//
CISA, FBI Call on Software Makers to Address OS Command Injection Security Flaws
Published on
CISA, FBI Call on Software Makers to Address OS Command Injection Security Flaws

The Cybersecurity and Infrastructure Security Agency and the FBI have released a cyber advisory calling on software companies to address operating system command injection vulnerabilities before shipping their products.

The alert was issued in response to recent attacks that exploited multiple OS command injection security flaws in network edge devices to compromise users, CISA said Wednesday.

The agency warned that the vulnerabilities provide an opportunity for threat actors to remotely execute code on targeted network devices.

However, CISA added that OS command injection vulnerabilities can be eliminated at the source by taking a “secure by design approach.”

The agency urged software vendors to validate and sanitize user input when constructing commands to execute OS commands, noting that such practice reduces potential risks to customers.

CISA and the FBI also advised technology manufacturers to study previous cyber incidents involving OS command injection vulnerabilities and develop a plan to eliminate future threats.

In addition, tech leaders can review threat models, employ modern component libraries and implement aggressive adversarial product testing to prevent such vulnerabilities.

/
Lynelle McKay Named CHIPS Program Office Chief Portfolio Management Officer
Published on
Lynelle McKay Named CHIPS Program Office Chief Portfolio Management Officer

The Department of Commerce has appointed Lynelle McKay, a more than two-decade semiconductor industry veteran, as chief portfolio management officer of the CHIPS Program Office.

The National Institute of Standards and Technology said Wednesday McKay will work with CHIPS Act awardees and other industry stakeholders and oversee fund management to facilitate the implementation of the CHIPS for America program.

McKay most recently served as a senior relationship director within the CHIPS Program Office.

Previously, her private sector career included senior leadership positions at Freescale Technologies and Motorola.

“The semiconductor industry is one of the world’s most complex ecosystems, and I look forward to working with our award recipients, applicants, and key stakeholders to continue implementing this once-in-a-generation industrial policy program,” McKay said.

To date, the CHIPS for America program has announced nearly $30 billion in proposed funding through a dozen preliminary memoranda of terms as part of efforts to strengthen the U.S. semiconductor industry.

/
Marcus Tepaske Named New Technical Director at ONR Global
Published on
Marcus Tepaske Named New Technical Director at ONR Global

Marcus Tepaske has taken on the role of technical director at the U.S. Office of Naval Research Global.

In his new role, Tepaske will lead a team of over 50 scientists, technologists and engineers to find and deliver technologies that will address the challenges faced by the U.S. Navy and Marine Corps, according to a news article posted Wednesday on the Navy website.

Before being named ONR Global technical director, Tepaske served as science director based in Singapore. He assumed that position in 2022.

Tepaske had also served as ONR Global experimentation and analysis director from 2018 through 2021.

His career has also seen him take on various roles at Naval Surface Warfare Center, the Office of Naval Research, II Marine Expeditionary Force and U.S. Fleet Forces Command.

ONR Global Commanding Officer Capt. Andy Berner praised Tepaske for his experience and expertise, adding, “With a strong background working at ONR, and a long history of building productive partnerships, he is poised to make even more significant contributions to our mission.”

//
DARPA’s GRYPHON Program Researchers Establish Viability of Achieving Compact, Ultra-Low-Noise Microwave Sources
Published on
DARPA’s GRYPHON Program Researchers Establish Viability of Achieving Compact, Ultra-Low-Noise Microwave Sources

Researchers demonstrated the viability of developing microchip-size, ultra-low-noise microwave frequency oscillators under the first phase of the Defense Advanced Research Projects Agency’s Generating Radio Frequency with Photonic Oscillator for Low Noise, or GRYPHON, program.

DARPA said Wednesday the GRYPHON program, introduced in January 2022, seeks to develop ultra-low-noise microwave sources that could be deployed on mobile platforms to support communication and sensing applications.

“The results and impact from Phase 1 of GRYPHON really show what’s possible. For the first time, we’re seeing how integrated photonics allows us to break from the traditional size vs. performance vs. capability trade space and operate in a regime with exquisite performance that is exponentially better than current state of the art,” said Justin Cohen, GRYPHON program manager.

