//
GAO Recommends ONCD to Lead National Quantum Strategy
Published on
GAO wants ONCD to be the central office for the nation's strategy against quantum computing threats

The Government Accountability Office told lawmakers that the Office of the National Cyber Director should lead policy and initiatives related to securing systems from post-quantum computing threats.

In its report to Congress published publicly on Tuesday, GAO said assigning the ONCD as a centralized office for quantum efforts would lead to better-defined roadmaps that allocate resources and hold participants accountable.

GAO Identifies Shortcomings in Current PQC Strategies

The congressional watchdog noted in its report that various documents issued over the past several years to counter quantum threats have identified three central goals, but also presented challenges.

The key goals that GAO identified based on its review of various strategy documents are:

  • Standardize post-quantum cryptography for conventional and quantum computers
  • Migrate government systems to PQC
  • Encourage all economic sectors to prepare for quantum computing threats

GAO noted that the documents it reviewed do not fully define a strategy to counter quantum threats. For instance, the documents do not establish performance measures for all three goals.

During her appearance in front of Congress on Tuesday, Marisol Cruz Cain, the agency’s director of information and cybersecurity, explained to legislators that while critical infrastructure operators know the risks associated with quantum computing, there are no documented impacts specific to federal government operations.

“Unless we have done a complete risk assessment to find out where our vulnerabilities are and the threats that they pose and how to mitigate it, we are not even prepared to start to protect our systems and transition them to PQC,” the official revealed.

GAO attributed the issues to the lack of a single federal organization to provide oversight and coordination across all quantum efforts.

Cruz Cain also highlighted the importance of confirming a new national cyber director to be in charge of developing and implementing national strategies and ensuring that federal agencies are aware of what needs to be done to strengthen security against quantum computing.

//
DHS S&T Seeking Applications for Remote Identity Validation Rally Phase 2
Published on
DHS S&T will evaluate identity validation capabilities to combat fraud.

The Department of Homeland Security Science and Technology Directorate is inviting technology developers of remote identity validation capabilities to participate in the second phase of the Remote Identity Validation Rally, or RIVR.

DHS S&T Combating ID Fraud-Enabled Crimes

RIVR, which will evaluate the ability of ID verification systems to authenticate identity documents, aims to combat identity fraud when users apply for government services, open bank accounts or verify social media accounts, DHS said Wednesday, adding that improvements to ID verification technologies will enable the agency to crack down on human trafficking, bank account fraud, welfare fraud, identity theft and other crimes that rely on ID fraud.

Interested organizations are invited to join an informational webinar about the second phase of RIVR on Tuesday. Submission of applications is due July 18.

“Since we announced the Remote Identity Validation Rally (RIVR), we’ve seen a tremendous response from technology users and developers,” said Arun Vemury, DHS S&T senior adviser for biometric and identity technologies. “This challenge gives developers a chance to apply lessons from the Remote Identity Validation Technology Demonstration (RIVTD), refine their tools, and continue contributing to this unique public-private testing partnership.”

The first phase of RIVTD was completed in 2024, helping establish new benchmarks for remote identity verification technology and providing companies with clear targets for improvement.

DHS S&T announced the second phase of the program following the full implementation of Real ID, designed to prevent criminals, illegal aliens and terrorists from exploiting lax ID enforcement for domestic air travel.

//
Navy Demos Optimized Cross Domain Swarm Sensing Software Mission Planning Tech for Unmanned Systems
Published on
NAWCAD tested its Optimized Cross Domain Swarm Sensing mission planning software

The Naval Air Warfare Center Aircraft Division, or NAWCAD, has completed the demonstration of an advanced mission planning software called Optimized Cross Domain Swarm Sensing.

What Is the Optimized Cross Domain Swarm Sensing Software?

The Navy said Wednesday the OCDSS software program is designed to streamline mission planning for groups of unmanned aircraft systems, or UAS. The advanced technology leverages thousands of computer simulations to determine the most effective combinations of drones, sensors and configurations to ensure maritime mission success.

