/
NSA Releases Best Practices for Software Bills of Materials Risk Management; Rob Joyce Quoted
Published on
NSA Releases Best Practices for Software Bills of Materials Risk Management; Rob Joyce Quoted

The National Security Agency has released recommendations and best practices for utilizing software bills of materials, or SBOM, to mitigate risks associated with the U.S. software supply chain.

The new document suggests that network owners and operators examine and manage risk before acquiring software, analyze vulnerabilities after deploying new software and implement incident management to detect and respond to vulnerabilities, the NSA said on Thursday.

“Network owners and operators we work with count on NSA to advise them on shoring up their defenses. These guidelines provide the information they need to select the appropriate tools to reduce an organization’s overall risk exposure,” said two-time Wash100 Award winner Rob Joyce, who serves as cybersecurity director at NSA and deputy national manager for the National Security System (NSS).

Recommendations in the document were derived from research and evaluation of various SBOM management tools through a collaborative effort by the Office of the National Manager for NSS and other NSA units. These guidelines are designed to help users incorporate SBOM management functions that align with a Cybersecurity Supply Chain Risk Management strategy.

Forcepoint-Microsoft Team to Develop New Cloud Offerings for Defense & Intelligence Customers; Sean Berg, Zach Kramer Quoted
Published on
Forcepoint-Microsoft Team to Develop New Cloud Offerings for Defense & Intelligence Customers; Sean Berg, Zach Kramer Quoted

Forcepoint‘s Global Governments and Critical Infrastructure (G2CI) arm has teamed with Microsoft to incorporate the former’s cross-domain technologies into the latter’s Azure cloud service portfolio.

Under the partnership, the two companies will collaborate to develop new cloud offerings for defense and intelligence clients, Forcepoint announced from its Austin, Texas headquarters on Tuesday.

“By partnering with Microsoft, our combined innovation and industry expertise will realize expanded capabilities from cloud to tactical edge,” said Forcepoint G2CI CEO Sean Berg.

The enterprise, he said, is “committed to supporting the missions of our customers who must maintain decision dominance in a world of increasing nation-state and non-nation-state driven attacks.”

Tools developed through the partnership will provide users across the full chain of command with the ability to access information at the speed and scale necessary to execute their missions.

Zach Kramer, vice president of mission engineering at Microsoft, said the agreement will allow the company to continue to develop its cloud products and provide customers with accredited, secure collaboration capabilities.

“When the power of Microsoft Azure is combined with Forcepoint G2CI’s defense-grade cybersecurity solutions, we enable improved security and a real-time experience for our government users and coalition partners worldwide,” he added.

Lt. Gen. Michael Guetlein on SSC’s Technology Priorities to Deter Future Threats
Published on
Lt. Gen. Michael Guetlein on SSC’s Technology Priorities to Deter Future Threats

Lt. Gen. Michael Guetlein, commander of Space Systems Command, said artificial intelligence integration, network modernization, space systems cybersecurity and dynamic space operations are key priorities for the Space Force as it gears up for future great power competition, Breaking Defense reported Thursday.

Guetlein, who has been nominated as the next vice chief of the U.S. Space Force, highlighted the need to improve the service’s various computer networks “because the networks we have today, both admin and warfighting, are not going to be what we need going into a near-peer conflict.”

To achieve this, Guetlein said during the Space Force Association’s inaugural Spacepower conference that SSC is focused on exploiting existing data, including missile warning and tracking data from the Space Force’s Overhead Persistent Infrared multi-layered constellation of satellites.

For AI applications, SSC is working with industry partners to incorporate AI into “every system that we’re building now,” Guetlein said.

Lt. Gen. Michael Guetlein on SSC's Technology Priorities to Deter Future Threats

Guetlein is set to speak at the Potomac Officers Club’s 2024 Space Summit on March 5. Join the event to hear from space experts, government leaders and industry executives about the new technologies and investments that are shaping the future of U.S. space operations.

Johns Hopkins APL, CU Boulder Expand National Security Research Partnership
Published on
Johns Hopkins APL, CU Boulder Expand National Security Research Partnership

The Johns Hopkins Applied Physics Laboratory and the University of Colorado Boulder have expanded their partnership on technology research and development to address critical national security needs.

Under the partnership, APL will engage with researchers at CU Boulder’s Center for National Security Initiatives on research efforts in areas such as hypersonics and propulsion, space technologies, autonomy and climate and environment, APL said Wednesday.

