//
CISA, FBI Seek Product Security Bad Practices Feedback
Published on
CISA, FBI Seek Product Security Bad Practices Feedback

The FBI and the Cybersecurity and Infrastructure Security Agency have released the Product Security Bad Practices catalog for public comment.

CISA said Wednesday the catalog details the risky practices that should be avoided by software manufacturers because of the potential threat they pose against critical infrastructure or national critical functions. The bad practices are categorized into three areas—product properties, security features and organizational processes and policies. The catalog also provides recommendations on how to build secure software.

Public comments will be accepted through the Federal Register at the request for comment on Product Security Bad Practices guidance page until Dec. 2. CISA will evaluate the feedback and make the necessary revisions to the catalog.

CISA Director Jen Easterly, a 2024 Wash100 Award winner, highlighted the risks posed by preventable software defects against critical infrastructure.

“These product security bad practices pose unacceptable risks in this day and age and yet are all too common. We hope that by following this clear-cut, voluntary guidance, software manufacturers can lead by example in taking ownership of their customers’ security outcomes and fostering a secure by design future,” said Easterly.

According to National Cyber Director Harry Coker, Jr., product security bad practices result in wide-ranging consequences often felt by Americans.

“Our private sector partners must shoulder their responsibility and build secure products and I’m glad to see this document as another tool to help software manufacturers do just that,” stated Coker Jr. “We need to work together to prioritize best practices to better protect our nation.”

Join the Potomac Officers Club’s 2024 Homeland Security Summit to learn more about the country’s most significant threats and what’s being done to thwart them.

CISA, FBI Seek Product Security Bad Practices Feedback
/
BAE Systems, Kongsberg Unveil Situational Awareness Tool
Published on
BAE Systems, Kongsberg Unveil Situational Awareness Tool

BAE Systems has partnered with Kongsberg Defence and Aerospace to introduce a new situational awareness tool intended to enhance threat response of warfighters on the battlefield.

BAE Systems said Wednesday the Integrated Combat Solution allows combat vehicles to transmit critical information such as video streams, metadata, target data and slew-to-cue commands during missions. These capabilities enable warfighters in the field to respond quickly to potential threats.

Under the agreement, Kongsberg will develop the ICS tool while BAE Systems will integrate it into the fleet of combat vehicles of the U.S. Army and Marine Corps. The collaboration will also cover support for technology advancements throughout the product lifecycles. This includes developing advanced capabilities to keep up with the emerging technologies in the field of warfare.

The ICS utilizes an open-systems approach for seamless integration on any battlefield platform with a weapon system and built-in sensors, enhancing troop safety and survivability.

In addition, the tool’s integrated network enables it to link the sensors on different battlefield assets together. With this feature, users can control weapon stations, turrets, jammers and other effectors from a single interface inside the vehicle.

Andy Corea, vice president and general manager of combat mission systems at BAE Systems, stressing the importance of fast and seamless dissemination of information on the field, stated, “The combined talents of Kongsberg’s innovation and expertise in remote weapon systems and our lead systems integration capability provides the warfighter the opportunity to obtain fully integrated enhanced combat capability — helping them stay aware and unmatched in battle.”

 Kjetil Reiten Myhra, executive vice president of defence systems at Kongsberg, added, “This force multiplier streamlines complicated threat responses, networking mobility platforms and other assets for increased combat capability.”

/
Commerce Department Announces CHIPS Funding for Infinera
Published on
Commerce Department Announces CHIPS Funding for Infinera

Infinera could secure up to $93 million in CHIPS and Science Act funding from the Department of Commerce under a signed non-binding preliminary memorandum of terms.

The Commerce Department said Thursday Infinera plans to use the proposed CHIPS funding to support the construction of a new fab in San Jose, California, to increase the production of indium phosphide-based photonic integrated circuits, or InP PICs.

InP PICs are key components in optical network communications that help speed up the transfer of large data volumes in communications spanning broadband networks and data centers.

The funding will also enable the company to build a new test and packaging facility in Bethlehem, Pennsylvania, to meet the rising demand for InP PICs.

The proposed facility would include a research and development space focused on new optical packaging technologies and the proposed projects are expected to generate up to 1,200 construction jobs and 500 manufacturing jobs.

The Biden-Harris Administration is taking meaningful steps towards achieving the economic and national security goals of the CHIPS and Science Act with proposed investments like this one, which will help us secure semiconductor manufacturing projects and create high-tech jobs across the country,” said Commerce Secretary Gina Raimondo.

