/
NSA, Partners Warn Against North Korea-Linked Group Exploiting Email Policies
Published on
NSA, Partners Warn Against North Korea-Linked Group Exploiting Email Policies

The National Security Agency, the FBI, and the State Department have released a joint cybersecurity advisory warning against a North Korea-linked cyberthreat group that exploits weak domain-based message authentication, reporting and conformance, or DMARC, policies.

The CSA outlines techniques used by Kimsuky threat actors to exploit improperly configured DMARC record policies to carry out spearphishing campaigns, disguising themselves as legitimate academics, journalists or other experts in East Asian affairs to gather intelligence on geopolitical events and foreign policy strategies, NSA said Thursday.

“Spearphishing continues to be a mainstay of the DPRK cyber program and this CSA provides new insights and mitigations to counter their tradecraft,” said Dave Luber, director of the Cybersecurity Directorate at NSA.

According to the advisory, a properly configured DMARC policy will prevent malicious actors like Kimsuky from spoofing an organization’s legitimate email domain when sending spearphishing messages to a target.

The agencies recommended that organizations enhance their cybersecurity posture of DMARC security policies and implement mitigations that align with the Cybersecurity and Infrastructure Security Agency’s Cybersecurity Performance Goals.

POC - 2024 Cyber Summit

Join the Potomac Officers Club’s 2024 Cyber Summit on June 6 to hear from government and industry experts about the dynamic and ever-evolving role of cyber in the public sector. Register here!

/
Proposed Rule to Implement Prohibition on Certain Semiconductor Products & Services
Published on
Proposed Rule to Implement Prohibition on Certain Semiconductor Products & Services

The Department of Defense, NASA and the General Services Administration have proposed a rule that would prohibit executive agencies from buying certain electronic goods and services that include covered semiconductor products and services.

According to a notice published Friday in the Federal Register, the proposed rule seeks to amend the Federal Acquisition Regulation to implement a section of the fiscal year 2023 National Defense Authorization Act.

The prohibition will take effect on Dec. 23, 2027.

Covered semiconductors include those from entities that are either owned or controlled by foreign governments of concern, including China, Russia, Iran and North Korea.

DOD, NASA and GSA plan to require all solicitations to include a provision directing vendors to certify their non-use of covered chips in electronic products or services provided to the government.

The three agencies are asking the public for insights on proposed definitions in the rule, potential impact of the rule on small businesses and suggested procedures for conducting a reasonable inquiry into supply chains to detect the use or inclusion of covered semiconductor products and services, among others.

Comments on the proposed rule are due July 2.

/
Microsoft Expands Secure Future Initiative Amid Evolving Threat Landscape
Published on
Microsoft Expands Secure Future Initiative Amid Evolving Threat Landscape

Microsoft has expanded the scope of the company’s Secure Future Initiative to integrate the lessons learned from the Midnight Blizzard cyber incident and recommendations from the Department of Homeland Security’s Cyber Safety Review Board concerning the Storm-0558 cyberattack.

The expanded SFI approach will be guided by three security principles: secure by design, secure by default and secure operations, Charlie Bell, executive vice president of Microsoft Security, wrote in a blog post published Friday.

A report released by CSRB in late March recommends that Microsoft develop and publicly disclose a plan on how it would reform its security practices and direct teams to fully assess and address security risks before deploying new features.

Microsoft is aligning its actions and goals to six security pillars to implement its expanded SFI effort.

These security pillars are: protecting identities and secrets, safeguarding tenants and isolating production systems, protecting networks, protecting engineering systems, monitoring and detecting threats and accelerating response and remediation.

To protect identities and secrets, specific actions include safeguarding identity infrastructure and platform keys with rapid and automatic rotation with hardware storage and protection, strengthening identity standards and ensuring that identity and public key infrastructure—or PKI—systems are ready for a post-quantum cryptography world.

Under the updated initiative, Microsoft will also reportedly advance adherence to standards with “Paved Paths” systems, drive continuous improvement and implement a new security governance framework.

POC - 2024 Cyber Summit

Attend the Potomac Officers Club’s 2024 Cyber Summit on June 6 and hear cyber experts, government and industry leaders discuss the latest trends and the dynamic role of cyber in the public sector. Register here.

