//
DOE Seeks Info on ICS, OT Cybersecurity Training Needs
Published on
DOE Seeks Info on ICS, OT Cybersecurity Training Needs

The Department of Energy‘s Office of Cybersecurity, Energy Security, and Emergency Response, or CESER, is calling for submissions for the State of Industrial Control System Cybersecurity Training market research opportunity.

Market Research Objectives

CESER said Wednesday that the purpose of the effort is to help focus investments in cybersecurity workforce development by providing key information, including the existing market of cybersecurity training programs for industrial control systems and operational technology; the cybersecurity energy pipeline; and the knowledge, skills and abilities sought by the energy sector in cybersecurity professionals.

The market research opportunity, managed by TechWerx in partnership with DOE, also calls for recommendations that would inform CESER’s cybersecurity workforce development strategy.

Award Details

The government will make about $160,000 available for the effort. The money will be used to finance one or two awards. Interested parties have until Dec. 11 to turn in their submissions.

Commenting on the opportunity, CESER Deputy Director of Preparedness, Policy and Risk Analysis Mara Winn said, “As the Sector Risk Management agency for the energy sector, it is important that we support relevant workforce solutions that improve the ability of our industry partners to protect the nation’s critical energy assets.”

“This opportunity highlights the importance of understanding industry challenges so our initiatives to develop the cybersecurity workforce in this critical sector are aligned with industry needs,” Winn said.

//
GAO Says HHS Should Implement Healthcare Cyber Recommendations
Published on
GAO Says HHS Should Implement Healthcare Cyber Recommendations

The Department of Health and Human Services continues to face challenges in exercising its cybersecurity responsibilities, according to a new report by the Government Accountability Office.

GAO said Wednesday that although it had already highlighted those challenges in previous work, HHS has yet to implement all of the recommendations to address them. HHS is the healthcare and public health sector lead agency, and in this role, it is tasked with bolstering the sector’s cybersecurity.

Adopting Cybersecurity Practices

One of the challenges faced by HHS involves the adoption of leading cybersecurity practices to overcome various risks, including ransomware. GAO had previously determined that HHS does not adequately monitor the implementation of various cyber risk mitigation practices, including those outlined in the National Institute of Standards and Technology Cybersecurity Framework. A related challenge is HHS’ failure to evaluate the cybersecurity support it provides to the healthcare sector.

To address these issues, GAO recommends that HHS work with various partners, including the Cybersecurity and Infrastructure Security Agency, to establish the extent to which cyber best practices are being implemented by entities within the health sector. HHS should also work to develop a procedure that would measure the effectiveness of the support it offers to the sector.

Assessing IoT and OT Devices

GAO also learned that HHS had not conducted a sector-wide cybersecurity risk assessment of Internet of Things and operational technology devices, which are used to deliver various health care services. To correct the issue, HHS has been called on to include IoT and OT devices in risk assessments.

According to GAO, unless HHS fully implements these and other recommendations, the agency might not only fail to effectively carry out its responsibilities, it may also bring about negative effects on patients as well as healthcare providers.

GAO Says HHS Should Implement Healthcare Cyber Recommendations

The Potomac Officers Club’s 2024 Healthcare Summit will explore the transformative trends and innovations shaping the future of the healthcare sector. Join the event, which will take place on Dec. 11.

/
Six Startups Selected for 14th Catalyst Accelerator Cohort
Published on
Six Startups Selected for 14th Catalyst Accelerator Cohort

The Catalyst Accelerator has revealed the six companies that will be participating in its 14th cohort, which is focused on Space-Based Joint Spectrum. 

The program said Wednesday the six startups were chosen after undergoing a selection process conducted by the Catalyst Accelerator team with guidance from government, industry and academia experts.

The selected companies and their specialties are:

  • Authentrics.ai: Offers a patent-pending service for existing AI/ML pipelines for measuring, controlling and explaining AI through direct neural network and transformer analysis
  • Geist Robotics: Focuses on using electronic warfare for low-cost, portable air defense against drones and airborne threats
  • Origami Space Development: Utilizes generative design and machine learning to develop deployable radio frequency and light detection and ranging architectures for satellite communications and intelligence
  • Orion Edge Group: Advancing navigation warfare capabilities for electromagnetic spectrum dominance
  • Pulsar Space Systems: Measures the ionosphere’s response to solar inputs using in-situ plasma and neutral density instruments
  • Spin Drift Technologies: Develops data transfer outside of traditional radio, microwave or infrared spectrums for modern electronic warfare environments

Space-Based Joint Spectrum Cohort

The Space-Based Joint Spectrum cohort, the first in partnership with the Army Research Laboratory, will gather twice a month from Jan. 28 to April 5, 2025. The six startups will work with subject matter experts and engage with government and commercial partners and undergo a customer discovery process. The companies will present their projects on Demo Day, which will be held on April 24.

