//
House Lawmakers Propose Measure Incorporating Cybersecurity Requirements Into NASA Spacecraft Manufacturing Contracts
Published on
House Lawmakers Propose Measure Incorporating Cybersecurity Requirements Into NASA Spacecraft Manufacturing Contracts

Rep. Maxwell Alejandro Frost of Florida’s 10th congressional district and Rep. Don Beyer of Virginia’s eighth congressional district have proposed legislation that would require manufacturers seeking to build spacecraft for NASA to provide a plan detailing the protections that would be put in place to safeguard the spacecraft from cyber attacks.

The proposal, titled the Spacecraft Cybersecurity Act, mandates that NASA revise its spacecraft acquisition standards to incorporate cybersecurity requirements. The space agency would have 270 following the bill’s enactment to prepare a plan for the acquisition policy update, Frost’s office said Wednesday.

The lawmakers put forward the legislation amid cyberattacks being directed at NASA by various adversaries. Such attacks, if aimed at spacecraft, might not only result in mission failure but also national security data theft or even a fatal loss of spacecraft control.

“As we enter a new era of cyber threats, establishing a reasonable timeline for NASA to incorporate cybersecurity measures into their acquisition process is more important than ever. The Spacecraft Cybersecurity Act would safeguard NASA’s space missions and continue to advance our country’s leadership in space exploration that contributes to our economy, security, and understanding of space,” Frost commented.

For his part, Beyer said, “Our legislation will ensure that NASA has comprehensive, high quality cybersecurity measures in place to protect sensitive information related to vital space infrastructure and secure the continuity of space operations.”

//
CISA Issues 2023 SILENTSHIELD Red Team Activity Report
Published on
CISA Issues 2023 SILENTSHIELD Red Team Activity Report

The Cybersecurity and Infrastructure Security Agency has released a report regarding a SILENTSHIELD red team activity conducted in 2023 meant to assess the cybersecurity posture of an unnamed federal civilian executive branch organization.

During such assessments, red teams simulate the behavior of sophisticated threat actors without notifying the target FCEB organization in order to achieve a more realistic cyber evaluation, CISA said Thursday. Findings are subsequently shared with the target organization to help them address weaknesses as well as strengths.

The recent report discusses the lessons that the target organization learned from 2023 activity. These lessons include an insufficiency in controls for the detection and prevention of malicious activities; poor network log collection, retention and analysis; ineffective detection approaches; and network defenders being hindered by bureaucratic processes.

To address similar cybersecurity risks, the report recommends the adoption of multiple mitigations, including the application of defense-in-depth principles; the use of network segmentation; and the establishment of network traffic, application execution and account authentication baselines in lieu of aiming to deny known indicators of compromise.

The report also calls on software developers to adopt Secure by Design principles to protect customers, noting that insecure software contributes to the issues identified in the red team activity.

In 2023, Eric Goldstein, who was then CISA’s executive assistant director for cybersecurity, testified before Congress about the results of his agency’s preemptive cyber initiatives, including SILENDSHIELD. Read about what he told lawmakers during that hearing.

/
Pentagon Selects First Awardee for Distributed Bioindustrial Manufacturing Program
Published on
Pentagon Selects First Awardee for Distributed Bioindustrial Manufacturing Program

The Department of Defense has selected the first awardee to contribute to the Distributed Bioindustrial Manufacturing Program, a.k.a. DBIMP.

Biotechnology company Debut will be given $2 million to deliver business and technical plans that outline the construction of a U.S.-based bioindustrial manufacturing production facility, the Pentagon said Wednesday. The facility’s construction would be funded via the Defense Industrial Base Consortium Other Transaction Agreement.

Aprille Ericsson, assistant secretary of defense for science and technology, said this award is a big step forward in fulfilling the vision that Deputy Secretary of Defense and 2024 Wash100 Award winner Kathleen Hicks first conceived last year.

“By making these investments in domestic bioproduction infrastructure, we are making a significant move toward fortifying the American industrial base,” Ericsson said. “The DoD is committed to leveraging biotechnology to secure our competitive advantage and keep pace with the demand for next-generation capabilities for our warfighters and allies.”

Dr. Laura Taylor-Kale, assistant secretary of defense for industrial base policy, said the award shows the DOD’s growth toward expanding the domestic yield of capabilities for U.S. national supply chains. (The production center would output precursor substances necessary for producing manufacturing ingredients, materials, resins, polyesters and thermosetting resins.)