Navy Demos Optimized Cross Domain Swarm Sensing Software Mission Planning Tech for Unmanned Systems

Join the 2025 Navy Summit on August 26 and listen to the U.S. Navy’s top brass and industry leaders discuss the latest technologies, such as the OCDSS mission planning software and other initiatives.

The recent demonstration showcased the swarm mission planning technology’s ability to predict how various drones perform together during operations. This allows planners to select the exact number and type of unmanned vehicles needed for a particular mission. The OCDSS software’s virtual testing environment minimizes the need for real-world demonstrations.

“This software gives warfighters faster and more effective decision making — that’s competitive advantage,” said Raymond Koehler, lead software developer of the OCDSS.

/
Bipartisan Bill Seeks to Ban Government Use of Foreign Adversary AI Tools
Published on
Sen. Rick Scott introduced No Adversarial AI Act to ban government use of foreign adversarial AI tools

Sen. Rick Scott, R-Fla., along with Sen. Gary Peters, D-Mich., and bipartisan members of the House Select Committee on the Chinese Communist Party, introduced the No Adversarial AI Act.

The senator said Wednesday the bipartisan bill aims to prohibit government agencies from utilizing artificial intelligence technologies controlled by China and other foreign adversaries. This is in response to reports that DeepSeek and other companies linked to the CCP store U.S. user data in China.

What Would the No Adversarial AI Act Do?

The bill would establish a federal list of adversarial AI by mandating the Federal Acquisition Security Council to identify and publicly publish AI developed by companies associated with China, Russia, Iran and North Korea. It would also ban the use of the identified AI in executive agencies. However, limited exceptions for research, testing, or mission-critical functions will be allowed with strict oversight and written justification to Congress and the Office of Management and Budget. The bill will also require updates to the adversarial AI list every 180 days and direct agencies to remove prohibited AI from their systems.

The bipartisan bill is spearheaded in the House of Representatives by Cong. John Moolenaar, R-Mich., Raja Krishnamoorthi, D-Ill., Darin LaHood, R-Ill., and Ritchie Torres, D-NY.

“With clear evidence that China can have access to U.S. user data on AI systems, it’s absolutely insane for our own federal agencies to be using these dangerous platforms and subject our government to Beijing’s control. Our No Adversarial AI Act will stop this direct threat to our national security and keep the American government’s sensitive data out of enemy hands,” said Scott.

///
Justin Fanelli Issues Memo on DON CTO’s Priority Tech Areas
Published on
The Department of the Navy Acting Chief Technology Officer Justin Fanelli unveiled his five priority technology areas

Justin Fanelli, acting chief technology officer at the Department of the Navy, has signed and issued a memo outlining the DON CTO office’s priority technology areas, or PTAs, to help guide modernization efforts and signal to industry, academia and mission partners where they should allocate resources.

In a LinkedIn post published Tuesday, the DON chief information officer said the PTAs are designed to accelerate the adoption of emerging technologies, improve information advantage and align with the Department of Defense’s broader goals.

The PTAs will be updated at least annually and paired with DON’s Investment Horizons framework to identify gaps in the department’s technology pipeline and strategic plan, and rapidly deploy platforms for operational impact.

Justin Fanelli Issues Memo on DON CTO's Priority Tech Areas

Fanelli will be one of the speakers at the Potomac Officers Club’s 2025 Navy Summit on Aug. 26. Hear him and other experts discuss these PTAs, modernization imperatives, latest tech advancements, policies and trends shaping the future of naval operations. Book your seats now!

AI, Quantum & Other DON CTO Priority Tech Areas

The Navy’s PTAs are artificial intelligence and autonomy; quantum technologies; transport/connectivity; C5ISR/naval space; and cyberspace operations/zero trust.

The DON seeks AI-driven platforms to facilitate real-time data analysis and automated decision-making to improve operational effectiveness. Level 2 areas include core capabilities such as applied machine learning and natural language processing; trust, assurance and governance; autonomous systems; and infrastructure and deployment.

