/
GAO: Comprehensive Cybersecurity Strategy Needed to Protect Assets, Critical Infrastructure
Published on
GAO: Comprehensive Cybersecurity Strategy Needed to Protect Assets, Critical Infrastructure

The Government Accountability Office said in a new report that the federal government must establish a comprehensive cybersecurity strategy to protect assets and critical infrastructure from state-sponsored cyberattacks.

GAO reiterated the importance of fully implementing the 335 public recommendations it has made on developing a comprehensive strategy since 2010 and noted that about 190 of them have not been executed as of December 2022.

“Until these are fully implemented, federal agencies will be more limited in their ability to protect private and sensitive data entrusted to them,” the report states. 

According to the government watchdog, the 2018 National Cyber Strategy and the National Security Council’s 2019 Implementation Plan did not fully address the desirable characteristics of national strategies in terms of problem definition and risk assessment, goals and performance measures and resources and investments.

GAO recommends that the National Security Council collaborate with partner agencies to update cybersecurity strategy documents to address said characteristics.

To boost the nation’s cyber defenses, the federal government must also mitigate global supply chain risks, address the cyber skills gaps and ensure the security of emerging technologies, per the report.

/
OMB Updates Federal Acquisition Certification in Contracting Program
Published on
OMB Updates Federal Acquisition Certification in Contracting Program

The Office of Management and Budget has issued a memorandum announcing the modernization of the Federal Acquisition Certification in Contracting program as part of efforts to reflect best practices in modern learning and continuous professional growth. It is the first major revision to the program in nearly a decade.

The FAC-C (Professional) program is set to take effect on Feb. 1, and the Office of Federal Procurement Policy at OMB expects the new framework to help foster training and development requirements for contracting officials in civilian agencies, according to the memo signed by Lesley Field, deputy administrator for federal procurement policy at OMB.

FAC-C (Professional) seeks to implement a streamlined single-level professional certification, advance equity and upward opportunity within the Department of Defense, incorporate a virtual instructor-led learning approach and integrate American National Standards Institute-accredited contracting competencies.

According to the memo, new hires will comply with the FAC-C (Professional) requirements and existing employees certified at Levels I, II or III of the legacy FAC-C program will get automatic certification under the new framework.

OFPP said the updated certification program will apply to all executive agencies, except DOD.

/
RAND Report Highlights Need for Software Upgrades to USAF’s Electronic Warfare Integrated Reprogramming
Published on
RAND Report Highlights Need for Software Upgrades to USAF’s Electronic Warfare Integrated Reprogramming

A tetralogy of case studies conducted by RAND Corp. implied the need for the U.S. Air Force to upgrade its electronic warfare integrated reprogramming enterprise in order to respond more quickly to adversary threats in the electromagnetic spectrum.

The research report urged the service branch to update its software architecture to improve existing EWIR enterprise despite transitioning to cognitive electronic warfare, which uses artificial intelligence and machine learning.

RAND found that electronic warfare–related software reprogramming needs to process intelligence in a matter of seconds or minutes to ensure effective response to advanced threats.

The nonprofit policy group recommended containerized microservices to help accelerate reprogramming speed and newer software deployment architectures to support cognitive electronic warfare algorithms. Aircraft missions should also have better computing and connectivity for rapid data transmission and file updates in theater, RAND posited.

Aside from technology refinements and personnel development, USAF policies should be amended to improve data collection, access, classification, integration and standardization, the research team said.

/
Sandy Radesky Named CISA Associate Director of Vulnerability Management
Published on
Sandy Radesky Named CISA Associate Director of Vulnerability Management

Sandy Radesky, former deputy command information officer for U.S. Fleet Cyber Command, has been appointed associate director of vulnerability management at the Cybersecurity and Infrastructure Security Agency.

The U.S. Air Force veteran brings to the role more than two decades of experience in cyber operations, information security, threat detection and response and vulnerability management, CISA said in a LinkedIn post published Thursday.

