/
NCCoE Invites Public Comment on Draft Guide for Identifying, Recovering Confidential Data
Published on
NCCoE Invites Public Comment on Draft Guide for Identifying, Recovering Confidential Data

The National Institute of Standards and Technology’s cybersecurity center is requesting public feedback on two draft guidelines for identifying, preventing and recovering from confidential data breaches.

NIST announced that its National Cybersecurity Center of Excellence, also known as NCCoE, released volumes A to C of the special publications and will accept comments until Jan. 15, 2024.

The practice guides, which were developed by the NCCoE Data Security Project Team with the private sector, involves the integration of multiple systems from logging to network protection, data management, policy enforcement and browser isolation.

They were designed for chief information security officers and other business decision makers, as well as security and privacy program managers and IT professionals.

In line with the guide’s development, the following companies signed a cooperative research and development agreement:

  • Avrio Software (now known as Aerstone)
  • Dispel
  • FireEye
  • PKWARE
  • Qcor
  • StrongKey
  • Symantec
/
IRS to Have Single Deputy Commissioner, 4 Chief Roles Under New Leadership Structure
Published on
IRS to Have Single Deputy Commissioner, 4 Chief Roles Under New Leadership Structure

The Internal Revenue Service plans to implement a new leadership structure in early 2024 as part of efforts to further drive transformation work and update the organizational structure that has been in place since 2000.

Under the new structure, IRS said Wednesday it will have a single deputy commissioner and four new chief positions that will be responsible for taxpayer service, information technology, tax compliance and operations.

Doug O’Donnell, who currently serves as deputy commissioner for services and enforcement, will serve as deputy IRS commissioner.

O’Donnell has been with the IRS since 1986 and held leadership roles, including acting IRS commissioner and commissioner of the IRS large business and international division.

Ken Corbin, wage and investment commissioner at IRS, will serve as chief of taxpayer service responsible for toll-free operations, tax return processing centers, taxpayer correspondence and publication development.

Heather Maloy, the agency’s chief of staff, will transition to the role of chief taxpayer compliance officer and will oversee the Small Business/Self Employed division, IRS Criminal Investigation and the Tax Exempt and Government Entities division, among other offices.

Rajiv Uppal, director of the Office of Information Technology and Chief Information Officer for the Centers for Medicare and Medicaid Services, will serve as chief information officer.

Melanie Krause, who is chief data and analytics officer at IRS, will assume the role of chief operating officer at the agency and will be responsible for several offices, including the Chief Financial Office, Human Capital Office and Procurement.

“With transformation work continuing to accelerate at the IRS, this is the right time to make these organizational adjustments that will support the agency’s improvements for taxpayers and provide the flexibility needed to add efficiency and expand collaboration across the agency,” IRS Commissioner Danny Werfel said.

/
HHS Finalizes HTI-1 Rule to Advance Health IT Interoperability
Published on
HHS Finalizes HTI-1 Rule to Advance Health IT Interoperability

The Department of Health and Human Services’ Office of the National Coordinator for Health Information Technology has finalized a rule to advance interoperability among health information technology systems and boost transparency in artificial intelligence and predictive algorithms.

HHS said Wednesday the HTI-1 rule establishes transparency requirements for AI algorithms used in certified health IT systems and revises specific information-blocking definitions and exceptions for information sharing.

Beginning in January 2026, the U.S. Core Data for Interoperability Version 3 will be the new baseline standard within the ONC Health IT Certification Program, according to the final rule.

The rule also requires that certified health IT developers report adopt a Condition of Certification to report certain metrics as part of their participation in the program.

/
OSC Director Richard DalBello Talks Traffic Coordination System for Space at Senate Hearing
Published on
OSC Director Richard DalBello Talks Traffic Coordination System for Space at Senate Hearing

Richard DalBello, director of the Office of Space Commerce at the National Oceanic and Atmospheric Administration, said OSC has made efforts to develop and implement the Traffic Coordination System for Space, or TraCSS, a civil space situational awareness and space traffic coordination — dubbed SSA and STC, respectively — platform.

DalBello told Senate lawmakers during a subcommittee hearing on Wednesday that TraCSS will serve as a modern information technology system designed to provide satellite tracking data and related services to support civil and commercial space satellite operators and owners.

At the hearing, he said his office is taking a phased development approach for TraCSS to develop capabilities and facilitate the transition of STC and SSA responsibilities from the Department of Defense to the Department of Commerce.