For cyberspace operations, priorities include advanced cyber defense networks, threat intelligence automation and proactive security measures to counter adversarial cyber operations. Level 2 areas include zero trust architecture, identity and access management, cyber operations, and operational technology.

//
GSA, Elastic Sign OneGov Agreement to Offer Product Discounts to Federal Agencies
Published on
GSA and Elastic are working to deliver IT cost savings to federal agencies through the OneGov agreement

The General Services Administration and Elastic have signed an agreement to reduce the price of the latter’s Search AI platforms for federal agencies through September 2027.

GSA said Monday the strategic partnership with Elastic is part of the agency’s OneGov initiative, which seeks to transform how federal agencies buy goods and services and deliver IT cost savings across the government while advancing the modernization of legacy IT systems.

OneGov Agreement Between GSA & Elastic

Under the OneGov agreement, agencies can receive discounts of up to 60 percent on Elastic’s self-managed platforms, with discounts starting at 27.5 percent. 

For FedRAMP Moderate cloud deployments through GovCloud, discounts range from 15 percent to 32 percent based on volume. 

The offer will run through Sept. 30, 2027.

Elastic will offer a suite of Search AI platforms through GSA Advantage, including Elastic’s Security Incident Event Monitoring, Observability, Zero Trust Architecture, Search AI Lake and vector database for building GenAI applications. The offerings include capabilities such as Elastic’s AI Assistant for Security, native NLP model support, Attack Discovery and enhanced data onboarding features.

Elastic’s Search AI platform is designed to facilitate real-time analysis, deliver searchable results, drive operational resilience and advance cyberthreat detection.

“We appreciate Elastic’s cooperative approach in establishing pricing structures that are not only cost-effective in the present but also guarantee sustained financial benefits for taxpayers in the long run,” said Josh Gruenbaum, commissioner of GSA’s Federal Acquisition Service.

“Through the OneGov initiative, we are actively converting these beneficial collaborative relationships into formalized, enduring agreements with our industry partners, with the goal of systematically reducing procurement expenses for the foreseeable future,” added Gruenbaum, a 2025 Wash100 awardee.

/
SDA Launches T1DES Prototype Satellite
Published on
SDA launched its first T1DES Proto space vehicle

The Space Development Agency launched the first prototype risk reduction satellite from the Vandenberg Space Force Base in California on June 23.

T1DES Proto

The agency said Tuesday the satellite is one of 12 planned prototypes under the Tranche 1 Demonstration and Experimentation System, or T1DES, constellation program. The T1DES Proto space vehicle, also known as York Space Systems’ Dragoon, was launched aboard SpaceX’s Falcon 9 rocket as part of the Transporter 14 rideshare mission.

The space vehicle is intended to facilitate the integration of the tactical satellite communication, or TACSATCOM, system from low Earth orbit and to test the delivery of tactical data to military platforms to support targeting, missile warning and advanced missile threats tracking capabilities. The launch also served as a test for York’s LX-CLASS satellite platform, which is expected to be utilized for other agreements between SDA and York.

SDA Launches T1DES Prototype Satellite

Get insights on satellite communications and other critical air and space defense initiatives at the Potomac Officers Club’s 2025 Air and Space Summit this coming July 31.

Future T1DES Deployments

The SDA intends to deploy the other 11 T1DES space vehicles in 2026. These prototype satellites will perform further experiments and demonstrations involving capabilities vital for ensuring seamless connectivity for joint military forces worldwide, including TACSATCOM, advanced waveforms and Integrated Broadcast Service technologies.

SDA Director Derek Tournear on the T1DES Program

“T1DES will demonstrate mission payloads and configurations for potential proliferation through future tranches of the Proliferated Warfighter Space Architecture in an effort to lower latency of tactical data delivery and enhance beyond line-of-sight targeting capability,” said SDA Director Derek Tournear, winner of the Wash100 Award in 2021.

/
Keeper Security Marks New Milestone With SOC 3 Compliance
Published on
Zoya Schaller, director of cybersecurity compliance at Keeper Security, spoke about Keeper's new SOC 3 compliance achievement

Keeper Security has achieved System and Organization Controls, or SOC, 3 compliance. 

