/
CISA, FBI, Treasury Issue Advisory on North Korea’s Use of Maui Ransomware
Published on
CISA, FBI, Treasury Issue Advisory on North Korea’s Use of Maui Ransomware

The Cybersecurity and Infrastructure Security Agency, FBI and the Department of the Treasury have released a joint advisory on Maui ransomware and other indicators of compromise that North Korea-backed threat actors have been using since May 2021 to compromise health care and public health sector organizations.

Cyberthreat actors use Maui ransomware to encrypt servers used to support electronic health records, imaging, diagnostics and intranet services, according to the joint advisory published Wednesday.

Maui encrypts target files using a combination of XOR encryption, RSA and Advanced Encryption Standard.

The advisory outlines mitigation measures health care organizations should take, such as limiting access to data by fielding public key infrastructure and digital certificates to authenticate connections with the network, EHR system and medical devices, using standard user accounts on internal systems and turning off network device management interfaces.

Organizations are also being urged to maintain offline backups of data; create and exercise a cyber incident response plan and related communications plan; install updates for software, operating systems and firmware upon release; implement user training program and phishing exercises; and require multifactor authentication for services.

“The FBI, CISA, and Treasury strongly discourage paying ransoms as doing so does not guarantee files and records will be recovered and may pose sanctions risks,” the notice reads.

/
White House Memo Outlines Measures to Meet FY22 Small Disadvantaged Business Goal
Published on
White House Memo Outlines Measures to Meet FY22 Small Disadvantaged Business Goal

The Biden administration has issued a memorandum outlining the steps agency acquisition officers can take to meet the fiscal year 2022 goal of awarding 11 percent of total contract dollars to small disadvantaged businesses

The memo calls on agencies to use existing and open market contracts to achieve a mix of new entrant and seasoned 8(a) businesses and SDBs, evaluate acquisitions under the simplified acquisition threshold and maximize the use of the 8(a) business development program, the White House said in a June 29 release.

Agencies should review the Small Business Administration’s 8(a) no-contracts list of eligible firms, work with an 8(a) contractor for a construction project, consider software development requirements that might be suitable for the 8(a) program and take advantage of the General Services Administration’s 8(a) STARS III governmentwide acquisition contract. 

According to the document, the 8(a) STARS III GWAC provides agencies access to more than 1,100 8(a) contractors offering a range of information technology services, including artificial intelligence, robotic process automation, cybersecurity, quantum computing and blockchain technology.

The administration said the contract has supported more than $15 billion in agency orders to SDBs over the last decade.

The memo also urges agencies to maximize opportunities for SDBs when using GSA’s Federal Supply Schedule program and use the category management Quick Decision Dashboard and the Small Business Dashboard to immediately identify the existing contracts that offer access to SDBs.

Lesley Field, acting administrator of the Office of Federal Procurement Policy at the Office of Management and Budget, signed the memo with Bibi Hidalgo, associate administrator for government contracting and business development at SBA; Farooq Mitha, director of the office of small business programs at the Department of Defense; and Miguel Estien, acting national director of the Department of Commerce’s Minority Business Development Agency.

/
DOD OIG Surveys Impact Level 5 Cloud Service Offerings
Published on
DOD OIG Surveys Impact Level 5 Cloud Service Offerings

The Department of Defense Office of the Inspector General wants to know the availability of commercial cloud services that are certified to store and process controlled unclassified information.

A sources sought notice posted Tuesday on SAM.gov says the OIG is interested in learning about the advantages of migrating key applications to a cloud environment in terms of security, cost, agility and scalability.

Specifically, the office is eyeing a cloud service offering that can handle Impact Level 5 DOD information and connect to the department’s Non-classified Internet Protocol Router Network.

Vendors responding to the request for information should describe their capacity to help the OIG safeguard information and isolate the office from other cloud tenants.

RFI responses are due July 19th.

/
FBI Director Christopher Wray, UK Counterpart Warn of Chinese Threat to Western Tech
Published on
FBI Director Christopher Wray, UK Counterpart Warn of Chinese Threat to Western Tech

FBI Director Christopher Wray and Ken McCallum, director-general of the U.K. security service MI5, have warned business leaders of China’s use of large-scale hacking and global network of intelligence agents to steal intellectual property of Western technology companies, The Wall Street Journal reported Wednesday.

The Chinese government is set on stealing your technology—whatever it is that makes your industry tick—and using it to undercut your business and dominate your market,” Wray told business executives in London Wednesday. “They’re set on using every tool at their disposal to do it.”