In her most recent role, Radesky oversaw efforts to position FLTCYBERCOM as the central operating authority for the U.S. Navy’s networks.

Radesky also served as director of information and technology and analytics for the national COVID-19 response effort of the Countermeasures Acceleration Group, where she helped streamline the distribution of vaccines and therapeutics across the country.

Before joining the Navy, she was deputy director of operations at Joint Force Headquarters Department of Defense Information Network responsible for overseeing operational-level command and control and cyberspace operations.

Radesky also held various roles of increasing responsibility during her seven-year career at the Defense Information Systems Agency, including as head of the Global Operations Command Defensive Cyber Operations Security Center located at Scott Air Force Base in Illinois.

/
DOD’s Randy Resnick on Zero Trust Experiment with Joint Warfighter Cloud Capability Contract Awardees
Published on
DOD’s Randy Resnick on Zero Trust Experiment with Joint Warfighter Cloud Capability Contract Awardees

Randy Resnick, director of the Department of Defense’s Zero Trust Portfolio Management Office, said starting this spring, National Security Agency red-team hackers will test zero trust security by launching attacks on systems running on cloud platforms of Amazon Web Services, Oracle, Microsoft and Google, Breaking Defense reported Thursday.

The simulation will give participants a chance to observe a “realistic adversary attack [to] determine whether or not the red teams could get in and exploit data,” Resnick said during a webcast.

“That’s going to give us a really good feel on whether or not these zero trust overlays are implemented correctly,” he added.

In December, AWS, Oracle, Google and Microsoft won positions on the potential $9 billion Joint Warfighting Cloud Capability contract, which will enable DOD to directly procure enterprisewide cloud service offerings from commercial service providers across all classification levels and security domains.

Resnick said his office expects the test to provide a way for recommending to the Pentagon whether or not it could implement zero trust in the cloud.

“If…we come to the conclusion that in fact it can be done, it would be absolutely revolutionary,” he added.

According to the report, the test will serve as an “independent” experiment to determine how cloud service providers can quickly implement zero trust standards set by Resnick’s office.

/
Onspring GovCloud GRC Software Receives FedRAMP In Process Designation
Published on
Onspring GovCloud GRC Software Receives FedRAMP In Process Designation

No-code, cloud-based governance, risk and compliance software provider Onspring has received FedRAMP In Process designation for its GovCloud program.

This achievement allows government agencies to begin solicitations with Onspring and represents a key step in the process of securing FedRAMP authorization, the Overland Park, Kansas-based organization announced on Thursday.

“For more than 10 years, Onspring has successfully served the commercial markets’ needs and is now ready to help federal agencies safely automate their complex governance, risk and compliance programs in the cloud,” said Nichole Windholz, director of cybersecurity at Onspring.

As the public sector embraces cloud-based software to modernize and enhance agility, efficiency and time savings, Onspring anticipates that its GovCloud program will be welcomed as there are currently only a handful of FedRAMP authorized cloud GRC software offerings on the market.

The Tennessee Valley Authority, a current client that uses the program to manage NERC compliance and block violations that may result in penalty costs, will sponsor Onspring GovCloud during the next stage of FedRAMP authorization.

“We chose Onspring GovCloud because of its ability to map and report on controls with real-time compliance tracking of ‘NERC-CIP’ standards in a FedRAMP Authorized environment,” said David Abdalla, senior program manager for TVA.

Earlier this month, Onspring received a U.S. patent for its Process Automation Platform, which serves as the foundation for the company’s GRC technology. The platform was selected for its method of using a document database to edit applications without restructuring the database.

In August of last year, Onspring released version 23.0 of its GRC software, which upgraded its dashboards, reports, surveys and workflows and added new filtering options.

/
Janet Yellen: Treasury Adopts ‘Extraordinary Measures’ as US Hits Debt Limit
Published on
Janet Yellen: Treasury Adopts ‘Extraordinary Measures’ as US Hits Debt Limit

Treasury Secretary Janet Yellen informed Congress through a letter that her department started implementing “extraordinary measures” after the U.S. government reached its statutory debt limit of $31.4 trillion on Thursday.