The cybersecurity company said Tuesday that an independent third-party auditor conducted a rigorous evaluation of its internal controls as part of its annual Type II audit

“SOC 3 is more than a certification – it’s a public demonstration of the trust we’ve earned through rigorous security and compliance practices,” commented Zoya Schaller, director of cybersecurity compliance at Keeper. “Transparency is non-negotiable in today’s cybersecurity landscape. This achievement reinforces our ongoing commitment to protecting sensitive data and holding ourselves to the highest standards.”

The American Institute of Certified Public Accountants, or AICPA, governs the SOC, which assesses the effectiveness of controls within an organization. SOC 3 specifically addresses organizations relevant to security, confidentiality and privacy, the AICPA explained.

What Keeper Offers

Keeper’s core product KeeperPAM is a next-generation privileged access management technology for cloud-first and hybrid cloud environments. 

KeeperPAM enables multi-factor authentication with a single login, allowing users to quickly but securely gain access to servers, databases, web applications, software-as-a-service platforms and remote systems. 

According to Keeper, it does not have access to user credentials or customer infrastructures. 

The security company also maintains a Federal Risk and Authorization Management Program certification at the Moderate Impact Level and complies with the Government Risk and Authorization Management Program, or GovRAMP, standards.

//
New DISA System Secures Cross-Domain Data Transfer
Published on
DISA boosts DevSecOps support through software integration in Amazon Web Services Cross-Domain Solution

The Defense Information Systems Agency has authorized its Program Executive Office services to integrate the Amazon Web Services Cross-Domain Solution within its Citadel software factory to support DevSecOps efforts. The setup provides a secure data transfer system between unclassified impact level 5 and classified impact level 6 information, DISA said Tuesday.

Tackling Manual Cross-Domain Data Transfer Risks

The new cloud-based cross-domain transfer system addresses the security challenge that DevSecOps users and DISA mission partners face when transferring between classified and unclassified information, the agency explained. 

Currently, such data transfer often requires manual processes, such as moving compact discs from one device to another, DISA noted. It also said the Citadel integration in AWS CDS will significantly boost DevSecOps frontliners, including warfighters and analysts, in complex and dynamic environments requiring sharp situational awareness and quicker response times.

Besides its cross-domain systems, DISA provides other tools and services for DevSecOps support, such as its Defense Enterprise Office Solution, or DEOS, a secret cloud environment wherein approximately 200,000 end users were migrated as of February 2024. DISA deployed in DEOS the DOD365-Secret classified cloud platform to support the implementation of Microsoft‘s suite of cloud-based productivity tools, Office 365.

/
NSA, CISA Release CSI Urging Adoption of Memory Safe Languages for Enhanced Software Security
Published on
NSA and CISA have released a Cybersecurity Information Sheet promoting memory safe languages adoption

The National Security Agency and the Cybersecurity and Infrastructure Security Agency have jointly published a cybersecurity information sheet titled “Memory Safe Languages: Reducing Vulnerabilities in Modern Software Development” to emphasize the importance of memory safe languages, or MSLs, in bolstering software security.

Enhancing Cybersecurity With Memory Safe Languages

NSA said Tuesday the CSI encourages the adoption of MSLs to enhance cybersecurity by addressing memory vulnerabilities. The two agencies advocate for organizations to assess the feasibility of adopting MSLs. The document also urges software producers, particularly those developing for national security systems and critical infrastructure, to utilize the guide to start leveraging MSLs for their software systems.

Organizations can use the CSI to plan for the adoption of MSLs. It discusses various adoption approaches and engineering considerations for proper MSL implementation, as well as ways to utilize interoperability for integration without rewriting existing codebases. Furthermore, the CSI offers recommendations for enhancing the safety of non-MSL code if adoption is not practical.

How Do MSLs Work?

MSLs are designed with integrated safeguards such as bounds checking, memory management and data race prevention. These security features work against memory vulnerabilities and threats to prevent safety issues, including data breaches, system crashes and operational disruptions.

1 53 54 55 56 57 2,625