/
CFTC Committee Report Calls for Framework for Responsible Use of AI in Financial Industry
Published on
CFTC Committee Report Calls for Framework for Responsible Use of AI in Financial Industry

The public may lose faith in financial markets, services and products if guardrails are not put in place that would defend against vulnerabilities brought about by artificial intelligence, which has been used by the financial industry for over two decades, according to a recent report by the Technology Advisory Committee within the Commodity Futures Trading Commission.

The purpose of the report is to help the public understand how AI might impact financial markets, the CFTC said Thursday.

The TAC described AI as “a potentially valuable tool to improve automated processes governing core functions, and to improve efficiency” but warned that it could also be “less beneficial” and “more dangerous” if various risks are not addressed, like AI bias, a lack of transparency on how AI models work and the poisoning of AI training data.

One recommendation that the TAC offers to address these issues is the development by the CFTC of a framework for safe, trustworthy and responsible AI. The committee further notes that the responsible use of AI necessarily calls for the creation of a talent pipeline that would produce professionals well versed in the development and use of AI.

/
Gen. David Allvin on Creation of Integrated Capabilities Command as Part of Air Force’s Reoptimization Initiative
Published on
Gen. David Allvin on Creation of Integrated Capabilities Command as Part of Air Force’s Reoptimization Initiative

Air Force Chief of Staff Gen. David Allvin discussed the Department of the Air Force’s plan to reoptimize the U.S. Air Force and the U.S. Space Force for great power competition, particularly the establishment of Integrated Capabilities Command.

In February, senior department leaders unveiled the reoptimization initiative, which covers 24 proposed changes classified into four core areas: develop people; generate readiness; project power; and develop capabilities.

The Air Force said Friday ICC will combine disparate modernization initiatives across the service branch into a centralized structure and develop capabilities that are aligned with a single force design.

“ICC will ensure deliberate integration of mission systems and that the platforms we engineer and operate align with those systems,” said Allvin.

The general stressed the importance of integration of capabilities across the enterprise to meet current strategic challenges.

“We currently develop capabilities largely within our major commands, and as a result don’t build our Air Force in an integrated manner from the start,” Allvin said.

“Years ago, the direction to reduce the size of management headquarters staffing increasingly drove decision-making down to MAJCOMs who are not designed to have an enterprise perspective. That will not cut it in today’s strategic environment. We must eliminate the stovepipes and integrate across the enterprise to be one Air Force,” he added.

POC - 2024 Air Force Summit

Join the Potomac Officers Club’s 2024 Air Force Summit on July 23 to hear important updates on cutting-edge technology adoption, modernization initiatives and more. Register here.

/
Morgan Adamski Named Executive Director of USCYBERCOM
Published on
Morgan Adamski Named Executive Director of USCYBERCOM

Morgan Adamski, director of the Cybersecurity Collaboration Center at the National Security Agency, has been appointed executive director of U.S. Cyber Command.

She will assume her new position in June and help lead strategic initiatives to advance USCYBERCOM’s talent management, capabilities and partnerships, the command said Friday.

Adamski is joining USCYBERCOM following a nearly 15-year career at the NSA where she served as deputy for strategic mission management within the Cybersecurity Directorate and head of the offensive cyber mission.

In her current role, Adamski oversees collaborations with industry partners to transform approaches to cyber defense.

She previously worked in the Office of the Secretary of Defense for Cyber Policy where she helped author the Department of Defense’s 2018 Cyber Strategy and inaugural Cyber Posture Review.

Adamski is the recipient of the NSA Innovation Award in 2023, the NSA Director’s Award in 2020, the Meritorious Civilian Service Award in 2016 and the Director of National Intelligence Merit Unit Citation in 2019.

/
V2X Secures Army Bridge Contract for Continued National Training Center Support; Ken Shreves Quoted
Published on
V2X Secures Army Bridge Contract for Continued National Training Center Support; Ken Shreves Quoted

V2X was awarded a bridge contract with the U.S. Army to continue supporting training operations at the National Training Center for one more year, building on its five-year work under the NTC Services Contract.

The company said Monday it provides the Ft. Irwin, California-based center with advisory services, technical expertise and system operators in support of its trainings.

