Consumer credit reporting agency Equifax has told the Government Accountability Office that the company’s failure to identify and patch a critical software vulnerability, and correctly configure a crucial security system led, in part, to the massive 2017 data breach that compromised the personal information of millions of Equifax customers.

Equifax officials acknowledged that it was not able to identify the presence of the Apache Struts vulnerability on one of its client-facing portals in time, which gave cyber attackers an opportunity to penetrate the company’s systems, the GAO said in a recently-published audit report.

Company officials also admitted failing to update the digital certificate of a security system which, if properly configured, would have alerted Equifax information technology officers about unusual network traffic emanating from compromised servers, the GAO reported.

In October last year, Equifax determined that 145.5 million of its customers were affected by the breach, but this March identified another 2.4 million affected customers from the U.S., the GAO said.

Equifax later learned that some of the 2.4 million were already included in the initial count, but as of August, the company has yet to issue a revised total, the GAO noted.

The Department of Veterans Affairs has announced plans to create a research facility to explore integrated approaches for the delivery of caregiving services to former military service members.

VA said Friday the Elizabeth Dole Center of Excellence for Veteran and Caregiver Research will support peer-reviewed studies on training, evaluation and adoption of best practices in aid of veterans’ caregivers across the department, federal agencies, industry and nonprofit organizations.

The center is named for the former senator who has demonstrated a dedication to the welfare of the country’s military and veteran caregivers and has supported RAND Corp. research into the challenges they face.

VA’s Office of Health Services Research and Development will manage the CoE where a multidisciplinary research team, led by Luci Leykum from the South Texas Veterans Health Care System.

The CoE’s partner institutions include the Miami VA Healthcare System, VA Salt Lake City Health Care System and the VA Palo Alto Health Care System.

Raanan Horowitz, CEO of Elbit Systems of America, has said he believes the U.S. needs to strike a balance between the need to ensure national security and advance foreign investment and that the country’s industrial base policy could help support such a balance.

“The policy must focus on promoting investments and exchange of technology with key trusted allies and partners, while prioritizing the way we approach security concerns associated with foreign investments,” Horowitz wrote in a National Defense article published Monday.

He said the U.S. government should draft investment policies with allies and competitors in mind and consider two elements when reforming the evaluation of foreign investments for national security risks.

“First, U.S. government oversight and visibility into investments should be enhanced, but enacted in coordination with more nuanced risk and tailored mitigation policies,” Horowitz wrote.

“Second, investment oversight should clearly and predictably distinguish between countries, allowing the government to leverage the contributions and interests of trusted allies while applying heavier scrutiny to troubling investments from adversaries.”

Horowitz added that opening up international investments to the same level of scrutiny applied to adversaries would hamper the development of warfighting capabilities, undermine the U.S. industrial base and innovation and reduce access to technologies developed by trusted allies and partners.
Â

Alan Thomas, commissioner of the General Services Administration’s Federal Acquisition Service, told Federal News Radio in an interview published Monday that comments from industry and agency clients help incite reforms to GSA’s schedules program and one of those changes is the elimination of the minimum purchase thresholds.

“We consistently hear from customers that minimum order quantities often times will lead them to cancel orders,” Thomas said.

“We are working with vendors on schedule to try and reduce or in some cases remove those minimum order quantities.”

Thomas mentioned other schedule modernization efforts in 2019 such as the procurement of “order level materials” under the same schedule, fee adjustments and transparency initiatives.

He noted that a working group at FAS is expected to provide recommendations on potential consolidation of schedule contracts by year’s end with implementation slated for late next year or 2020.
 

Gen. Paul Nakasone has said that the U.S. is currently in competition with adversarial nation states that avoid engaging in outright conflict and instead use “nibbling strategies,” which erode the country’s strategic advantages a little at a time, MeriTalk reported Friday. The head of U.S. Cyber Command and the National Security Agency spoke at the recent Billington Cybersecurity Summit.

Nakasone pointed out how this “great powers competition” is taking place in cyberspace, where opposing state actors are carrying out “strategic campaigns” against the U.S., including the theft of intellectual property and personal information as well as attempted electoral disruption.

A 2017 and 2018 Wash100 awardee, Nakasone noted how cyberspace is a “dynamic domain” with “low barriers to entry.” Consequently, cyber dominance “is not always possible” and cyber superiority “can only be thought of as temporary.”

“Advantage goes to the side that innovates fastest,” Nakasone said, adding that, to remain at the forefront of technological advances, USCYBERCOM must continuously collaborate with its partners.

The House of Representatives has unanimously passed a bill that would create a threat-response framework to protect the U.S. against state-sponsored cyber attacks.

Reps. Eliot Engel, D-N.Y., and Ted Yoho, R-Fla., introduced the Cyber Deterrence and Response Act which requires the President to identify cyber threat attackers, decide on sanctions and coordinate with allies on further action, the House Foreign Affairs Committee said Wednesday.

Ed Royce, who chairs the committee, said the legislation is intended to warn countries such as Iran, North Korea and Russia that the U.S. will retaliate against cyber threats.

Royce also cited the high cost of cyber attacks and the U.S.’ lack of a unified response framework against state-sponsored cyber threats, both of which the bill aims to address.

Stephen Schanberger, acquisition executive at U.S. Cyber Command, has said military cyber components collaborate to finalize requirements for the Unified Platform prior to a full transition of the program to the U.S. Air Force in fiscal 2019, Fifth Domain reported Saturday.

The system is intended to support cyber defense, planning command-and-control and situational awareness operations.

Lt. Gen. Stephen Fogarty, commander of the U.S. Army’s Cyber Command, noted at en event last month that military services are working to ensure long-term sustainability of the platform.

The Air Force issued in June a request for proposals notice that sought proposals from Alliant contract holders interested in pursuing the project to build the centralized infrastructure for joint cyber operations.

The service sought $45.8 million in research and development funds for the Unified Platform program through fiscal 2021.

A panel of military and legislative leaders and an analyst have said the U.S. Navy needs to control long-term costs for maintaining and modernizing weapon systems as the service adopts new acquisition processes, USNI News reported Friday.

Bryan Clark, a senior fellow at the Center of Strategic and Budgetary Assessments, noted during a recent Defense News conference that the Navy should form a plan for when it needs to sustain or replace its assets.

He added that maintenance costs for ships or aircraft will continue to increase after 15 to 20 years of service.

Vice Adm. William Merz, deputy chief of naval operations for warfare systems, also said that it is difficult to maintain big assets such as ships, planes and weapons unless they can be modified during their service life.

Some of the new procurement vehicles the Navy is leveraging to develop or field new equipment include a mid-tier acquisition authority, an Accelerated Acquisition Board and rapid prototyping, according to Allison Stiller, deputy assistant secretary for the Navy for research, development and acquisition.

“All of these activities are intended to increase our agility and improve affordability,” Stiller added.