APL’s Air and Missile Defense Sector, or AMDS, and the Space Exploration Sector will lead the laboratory’s work in the new research partnership.

“This agreement raises our collaborative potential to the next level, and comes at a time where our contributions are more critical than ever to national security,” said Dave Van Wie, head of AMDS.

APL and CU Boulder previously collaborated on an independent research and development project to predict the wear and damage of thermal protection systems used on spacecraft and hypersonic vehicles.

POC - 10th Annual Defense R&D Summit

The Potomac Officers Club will host the 10th Annual Defense R&D Summit on Jan. 31 to discuss the latest developments in the defense technology sector. Register here and save a seat at the highly anticipated event!

/
NCCoE Invites Public Comment on Draft Guide for Identifying, Recovering Confidential Data
Published on
NCCoE Invites Public Comment on Draft Guide for Identifying, Recovering Confidential Data

The National Institute of Standards and Technology’s cybersecurity center is requesting public feedback on two draft guidelines for identifying, preventing and recovering from confidential data breaches.

NIST announced that its National Cybersecurity Center of Excellence, also known as NCCoE, released volumes A to C of the special publications and will accept comments until Jan. 15, 2024.

The practice guides, which were developed by the NCCoE Data Security Project Team with the private sector, involves the integration of multiple systems from logging to network protection, data management, policy enforcement and browser isolation.

They were designed for chief information security officers and other business decision makers, as well as security and privacy program managers and IT professionals.

In line with the guide’s development, the following companies signed a cooperative research and development agreement:

  • Avrio Software (now known as Aerstone)
  • Dispel
  • FireEye
  • PKWARE
  • Qcor
  • StrongKey
  • Symantec
/
IRS to Have Single Deputy Commissioner, 4 Chief Roles Under New Leadership Structure
Published on
IRS to Have Single Deputy Commissioner, 4 Chief Roles Under New Leadership Structure

The Internal Revenue Service plans to implement a new leadership structure in early 2024 as part of efforts to further drive transformation work and update the organizational structure that has been in place since 2000.

Under the new structure, IRS said Wednesday it will have a single deputy commissioner and four new chief positions that will be responsible for taxpayer service, information technology, tax compliance and operations.

Doug O’Donnell, who currently serves as deputy commissioner for services and enforcement, will serve as deputy IRS commissioner.

O’Donnell has been with the IRS since 1986 and held leadership roles, including acting IRS commissioner and commissioner of the IRS large business and international division.

Ken Corbin, wage and investment commissioner at IRS, will serve as chief of taxpayer service responsible for toll-free operations, tax return processing centers, taxpayer correspondence and publication development.

Heather Maloy, the agency’s chief of staff, will transition to the role of chief taxpayer compliance officer and will oversee the Small Business/Self Employed division, IRS Criminal Investigation and the Tax Exempt and Government Entities division, among other offices.

Rajiv Uppal, director of the Office of Information Technology and Chief Information Officer for the Centers for Medicare and Medicaid Services, will serve as chief information officer.

Melanie Krause, who is chief data and analytics officer at IRS, will assume the role of chief operating officer at the agency and will be responsible for several offices, including the Chief Financial Office, Human Capital Office and Procurement.

“With transformation work continuing to accelerate at the IRS, this is the right time to make these organizational adjustments that will support the agency’s improvements for taxpayers and provide the flexibility needed to add efficiency and expand collaboration across the agency,” IRS Commissioner Danny Werfel said.

/
HHS Finalizes HTI-1 Rule to Advance Health IT Interoperability
Published on
HHS Finalizes HTI-1 Rule to Advance Health IT Interoperability

The Department of Health and Human Services’ Office of the National Coordinator for Health Information Technology has finalized a rule to advance interoperability among health information technology systems and boost transparency in artificial intelligence and predictive algorithms.

HHS said Wednesday the HTI-1 rule establishes transparency requirements for AI algorithms used in certified health IT systems and revises specific information-blocking definitions and exceptions for information sharing.

Beginning in January 2026, the U.S. Core Data for Interoperability Version 3 will be the new baseline standard within the ONC Health IT Certification Program, according to the final rule.

The rule also requires that certified health IT developers report adopt a Condition of Certification to report certain metrics as part of their participation in the program.

