/
Bipartisan ARMOR Act Introduced to Streamline AUKUS Tech Transfer
Published on
Reps. Young, Zinke and Dean introduced ARMOR Act to strengthen AUKUS trilateral security partnership

Reps. Young Kim, R-Calif., Ryan Zinke, R-Mont., and Madeleine Dean, D-Pa., introduced the AUKUS Reform for Military Optimization and Review Act, or ARMOR, Act on June 27.

Kim, chairwoman of the House Foreign Affairs East Asia and Pacific Subcommittee, said Monday the bipartisan bill aims to optimize and reinforce the trilateral security partnership between Australia, United Kingdom and United States, or AUKUS. The proposed bill is intended to fast-track and strengthen the review processes for transfers, exports and activities involving advanced technologies and defense services.

What Is AUKUS?

Established in 2021, AUKUS is a trilateral security agreement uniting Australia, the UK and the U.S. to strengthen defense cooperation. The strategic alliance is structured around two key pillars. Pillar I is dedicated to assisting Australia in acquiring nuclear-powered submarines. Pillar II, the ARMOR Act’s primary concern, is focused on the joint development and sharing of advanced technologies to bolster military and defense technologies.

“The AUKUS trilateral security partnership protects our national security and projects shared strength. The ARMOR Act will improve and streamline the expedited review process for AUKUS activities involving advanced technologies and defense articles and services,” said Kim. 

“Expediting the sale of defense items and services to these close allies will strengthen our partnership and enhance America’s strength worldwide,” remarked Zinke, chairman of the Arms Sales Task Force.

“Since its creation in 2021, AUKUS has played a transformative role in allowing the United States to counter the rising threat China poses and shape a free and open Indo-Pacific for years to come,” stated Dean.

/
DOD Eases Environmental Reviews to Fast-Track Infrastructure Projects
Published on
The DOD has streamlined environmental reviews to fast-track military and public construction projects.

The Department of Defense has streamlined its National Environmental Policy Act, or NEPA, implementing processes as part of a government effort seeking to speed up and reduce the costs of environmental reviews to allow faster construction of public and military infrastructure.

Changes to NEPA Procedures

In a press release on Monday, the DOD said the changes to the NEPA implementing processes include expanding categorical exclusions for the department, setting deadlines for the completion of environmental reviews, simplifying the ability to adapt and update NEPA implementing procedures and using information from previous evaluations to fast-track new project reviews.

The changes to the implementing processes aim to generate momentum in the defense industrial base and to support President Donald Trump’s Executive Order, Unleashing American Energy. The executive order aims to make energy more affordable and available to Americans.

DOD’s Michael Duffey Shares Thoughts

Commenting on the streamlining of NEPA, Defense Under Secretary for Acquisition and Sustainment Michael Duffey said it was important for modernizing infrastructure and enhancing national security.

“By streamlining the environmental review process, we will deliver critical projects more efficiently, ensuring our military and defense industrial base have the facilities and resources needed to defend our nation,” he added.

/
SBA Administrator Kelly Loeffler Initiates Full-Scale Audit of 8(a) Business Development Program
Published on
SBA Administrator Kelly Loeffler ordered a full-scale audit of the 8(a) Business Development Program

The U.S. Small Business Administration has initiated a comprehensive audit of the 8(a) Business Development Program.

The SBA said Friday Kelly Loeffler, the agency’s administrator, called for the full-scale audit following revelations of a major fraud and bribery scheme involving a former U.S. Agency for International Development federal contracting officer and two participating 8(a) contractors.

Corruption in the 8(a) Business Development Program

The scheme was discovered after the Department of Justice conducted an investigation revealing that over $550 million in government contracts were improperly awarded by the former USAID contracting officer. The investigation also uncovered that one 8(a) contractor, flagged for lacking “honesty and integrity,” still managed to secure an additional $800 million in contracts to assess “issues affecting the root causes of irregular migration from Central America.”

SBA’s Office of General Contracting and Business Development, or GCBD, is tasked with conducting the audit while working closely with federal agencies that award contracts to 8(a) businesses. GCBD will start with high-value and limited-competition contracts covering the past 15 years. It will send its findings to the SBA Office of Inspector General and DOJ for enforcement. SBA intends to recover misused funds.

“Effective immediately, I am launching a full-scale audit of the program to stop bad actors from making the kind of backroom deals that have already cost taxpayers hundreds of millions of dollars,” said Loeffler.

