@nist.gov.

///
PEO STRI Experiments With Cloud-Based Next-Gen Constructive Training Platform
Published on
US Army logo. PEO STRI conducts experiment on the Next Generation Constructive training platform.

The U.S. Army’s Program Executive Office Simulation, Training and Instrumentation, or PEO STRI, has conducted an experiment on the Next Generation Constructive during Scarlet Dragon 25-3 held from Aug. 11 to 15, at Fort Bragg, North Carolina.

PEO STRI said Thursday it collaborated with Synthetic Training Environment Cross Functional Team, XVIII Airborne Corps, Fort Bragg, North Carolina Mission Training Complex, and industry partners Palantir Technologies and Battle Road Digital to conduct the experiment to test the new cloud-based training architecture.

Advancing Warfighter Training Capabilities

The experiment, intended to confirm the feasibility of the NGC system before a full contract award, validated Palantir’s Foundry platform as the data fabric for the proposed system. It also demonstrated the interface between Battle Road Digital’s Atom Engine and Foundry’s Maven Smart System.

The test unexpectedly activated the command and control information system team awareness kit using Atom Engine data through the Foundry interface, showcasing the NGC architecture’s adaptability. The initial integration confirmed that the systems could share data to boost situational awareness during training exercises.

According to Lt. Col. Thane Keller, lead capability developer for NGC, the team will focus on intelligence and fires for Scarlet Dragon 26-1 as they continue to integrate the platforms and mature capabilities to drive multi-domain operations training and readiness.

/
GSA Announces OneGov Agreement With Google for Gemini for Government
Published on
Google logo. Google will offer its Gemini for Government artificial intelligence platform for less than $0.50 per agency

The General Services Administration has entered into an agreement with Google to accelerate the adoption of cloud and artificial intelligence across government.

The agency announced Thursday that Google will provide access to its comprehensive Gemini for Government AI offering at a discounted price.

GSA-Google Agreement Supports Government Initiatives

The agreement is part of GSA’s OneGov strategy to streamline the acquisition of goods and services across government to standardize terms and pricing.

“GSA’s OneGov Strategy provides a streamlined path for delivering American AI products across the federal government, and ‘Gemini for Government’ will equip agencies with innovative AI tools and advanced cloud infrastructure to accelerate their missions,” Karen Dahut, CEO of Google Public Sector and a four-time Wash100 awardee, said. “This collaboration marks a significant milestone in our partnership with GSA, reaffirming our commitment to providing modern, efficient and scalable cloud solutions that empower government agencies to better serve the American people.”

The partnership between the company and GSA is in line with America’s AI Action Plan, an effort to ensure that the United States maintains global leadership in AI.

“GSA is delivering on the President’s AI Action Plan and helping agencies access powerful American AI tools to optimize daily workflows and create a more efficient, responsive, and effective government for American taxpayers,” commented Josh Gruenbaum, commissioner of the Federal Acquisition Service and also a Wash100 recipient. “Critically, this offering will provide partner agencies with vital flexibility in GSA’s marketplace, ensuring they have the options needed to sustain a strong and resilient procurement ecosystem.”

The agency previously made similar deals with Box, OpenAI, Anthropic and Amazon Web Services.

What Is Gemini for Government?

According to Google, Gemini for Government is a complete AI platform for the public sector. It brings together Google’s AI-optimized commercial cloud, Gemini large language models and and agentic tools in one package to support agency missions.  

Through Gemini for Government, federal personnel can also access the NotebookLM AI tool for deep research and idea generation.

Google is offering the AI package for only $0.47 per agency.

/
PNNL Unveils PermitAI to Streamline Environmental Reviews With NEPATEC 2.0
Published on
PNN logo. PNNL has developed PermitAI to streamline environmental reviews using NEPATEC 2.0 database.

The Department of Energy’s Pacific Northwest National Laboratory has developed PermitAI, a project designed to unify all vital data of the National Environmental Policy Act into a single, centralized database called NEPA Text Corpus, or NEPATEC 2.0.

Utilizing AI Algorithm to Unify Environmental Data

PNNL said Thursday that PermitAI leverages a custom artificial intelligence algorithm to instantly process and categorize data in document formats previously stored in siloed federal computer systems. The public can now access the processed, machine-readable data through the NEPATEC 2.0 database.

