/
CISA Confirms Russian Cyberattack on MOVEit App Affected US Government Agencies
Published on
CISA Confirms Russian Cyberattack on MOVEit App Affected US Government Agencies

The Cybersecurity and Infrastructure Security Agency warned that the Russian CL0P Ransomware Gang has attacked several U.S. federal agencies that use the managed transfer file application MOVEit, CNN reported Thursday.

The global hacking spree, which also affected hundreds of non-government entities in the U.S., was announced a week after CISA and the FBI issued a cybersecurity advisory about the Russian cybercriminal group.

The Department of Energy’s Oak Ridge Associated Universities, Johns Hopkins University and the University System of Georgia were among the institutions that admitted to being victims of the cyberattacks.

CISA officials told CNN that the attacks have not harmed federal agencies’ operations, and that they are providing assistance to those organizations.

Jen Easterly, CISA director and Wash100 awardee, noted that the CL0P Ransomware Gang was “largely opportunistic” in using MOVEit’s vulnerability to penetrate networks, but assured that the breaches have not made “significant impacts” on the victims.

“We are working urgently to understand impacts and ensure timely remediation,” said Eric Goldstein, CISA’s executive assistant director for cybersecurity.

Progress Software, maker of MOVEit, stated that it has “communicated with customers on the steps they need to take to further secure their environments.” The company added that it suspended the MOVEit Cloud while it works to resolve the issue.

/
DARPA Advances New Tools to Reduce Vulnerabilities in File Formats
Published on
DARPA Advances New Tools to Reduce Vulnerabilities in File Formats

Researchers with the Safe Documents program at the Defense Advanced Research Projects Agency have developed new tools and methods designed to mitigate cyber vulnerabilities in file formats.

The SafeDocs program was launched in 2018 with a goal of improving the security of electronic communications used in government and military operations, DARPA said Wednesday.

“Attackers abuse excessive complexity and ambiguity of document format rules to sneak in malicious payloads past the scanners,” said Sergey Bratus, SafeDocs program manager at DARPA’s information innovation office.

“SafeDocs’ formal methods approach helps uncover and eliminate the dark corners where the attackers love to hide. Resulting technologies make trusting incoming data via documents viable for many industries, including those dealing with critical infrastructure,” added Bratus.

The SafeDocs tools and methods are designed to address the complexity and ambiguity of modern file formats like the Portable Document Format by defining machine-readable descriptions of data formats.

Program researchers also developed automated software construction kits to create secure scanners using the simplified format subsets, a process which Bratus said addresses the root cause of vulnerabilities in scanners.

“Acting on an unchecked assumption is the recipe for code vulnerability,” said Bratus. “SafeDocs helps the programmer avoid implementation errors due to misunderstanding or accidental omission by generating the code automatically.”

/
Joint NSA & CISA Cybersecurity Info Sheet Urges Fortification of Baseboard Management Controllers
Published on
Joint NSA & CISA Cybersecurity Info Sheet Urges Fortification of Baseboard Management Controllers

The National Security Agency and the Cybersecurity and Infrastructure Security Agency have collaborated to urge organizations to protect baseboard management controllers in their server-class computers.

NSA and CISA on Wednesday issued a joint cybersecurity information sheet, which warns that cyber actors can exploit the remote management functionality of BMCs to disrupt a network infrastructure, disable servers’ security and manipulate stored data.

BMC firmware executes outside a server’s operating system and continues to function even if the server is shut down. BMC enables system administrators to remotely perform network configuration and management.

Malicious actors have found ways to abuse the capabilities of these controllers. According to the agencies, cybercriminals can deactivate trusted platform modules, Unified Extensible Firmware Interface Secure Boot and other cyber defense mechanisms.

The security agencies recommend that organizations harden their BMCs by changing default credentials upon the discovery of a threat, and keeping that information away from internet connection. They should also use strong passwords, enforce virtual local area network separation and regularly perform update checks.

State Department Clears Additional Excalibur Projectile Sale to Spain
Published on
State Department Clears Additional Excalibur Projectile Sale to Spain

The State Department has approved Spain’s request to procure more M982A1 Excalibur tactical projectiles and related equipment from the U.S. government under a potential $48.2 million foreign military sale deal.