///
Critical Infrastructure Operators Urged to Improve Cyber Defenses to Combat Potential Iran State-Sponsored Attacks
Published on
U.S. agencies warned against a potential increase in cyberattacks from Iranian cyber actors.

U.S. agencies have urged critical infrastructure asset owners and operators and at-risk organizations to enhance their defenses against potential cyberattacks from Iranian cyber actors, particularly those affiliated with the Iranian Islamic Revolutionary Guard Corps.

In a joint cybersecurity information sheet, or CSI, released Wednesday, the National Security Agency, the Cybersecurity and Infrastructure Security Agency, the FBI and the Department of Defense Cyber Crime Center said hacktivists and Iranian government-affiliated actors may target poorly secured U.S. devices and networks using outdated software and default or common passwords for disruptive cyberattacks. Iranian state-sponsored or affiliated threat actors are expected to launch more distributed denial of service campaigns and conduct ransomware attacks despite a declared ceasefire and ongoing negotiations, the authoring agencies added.

Why Is There Tension Between Iran and the USA?

U.S. President Donald Trump announced on June 23 that Israel and Iran agreed to a ceasefire, following U.S. airstrikes on Iranian nuclear facilities, CBS News reported. On the same day that the ceasefire was announced, Iran fired missiles at a U.S. base in Qatar in response to American strikes.

Recently, Trump indicated diplomatic talks with Iran could restart as early as this week; however, Iranian Foreign Minister Abbas Araghchi suggested that more time is needed, noting that Iran will have to ensure first that the United States will not perform similar attacks when the negotiations resume. 

Responding to Potential Cyberattacks

The CSI provides organizations with information about the cyber actors’ commonly used techniques and examples of their previous cyber campaigns. The organizations, particularly critical infrastructure asset owners and operators, are advised to review the guidance to assess their cybersecurity weaknesses and update incident response plans, and implement recommended mitigations to harden their cyber defenses against malicious actors.

//
DOD Acquisition Chief Outlines Approval Process for IT Consulting Contracts
Published on
DOD acquisition chief's memo requires DOD components to seek approval from DOGE before awarding IT consulting contracts

Michael Duffey, under secretary of defense for acquisition and sustainment, has issued a memorandum establishing a review and approval process for contracts or task orders for IT consulting, management services and advisory support.

The June 23 memo implements a directive that Pete Hegseth, secretary of the Department of Defense and a 2025 Wash100 awardee, issued in May. The DOD secretary’s memo directs DOD components to secure approval from the Department of Government Efficiency, or DOGE, before executing IT consulting and management services contracts or task orders.

Hegseth’s directive seeks to establish policies to leverage in-house capabilities to streamline operations and promote fiscal responsibility. It also complies with an executive order aimed at implementing the president’s DOGE cost-efficiency initiatives.

Data Capture Elements in Submissions for DOGE Contract Review Process

Effective immediately, DOD components must seek approval from DOGE by submitting supporting documents through go.mil/dogecontractreview before awarding unclassified contracts or task orders for IT consulting and managed support and advisory and assistance services, according to Duffey’s memo.

Submissions must include several data capture elements, including deliverables, total ceiling value and estimated initial obligation. Cost-benefit analysis, justification that contract work cannot be sourced within DOD or procured from a direct service provider and evidence of evaluation of alternatives should also be attached to the submission.

If DOGE does not respond within three business days, DOD components may presume approval and proceed with the acquisition process.

Contract Requirements Excluded From DOGE Review & Approval Process

The DOD acquisition chief’s memo excludes from the DOGE review and approval process contract requirements that are to be carried out by direct service providers and those in direct support of defense weapon system programs and associated sustainment activities.

The new policy does not cover advisory and assistance service contract requirements for system engineering and technical services in support of systems architecture, acquisition program management or sustainment services backing major defense acquisition programs.

An IT consulting and management service contract worth less than $10 million and an advisory support contract under $1 million are also excluded from the DOGE approval process.

“My staff will monitor compliance with this approval process by conducting intermittent reviews. Any awards identified as noncompliant will be subject to termination,” Duffey wrote in the memo.

//
Morgan Adamski Exits U.S. Cyber Command, Patrick Ware Named New Executive Director
Published on
Morgan Adamski has announced her departure from U.S. Cyber Command

Morgan Adamski announced on LinkedIn Friday that she is stepping down as executive director of the U.S. Cyber Command.