What Is NEPATEC 2.0?

NEPATEC 2.0 is a dataset that uses a standardized format created by the Council of Environmental Quality to standardize and organize data using metadata that reveals connections between data points, enhancing clarity and reusability.

The database now includes data from various federal agencies involved in environmental permitting, including NEPA planning documents such as environmental impact statements, environmental assessments and categorical exclusions. This aligns with America’s AI Action Plan and the Council on Environmental Quality’s mandate for standardized data practices.

“The release of NEPATEC 2.0 marks a key milestone in improving environmental review,” said Neelesh Nerurkar, director of infrastructure policy at DOE. “By making the permitting records usable at scale, it equips project developers and agencies with the data needed to reduce review timelines for crucial energy investments without sacrificing quality. PermitAI enables us to build the infrastructure we need for the future faster, smarter and more efficiently.”

/
CISA Urges Experts to Work With Government to Address Software Understanding Gap
Published on
CISA logo. CISA is urging mission owners to identify research priorities to help address the software understanding gap.

The Cybersecurity and Infrastructure Security Agency is asking software analysis experts and mission owners to work with several government agencies to identify research priorities to help address the national gap in software understanding.

CISA Urges Experts to Work With Government to Address Software Understanding Gap

Hear government and industry leaders discuss the latest tech capabilities and the most pressing threats and challenges facing the country at the Potomac Officers Club’s 2025 Homeland Security Summit. Register now to join this GovCon networking event on Nov. 12.

In a blog post published Wednesday, CISA said it is working on the initiative with the Defense Advanced Research Projects Agency, the National Security Agency, the Office of the Under Secretary of Defense for Research and Engineering and the National Nuclear Security Agency.

CISA noted that it is leading an interagency effort to improve the ability to build and analyze software to understand its safety, security, and functionality before using it.

According to the post, having an adequate capacity for software understanding could enable the U.S. to strengthen critical infrastructure against state-sponsored activity and gain an advantage in geopolitics.

‘Closing the Software Understanding Gap’ Report

In January, CISA, DARPA, OUSD R&E and NSA released a report outlining recommended actions to address the software understanding gap.

The report Closing the Software Understanding Gap recommended implementing policies that require characterizing software behavior before it is deployed into critical systems. The document also called for using artificial intelligence and other technologies to develop reliable and affordable capabilities.

//
Marines Test 5G Expeditionary Transmission Tech
Published on
5G network connectivity. COMMSTRAT Marines with II MEF tested a 5G expeditionary transmission system.

Communication Strategy and Operations, or COMMSTRAT, Marines with II Marine Expeditionary Force, or MEF, tested the capability of a 5G communications technology to support imagery transmission during a field training exercise held at Camp Lejeune in North Carolina.

Marines Test 5G Expeditionary Transmission Tech

Explore the latest naval tech advances and gain valuable insights into opportunities, trends and policies that could shape the future of naval operations at the Potomac Officers Club’s 2025 Navy Summit on Aug. 26. Reserve your spot now for this GovCon industry event!

“One of the biggest challenges in the digital realm for warfighters is communications going down, and once it’s up, protecting that connection,” Chief Warrant Officer 4 Izzel Sanchez, II MEF COMMSTRAT visual information officer, said in a statement published Wednesday.

“The new systems we’re putting together aim to fix that. We need to test them in these environments so when the scenario changes, we can change too and still execute the mission effectively,” added Sanchez.

Testing 5G Expeditionary Router & Starshield 

During the exercise, the Marines trained on a 5G expeditionary router and a lightweight satellite antenna called Starshield, designed to create high-speed uplinks. Using the new systems, they captured, edited and transmitted short visual products.

The event enabled the Marines to assess each piece of equipment’s field durability, ease of use and effectiveness under realistic conditions. The 5G router facilitated quick startup and file transfers, while the Starshield antenna enabled transmission with minimal setup.

“Being able to instantly send imagery from austere environments makes it far easier to control the narrative and pass the truth of what’s on the ground,” said Sanchez. “COMMSTRAT Marines are no longer just observers, they’re an implemented capability. They bring a weapon and a camera, they train alongside the units they embed with, and they’re ready to defend themselves and those around them while delivering critical information.”