“TraCSS will ingest unclassified data from DOD and integrate commercial SSA data and services. Over time and with each phase, more commercial data and commercial SSA services will be integrated as core capabilities,” DalBello stated.

“This public-private collaboration will continue to evolve through ongoing research, integration, and testing to advance capabilities for civil SSA and STC. These combined efforts are improving SSA data interoperability and increasing SSA data sharing, and coordination across the U.S. Government is ensuring that there is no disruption in basic SSA safety services,” he added.

The OSC director said the Biden administration’s legislative proposal would provide DOC with authorities to implement the public-private approach of the TraCSS program.

In October, NOAA started soliciting information from potential industry sources that could provide a user interface for TraCSS.

POC - 2024 Space Summit

Hear government leaders, space experts and industry executives discuss the latest space technologies, commercial investments and urgent issues facing the space domain at the Potomac Officers Club’s 2024 Space Summit on March 5. Register here.

/
New Cybersecurity Advisory Warns of Russian Exploitation of JetBrains Software Vulnerability; Rob Joyce Quoted
Published on
New Cybersecurity Advisory Warns of Russian Exploitation of JetBrains Software Vulnerability; Rob Joyce Quoted

Multiple agencies led by the U.S. National Security Agency and FBI issued a cybersecurity warning against Russian cyber actors that exploit the vulnerability in JetBrains’ TeamCity continuous integration and build management server.

The cybersecurity advisory refers to CVE-2023-42793, which could allow hackers to breach access to source code and perform malicious supply chain operations, NSA said Wednesday.

The Russian Foreign Intelligence Service, or SVR, reportedly employ cyber actors including the Dukes, Advanced Persistent Threat 29, CozyBear and NOBELIUM/Midnight Blizzard. Since September 2023, they have been attacking TeamCity enterprise users that deal with bill payments, customer care, medical devices, manufacturers and IT companies.

The agencies recommend threat mitigation measures such as implementing patches from TeamCity, auditing log files and adding multifactor authentication.

“Russian cyber actors continue taking advantage of known vulnerabilities for intelligence collection,” said Rob Joyce, director of NSA’s Cybersecurity Directorate. “It is critical to ensure systems are patched quickly, and to implement the mitigations and use the IOCs listed in this report to hunt for adversary persistent access,” added Joyce, a Wash100 awardee.

/
Cloud Security Alliance, Partners Launch AI Safety Initiative
Published on
Cloud Security Alliance, Partners Launch AI Safety Initiative

The Cloud Security Alliance has formed a working group comprising the Cybersecurity and Infrastructure Security Agency and a selection of technology companies to develop best practices for developing trustworthy generative artificial intelligence models.

CSA said Tuesday the AI Safety Initiative was launched in partnership with Amazon, Anthropic, Google, Microsoft and OpenAI to create and share reliable, freely available guidelines for AI safety and security.

The initiative has four core groups, namely the AI Technology and Risk Working Group, the AI Governance & Compliance Working Group, the AI Controls Working Group, and the AI Organizational Responsibilities Working Group.

“Through collaborative partnerships like this, we can collectively reduce the risk of these technologies being misused by taking the steps necessary to educate and instill best practices when managing the full lifecycle of AI capabilities, ensuring—most importantly—that they are designed, developed, and deployed to be safe and secure,” said Jen Easterly, director of CISA and a 2023 Wash100 awardee.

POC - 5th Annual Artificial Intelligence Summit

Join the Potomac Officers Club’s 5th Annual Artificial Intelligence Summit on March 21 to hear more about cutting edge AI innovations from government and industry experts. Click here to register.

/
New Air Force Directorate to Oversee ‘Monumental’ Effort to Deploy Minuteman III Successor
Published on
New Air Force Directorate to Oversee ‘Monumental’ Effort to Deploy Minuteman III Successor

The Air Force Global Strike Command has established the Intercontinental Ballistic Missile Modernization Directorate, which will work to oversee the retirement of the LGM-30G Minuteman III ICBM and the deployment of the LGM-35A Sentinel.

AFGSC said Wednesday that the new directorate, also known as AFGSC/A10, will be led by Brig. Gen. Colin Connor, formerly the deputy director for nuclear and homeland defense operations at the Joint Staff.