The 13th Space Domain Awareness Cohort focused on space launch custody, classifying uncorrelated tracks, classification of object types, operator decision aids, predictive analytics and other areas.

/
Commerce Dept Funds Akash Systems’ Semiconductor Facility
Published on
Commerce Dept Funds Akash Systems’ Semiconductor Facility

The U.S. Department of Commerce has invested up to $18.2 million in Akash Systems for the construction of a new semiconductor manufacturing facility.

The department said Wednesday it signed a non-binding preliminary memorandum of terms with the Oakland-based startup to turn an existing building’s 40,000-square-foot cleanroom space into a new manufacturing facility. The proposed project will be funded under the CHIPS and Science Act. It will also receive funding from Akash, venture capital firms and other private investors.

Akash Systems’ New Semiconductor Facility

The new semiconductor facility will be utilized for manufacturing diamond cooling substrates, devices and systems at scale. It will be constructed in West Oakland, California and will cost a total of $121 million. The proposed project is expected to generate up to 400 new jobs in direct manufacturing and construction.

Akash Systems will utilize its understanding of semiconductor technologies, particularly its own innovations, in serving crucial end markets including defense and communications. The company specializes in integrating synthetic diamond substrates with compound semiconductor materials like gallium nitride.

What Is Diamond Cooling?

Diamond cooling technology is an emerging technology developed by Akash. It is used to enhance the thermal performance of semiconductors, especially in challenging environments. It helps manage the heat dissipation of semiconductor devices in high-performance systems.

Secretary of Commerce Gina Raimondo, stated, “Through this proposed investment in Akash, we are taking a critical step forward to fulfill that mission. With the support of this proposed funding, the Biden-Harris Administration is helping to accelerate innovation, advance U.S. technology leadership in semiconductor manufacturing and spur good-paying jobs and increased economic opportunities.”

/
Verizon to Advance Knightscope’s Security Robot Capabilities
Published on
Verizon to Advance Knightscope’s Security Robot Capabilities

Verizon Business will provide 4G LTE connectivity to the K5 autonomous security robots of Knightscope under a partnership agreement between the two firms. Their collaboration also includes Verizon connectivity integration for Knightscope’s wireless emergency communication devices, or ECDs, for first responders, Verizon said Wednesday.

Knightscope’s K5 robots hold a moderate authority to operate under the Federal Risk and Authorization Management Program, a security compliance endorsed by the Department of Veterans Affairs.

First Responders’ Tool

FedRAMP authorization has also been granted to the Knightscope’s ECDs—K1 Blue Light Tower and Blue Light E-Phones—covered by the partnership agreement. The devices are designed for 24/7 independent operations to provide first responders with voice connectivity, alerts and illumination. With the Verizon-Knightscope partnership, first responders using the ECDs will gain access to the Verizon Frontline network.

The 4G Verizon connectivity for the Knightscope security robots, planned for an upgrade to 5G, enables real-time data transmission and monitoring in the ASRs’ patrols even during extreme weather conditions.

William Santana Li, Knightscope CEO, said that the company’s robots are transforming their safety and security capabilities with the integration of Verizon’s connectivity.

“Additionally, Verizon is enabling Knightscope to provide one-touch access to services such as police, fire and EMS at hospitals, universities and corporate campuses in times of danger, personal crisis or medical emergencies,” he noted.

/
NIST Soliciting Input on Enhanced Protection for CUI
Published on
NIST Soliciting Input on Enhanced Protection for CUI

The National Institute of Standards and Technology is seeking comments on the initial public draft of its proposed protection measures on the confidentiality of controlled unclassified information, or CUI, of high asset value or critical in nonfederal systems. 

The measures are designed for federal agencies’ screening of agreements or contracts with nonfederal organizations, NIST said Wednesday. The draft’s recommendations strengthen organizations’ defense capability against advanced persistent threats and help ensure system resilience, the agency added. 

Stronger Countermeasures Against Cyberattacks

Compiled in the NIST Special Publication 800-172r3, titled “Enhanced Security Requirements for Protecting Controlled Unclassified Information,” the proposed mechanisms include additional and stronger countermeasures based on the latest threat intelligence and cyberattack data.

New security requirements were also included for consistency with NIST’s updated guidance on CUI protection, released in May. The new measures in the public draft cover planning, system and services acquisition, and supply chain risk management. In addition, the draft further spelled out security requirements to clear ambiguity and pave the way for better implementation.

Comments on the draft are open for submission to 800-171comments@list.nist.gov until Jan. 10, 2025.

MITRE Offers Supply Chain Resilience Recommendations
Published on
MITRE Offers Supply Chain Resilience Recommendations

MITRE, a not-for-profit corporation offering defense and cybersecurity services, has made recommendations for the incoming administration on enhancing the resilience of the United States’ supply chains.

The company said Tuesday it has published a paper detailing the vulnerabilities of the supply chain. It has also identified the possible factors that will help build resilience in the nation’s complex, global supply chain systems.