The exercise is part of the Digital Frontline campaign that aims to demonstrate how advanced communications systems could enable Marines to securely perform operations in an information-driven battlefield.

/
Gabbard Says ODNI Reorganization to Bring $700M in Annual Savings
Published on
Tulsi Gabbard. The director of national intelligence announced the restructuring of ODNI.

The restructuring of the Office of the Director of National Intelligence has commenced, an initiative Director of National Intelligence Tulsi Gabbard said will cut the agency’s size nearly in half by the end of fiscal 2025 and save taxpayers more than $700 million annually.

The effort, called ODNI 2.0, is intended to streamline operations, eliminate redundant offices and refocus the agency on integrating intelligence from across the 18 elements of the intelligence community, according to an ODNI press release published Wednesday.

Gabbard Says ODNI Reorganization to Bring $700M in Annual Savings

Intelligence-gathering and analysis are critical to national security amid the rise of new threats, technological advancements and geopolitical shifts. The intelligence community’s top leaders will participate in the upcoming 2025 Intel Summit of the Potomac Officers Club to provide insights into the challenges and opportunities facing the IC. Book your seats now to position your organization for success in the intelligence sector.

Created after the Sept. 11, 2001, terrorist attacks, the office was established to address systemic failures in the IC, but Gabbard said it has grown “bloated and inefficient” over the past two decades.

“ODNI and the IC must make serious changes to fulfill its responsibility to the American people and the U.S. Constitution by focusing on our core mission: find the truth and provide objective, unbiased, timely intelligence to the President and policymakers,” she said in a statement.

ODNI 2.0 Targets Redundancy

Several offices will be closed or consolidated under the plan. The functions of the Foreign Malign Influence Center, the National Counterproliferation and Biosecurity Center and the Cyber Threat Intelligence Integration Center will be absorbed into the National Intelligence Council and ODNI’s mission integration directorate.

The National Intelligence University will be merged into the National Defense University, while the External Research Council and the Strategic Futures Group will be eliminated. Gabbard’s office said the SFG had neglected its purpose as the NIC’s strategic and long-range forecasting arm and instead produced analysis that conflicted with the current administration’s national security priorities.

ODNI said reductions already underway have cut more than 500 positions, representing a 30 percent decrease in staff.

Election Influence and Social Media

The Foreign Malign Influence Center, established to track efforts by overseas actors to influence the American public, came under particular criticism. According to ODNI’s fact sheet, the center coordinated with social media companies around election-related content and “may have been used to weaponize intelligence against Americans.” The office cited coordination with Twitter, Facebook and Google in October 2020, prior to restrictions on sharing the New York Post’s reporting on Hunter Biden’s laptop.

More ODNI 2.0 Measures

The restructuring also includes changes to acquisition, workforce balance and counterintelligence. ODNI plans to streamline contracting for emerging technologies and accelerate the adoption of commercial tools. The National Counterterrorism Center will expand intelligence sharing with federal, state and local law enforcement, while the National Counterintelligence and Security Center will focus on security clearance reform and investigations of unauthorized leaks of classified information.

“Ending the weaponization of intelligence and holding bad actors accountable are essential to begin to earn the American people’s trust which has long been eroded,” Gabbard said.

/
Texas Tech University System, FBI Partner to Enhance National Security
Published on
A handshake that represents partnership. TTU and FBI have joined forces to strengthen the nation's security through a CRADA.

The Texas Tech University System has partnered with the FBI to enhance national security, cybersecurity and critical infrastructure protection. The partnership was formalized through the signing of a cooperative research and development agreement at the institution’s System Building in Lubbock, Texas, on Aug. 18, TTU said Monday.

The representatives who signed the agreement include FBI Operations Director of the Criminal and Cyber Branch Chad Yarbrough, Congressman Jodey Arrington, TTU President Lawrence Schovanec, Angelo State University President Ronnie Hawkins and TTU System Vice Chancellor of Innovation and Collaboration Stephen Bayne.