Raytheon Technologies‘ missiles and defense business will be the principal contractor on the proposed sale, the Defense Security Cooperation Agency said Wednesday.

The Spanish government wants to buy 153 Excaliburs following the implementation of a $21.87 million initial FMS case for 118 tactical projectiles.

Other items in the follow-on request include portable electronic fire control and modular artillery charge systems, a platform integration kit and simple key loaders.

DSCA does not expect the possible deal to have an adverse impact on defense readiness efforts in the U.S.

Raytheon and BAE Systems‘ Bofor subsidiary co-developed the Excalibur munition.

/
AIA Issues Global Supply Chain Agenda, White Paper on Critical Minerals; Eric Fanning Quoted
Published on
AIA Issues Global Supply Chain Agenda, White Paper on Critical Minerals; Eric Fanning Quoted

The Aerospace Industries Association has released two documents outlining its recommendations to ensure a resilient and secure global supply chain and promote investments in critical mineral supply chains.

AIA said Wednesday its global supply chain agenda takes a comprehensive approach to address vulnerabilities and building up domestic production and offers several recommendations.

These include expanding the U.S. government workforce’s understanding of the unique supply chain challenges facing the aerospace and defense industry, encouraging U.S. government reviews of compliance and regulatory burdens in consultation with industry and enabling U.S. investment in allied and partner industrial base capacity.

The AIA white paper lists at least 12 critical minerals that are important to the defense and aerospace industry and offers recommendations to secure the country’s critical mineral supply chain.

Recommendations include revitalizing the National Defense Stockpile in line with the $1 billion authorized in the National Defense Authorization Act for fiscal year 2023, investing in infrastructure to improve domestic production capacity for the identified minerals and incentivizing metals recycling.

“U.S. global leadership in aerospace and defense hinges on a secure and resilient supply chain – particularly for the critical minerals used in the production of cutting-edge aircraft technology,” said Eric Fanning, president and CEO of AIA.

“The aerospace and defense industry’s unique landscape and diverse needs must be prioritized as the country works to strengthen our global supply chains and securing access to key critical minerals. A diverse supply chain is vital to maintaining our competitive advantage and combating growing global threats,” added Fanning, a previous Wash100 awardee.

/
Former DHS Official Soraya Correa Named Contract Management Institute Executive Director
Published on
Former DHS Official Soraya Correa Named Contract Management Institute Executive Director

Soraya Correa, former chief procurement officer at the Department of Homeland Security, has been appointed executive director of the National Contract Management Association‘s Contract Management Institute.

She brings to the role decades of procurement and contract management experience and will lead the CMI as it seeks to reestablish itself as a regional hub for resources and collaboration opportunities for professionals and organizations, NCMA said Wednesday.

Correa retired from government service in 2021 after a more than four-decade public sector career.

At DHS, Correa led the establishment of the Procurement Innovation Lab framework and spearheaded the Education, Development, Growth, and Excellence mentoring program.

Her CV also includes senior leadership positions at Naval Sea Systems Command, U.S. Citizenship and Immigration Services, General Services Administration and NASA.

“Contract management is pivotal to mission delivery and successful business outcomes. I am committed to providing today and tomorrow’s contracting professionals with the knowledge and tools they need to excel in their roles,” Correa said.

/
Deltek Analysis Shows Growth in Federal Blockchain Spending
Published on
Deltek Analysis Shows Growth in Federal Blockchain Spending

A new Deltek analysis shows that federal spending on blockchain technology increased by 140 percent from fiscal year 2020 to FY 2022, reaching $11.85 million in FY 2022.

Alex Rossino, advisory research analyst at Deltek, wrote in the article published Wednesday that federal investment in blockchain technology is rising driven by government concerns with tax evasion and cryptocurrency fraud.

In the last three fiscal years, Department of Defense components have devoted significant funds to blockchain-related research and development efforts, particularly in the areas of secure data sharing and supply chain tracking.

The FBI, Department of the Treasury, Securities and Exchange Commission and other federal agencies are investing in analytics tools designed to monitor cryptocurrency transactions.