Wray also expressed skepticism about commercial transactions with Chinese partners and said that business leaders should assess the risk of such interactions.

“Maintaining a technological edge may do more to increase a company’s value than would partnering with a Chinese company to sell into that huge Chinese market, only to find the Chinese government and your partner stealing and copying your innovation,” he said.

The U.S. National Counterintelligence and Security Center on Wednesday released a notice warning local and state government officials and business leaders about China’s use of overt and covert approaches to influence U.S. policymaking processes.

Some of the tactics China uses to influence policymaking are open lobbying, trade and investments to punish or reward officials and collection of personal data of state and local government leaders.

//
Netskope Brings on Network Visionary Group to Guide Users Through SASE Adoption; Joe DePalo Quoted
Published on
Netskope Brings on Network Visionary Group to Guide Users Through SASE Adoption; Joe DePalo Quoted

Cybersecurity software company Netskope has introduced a company faction responsible for advising on issues of security and how shifts in network, applications and data affect infrastructure functionality.

The group, called the Netskope Network Visionaries, will include Elaine Feeney and Alan Hannan and is intended to guide the many organizations who now conduct much of their business and store the majority of their data in the cloud, assisting with the embrace of a secure access service edge system, Netskope said Wednesday.

Joe DePalo, senior vice president in the platform engineering division at Netskope, described how the company has moved from just offering security programs to providing a comprehensive SASE approach and cloud storage through its Netskope NewEdge platform.

The executive also stressed Netskope’s purported ability to balance running a secure architecture on the edge “without sacrificing network performance.”

The Netskope Network Visionaries team is set to help Netskope make good on its over $100 million investment in NewEdge, encouraging and supporting users in the adoption of edge computing, network peering and network overhauls.

They will also ensure that users are maintaining informed cyber behaviors with regard to zero trust and SASE implementation and the group will play a role in contributing to Netskope’s strategic direction, keeping it in lock-step with the organization’s product roll-out and technological requirements.

Feeney is currently a retired tech industry veteran who has worked for Sun Microsystems, Accenture, Citibank and MCI. She holds advisory roles at PointOne Development Corp and is a board trustee for Colorado at the Nature Conservancy. Her last major position was vice president of infrastructure global expansion at Amazon Web Services.

Hannan brings experience in public and private cloud networking, Internet path optimization and backbone ISP, among other networking subject matters. Presently, Hannan is an advisor at Crowdstrike, where he also worked as vice president of technical operations and engineering. The executive additionally served in roles at UUNET, Global Crossing, Aruba Networks and Internap Network Services.

Netskope’s NewEdge full-compute data centers are located in over 50 regions across the globe and are aimed to eliminate latency and enable high performance for the company’s security and SASE platforms.

/
George Sears Named Director of Agriculture Department’s OSDBU
Published on
George Sears Named Director of Agriculture Department’s OSDBU

The Department of Agriculture announced that George Sears, director of the U.S. Forest Service Office of Procurement and Property Services, has been appointed to serve as director of the Office of Small and Disadvantaged Business Utilization.

Sears, who has led the Office of Procurement and Property Services since 2011, is a 28-year U.S. Army veteran who served as executive director for the Army Contracting Command National Capital Region Contracting Center, USDA said Tuesday.

He is also the former director of the Army Information Technology, E-Commerce and Commercial Contracting Center.

Sears holds a Master of Strategic Studies from the U.S. Army War College and a Master of Business Administration from Brenau University. He received his bachelor’s degree in allied health studies from Howard University.

“USDA is made richer by the diversity and experience of its team, which we continue to build as we do critical work for the American people,” said Agriculture Secretary Tom Vilsack.

/
FedRAMP Unveils Updated Penetration Test Guidance
Published on
FedRAMP Unveils Updated Penetration Test Guidance

The Federal Risk and Authorization Management Program has released an updated version of its guidance for organizations planning to conduct a penetration test.

FedRAMP said Tuesday the updated Penetration Testing Guidance includes revisions to requirements for addressing emerging threats and attack vectors to reflect current best practices.

The document was revised based on input from third-party assessment organizations and penetration testing subject matter experts and feedback from a Joint Authorization Board member with a Certified Ethical Hacker certification.

FedRAMP also conducted two technical exchange meetings with 3PAOs and JAB Technical Reviewer-recommended subject matter experts.

The guidance is designed for cloud service providers that look to perform a penetration test on their cloud system, 3PAOs that report on FedRAMP penetration testing activities and assessment organizations that develop and evaluate penetration test plans.