“This award marks an important step — the first of many — for the DIBC OTA, and shows the progress we are making toward building more resilient supply chains, growing our manufacturing workforce, and using more flexible acquisition authorities,” said Taylor-Kale.

If Debut’s plans are approved, the company could be awarded up to $100 million to move on to the next face of DBIMP. More award selectees will be announced later this month.

/
FedRAMP Launches Website to Offer Guidance on Digital Authorization Packages
Published on
FedRAMP Launches Website to Offer Guidance on Digital Authorization Packages

The Federal Risk and Authorization Management Program has unveiled a new website designed to serve as a technical documentation hub for cloud service providers as they develop, validate and submit digital authorization packages.

According to a blog post published Thursday FedRAMP’s automation website will also serve as guidance for governance, risk and compliance application developers that produce and use digital authorization package data.

The open source-based site provides detailed technical documentation, guidance and best practices for developing and managing digital authorization packages with the Open Security Controls Assessment Language, or OSCAL.

According to FedRAMP, the site will help improve the user experience for stakeholders that are implementing OSCAL-based packages and tools and establish a collaborative workflow that supports community contributions for enhancements to the documentation.

“We plan to expand the website over time as we bring new capabilities online, and it will eventually include details of how to integrate with FedRAMP’s package repository and submission processes,” the blog post reads.

//
Lt. Col. Keith Jordan on Army’s United Network Operations Initiative
Published on
Lt. Col. Keith Jordan on Army’s United Network Operations Initiative

Lt. Col. Keith Jordan, product manager for Tactical Cyber and NetOps within the U.S. Army’s Program Executive Office Command Control Communications-Tactical, or PEO-C3T, said a recent draft request for proposals marks a key step in the military branch’s plan to build an agile, software-defined network through the United Network Operations initiative, Federal News Network reported Thursday.

Jordan told FNN in an interview that responses to the draft RFP for the multiple-award, indefinite-delivery/indefinite-quantity contract will help inform the Army’s long-term plans for leveraging cloud services and bringing in commercial technologies in support of the new network under UNO.

Responses to the draft solicitation are due July 17.

According to the report, PEO-C3T expects to release a final RFP for the IDIQ contract in early 2025 and make awards in early 2026.

According to the lieutenant colonel, the military branch will soon award “several” other transaction agreements to assess prototypes for the future network.

“The Army acquisition executive last year decided that UNO would utilize the software acquisition pathway. … This really is a revolution of thinking in the Army of how we recognize that software is different than hardware and it needs to be procured differently,” Jordan said.

With the new pathway, the Tactical Cyber and NetOps project manager noted that software capabilities can be delivered on an incremental basis.

“The whole idea is we’re able to rapidly make these updates versus in the past where it may take a really long time to make an update. We want to update very often based on feedback in whatever theater we might be operating in,” Jordan added.

GAO Calls On Agile DOD Software Developers to Comply With Required Metrics & Management Tools
Published on
GAO Calls On Agile DOD Software Developers to Comply With Required Metrics & Management Tools

The Government Accountability Office has found that multiple Department of Defense IT business programs actively developing software via Agile and iterative approaches have failed to use metrics and management tools in line with the GAO Agile Assessment Guide and mandated by the DOD.

GAO said in a report issued Thursday that it had assessed 10 Defense Department programs involved in software development and found four to be non-compliant, resulting in the risk that the DOD does not possess sound information concerning its Agile software development efforts.

To correct the issue, GAO recommended that the DOD chief information officer and the undersecretary of Defense for acquisition and sustainment work to ensure that requisite tools and metrics are used by relevant IT business programs.

The assessment was carried out in compliance with provisions within the fiscal year 2019 National Defense Authorization Act, which call for an annual GAO audit of DOD IT programs through March 2026. A total of 21 programs were audited for the report.

//
DHS Using Generative AI to Train Officers
Published on
DHS Using Generative AI to Train Officers

An artificial intelligence pilot launched by the Department of Homeland Security’s U.S.  Citizenship and Immigration Services is using generative AI to train officers to facilitate screenings with individuals seeking refugee status, Nexgov said Thursday.

Interviews typically run for about three hours, with new officer training requiring tenured workers to play the part of refugees in simulated interviews.

Michael Boyce, director of the DHS AI Corps, said these mock interviews will replicate real-life conversations they are likely to have with refugee seekers.

“Generative AI will pretend to be a refugee applicant and give them answers, new answers, to practice the three hour long interview with an automated system,” Boyce stated.