According to Rossino, the demand for blockchain tech expertise is starting to reflect in solicitations for multiple-award contracts and small businesses could help meet that growing demand by developing a workforce of engineers with knowledge of the technology.

/
MITRE Outlines Regulatory Considerations for AI Security
Published on
MITRE Outlines Regulatory Considerations for AI Security

MITRE has released a new paper outlining a set of recommendations for establishing a regulatory framework for addressing potential security risks posed by artificial intelligence.

The paper, titled “A Sensible Regulatory Framework for AI Security,” lays out regulatory considerations in three categories of application: AI as a component or subsystem; AI as human augmentation; and AI with agency, MITRE said Wednesday.

“Differentiating these categories is important because the threats and risks differ based on how AI manifests in applications, as do the approaches to mitigating threats and risks,” according to the paper.

When implementing AI as a subsystem, MITRE recommends that organizations reduce vulnerabilities by enhancing industry-specific assurance approaches. This includes developing a response plan to the National Institute of Standards and Technology’s AI Risk Management Framework.

To ensure the security of AI tools that aim to augment human capabilities, MITRE suggests requiring system auditability to hold individuals who misuse the technology to cause harm accountable.

Moreover, regulations that cover AI implementations that have a level of agency must reduce risks through critical infrastructure hardening.

/
CDAO Continues CJADC2 Research With 6th Iteration of Global Information Dominance Experiment; Craig Martell Quoted
Published on
CDAO Continues CJADC2 Research With 6th Iteration of Global Information Dominance Experiment; Craig Martell Quoted

The Department of Defense’s Chief Digital and Artificial Intelligence Office kicked off another Global Information Dominance Experiment last week, marking the second of four such experiments for 2023, and the sixth in the entire GIDE series.

GIDE 6 will involve longer test periods and expanded collaboration among military and civilian personnel from the U.S. Armed Forces, DOD announced Wednesday.

The experiments leverage a unified, vendor-agnostic data layer to evaluate, measure and field combined joint all-domain command and control systems, processes and technologies, including those that incorporate AI and machine learning.

The fifth iteration of GIDE was held in January over a four-day period. GIDE 6 takes place from June 5 to July 26.

“We are excited to enhance globally integrated operations through workflows that allow for faster, more data-informed, human-in-the-loop decisions,” said Craig Martell, chief digital and artificial intelligence officer at DOD.

“Strengthening industry integration and collaboration domestically, and with our allies and partners abroad, we aim to showcase the transformative power of data, analytics, and AI for our warfighters,” the 2023 Wash100 Award honoree added.

/
V2X President & CEO Chuck Prow Receives 2023 Wash100 Award From Jim Garrettson
Published on
V2X President & CEO Chuck Prow Receives 2023 Wash100 Award From Jim Garrettson

V2X President and CEO Chuck Prow was recently presented with his 2023 Wash100 Award during a meeting with Jim Garrettson, CEO of Executive Mosaic and creator of the esteemed recognition.

The Wash100 Award, which celebrated its historic 10th anniversary this year, represents the highest honor for executives in the expansive government contracting realm. During the annual competition, nominees are put through a careful selection process that weighs each individual’s influence to determine who will join the ranks of GovCon’s most elite.

Prow’s win marks his ninth year as a Wash100 awardee. In 2022, his impact as a leader continued as he spearheaded the merger of Vectrus and Vertex to create what is now V2X. With Prow at the helm, the new organization has already established a strong growth trajectory. Click here to read his full profile.

While the Wash100 Award looks at past accomplishments, it also considers the anticipated future success of its winners.

Since Prow’s induction into the 2023 Wash100 class, V2X has already secured multiple major awards, including a $265 million contract modification from the U.S. Army to extend its provision of logistics support services at Fort Benning in Georgia.

More recently, the company won a potential $324 million Navy contract for base operations support services at Naval Station Guantanamo Bay in Cuba and held its spot on a $32.5 billion Air Force contract to develop modern training systems.

Executive Mosaic congratulates Prow on his 2023 Wash100 win and looks forward to seeing where he takes V2X next.

1 523 524 525 526 527 2,610