Page 247 – Executive Gov

Published on August 13, 2024

The Federal Risk and Authorization Management Program has announced that it is transitioning to one designation of FedRAMP Authorized as part of its modernization effort aimed at accelerating federal agencies’ secure adoption of cloud services.

FedRAMP said Monday it will eliminate the “authorization path” filter on the FedRAMP Marketplace in the next few weeks and that cloud service providers that have secured certification through the Joint Authorization Board, or JAB, will have their historic designation included in their Marketplace description.

For CSPs that were authorized by the JAB, the program will initially shift continuous monitoring to FedRAMP or to one of the former JAB agencies such as the General Services Administration and the departments of Defense and Homeland Security.

FedRAMP expects to migrate continuous monitoring for CSPs not used by a former JAB agency to another agency client and will continue supporting a number of CSPs that were originally prioritized by the JAB to issue a program authorization.

For the long term, the program plans to establish criteria and an approach to expanding the authorization marketwide.

FedRAMP will host a virtual question-and-answer session on Aug. 14 for cloud providers that were authorized or prioritized by the JAB.

In May, the Office of Management and Budget appointed seven inaugural members to the newly established FedRAMP Board, which replaced the program’s JAB.

Artificial Intelligence/Cybersecurity/News

DARPA Holds AI Cyber Challenge to Boost AI-Driven Cybersecurity

by Miles Jamison

Published on August 13, 2024

The Defense Advanced Research Project Agency, or DARPA, recently held the qualifying round for the AI Cyber Challenge, or AIxCC, a competition that challenges participants to push the limits of AI-driven cybersecurity.

DARPA said Sunday the semifinal competition of the AIxCC was held during DEF CON 32, which took place from Aug. 8-11. More than 12,500 people attended the event, which proved how critical the competition, particularly AI and cybersecurity, is to real life.

The semifinal round narrowed down the field to the top seven teams. Each of these seven teams will receive $2 million and qualify for the final stage of the two-year competition, which is scheduled for August 2025.

The seven teams advancing to the final stage include:

42-b3yond-6ug
all_you_need_is_a_fuzzing_brain
Lacrosse
Shellphish
Team Atlanta
Theori
Trail of Bits

AIxCC, with the help of the Advanced Research Projects Agency for Health, asked participants to come up with AI and cybersecurity innovations to protect important open-source software that enables modern life. These enhanced AI systems will be necessary in defending different sectors such as public utilities, healthcare and finance, especially since the software is highly vulnerable to cyberattacks.

During the semifinal competition, participating teams were asked to create “cyber reasoning systems” to tackle “challenge projects.” These AI systems should have the capability to automatically detect and repair vulnerabilities in software.

Nearly 40 teams submitted their cyber reasoning systems and each one was tested on the same set of challenge projects, which included software like Jenkins, Linux kernel, Nginx, SQLite3 and Apache Tika. The AI systems were scored based on a public algorithm.

The AI systems developed by the participants found 22 unique synthetic vulnerabilities and 15 of those were fixed by the systems. Eleven unique patches for the C-based challenges and four for Java-based challenges were also determined. Additionally, the systems found a real-world bug in the SQLite3 software.

The seven teams who made it to the final round will have one year to further develop their technology. A total of $29.5 million in prizes is up for grabs during the culmination of the competition.

Learn everything you need to know about the Cybersecurity Maturity Model Certification. Register here to watch the webinar.

DoD/News

DCSA to Launch Continuous Vetting Services for Non-Sensitive Public Trust Workers Within the Week

by Jerry Petersen

Published on August 13, 2024

The Defense Counterintelligence and Security Agency will, within the week, begin a phased rollout of continuous vetting, or CV, services for the non-sensitive public trust, or NSPT, workforce as part of the Trusted Workforce 2.0 whole-of-government personnel vetting reform effort.

The DCSA said Monday that the implementation is being carried out in collaboration with multiple agencies that have volunteered to serve as early adopters of CV, which will work to replace a requirement to subject NSPT workers to a security investigation every five years.

In lieu of such reinvestigations, CV will subject individuals to regular background checks to ensure continuing compliance with security clearance requirements. Accompanying CV are a variety of attendant services, including reporting, alert management and real time threat analysis.

Commenting on the rollout, DCSA Director David Cattler said, “Expansion of CV to the NSPT workforce is a critical component of federal Trusted Workforce 2.0 policy and enhances the trustworthiness of all federal employees.”

Implementing CV on the NSPT population is of particular significance because such workers include those who hold non-national security roles but could, through misconduct, nevertheless damage the integrity of the service. In addition, public trust positions include a variety of key services like rulemaking, public safety and health services, and law enforcement.

The DCSA aims to provide by the end of fiscal year 2025 all customer agencies with the ability to let them enroll their NSPT workers into CV.