Supply Chain Issues, Findings and Recommendations

Supply chains are crucial for the country’s economic prosperity, national security and public health. Supply chains need to be stable and reliable. However, they are vulnerable to disruptions. That is why it is necessary to enhance the supply chain’s resilience, or ability to bounce back from such disruptions.

To address these vulnerabilities, the cross-MITRE team evaluated the supply chain trends and gathered insights from federal government sectors, private industry and the research community.

The team recommends the government prioritize establishing and maintaining relationships with industry and international partners. It also suggests that supply chain diversity should be considered. Finally, MITRE believes that increasing the visibility of supply chain operations and participants will help promote resilience.

/
Trump Says He Will Nominate John Ratcliffe as Next CIA Chief
Published on
Trump Says He Will Nominate John Ratcliffe as Next CIA Chief

U.S. President-elect Donald Trump has selected John Ratcliffe as the next director of the Central Intelligence Agency, Reuters reported Tuesday.

Former Director of National Intelligence

Ratcliffe had served as representative of the 4th Congressional District of Texas during the 114th, 115th and 116th Congress. In 2020, he resigned to serve as director of national intelligence, a position he would hold until 2021, when Trump’s first term ended.

Ratcliffe’s nomination by Trump in 2020 for DNI was his second. Trump had sought to appoint him to the position in 2019 but members of Congress expressed concern regarding his relative inexperience. At the time, Ratcliffe was the House Intelligence Committee’s most junior member and had only served on the panel for six months.

Recent Professional Roles

More recently, Ratcliffe served as co-chair of the think tank Center for American Security. He also offered Trump advice regarding national security policy during his recent presidential campaign.

Regarding the nomination, the president-elect said in a statement, “I look forward to John being the first person ever to serve in both of our Nation’s highest Intelligence positions. He will be a fearless fighter for the Constitutional Rights of all Americans, while ensuring the Highest Levels of National Security, and PEACE THROUGH STRENGTH.”

//
Ann Lewis Steps Down as Division Director at GSA
Published on
Ann Lewis Steps Down as Division Director at GSA

Ann Lewis is stepping down as director of the Technology Transformation Services and deputy commissioner of the Federal Acquisition Service at the General Services Administration.

The agency said Tuesday Lewis will leave on Nov. 22 and Mukunda Penugonde, TTS deputy director, will assume the role of acting director of the division.

Lewis first joined GSA in December 2022 as director of TTS. She oversaw the agency’s digital services ensuring the delivery of technical services across multiple government agencies nationwide.

Ann Lewis’ Pre-GSA Career

The executive’s career spans two decades beginning with stints as a software engineer for Amazon, EcoInteractive, Rosetta Stone and various startups. She then served as director of engineering at Pedago and chief technology officer of MoveOn.org. 

Lewis also held the CTO role at Next Street before joining the Small Business Administration as senior advisor for technology and delivery. During her almost two years of service at SBA, she oversaw the agency’s technology strategy, modernization and capacity building efforts. She also supervised the delivery and technology strategy of the American Rescue Plan program.

GSA Administrator Robin Carnahan said, “Under Ann’s leadership, TTS has helped deliver better digital services to millions of Americans, all while keeping our values of secure, accessible and responsible technology top of mind.”

“We have grown, scaled and matured the organization and key programs like Login.gov and FedRAMP,” said Lewis. “Every day, we’ve shown that innovation is possible in government, and that we can pragmatically bring best practices and expertise from the private sector into government in ways that actually work and make government more effective.”

/
US, Allies Warn Against Zero-Day Vulnerability Exploits
Published on
US, Allies Warn Against Zero-Day Vulnerability Exploits

Enterprise networks with zero-day vulnerabilities were the main targets of malicious cyber actors in 2023, according to a joint cybersecurity advisory from U.S., Australian, British and New Zealand government agencies.

The advisory listed the top 15 common vulnerabilities and exposures, or CVEs, from last year and noted that 11 of them were initially exploited as a zero day, a system vulnerability unknown to its owner, developer and the general public, the National Security Agency said Tuesday.

Cybersecurity Best Practices

Jeffrey Dickerson, NSA’s cybersecurity technical director, warned network defenders that the malicious actors may continue to exploit such vulnerabilities until 2025. To prevent zero-day vulnerability attacks, he advised the defenders to be attentive to cybersecurity threat trends and act swiftly to ensure vulnerabilities are patched and mitigated.

Other recommendations include prioritizing secure-by-default configurations, implementing a centralized patch management system, using security tools and asking software providers about their secure-by-design programs to protect enterprise networks from cyberattacks.

NSA, the Cybersecurity and Infrastructure Security Agency, the Australian Cyber Security Centre, the Canadian Centre for Cyber Security, the New Zealand National Cyber Security Centre and the United Kingdom’s National Cyber Security Centre are among the advisory’s authors.

1 205 206 207 208 209 2,657