Commenting on Connor’s appointment, AFGSC commander Gen. Thomas Bussiere said, “I have absolute confidence that he and the entire A10 team will prepare the command for one of the most critical upgrades to our nation’s deterrence capabilities in history.”

The ICBM overhaul will involve the replacement of all the components of the previous weapon system, with work taking place across multiple states over the next two decades.

Connor described the project as “a monumental one for the United States.”

“I am honored to be part of the team that shapes the ICBM enterprise for the future nuclear community,” he added.

//
John Sherman: DOD Could Make Initial Moves on Follow-On JWCC Cloud Contract in 2024
Published on
John Sherman: DOD Could Make Initial Moves on Follow-On JWCC Cloud Contract in 2024

John Sherman, chief information officer of the Department of Defense and a two-time Wash100 awardee, said the DOD is considering plans to begin work on the second iteration of the Joint Warfighting Cloud Capability contract vehicle, Breaking Defense reported Wednesday.

“We are, in calendar year of 2024, going to start looking at the follow-on contract for JWCC,” Sherman said at a conference on Wednesday.

“When we announced JWCC, it’s a three-year base with two option years, and we’re already into the one-year base of this. And we’ve said all along, in ‘24, that timeframe, we’re going to start looking at what comes next,” he added.

The CIO noted that the DOD has not yet set a timeline for the release of request for information for JWCC 2.0 but was committed to adopting a multicloud, multi-vendor approach.

Amazon Web Services, Google, Microsoft and Oracle won positions on the JWCC contract in December 2022.

According to Sherman, the Pentagon has awarded nearly 40 task orders valued at approximately $270 million across top secret, unclassified and secret classifications.

John Giamatteo Named BlackBerry CEO
Published on
John Giamatteo Named BlackBerry CEO

John Giamatteo, formerly president of BlackBerry’s cybersecurity business unit, has been elevated to chief executive officer of the company.

In his new role, Giamatteo succeeds Dick Lynch, who served as interim CEO since Nov. 4 and will now serve as Board chair, BlackBerry announced Monday. Giamatteo will also serve as a member of BlackBerry’s Board of Directors.

Giamatteo’s appointment aligns with BlackBerry’s strategic reorganization efforts, through which the company’s Internet of Things and cybersecurity businesses will operate as separate business units.

“I am honored and excited to lead the next phase of BlackBerry’s evolution as its CEO,” said Giamatteo. “BlackBerry’s IoT and Cybersecurity businesses have market-leading technology, exceptional teams and large market opportunities. The Board and I are fully aligned on the next steps needed to unlock the value within BlackBerry, and work on this effort will proceed at full speed.”

In his previous role, Giamatteo was responsible for enhancing the company’s product portfolio and go-to-market strategy. Prior to joining BlackBerry, he served as president and chief revenue officer at McAfee.

“We are delighted to appoint John to the role of CEO for what will be a transformative period in BlackBerry’s history, as we work to fully separate our two core business units to drive enhanced shareholder value,” commented Mike Daniels, chair of the BlackBerry Board’s Compensation, Nomination and Governance Committee.

Daniels added that with Giamatteo’s “deep industry experience” and strong track record of success, the new CEO is well positioned to lead BlackBerry in this period of “critical transformation” for the company.

/
TEFCA Network Now Ready for Secure Health Data Exchange
Published on
TEFCA Network Now Ready for Secure Health Data Exchange

A nationwide health data exchange network governed by the Trusted Exchange Framework and Common Agreement, or TEFCA, is now operational and ready to conduct secure sharing of electronic health information among eligible members.

Epic Nexus, eHealth Exchange, Health Gorilla, KONZA and MedAllies have been designated Qualified Health Information Networks, or QHINs, tasked with supporting patient data exchange under the TEFCA policies and technical requirements, the Department of Health and Human Services said Tuesday.

The QHINs will provide shared services and governance to forward messages, queries and responses across networks securely for eligible participants.

“Designating these first QHINs is just the beginning,” said Mariann Yeager, CEO of The Sequoia Project. “Now, we hope to see the rapid expansion of TEFCA exchange as these pioneering networks roll-out the benefits of TEFCA to their customers and members, while additional QHINs continue to onboard.”

The Sequoia Project serves as the recognized coordinating entity for TEFCA under a contract with the Office of the National Coordinator for Health Information Technology, supporting the data exchange framework’s development and implementation in compliance with the 21st Century Cures Act.

1 408 409 410 411 412 2,624