//
DOD Arm Contracts IBM for Sustainment of Microelectronics Supply Chain Protection; Susan Wedge Quoted
Published on
DOD Arm Contracts IBM for Sustainment of Microelectronics Supply Chain Protection; Susan Wedge Quoted

A U.S. Department of Defense committee has issued IBM a new work order under a current contract to perform security services for the department’s microelectronics supply chain.

The 33-month task order from the Defense Microelectronics Activity (DEMA) contracts the IBM Consulting team to sustain and strengthen microelectronics construction cycles taking place at modernized, commercial fabrication factories, the New York state-headquartered company said Wednesday.

Susan Wedge, managing partner at the U.S. public and federal market arm of IBM Consulting, emphasized the importance of supply chain protection for national security, noting microelectronics’ centrality to certain mission procedures.

“IBM Consulting is pleased to continue to provide the DoD security and technical services to help safeguard the ongoing supply of U.S.-made microelectronics critical to national security systems,” Wedge, who was promoted to her current role from managing partner of IBM Consulting’s public market division in April, continued.

With the newly received work order, IBM is continuing a two-decade history of helping the DMEA Trusted Access Program Office execute their Trusted Foundry Program. The latter initiative is aimed to establish economical and secure pathways to microelectronics for the U.S. government.

Together, IBM and DMEA support the manufacture of microelectronics in a secure fashion that abides high-grade security regulations. Their work is intended to counterbalance and account for the threats and upsets international supply chains have experienced over the last two years and offer a protected haven for military semiconductors.

“Since the inception of the TAPO at DMEA, IBM has been an important partner, providing trust to advanced ASIC semiconductor technologies for the DoD’s most advanced weapon systems platforms,” remarked Aman Gahoonia, acting director of the trusted access program office at the DOD.

The DMEA work order follows IBM’s March announcement of the growth of its IBM Ecosystem in the federal market. The company is offering mentorship programs to small businesses and sharing access to the resources of partner companies like Red Hat.

/
Air Force Acquisition Team Offers Recommendations to Improve Aircraft-GEOINT System Interface
Published on
Air Force Acquisition Team Offers Recommendations to Improve Aircraft-GEOINT System Interface

A team of U.S. Air Force acquisition staffers recommended measures for the military service to improve the coordination between its aircraft platforms and National Geospatial-Intelligence Agency information systems.

The Advanced Tactical Acquisition Corps found an interface issue between Air Force and NGA platforms is partly due to a configuration data management deficiency, the Air Force Life Cycle Management Center said Saturday.

“We developed a total of seven recommendations that improve the processes, tools, and resources for intelligence supportability in acquisition,” said Capt. Chris Bang, a member of ATAC-Team 12.

“Our desired end-goal is to allow acquisition leaders to make intel-informed decisions and deliver capabilities that provide our warfighters a tactical advantage.”

ATAC-Team 12 proposed recruiting more acquisition intelligence analysts to work at aircraft program offices and maintain a tracking database for geospatial systems.

The group also suggested codifying such positions into the Defense Acquisition Workforce Improvement Act and centralizing the GEOINT systems monitoring through a digital database.

Nine civilian and military employees make up the 12th cohort of ATAC, a three-month program that allows service personnel to identify possible approaches for addressing acquisition challenges.

/
Lt. Gen. Michael Schmidt Takes Over F-35 Joint Program Office Leadership
Published on
Lt. Gen. Michael Schmidt Takes Over F-35 Joint Program Office Leadership

U.S. Air Force Lt. Gen. Michael Schmidt has formally assumed the program executive officer role at the F-35 Lightning II Joint Program Office, succeeding Lt. Gen. Eric Fick, the program’s 12th PEO.

Schmidt recently served as PEO for Command, Control, Communication, Intelligence and Networks Directorate, according to a Department of Defense notice.

During a change of leadership ceremony on Joint Base Anacostia-Bolling in Washington, D.C., on Tuesday, the 13th PEO of F-35 Lightning II JPO expressed intent to further enhance the fighter aircraft fleet and to continue working in collaboration with military branches and international partners.

Meanwhile, Fick commented on the growth of the F-35 program in recent years. He thanked the JPO members, international allies and foreign military sales customers for their efforts and contributions.

“You’ve grown the fleet to over 800 aircraft; we’re operational at 25 installations around the world, and aboard eight ships at sea,” he said.

Following the leadership turnover, Fick retired from his over three decades of military service.

1 783 784 785 786 787 2,621