/
DLA’s Daniele Kurze on Support for SMBs, Mentor-Protege Program
Published on
DLA’s Daniele Kurze on Support for SMBs, Mentor-Protege Program

Daniele Kurze, director of the Defense Logistics Agency’s Office of Small Business Programs, said helping small businesses address challenges related to the contracting market by helping them find opportunities for sustainment and growth is one of her near-term goals.

When it comes to long-term goals, one of Kurze’s priorities is establishing pilot programs like the one DLA initiated with the U.S. Air Force to establish a single entry point for source approval requests, DLA said Thursday.

“We are really creating a one-stop shop coming to Air Force or DLA, where we have different processes, but we are working to streamline our processes to reduce the administrative lead time to becoming an approved source,” she said Tuesday at a conference in Washington, D.C.

The former director of supplier operations at DLA cited the benefits of the Pathway to Supplier roadmap and offered updates on the agency’s first-ever mentor-protege program.

“DLA just awarded its first three mentor-protege agreements thanks to the collaboration of everyone here in helping us get there,” Kurze said. “We are excited about the program and intend on growing it this year.”

//
Steven Nordhaus Takes Command of National Guard Bureau
Published on
Steven Nordhaus Takes Command of National Guard Bureau

Gen. Steven Nordhaus took command of the National Guard Bureau during a ceremony at Joint Base Myer-Henderson Hall in Virginia, replacing Gen. Daniel Hokanson, who retired in August.

Before assuming his new responsibility, Nordhaus received his fourth star, earning the general a seat at the Joint Chiefs of Staff, the U.S. Air Force said Wednesday.

Navy Adm. Christopher Grady, the vice chairman of the Joint Chiefs of Staff and a 2022 Wash100 winner, presided over the turnover ceremony.

In his Tuesday acceptance speech, the new NGB chief vowed to focus on people, readiness, partnerships and modernization to ensure that the service remains postured for global competition and responsive in times of domestic crisis.

“Everything I do in this role will be in the service of our people so we can ensure mission success,” Nordhaus stressed.

Nordhaus most recently served as commander of the Continental U.S. North American Aerospace Defense Command Region and the 1st Air Force. He was responsible for planning and conducting air defense and air sovereignty operations in the continental United States, Puerto Rico and the Virgin Islands.

He also served as NGB’s director of operations and commander of the Air National Guard Readiness Center at Joint Base Andrews in Maryland. Earlier, the Air Force general was an executive assistant to Army Gen. Frank Grass, the 27th NGB chief.

Nordhaus is a command pilot with over 3,000 flight hours in various aircraft. He has flown combat missions in various operations, including Southern Watch, Vigilant Warrior, Northern Watch, Iraqi Freedom and Enduring Freedom.

The new NGB head will lead around 46,000 guardsmen spread across the U.S. and abroad to support homeland and international defense deployments.

//
SpRCO Issues RFI for Advisory & Assistance Services
Published on
SpRCO Issues RFI for Advisory & Assistance Services

The Department of the Air Force through the Space Force Rapid Capabilities Office has issued a request for information for advisory and assistance services.

According to the notice issued on Sam.gov Tuesday, the SpRCO is seeking feedback from industry experts on a potential time and material contract. This contract will cover services including analyses, acquisition studies, assessments, cost analyses, trade studies, documentation preparation and review, comparative logistics and cost trade-offs that address particular issues or critical areas.

The RFI also focuses on services related to acquisition, engineering, financial management support, logistics and test-related activities. The potential contracted company is required to have a valid security facility clearance and authorized Safeguarding level. It’s also necessary for their employees to be eligible for classified access.

Responses to the RFI are due Nov. 18.

/
CISA Updates Software Supply Chain Transparency Guidance
Published on
CISA Updates Software Supply Chain Transparency Guidance

The Cybersecurity and Infrastructure Security Agency has issued the third edition of its guidance aimed at promoting transparency in the supply chain of software componentsThe new document, titled “Transparency: Establishing a Common Software Bill of Materials,” amplifies the baseline attributes needed for establishing transparency cited in the second guidance edition issued in 2021, CISA said Tuesday.

The updated edition will serve as a detailed guide for creating software bills of materials, or SBOMs, the agency added. It defines an SBOM as “a formal, machine-readable inventory of software components and dependencies, information about those components and their relationships.”

The new guidebook clarifies the expectations for each SBOM baseline attribute. It also adds two baseline attributes—license and copyright holder—and includes risk management in the SBOM consumption process.

CISA developed the 39-page guidance through its community-driven working group and software community input. 

In April 2023, the Department of Homeland Security’s Science and Technology directorate selected seven start-ups to build SBOM-based products to help CISA create a multi-format SBOM translator and a software component identifier translator as foundational open-source software libraries.