Patrick Ware, a senior executive at the National Security Agency, will succeed Adamski as the top civilian at the combatant command, reported Defense One.

“After 17 years of service at the National Security Agency, I’ve decided to turn the page to an exciting new chapter in my career. It has been an extraordinary journey contributing to the defense of our nation and advancing the cybersecurity mission across the U.S. government,” said Adamski in her LinkedIn post.

Adamski’s Career Highlights

Adamski is a seasoned executive with over 15 years of experience in the federal sector. She is renowned for her expertise in cybersecurity and a proven track record of developing teams and establishing strategic partnerships with organizations in the international and private sectors.

She has served as the highest-ranking civilian at the CYBERCOM since June 2024, leading the combatant command’s over 12,000 personnel. Before that, Adamski spent over 13 years at the NSA, most recently as the NSA Cybersecurity Collaboration Center director. She also served as operations manager for over 10 years. The executive started her federal service career in 2008 as a cyber threat analyst with the Defense Intelligence Agency.

Who Is Patrick Ware?

Ware is a seasoned NSA executive who has spent over three decades at the agency, contributing to critical offensive and defensive missions. In his new role, Ware will join the command’s leadership team and spearhead efforts to enhance CYBERCOM and subordinate commands’ key functions, including strategic communication, workforce management, partnerships, innovation and capability development.

//
GSA’s Josh Gruenbaum Asks Consulting Firms to Explain Federal Contracts in Plain Language
Published on
GSA FAS Commissioner Josh Gruenbaum is asking consulting firms to detail their existing contracts in plain language

The General Services Administration has asked leaders of McKinsey, BCG and four other consulting firms to justify their federal contracts and suggest ways to save costs, The Wall Street Journal reported Thursday.

“Our objective is to critically evaluate which engagements deliver genuine value,” Josh Gruenbaum, commissioner of GSA’s Federal Acquisition Service, wrote in a letter sent to firms Thursday. “In keeping with this Administration’s laser focus on fiscal responsibility, our baseline presumption is that most, if not all, of these contracted services are not core to agency missions.”

GSA's Josh Gruenbaum Asks Consulting Firms to Explain Federal Contracts in Plain Language

Discover new contract opportunities at Potomac Officers Club’s monthly GovCon networking events! The 2025 Air and Space Summit on July 31 will host an all-industry Golden Dome panel where representatives from RTX, L3Harris, Booz Allen and more will talk about how to position yourself for success with the multi-billion-dollar initiative.

According to people familiar with the initiative, GSA also sent letters to EY, Alvarez & Marsal, AlixPartners and FTI Consulting.

In the letter, Greenbaum, a 2025 Wash100 awardee, asked the consulting firms to explain their projects’ pricing structure and discuss their existing federal contracts in plain language. Responses to GSA’s request are due July 11.

GSA also requested that the firms transition to outcomes-based contracts, in which vendors are paid based on meeting certain results.

GSA Review of Consulting Contracts

GSA is overseeing an administration-wide review of spending on consultants and other contractors to determine which tasks can be carried out by federal personnel and which can be done by external consultants.

In his letter, Greenbaum wrote that the agency’s review of consulting contracts has led to $23.3 billion in savings in multiyear awards.

/
Air Force Modernizing B-2 Bombers to Meet Evolving Threats
Published on
The Air Force is modernizing B-2 Spirit components

The Air Force Life Cycle Management Center is modernizing the B-2A Spirit stealth bomber to ensure that the aircraft, which was designed in the late 1970s and early 1980s, can maintain readiness to defeat targets.

Lt. Col. Benjamin Elton, material leader for the B-2 Integrated Capabilities Branch at the Air Force, said the modernization includes upgrades in the avionics, sensors and communication systems to enhance payload capacity, versatility and capability to defeat emerging threats.

“The B-2 is a strategic asset that provides the U.S. military with unique capability to penetrate heavily defended airspace and deliver precision-guided munitions,” Elton shared.

For the latest updates on contracting opportunities with the U.S. Air Force, attend the Potomac Officers Club’s 2025 Air and Space Summit on July 31!

Why Modernize B-2 Spirit?

The B-2 flew for the first time in 1987, reached initial operational capacity in 1997 and fought in the Kosovo War in support of Operation Allied Force. More recently, the aircraft traveled from the Whiteman Air Force Base in Missouri to the Middle East to strike Iran’s nuclear sites.