“Better and faster communications, more accurate sensing, improved detection capabilities – this work could disrupt and advance countless applications,” added Cohen.

According to DARPA, researchers in the initial phase used high-speed integrated circuits and different light-based approaches. They also integrated low-noise lasers with optical structures on low-loss photonic systems.

Under Phase 2, program researchers are working to further reduce phase noise and shrink the capabilities to targeted form factors while achieving tunability.

/
Los Alamos National Laboratory, OpenAI Partner to Assess Biosecurity Risks Involving Artificial Intelligence
Published on
Los Alamos National Laboratory, OpenAI Partner to Assess Biosecurity Risks Involving Artificial Intelligence

A study will be conducted by Los Alamos National Laboratory and OpenAI that seeks to evaluate the risks of advanced artificial intelligence being used to bring about biological threats.

The study will assess how well frontier AI models could assist in the successful completion of real-world biological tasks, LANL said Wednesday.

The work will involve the use of ChatGPT-4o and OpenAI’s Preparedness Framework, which helps with the tracking, evaluation and forecasting of emerging biological risks. The framework also helps with protecting against such threats.

Also, whereas previous similar efforts only involved text-based model inputs and outputs, the upcoming study will feature multimodal data.

Commenting on the partnership, Erick LeBrun, research scientist at Los Alamos noted that “measuring and understanding any potential dangers or misuse of advanced AI related to biological threats remain largely unexplored.”

“This work with OpenAI is an important step towards establishing a framework for evaluating current and future models, ensuring the responsible development and deployment of AI technologies,” LeBrun said.

The evaluation will also support the Biden administration’s Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence.

//
OUSD R&E Holds AI Defense Technical Review
Published on
OUSD R&E Holds AI Defense Technical Review

The Office of the Under Secretary of Defense for Research and Engineering hosted an Artificial Intelligence Defense Technical Review to facilitate strategic cooperation on automated tech and AI throughout the joint global forces.

The second annual DTR event provided breakout sessions on joint command and control, or C2, at the tactical edge, AI orchestration at operational scale, reliance on federated AI and what lies ahead for federated AI in defense, the Pentagon said Thursday.

Kim Sablon, OUSD’s principal director for trusted AI and autonomy, discussed some of the conference’s notable achievements.

“One of significant outcomes from this year’s event included the roll out of the AI Passport concept as a new distributed Artificial Intelligence federation framework, which enables multi-party software co-development,” said Sablon.

The DTR event introduced multi-agent-based C2 on-demand construction to support interconnected and coalition C2 AI programs. The conference also emphasized the need for continuous loop oversight and modernization of AI archetypes.

On the opening day of the conference, Radha Plumb, the Pentagon’s chief digital and artificial intelligence officer, gave opening remarks. This was followed by a fireside chat with Michael Foster, chief data officer of U.S. Central Command, and Maynard Holiday, assistant secretary of defense for critical technologies, to discuss the benefits and challenges of joint AI.

“DTR provided an opportunity for the community to participate in a discussion on the future of AI integration in defense operations and implementing a networked force powered by scalable AI solutions,” said Sablon. “The discussions are of critical importance to national security, informing the development of responsible and ethical use of AI in defense operations.”

Speakers included experts, researchers and leaders from organizations like Google, Microsoft, Amazon Web Services, IBM and CENTCOM.

/
FedRAMP Unveils Agile Delivery Pilot Program
Published on
FedRAMP Unveils Agile Delivery Pilot Program

The Federal Risk and Authorization Management Program has launched a new pilot program as part of efforts to enable agencies to quickly gain access to the latest security features to existing cloud service offerings and eliminate the challenges facing cloud service providers when it comes to bringing such improvements to market.

According to a blog post published Wednesday, FedRAMP will use the data from the Agile Delivery pilot program to help inform changes aimed at streamlining existing change management processes.

“Our long-term goal is to shift the FedRAMP process to one that is based on continuous assessment rather than assessing point-in-time snapshots,” the blog post reads.

Cloud providers that have new security features they plan to launch before Dec. 31 are encouraged to participate in the pilot. They should have change management and automated configuration management processes.