Yellen told congressional leaders in the Thursday letter that the Department of the Treasury will suspend investments in the Civil Service Retirement and Disability Fund and the Postal Service Retiree Health Benefits Fund from Thursday through June 5.

“By law, the CSRDF and the PSRHBF will be made whole once the debt limit is increased or suspended. Federal retirees and employees will be unaffected by these actions,” she wrote in the letter.

“I respectfully urge Congress to act promptly to protect the full faith and credit of the United States,” Yellen added.

White House Press Secretary Karine Jean-Pierre cited the need for bipartisan cooperation in Congress to address the debt ceiling during a press briefing Wednesday.

“Our outreach is deliberate to ensure Congress knows that the debt ceiling must be addressed, again, without conditions,” Jean-Pierre said.

/
Air Force Research Lab Awards $90M Tactical Autonomy R&D Project
Published on
Air Force Research Lab Awards $90M Tactical Autonomy R&D Project

The Air Force Research Laboratory has awarded Howard University a five-year, $90 million contract to set up a center and lead an academic consortium that will conduct tactical autonomy studies.

AFRL received four proposals for the establishment of a historically Black university-led research hub to carry out the project aimed at identifying practical applications of autonomous technology, the Department of Defense said Thursday.

The lab is obligating $2.95 million for the first task order under the indefinite-delivery/indefinite-quantity contract.

R&D efforts will occur at Howard University’s Washington, D.C., facility and campuses run by members of the consortium.

The award resulted from a broad agency announcement published by the Air Force Office of the Chief Scientist on SAM.gov in September 2022.

/
NSA Releases Security Guidance for IPv6 Implementation
Published on
NSA Releases Security Guidance for IPv6 Implementation

The National Security Agency has released security guidance to help the Department of Defense and other system administrators implement the latest version of the Internet Protocol.

NSA said Wednesday the IPv6 Security Guidance outlines a set of recommendations on how DOD and other federal organizations can maintain awareness of and prevent potential security concerns as they transition to the next-generation protocol from the legacy IPv4 networks.

According to the agency, networks new to the protocol lack maturity in IPv6 configurations and tools and devices that run on IPv4 and IPv6 simultaneously have an increased attack surface.

“The Department of Defense will incrementally transition from IPv4 to IPv6 over the next few years and many DoD networks will be dual-stacked,” said Neal Ziring, cybersecurity technical director at NSA.

To address emerging security issues, NSA recommends that organizations assign IPv6 addresses to a host via a Dynamic Host Configuration Protocol version 6 server; avoid tunnels to reduce complexity and the attack surface; utilize cybersecurity mechanisms that support both IPv4 and IPv6; and provide appropriate and sufficient training and education to network administrators.

/
DIU Seeks Commercial Technologies for Virtual Jet Pilot Training
Published on
DIU Seeks Commercial Technologies for Virtual Jet Pilot Training

The Defense Innovation Unit has posted a commercial solutions opening for immersive training technologies designed to help the Department of Defense train next-generation jet pilots.

DIU said it is looking for lightweight and agile commercial platforms that are equipped to support synthetic training environments and extended reality technology in support of the T-38C jet trainer and other existing tactical trainer aircraft of the U.S. Air Force.

DOD will prototype technologies in two parallel lines of effort, with the first providing a new mid-tier, mixed-reality training device and the second delivering an STE that supports fighter/bomber fundamentals syllabus events.

The resulting technologies will be used as part of a new Pilot Training Transformation course on FBF.

As part of the initiative, DOD also plans to prototype training tools such as artificial intelligence-powered instructional tools, remote instruction capabilities, augmented reality briefing and debriefing capabilities, student cognitive workload and performance monitoring systems.

Interested companies may submit their proposals until Jan. 23.

1 618 619 620 621 622 2,597