Under the bridge contract, V2X will perform audio-visual operations, leadership advisory services, Blue Force Tracker system management, secure LAN operations and analytical system operations, among other services.

“We are proud to be a trusted partner in delivering mission-critical support to the brigade combat teams cycling through the National Training Center,” said Ken Shreves, senior vice president of global mission solutions and chief service delivery and growth officer at V2X. “With our proven track record of providing high-consequence training support to the U.S. Army, V2X is uniquely positioned to prepare soldiers for global missions.”

Aileen Amirault, vice president and general manager of V2X Global Training Solutions, shared that the company has been supporting Army training centers for almost three decades.

“Our commitment extends globally, as evidenced by our work at the Joint Multinational Readiness Center in Germany, and our delivery of training support, maintenance and range operations services to U.S. Army Central Command in Kuwait,” she added.

/
Incorporation of AI Into Federal Acquisition Must Begin Now, New Mitre Paper Says
Published on
Incorporation of AI Into Federal Acquisition Must Begin Now, New Mitre Paper Says

The inevitability of artificial intelligence affecting all areas of federal acquisition must be accepted by leaders in contracting, according to a paper by Mitre titled “Enhancing Acquisition Outcomes through Leveraging of Artificial Intelligence.”

By embracing AI safely and responsibly, acquisition leaders can help the government purchase higher-quality capabilities at greater speed and lower cost, Mitre said in the paper, which was released Thursday.

To achieve these outcomes, Mitre offers several recommendations, like acquisition leaders looking for opportunities to implement AI in their processes while working to mitigate accompanying risks.

Other recommendations include the establishment of a holistic AI acquisition framework that, among other things, clearly defines AI system requirements, as well as parameters for their development, testing, deployment and maintenance; the promotion of AI transparency and accountability; and preparing the federal workforce to be AI-ready.

Efforts to make AI part of federal acquisitions must start now, in order for the U.S. to maintain its strategic advantage, Mitre said.

/
Military Veterans David Berger, Charles Richard Named Senior Fellows at Johns Hopkins APL
Published on
Military Veterans David Berger, Charles Richard Named Senior Fellows at Johns Hopkins APL

Former military leaders David Berger and Charles Richard were named senior fellows at Laurel, Maryland-based Johns Hopkins Applied Physics Laboratory.

The two veterans joined other national security and space experts who collaborate with APL technical professionals to provide U.S. military leaders and senior government officials with insights about technology and policy decisions, the not-for-profit division of Johns Hopkins University said Thursday.

Berger is a retired U.S. Marine Corps general who served as the 38th commandant of the service branch. During his over four decades of service, he led strategic operations for the Marines and commanded at every level. One of his most notable works is spearheading the Force Design 2030 initiative to transform USMC into a more agile, technologically advanced, and modernized force.

Richard, on the other hand, is a retired Navy admiral who served as the 11th commander of Strategic Command. He had oversight of global command and control of all U.S. forces responsible for strategic nuclear deterrence, global strike and the Global Information Grid. His other previous roles include commander of Submarine Forces in Norfolk, Virginia, and director of Undersea Warfare at the Department of Defense.

“During their storied careers, David Berger and Chas Richard strategically led large and complex defense organizations,” said APL Director Ralph Semmel. “Together with our other Senior Fellows, they will strengthen APL’s efforts to safeguard our nation and deliver game-changing innovations to our sponsors.”

/
NASA Selects 24 Projects to Advance Space Exploration Technologies
Published on
NASA Selects 24 Projects to Advance Space Exploration Technologies

NASA has selected 24 projects from 21 organizations to receive cooperative agreement notices for dual-use technology development to advance new technologies designed to support future exploration missions to the moon and Mars.

The selected projects include efforts to use lunar regolith for construction on the lunar surface and use smartphone video guidance sensors to navigate autonomous systems on the International Space Station, NASA said Thursday.

“Products from these cooperative agreements support the closure of identified technology gaps and enable the development of components and systems for NASA’s Moon to Mars architecture,” said Daniel O’Neil, manager of the Technology Development Dual-Use CAN Program.

The awardees will secure grants totaling nearly $1.5 million and receive assistance from space transportation and propulsion experts at NASA’s Marshall Space Flight Center in Alabama.

1 388 389 390 391 392 2,705