/
GAO Report: ONCD Needs Performance Metrics, Cost Estimates for National Cybersecurity Strategy Implementation
Published on
GAO Report: ONCD Needs Performance Metrics, Cost Estimates for National Cybersecurity Strategy Implementation

The Office of the National Cyber Director needs to develop better performance metrics and cost estimates for implementing the National Cybersecurity Strategy in order to ensure its effectiveness, the Government Accountability Office said.

GAO on Thursday released a new report noting that while ONCD has a good strategic foundation, it needs to describe in detail its plans for outcome-oriented performance measures as well as resources and estimated cost.

The government watchdog noted that ONCD fully addressed four out of six desirable characteristics under the National Cybersecurity Strategy. This includes purpose, scope and methodology; problem identification and risk assessment; integration and implementation and organizational roles, responsibilities and coordination.

However, ONCD only partially met requirements in goals, subordinate objectives and performance measures and investments and risk management.

ONCD disagreed with GAO’s recommendation about estimating implementation costs, but agreed to establish outcome-oriented performance measures.

/
FedRAMP Outlines Required Actions for Cloud Service Providers in Response to CISA’s Emergency Directive
Published on
FedRAMP Outlines Required Actions for Cloud Service Providers in Response to CISA’s Emergency Directive

The Federal Risk and Authorization Management Program has listed some actions it requires CSPs, or cloud service providers, to perform in response to an emergency directive released by the Cybersecurity and Infrastructure Security Agency to mitigate vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure products.

In a blog post published Thursday, FedRAMP stated that CSPs that maintain federal data are covered by CISA’s Emergency Directive 24-01.

CSPs that fall within the scope of the directive should assess and implement the actions outlined in the document and upload responses to the incident response folder in their respective FedRAMP secure repository.

Responses for required task 2e and task 3 in the Supplemental Direction should be uploaded by Feb. 5 and Feb. 28, respectively.

FedRAMP is also requesting that CSPs send an email to the FedRAMP Program Management Office and all agency customer authorizing officials with notification of the completed action and upload a copy of email notifications to the incident response folder in their respective secure repository.

The program released the actions in consultation with the FedRAMP Joint Authorization Board and CISA.

NIST’s CHIPS R&D Office Issues Notice of Intent to Create Digital Twin Manufacturing USA Institute
Published on
NIST’s CHIPS R&D Office Issues Notice of Intent to Create Digital Twin Manufacturing USA Institute

The National Institute of Standards and Technology has expressed its intent to create a new semiconductor manufacturing institute that will use digital twin technology for production, packaging and assembly.

In a notice of intent published Thursday on Federal Register, NIST’s CHIPS Research and Development Office said it will launch a competition for a new public-private Manufacturing USA Institute with a contract value of $200 million and performance period of five years.

The agency aims to catalyze curriculum and best practices for advanced digital twins and modeling, which can be a training ground for the semiconductor workforce. The institute will also provide access to digital models and production processes by creating a marketplace for the technology in chips manufacturing.

CHIPS R&D is scheduled to issue a notice of funding opportunity in the second quarter of this year.

/
Leslie Beavers on DOD’s Zero Trust Implementation Efforts
Published on
Leslie Beavers on DOD’s Zero Trust Implementation Efforts

Leslie Beavers, principal deputy chief information officer of the Department of Defense and a 2024 Wash100 awardee, said DOD has initiated efforts to establish a zero trust environment, such as defining the requirements from a capability standpoint and setting objectives for military services to meet the deadline for the capability by 2027.

“The services have submitted their plans to us, and those are currently being evaluated. There are more than 90 capabilities that are required to meet the basic level of zero trust,” Beavers told FedTech Magazine in an interview published Tuesday.

“We’re focusing on the required compliance capability at its highest level — tag the people, tag the data and audit. We’re well on our way,” she added.

Beavers stated that DOD will continue to implement perimeter defense and perform identity and access management and endpoint monitoring activities.

The principal deputy CIO discussed the challenges DOD faces when it comes to implementing zero trust, including the need to facilitate data sharing while safeguarding information, and cited efforts to upgrade existing technologies and buy new platforms to build zero trust.

When asked about the lessons learned that she could share with other CIOs, she said the process begins with “getting back to basics and doing basic cybersecurity.”