Cybersecurity/News

Jen Easterly Says Federal Computer Software Manufacturing Should Improve

by Branson Brooks

Published on August 13, 2024

Jen Easterly Says Federal Computer Software Manufacturing Should Improve

Due to a recent surge of cybersecurity infiltrations, Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency, believes the technology industry must advance computer software manufacturing processes to better protect against such attacks, CyberScoop reported Friday.

The 2024 Wash100 awardee relayed her beliefs during the Black Hat security conference on Thursday. Easterly said, “We don’t have a cybersecurity problem. We have a software quality problem.”

“We have a multi-billion dollar cybersecurity industry because for decades, technology vendors have been allowed to create defective, insecure, flawed software,” Easterly added.

In March, Easterly and CISA unveiled a Secure by Design pledge, the main principles of which include multi-factor authentication, lessening default passwords, reducing vulnerability classes and increasing customer security patch installation to secure product development.

The Streamlining Federal Cybersecurity Regulations Act also seeks to implement an interagency committee within the Office of the National Cyber Director to mobilize a program to improve cybersecurity and information security regulations and compliance requirements.

Easterly emphasized the importance of Congress playing its part in improving software vulnerabilities.

“Congress can also have a transformative impact by establishing a software liability regime with an articulable standard of care and safe harbor provisions for those vendors that innovate responsibly, prioritizing secure development processes,” Easterly stated.

Since the Secure by Design pledge launch, Easterly said 200 companies have signed on.

News/Videos

How to Ensure Supply Chain Security

by Kristen Smith

Published on August 13, 2024

Cyber attacks are on the rise, and government contractors are looking at new ways to protect their valuable assets, data and information. Executive Mosaic spoke with DTS CEO and President Ed Tuorinsky in a new video interview to find out how companies should be thinking about supply chain security in the digital age.

Table of Contents

Understand Your Information Flow

According to Tuorinsky, the first step in ensuring supply chain security is understanding the flow of information within your organization. That can help companies understand which partners can put them at risk and which ones can’t.

Companies have information flowing in and out at all times. At the lowest risk level is general business communications, which may look like emails back and forth between companies and partners or between the sales team and potential customers.

One step up from that is proprietary information that a company may want to limit to internal use but still may share externally with the right partners.

Some of the more sensitive information a company has includes personal information — like social security numbers. In the government contracting space, especially when working with the Department of Defense, companies may also have controlled unclassified information, or CUI.

“Really understanding the information flow and what partners are receiving what — that’s really the start of your supply chain security,” Tuorinsky said. “Understanding who’s receiving what, what is that information and should it be protected.”

Determine Which Partners Should Be Vetted

Companies can have a wide range of vendors and partners, from office supplies providers to subcontractors. Not all partners require the same kinds of supply chain security and controls, Tuorinsky explained.

“Staples, for example — you’re ordering your supplies, paper, pencils, pens. They have your credit card information, but they’re not in that critical information flow. They’re a vendor, they’re a supplier of yours. Yes, if your information gets stolen, it is a hassle to change that, but it’s not critical,” he said.

However, if a company outsources something like business development, that’s when company proprietary information, financial information and even CUI could come into play.

“That vendor has to be vetted,” Tuorinsky emphasized. “You are sharing critical information with them, and you want to make sure not only your corporate information is protected, but your potential client information is protected.”

Unlock more supply chain security insights by watching Ed Tuorinsky’s video interview.

Executive Moves/News

Labor Department CIO Gundeep Ahluwalia Stepping Down

by Jane Edwards

Published on August 13, 2024

Labor Department CIO Gundeep Ahluwalia Stepping Down

Gundeep Ahluwalia, chief information officer of the Department of Labor, is stepping down after serving as CIO for eight years, Federal News Network reported Monday.

In an email to staff obtained by FNN, Ahluwalia’s last day at DOL would be Friday, Aug. 16.

According to the report, Louis Charlier, the department’s deputy CIO, will assume the role of acting CIO.

Under Ahluwalia’s leadership, DOL has established a digital infrastructure during the pandemic, advanced cloud adoption, implemented cloud-based cybersecurity capabilities, modernized more than 500 business applications and enabled the digitization of labor certification programs and enhanced the workman compensation program delivery, among other efforts.

“Our successes in creating novel funding mechanisms, Technology Modernization Funding wins, legendary TechDay, creating resilient infrastructure, websites, applications, mobile applications, data infrastructure, cybersecurity, artificial intelligence and emerging technologies are all things I can talk about for days!” he wrote in the email.

Ahluwalia joined DOL in August 2016 as deputy CIO.

Before the Labor Department, he spent four years at the Food and Drug Administration as deputy director of business informatics.

Prior to joining federal service, the CIO was director for information technology and application support at Agentrics.