Texas Tech University System, FBI Partner to Enhance National Security

Save your spot for this upcoming intel event! Be part of the Potomac Officers Club 2025 Intel Summit on Oct. 2 to find out more about the intelligence community’s opportunities and challenges, and how it can use artificial intelligence to counter rising threats.

FBI Cooperative Research & Development Agreement Details

The newly signed CRADA seeks to provide more advanced research, better student training, and stronger defenses for sectors like energy, healthcare, water and defense. Under the agreement, the FBI will use TTU’s Critical Infrastructure Security Institute, or CISI, for research on protecting vital systems, including water utilities, military assets, communication systems, the electric grid and other infrastructure. The agreement also allows FBI to use ASU’s national security resources, including its work with Goodfellow Air Force Base, cybersecurity programs certified by the National Security Agency and its Regional Security Operations Center, which provides real-time defense for West Texas communities and training for students.

FBI’s Chad Yarbrough, Texas Tech University’s Lawrence Schovanec Share Thoughts

Commenting on the partnership, Yarbrough said that protecting Americans includes safeguarding critical infrastructures from foreign and domestic enemies.

“Working with academic partners like the Texas Tech University System is just one of the many ways the FBI seeks to mitigate these threats and advance cybersecurity and the security of critical infrastructure,” he said, adding that the FBI looks forward to a continued partnership with TTU.

Schovanec said, “Texas Tech University is proud to stand alongside the FBI and Angelo State University in this important partnership to strengthen the security of our nation’s critical infrastructure.”

“This collaboration builds on our university’s research strengths and our commitment to preparing the next generation of leaders who will protect and serve our country,” he added. 

//
DISA Building Cyber Defense With Custom Analytics
Published on
DISA seal. DISA is strengthening cyber defense by developing custom analytics.

The Defense Information Systems Agency has revealed that it is developing unique cyber analytics to reinforce the protection of over 2.4 million users of the Defense Information Systems Network and around 600 cybersecurity service provider—a.k.a. CSSP—mission partners.

The agency said Wednesday CSSP Defensive Cyberspace Operations analysts are building customized tools or analytics to monitor data from network traffic, system logs and intelligence sources. These frequently updated analytics, when deployed to Security Information and Event Management systems, create alerts pinpointing potential cyberthreats or system vulnerabilities.

Enhancing Cyber Defense Through Tagging & Collaboration

A key component of the DISA CSSP analytics is the disciplined use of metadata tagging, which allows analysts to monitor for advanced threat indicators. With the addition of detailed information to each analytic, analysts can deploy the right tools to combat large datasets and different formats.

DISA’s Cyber Analytics Users’ Group

The Cyber Analytics Users’ Group fosters collaboration by enabling cybersecurity teams to explain new detection analytics, share concepts, troubleshoot problems and avoid duplicate work. The CAUG uses a disciplined tagging approach to continue creating baseline analytics for specific missions. This bolsters the cyber defense of the DISN and its mission partners.

/
OIG Finds Unremediated Vulnerabilities in DOE Unclassified Cybersecurity Program Review
Published on
Department of Energy logo. The DOE has not resolved cyber vulnerabilities, according to the agency's OIG

The Department of Energy’s Office of Inspector General has warned that the DOE has yet to address a number of previously identified cyber vulnerabilities.

In its report published Tuesday, the OIG said failure to remediate vulnerabilities may expose the department’s information systems and data to malicious cyber actors.

What Did DOE OIG Find?

The OIG assessed the effectiveness of the DOE’s unclassified cybersecurity program to protect the department’s data and information systems, a requirement under the Federal Information Security Modernization Act, or FISMA, of 2014.

The OIG found that while the department has taken actions and resolved 19 of 63 cyber-related recommendations from previous audits, 44 remained unaddressed. The agency watchdog also identified 79 new recommendations throughout the fiscal year related to DOE’s cybersecurity programs.

One of the vulnerabilities cited in its report involves management processes in some department sites that the inspector general found were “not fully effective in identifying, addressing, and/or remediating vulnerabilities.”

The report also revealed that some DOE sites did not fully develop or maintain adequate policies and procedures for the design and implementation of security controls.

The OIG advised DOE to close findings from prior years and implement the latest federal cybersecurity requirements to protect data and information systems.

1 17 18 19 20 21 2,618