Despite its age, Lt. Col. Robert Allen, materiel leader for the B-2 Advanced Programs Branch, insisted that the B-2 is not a legacy platform. He said it is an operational platform that will be one of the first to conduct a strike “if the flag goes up tomorrow.”

Air Force’s B-2 Fleet Updates

According to the Air Force, to maintain availability to respond to threats, the B-2 System Program Office, or B-2SPO, continuously upgrades the aircraft. Work is divided between two sites: Wright-Patterson AFB in Ohio and Tinker AFB in Oklahoma.

At Tinker AFB, about two to three upgrades are being performed at any given time.

“One of our programs contains over 300-plus software changes to its sustainment software,” revealed Amanda Sieler, deputy program manager for the B-2 Integrated Functional Capabilities Branch.

The upgrades, Allen added, are also improving the transmission time of voice communications and data. The Air Force is also delivering new capabilities that improve the aircraft’s low observable materials, minimizing its radar cross-section signature while enhancing situational awareness.

“We are ensuring the aircraft’s systems sensors are functioning optimally to engage our targets effectively and accurately,” added Col. Francis Marino, program manager for the B-2 system at the Air Force. “We are maintaining readiness by reducing downtime and increasing aircraft availability to rapidly respond to threats and we are prepared to deliver unwavering support to the warfighter through our modernization upgrades to the aircraft.

//
NIST Publishes New Guideline on Securing APIs for Enterprise IT Systems
Published on
The NIST has released "Guidelines for API Protection for Cloud-Native Systems"

The National Institute of Standards and Technology has published a new special publication, titled “Guidelines for API Protection for Cloud-Native Systems.”

SP 800-228, authored by NIST’s Ramaswamy Chandramouli and Tetrate principal engineer Zack Butcher, provides guidelines on how to safeguard application programming interfaces, or APIs, to ensure the overall security of cloud-native enterprise IT systems.

Securing Enterprise IT Systems

The publication outlines a systematic approach to identifying and analyzing potential vulnerabilities during API development and deployment. It suggests using basic and advanced controls and other measures designed to protect APIs during their lifecycle. Finally, the document emphasizes the need for security practitioners to evaluate the pros and cons of different control implementation patterns so they can implement API security approaches based on a risk-based strategy.

What Are Application Programming Interfaces?

An API is a set of rules and protocols that enable communication between software applications. Modern enterprise IT infrastructures depend on APIs to integrate and streamline business operations.

//
GAO Recommends Full Implementation of Risk Management Processes at NASA
Published on
GAO evaluates NASA's cybersecurity risk management program implementation.

A recent report from the Government Accountability Office reveals that NASA completed some cybersecurity tasks for its major projects, but did not fully execute key elements of its cybersecurity risk management program

The report, released on Wednesday, is based on GAO’s evaluation of NASA’s cybersecurity policies and risk management processes for four selected systems. According to the government watchdog, the space agency has yet to conduct an organization-wide risk assessment, a vital step for identifying and mitigating high-priority cyber threats across its systems.

GAO also found that selected NASA systems did not document system-level continuous monitoring strategies due to the lack of guidance on how to do so. “Without documented strategies that are fully understood by key cyber personnel, organizations face increased risks of data breaches, delayed detection of threats, and slower responses to attacks,” the report said. 

The space agency’s cybersecurity risk management program follows guidelines from the National Institute of Standards and Technology, which outlines seven key steps for risk management: prepare, categorize systems, select controls, implement controls, assess control implementation, authorize systems, and continuously monitor security controls. The report found that while NASA had partially or fully implemented most steps, important activities within these steps remained incomplete.

NASA to Invest $80B in Space Exploration Projects

GAO said a comprehensive cybersecurity risk management program is critical to protecting NASA’s systems and information, particularly as the agency plans to invest $80 billion in developing spacecraft and systems for exploring the Earth, the moon and the solar system.

GAO issued 16 recommendations for NASA to address cybersecurity weaknesses. Among the key recommendations are conducting an organization-wide risk assessment, improving the documentation of control assessments, and ensuring that critical controls are properly applied and monitored.

NASA concurred with seven recommendations, partially concurred with four recommendations, and did not concur with the remaining five recommendations.

1 43 44 45 46 47 2,617