Healthcare IT/News

VA Taps Electronic Health Information System for Research to Help Improve Clinical Care

by Kristen Smith

Published on August 13, 2024

The Department of Veterans Affairs has partnered with Oak Ridge National Laboratory to establish a knowledge-sharing website using VA electronic health records to accelerate research that can support improved clinical care.

The platform, called Centralized Interactive Phenomics Resource, or CIPHER, can open a broader sharing of research findings within the scientific community, the VA said.

The public-facing online resource, open to VA and non-VA researchers, provides data culled from the department’s integrated health care system—the United States’ largest.

Researchers can tap the CIPHER library for computable inputs derived from complex health data, such as phenotypes for diseases and clinical conditions. The library generates the data through the ORNL’s compute facilities and expertise.

According to Sumitra Muralidhar, director of the VA Million Veteran Program (CIPHER’s lead sponsor), the platform “has revolutionized” researchers’ use of EHR data with its standardized and streamlined approach that allows a head start in health research.

The VA has previously undertaken EHR modernization efforts, which engaged private industry, to improve clinical outcomes for members of military service branches.

Attend the Potomac Officers Club’s 2024 Healthcare Summit in December for all of the latest updates on U.S. healthcare technology.

Contract Awards/News

DIU Awards Autonomous Maritime Vehicle Prototype Contracts

by Kristen Smith

Published on August 13, 2024

DIU Awards Autonomous Maritime Vehicle Prototype Contracts

The Defense Innovation Unit, in partnership with the U.S. Navy, has awarded contracts to select mid-size, non-traditional and venture-backed companies to prototype small unmanned surface vehicle — or sUSV — interceptors that can operate together as robotic swarms in contested environments.

The effort supports the Department of Defense’s Replicator initiative, which aims to provide warfighters with all-domain, attritable, autonomous systems faster than traditional procurement timelines, the DIU said Monday.

Speaking at the National Defense Industry Association 2024 Emerging Technology for Defense Conference, Kathleen Hicks, deputy secretary of Defense and a 2024 Wash100 awardee, said Replicator is demonstrating how to deliver all kinds of capability at speed and scale.

“What we’ve done in under 12 months can take seven-to-ten years. At the end of the day, all our efforts are conditioning DoD, Congress, and the private sector for the battlespace of the future, and the pace of change necessary to succeed,” she added.

The sUSV prototype contract awardees were selected among over 100 applicants that responded to the DIU’s solicitation for production-ready automated maritime drones in January.

DIU Director Doug Beck said having non-traditional defense companies as contract winners demonstrates the DOD’s “growing ability to leverage leading commercial and dual-use technologies to meet critical and emerging national security needs.”

Get an in-depth look into current Navy priorities at the Potomac Officers Club’s 2024 Navy Summit on August 15. Register here.

Financial Reports/News

GovCon Index Took Downward Turn Last Week

by Ireland Degges

Published on August 12, 2024

GovCon Index Took Downward Turn Last Week

Executive Mosaic’s GovCon Index fell by 0.03% last week. This slight loss marked the end of a four-week growth trend.

GovCon Index is an aggregate index that presents real-time data on the stock market performance of 30 major government contracting companies. This information enables users to analyze the financial success of each tracked organization and gain insights into the broad trends shaping today’s GovCon marketplace.

GovCon Index began last week with a 2.15% drop on Monday. It jumped back into positive territory on Tuesday, and made slight gains on Wednesday. On Thursday, GovCon Index rose by a notable 1.74% — an increase driven by Palantir’s 11.25% rise. Though growth continued on Friday, GovCon Index stayed negative overall.

For more details on daily GovCon Index performance, check out last week’s market reports. To access the complete list of tracked companies, click here.

Government Technology/News

NSF Selects First Pilot Projects Advancing National Quantum Virtual Laboratory

by Kristen Smith

Published on August 12, 2024

The National Science Foundation has selected the initial batch of pilot projects to advance its National Quantum Virtual Laboratory program.

The five projects, which will receive funding of $1 million each, will build the foundation for NQVL, a decentralized national resource enabling accelerated discovery and development of use-inspired quantum technologies, NSF said.

For instance, one of the projects will build a quantum network to support secure long-distance communication systems. Stony Brook University will collaborate with Columbia University, Yale University and Brookhaven National Laboratory on the effort.

According to NSF Assistant Director for Mathematical and Physical Sciences Denise Caldwell, the upcoming laboratory will facilitate the translation of new scientific ideas into developed technologies that benefit society.

NSF noted that NQVL will accelerate the translation of fundamental science and engineering concepts into practical applications co-designed by a diverse community of computing, networking and sensing experts.

The laboratory also intends to train the STEM workforce that would spearhead U.S. industries in the future, the foundation explained.

NSF will announce five additional projects supporting NQVL in late 2024.

Previous 1 … 245 246 247 248 249 … 2,631 Next