“With zero trust, you’ve got to know what you have and who’s on the architecture. Starting with the basics and getting really good at that is the first and biggest step. You do that as you start trying to map out your architecture so you can instrument it to tag the people, tag the data and audit it,” Beavers noted.

POC - 5th Annual CIO Summit

Beavers will deliver a keynote at the Potomac Officers Club’s 5th Annual CIO Summit on April 17. Register here to learn more about the latest modernization strategies and how industry can help meet the priorities of federal CIOs.

/
Lawmakers Introduce Bill to Measure AI’s Environmental Impact
Published on
Lawmakers Introduce Bill to Measure AI’s Environmental Impact

A bicameral group of lawmakers has introduced new legislation to create a framework for measuring the environmental impact of artificial intelligence’s energy consumption, pollution and e-waste.

Sens. Edward Markey, D-Mass., and Martin Heinrich, D-N.M., and Reps. Anna Eshoo, D-Calif., and Don Beyer, D-Va., introduced the Artificial Intelligence Environmental Impacts Act of 2024 to facilitate interagency collaboration on addressing the environmental risks posed by the rapid growth of AI technologies.

The bill mandates the National Institute of Standards and Technology to develop standards to measure and report AI’s environmental impacts and create a voluntary reporting framework for developers to disclose the ecological impacts of their products and services.

If enacted, the legislation would also require an interagency study on AI’s environmental impact and convene an AI Environmental Impacts Consortium.

“The resources necessary to research and develop AI are intensive, and as AI systems grow in scale and become more widely used across various sectors of society, it’s critical to understand the environmental impacts of AI development and use,” Eshoo said.

POC - 5th Annual Artificial Intelligence Summit

Join the Potomac Officers Club’s 5th Annual Artificial Intelligence Summit on March 21 to hear more about cutting edge AI innovations from government and industry experts. Register here!

//
Outgoing CYBERCOM, NSA Leader Paul Nakasone Calls Attention to Chinese Cyberthreats
Published on
Outgoing CYBERCOM, NSA Leader Paul Nakasone Calls Attention to Chinese Cyberthreats

According to Paul Nakasone, outgoing commander of the U.S. Cyber Command and director of the National Security Agency, cyber threats from China are different from those the U.S. has previously dealt with.

In remarks to the House Select Committee on the Chinese Communist Party earlier this week, Nakasone said that these threats, which often make use of malware, can create vulnerabilities within critical infrastructure systems, the Department of Defense said on Thursday.

When malware is uncovered in critical infrastructures, such as those that provide Americans with water, electricity and fuel, “the first thing that we need to do is to make sure that we get them out,” said Nakasone, a seven-time Wash100 Award winner. The next step is staying vigilant.

“This is not an episodic threat that we’re going to face. This is persistent … we have to operate every day; we have to have a vigilance. We have to have offensive and defensive capabilities,” he emphasized.

Though China is a near-peer adversary, Nakasone expects the U.S. to maintain an advantage in the cyber domain. He credits this belief to U.S. cyber capabilities and the people behind them, such as those working within CYBERCOM and the National Security Agency.

Nakasone noted that the U.S. has a unique offensive cyber capability and that bringing awareness to it could deter cyberattacks from China.

“We do have the capability, and we’re very, very good—the best. And in terms of the way that we communicate it, we communicate it in many different ways—from our policymakers who have these discussions to the exercises that we conduct to the real-world examples that, that we do with a series of different partners,” he said.

Nakasone assumed the roles of CYBERCOM commander and director of the National Security Agency in May 2018. He retired from these roles today.

Outgoing CYBERCOM, NSA Leader Paul Nakasone Calls Attention to Chinese Cyberthreats

Learn more about U.S. cyber activities at the Potomac Officers Club’s 2024 Cyber Summit on June 6. David McKeown, deputy chief information security officer for cybersecurity and senior information security officer for the DOD, will keynote the event. Click here for more information, and click here to register.

/
Top GovCon EVPs Kim Lynch and Steve Escaravage Spotlighted for 2024 Wash100 Wins
Published on
Top GovCon EVPs Kim Lynch and Steve Escaravage Spotlighted for 2024 Wash100 Wins

On Friday, Executive Mosaic highlighted the accomplishments of Oracle’s Kim Lynch and Booz Allen Hamilton’s Steve Escaravage in honor of their 2024 Wash100 wins.