CISA Updates Software Supply Chain Transparency Guidance

Join the Potomac Officers Club’s 2024 Homeland Security Summit on Nov. 13, to learn more about the major threats against the United States and the efforts underway to address them. Register now!

/
Labor Department Publishes AI Best Practices
Published on
Labor Department Publishes AI Best Practices

The Department of Labor has published guidance to ensure that artificial intelligence development and deployment in the workplace preserve job quality and support worker well-being. The AI Best Practices serves as a comprehensive roadmap designed for technology developers and employers, the department said Wednesday. 

The document is in line with the department’s AI and Worker Well-being: Principles for Developers and Employers, released in May. Both guidelines are developed in compliance with President Joe Biden’s Oct. 30 Executive Order on the Safe, Secure and Trustworthy Development and Use of AI

AI Best Practices for the Workplace

The newly published document identifies strategies that enable businesses to benefit from AI without violating worker rights. Some of the strategies outlined are providing AI training, being transparent on the technology’s employment in the workplace, maintaining human oversight on important employment decisions and securing worker data. 

“These Best Practices provide a roadmap for responsible AI in the workplace, helping businesses harness these technologies while proactively supporting and valuing their workers,” commented Acting Labor Secretary Julie Su. “As we embrace the opportunities that AI can offer, we must ensure workers are lifted up, not left behind.”

The document follows the AI and Inclusive Hiring Framework developed by the Office of Disability Employment Policy and the Partnership on Employment & Accessible Technology to prevent employment discrimination in the hiring process.

/
Commerce Dept Makes Investment in Silicon Carbide Production
Published on
Commerce Dept Makes Investment in Silicon Carbide Production

The U.S. Department of Commerce and Wolfspeed, a silicone carbide wafers and devices manufacturer, have signed a non-binding preliminary memorandum of terms to invest up to $750 million to boost silicone carbide wafer production.

The DOC said Tuesday the proposed investment, under the CHIPS and Science Act, is intended for the construction of the John Palmour Manufacturing Center, a new 200mm silicone carbide wafer manufacturing facility in Siler City, North Carolina. The new facility is expected to boost the supply of semiconductors and create more than 5,000 manufacturing and construction jobs.

Measuring around two million square feet, the new facility will be the largest of its kind in the United States. It will also be the first high-volume 200mm silicon carbide wafer manufacturing facility in the world.

The proposed CHIPS funding will also be used for Wolfspeed’s $6 billion expansion plan, starting with the company’s Marcy, New York facility. This has the potential to increase the facility’s production by 30 percent.

With the new facility and expansion of the one in New York, Wolfspeed expects a five-fold increase in silicon carbide device production and a ten-fold increase in 200mm materials production.

The current administration, through its Investing in America initiative, has been working on revitalizing the country’s semiconductor supply chain while creating more well-paying job opportunities and investing in future energy and artificial intelligence innovations.

U.S. Secretary of Commerce Gina Raimondo stressed the significance of the investment in advancing technologies such as AI, electric vehicles and clean energy.

“Thanks to proposed investments in companies like Wolfspeed, the Biden-Harris Administration is taking a meaningful step towards reigniting U.S. manufacturing of the chips that underpin these important technologies,” Raimondo expressed.

//
NSA Issues Advisory on Iranian Brute Force Cyber Attacks
Published on
NSA Issues Advisory on Iranian Brute Force Cyber Attacks

The National Security Agency, alongside partner agencies like the FBI and the Cybersecurity and Infrastructure Security Agency, has released a joint cybersecurity advisory concerning efforts by Iranian cyber actors to compromise the systems belonging to various critical infrastructure—or CI—sectors.

Attack Objectives

The NSA said Wednesday that since 2023, Iranian cyber actors have been using brute force and other techniques to break into systems used by energy, government, healthcare and other CI organizations. MITRE ATT&CK defines brute force as the attempt by an attacker to systematically guess the target system’s password via “a repetitive or iterative mechanism.”

Once the Iranian attackers gain access, they work to enable persistent access by modifying multifactor authentication registrations. They also steal more credentials to sell on criminal forums.

Purpose of the Advisory

The joint cybersecurity advisory seeks to provide readers with recommendations on how to detect brute force activity on their systems. The document also offers recommendations on how to mitigate such activities.

“We explain the tactics, techniques, and procedures used by the Iranian actors, as well as indicators of compromise,” NSA Cybersecurity Director Dave Luber explained.

“Our agencies are sharing detailed insight into this malicious cyber activity and what organizations can do to shore up their defenses,” Luber added.

1 264 265 266 267 268 2,696