FedRAMP is interested in new opt-in features and is eyeing around 20 pilot participants, which should provide self-assessment artifacts and go through independent testing by the end of January.

“Additionally, changes to the fundamental underlying architecture, or new security control implementations that apply to the entire offering, will be excluded from the pilot,” the blog post states.

The program will accept applications through July 26 and select pilot participants by Aug. 16.

//
NSA Issues Info Sheet on Final Pillar of DOD Zero Trust Framework
Published on
NSA Issues Info Sheet on Final Pillar of DOD Zero Trust Framework

The National Security Agency has released the cybersecurity information sheet on the seventh and final pillar of the Department of Defense’s zero trust framework.

The CSI, titled “Advancing Zero Trust Maturity Throughout the Automation and Orchestration Pillar,” is also the eighth in a series of documents that offer guidance to various network owners, including the DOD, in implementing cybersecurity measures like zero trust, the NSA said Wednesday.

The document highlights three areas where automation and orchestration should be put to use: in repetitive, predictable tasks; when enhancing critical functions; and when coordinating security operations and incident response.

The six other ZT framework pillars are the following:

//
CDAO Adopts New Acquisition Approach for Advana Platform
Published on
CDAO Adopts New Acquisition Approach for Advana Platform

The Department of Defense’s Chief Digital and Artificial Intelligence Office has announced that it will partner with additional vendors under a new acquisition approach as part of efforts to scale Advana — DOD’s big data platform for advanced analytics — to meet the increasing needs and mission requirements of DOD customers.

CDAO said Tuesday that since 2021, the Advana platform has acquired the majority of lifecycle IT support services through the General Services Administration’s Federal Systems Integration and Management Center, or FEDSIM.

According to CDAO, opening Advana to more DOD-assisted acquisition providers will help facilitate the competition and vendor diversity needed to support prototyping efforts, improve access to high-quality data and enable the platform to accommodate future artificial intelligence and machine learning capabilities.

“As the Advana platform scales to meet growing needs of the Department, CDAO’s acquisition approach is evolving in parallel to allow for increased creativity, innovation, and flexibility to meet unique customer needs,” CDAO’s statement reads.

CDAO said Advana has more than 100,000 users supporting data products and business analytics applications across DOD and serves as the foundation of the Pentagon’s Open Data and Applications Government-owned Interoperable Repositories — or Open DAGIR — framework.

Open DAGIR Framework

In May, CDAO launched Open DAGIR as a multivendor ecosystem to help protect industry’s intellectual property and government data ownership and scale AI, data and analytics capabilities.

“Open DAGIR brings the best industry has to offer to the Department. It allows us to ensure enduring access to government-owned, contractor-operated technology stacks and infrastructure and retain data rights while also maximizing the ability of other companies to develop applications with government data,” said CDAO head Radha Plumb.

CDAO will provide additional details on the Advana update at the Global Information Dominance Experiments, or GIDES, Insight Day, on Tuesday, July 16, in Reston, Virginia, and will soon announce the Advana Insight Day that it intends to host in early September.

/
NSA Releases Advisory on Cyber Threat Group Associated With China’s Ministry of State Security
Published on
NSA Releases Advisory on Cyber Threat Group Associated With China’s Ministry of State Security

The National Security Agency, alongside other U.S. and international government agencies, has released a cybersecurity advisory titled “PRC MSS Tradecraft in Action.”

The advisory seeks to help cybersecurity practitioners prevent network intrusions or identify and remediate ongoing intrusions caused by a cyber actor group called APT 40, the NSA said Monday.

Also known as Kryptonite Panda, Gingham Typhoon and Bronze Mohawk, APT 40 is associated with the People’s Republic of China Ministry of State Security. Various organizations around the world have already been targeted by the group, including those from the U.S. and Australia.

Regarding the cyber actor, NSA Director of Cybersecurity Dave Luber said, “APT 40 is a known cyber actor group that continues to practice cyber espionage and evolve its tradecraft to target government networks.”

To support the work of cyber defenders, the advisory contains, among other things, details about APT 40’s tradecraft, the results of investigations on successful intrusions by the group and steps that can be taken to secure networks from the group.

1 241 242 243 244 245 2,603