The renowned Wash100 Award annually recognizes the government contracting industry’s most impactful executives. To choose its distinguished winners, Wash100 puts its nominees through a rigorous selection process that assesses each individual’s past achievements and expected future influence in the GovCon field.

Lynch currently serves as executive vice president of government defense and intelligence at Oracle, which she joined in January 2023. She entered the ranks of Wash100 for the first time this year for her tireless dedication to advancing Oracle’s cloud technology to better serve federal customers. Click here to read her full profile.

Top GovCon EVPs Kim Lynch and Steve Escaravage Spotlighted for 2024 Wash100 Wins

Escaravage, an executive vice president at Booz Allen who helps lead the firm’s artificial intelligence practice, received his third Wash100 Award this year. His accomplishments in 2023 include driving investments in small technology organizations and pushing for the DOD to back dual-use technology companies. He was also appointed chair of Executive Mosaic’s 4×24 AI Group. Read his full profile here.

Booz Allen is sponsoring the Potomac Officers Club’s 5th Annual AI Summit on March 21. Click here to register and hear from key public and private sector AI leaders.

The Wash100 popular vote competition is in full swing. Visit Wash100.com to cast your votes and join this exciting contest.

NIST Seeks Feedback on Planned Update to Information Mapping Special Publication
Published on
NIST Seeks Feedback on Planned Update to Information Mapping Special Publication

The National Institute of Standards and Technology is seeking external feedback to shape its planned revision of Special Publication 800-60, which focuses on information type categorization and mapping.

NIST announced Wednesday that it intends to update the special publication to improve privacy parameters during categorization, in alignment with another SP on information system risk management.

The institute is interested in gleaning current applications of SP 800-60 to organizations, specifically in categorizing personally identifiable information. It is also inviting input on other relationships that should be covered or highlighted between information and privacy types.

Refinement of SP 800-60 will include taxonomy of information types and provisional impact levels in accordance with the National Archives and Records Administration Controlled Unclassified Information registry and other federal standards.

The public comment period is scheduled to close on March 18.

DOE Launches Multi-Laboratory Effort to Address Hybrid Renewable Energy Cybersecurity Gaps
Published on
DOE Launches Multi-Laboratory Effort to Address Hybrid Renewable Energy Cybersecurity Gaps

A new multi-laboratory effort led by the Department of Energy’s National Renewable Energy Laboratory aims to identify and address cybersecurity gaps in the hybrid renewable energy sector.

The Renewable Energy and Storage Cybersecurity Research, also known as RESCue, is a one-year pilot program that seeks to establish a Hybrid Renewable Cybersecurity Consortium that would facilitate the gathering and sharing of cybersecurity intelligence among stakeholders from the wind, solar and energy storage industries.

RESCue will create a cyber-resilient design framework for hybrid renewable systems; develop modular reference architectures for installing wind, solar and energy storage systems; and host an in-person workshop to discuss potential pathways for strengthening cybersecurity defenses and responses.

The effort is funded by the Office of Cybersecurity, Energy Security, and Emergency Response and supported by Idaho National Laboratory and Sandia National Laboratories.

/
Andy Lewandowski Appointed Chief Digital Experience Officer at Department of the Interior
Published on
Andy Lewandowski Appointed Chief Digital Experience Officer at Department of the Interior

Andy Lewandowski has taken on the role of chief digital experience officer at the Department of the Interior’s Office of the Chief Information Officer.

Lewandowski announced his appointment on LinkedIn, saying he would strive “to improve public-facing services and customer experiences at the National Park Service, U.S. Fish and Wildlife Service, U.S. Indian Affairs and Bureau of Indian Affairs” with the use of design and technology.

Lewandowski joined the federal government in 2018 after spending four years at technology consulting firm Excella Consulting. He says the move was meant to be “a one-year tour of public service with a plan to return to tech consulting” but has since stayed on.

From 2018 through 2021, Lewandowski served as a digital services expert at the U.S. Digital Service. He then moved to the Office of Management and Budget where he served as digital experience adviser to the federal chief information officer through to the end of 2023. His appointment to the Department of the Interior followed.

Lewandowski said he chose to continue pursing a career in public service “because I love this work.” He is also driven by the belief that government services and experiences that meet expectations can be delivered.

“The public deserves no less,” he added.

1 347 348 349 350 351 2,595