The DHS supports USCIS’ use of generative AI, stating the agency will, “Generate dynamic, personalized training materials that adapt to officers’ specific needs and ensure the best possible knowledge and training on a wide range of current policies and laws relevant to their jobs.”

The agency also said the hallucinations and inaccuracies that genAI tech can produce could be of benefit in these training sessions, as working with an interpreter means “there’s a lot of confusion and a lot of sort of dropped things, or things that don’t quite line up or make perfect sense,” according to Boyce.

The pilot was first launched in March and is one of three new cases the agency has produced to examine the advantages of AI.

/
Marine Corps Unveils AI Strategy
Published on
Marine Corps Unveils AI Strategy

The U.S. Marine Corps has released a new strategy that provides a framework for integrating artificial intelligence across the service branch to speed up the decision-making process and achieve decision advantage in littoral and expeditionary base operations in contested environments.

USMC said Wednesday its AI Strategy has five goals that contain the required objectives to meet its vision for AI: AI mission alignment, AI competent workforce, AI deployment at scale, AI governance and partnerships and collaboration.

To achieve the goal of AI mission alignment, the service should capture highler-level priorities within the Department of Defense, Department of the Navy and the Commandant of the Marine Corps for priority use cases to align effort and evaluate use cases based on service requirements to understand where AI can be used to address mission challenges.

To build a competent AI workforce, USMC should leverage the current talent within the service branch to conduct stop-gap training and education on AI and modernize areas where technology can help streamline operations.

The strategy also calls on the service to develop a culture of data literacy and stewardship, modernize data management and advance cybersecurity to deploy AI technologies at scale.

//
Air Force Seeking Potential Group 3 Drone Providers for Adaptive Airborne Enterprise
Published on
Air Force Seeking Potential Group 3 Drone Providers for Adaptive Airborne Enterprise

The U.S. Air Force is conducting market research to identify potential sources of a Group 3 small unmanned aircraft system that can carry and deploy Group 2 sUAS equipped with an intelligence, surveillance and reconnaissance payload.

According to a notice posted on SAM .gov on Wednesday, the swarm carrier drone should be ready within two to three years to support the Air Force Special Operations Command’s Adaptive Airborne Enterprise, or A2E, concept, which aims to have a single airman controlling multiple UAS.

The military branch requires the Group 3 aircraft, which will be air-dropped from a C-130, to be built using a modular open systems architecture approach to enable future upgrades.

Responses to the request for information are due Aug. 9.

According to the document, the Air Force may decide to hold one-on-one meetings with industry partners based on their responses to the RFI.

The military service intends to post additional A2E-focused RFIs for a Group 2 ISR drone and a Group 3 “signature managed” UAS, an aircraft with stealth qualities to avoid detection.

Join the Potomac Officers Club’s 2024 Air Defense Summit on July 23 to hear important updates on Air Force cutting-edge technology adoption, modernization initiatives and more. Register here.

POC - 2024 Air Defense Summit
/
HHS Releases Proposed Rule to Improve Healthcare Interoperability, Information-sharing
Published on
HHS Releases Proposed Rule to Improve Healthcare Interoperability, Information-sharing

The Department of Health and Human Services will seek public comments on its proposed rule for improving interoperability and information sharing among patients, providers, payers and public health authorities.

The Health Data, Technology, and Interoperability: Patient Engagement, Information Sharing, and Public Health Interoperability, or HTI-2, proposes two sets of new certification criteria developed with the Centers for Disease Control and Prevention and Centers for Medicare & Medicaid Services to enhance data exchange, public health response and healthcare delivery, the HHS said Wednesday.

The health IT for public health-oriented certification criteria was designed to support the CDC’s Data Modernization Initiative while the health IT for payer-oriented certification criteria was developed to support technical requirements included in the CMS Interoperability and Prior Authorization final rule.

The HTI-2 would require the adoption of United States Core Data for Interoperability version 4 by January 1, 2028, and the implementation of a new, real-time prescription benefit tool certification criterion, which would allow providers and patients to compare the cost of patient-specific medication and suitable alternatives to make more informed decisions.

Other proposals include adopting technology and standard updates from the HTI-1 final rule, revising information blocking regulations and establishing certain Trusted Exchange Framework and Common Agreement governance rules.

The HHS will accept comments on the proposed rule for 60 days once the HTI-2 is published in the Federal Register.

1 240 241 242 243 244 2,603