/
OSC Director Richard DalBello Talks Traffic Coordination System for Space at Senate Hearing
Published on
OSC Director Richard DalBello Talks Traffic Coordination System for Space at Senate Hearing

Richard DalBello, director of the Office of Space Commerce at the National Oceanic and Atmospheric Administration, said OSC has made efforts to develop and implement the Traffic Coordination System for Space, or TraCSS, a civil space situational awareness and space traffic coordination — dubbed SSA and STC, respectively — platform.

DalBello told Senate lawmakers during a subcommittee hearing on Wednesday that TraCSS will serve as a modern information technology system designed to provide satellite tracking data and related services to support civil and commercial space satellite operators and owners.

At the hearing, he said his office is taking a phased development approach for TraCSS to develop capabilities and facilitate the transition of STC and SSA responsibilities from the Department of Defense to the Department of Commerce.

“TraCSS will ingest unclassified data from DOD and integrate commercial SSA data and services. Over time and with each phase, more commercial data and commercial SSA services will be integrated as core capabilities,” DalBello stated.

“This public-private collaboration will continue to evolve through ongoing research, integration, and testing to advance capabilities for civil SSA and STC. These combined efforts are improving SSA data interoperability and increasing SSA data sharing, and coordination across the U.S. Government is ensuring that there is no disruption in basic SSA safety services,” he added.

The OSC director said the Biden administration’s legislative proposal would provide DOC with authorities to implement the public-private approach of the TraCSS program.

In October, NOAA started soliciting information from potential industry sources that could provide a user interface for TraCSS.

POC - 2024 Space Summit

Hear government leaders, space experts and industry executives discuss the latest space technologies, commercial investments and urgent issues facing the space domain at the Potomac Officers Club’s 2024 Space Summit on March 5. Register here.

/
New Cybersecurity Advisory Warns of Russian Exploitation of JetBrains Software Vulnerability; Rob Joyce Quoted
Published on
New Cybersecurity Advisory Warns of Russian Exploitation of JetBrains Software Vulnerability; Rob Joyce Quoted

Multiple agencies led by the U.S. National Security Agency and FBI issued a cybersecurity warning against Russian cyber actors that exploit the vulnerability in JetBrains’ TeamCity continuous integration and build management server.

The cybersecurity advisory refers to CVE-2023-42793, which could allow hackers to breach access to source code and perform malicious supply chain operations, NSA said Wednesday.

The Russian Foreign Intelligence Service, or SVR, reportedly employ cyber actors including the Dukes, Advanced Persistent Threat 29, CozyBear and NOBELIUM/Midnight Blizzard. Since September 2023, they have been attacking TeamCity enterprise users that deal with bill payments, customer care, medical devices, manufacturers and IT companies.

The agencies recommend threat mitigation measures such as implementing patches from TeamCity, auditing log files and adding multifactor authentication.

“Russian cyber actors continue taking advantage of known vulnerabilities for intelligence collection,” said Rob Joyce, director of NSA’s Cybersecurity Directorate. “It is critical to ensure systems are patched quickly, and to implement the mitigations and use the IOCs listed in this report to hunt for adversary persistent access,” added Joyce, a Wash100 awardee.

/
Cloud Security Alliance, Partners Launch AI Safety Initiative
Published on
Cloud Security Alliance, Partners Launch AI Safety Initiative

The Cloud Security Alliance has formed a working group comprising the Cybersecurity and Infrastructure Security Agency and a selection of technology companies to develop best practices for developing trustworthy generative artificial intelligence models.

CSA said Tuesday the AI Safety Initiative was launched in partnership with Amazon, Anthropic, Google, Microsoft and OpenAI to create and share reliable, freely available guidelines for AI safety and security.

The initiative has four core groups, namely the AI Technology and Risk Working Group, the AI Governance & Compliance Working Group, the AI Controls Working Group, and the AI Organizational Responsibilities Working Group.

“Through collaborative partnerships like this, we can collectively reduce the risk of these technologies being misused by taking the steps necessary to educate and instill best practices when managing the full lifecycle of AI capabilities, ensuring—most importantly—that they are designed, developed, and deployed to be safe and secure,” said Jen Easterly, director of CISA and a 2023 Wash100 awardee.

POC - 5th Annual Artificial Intelligence Summit

Join the Potomac Officers Club’s 5th Annual Artificial Intelligence Summit on March 21 to hear more about cutting edge AI innovations from government and industry experts. Click here to register.

1 404 405 406 407 408 2,621