Author: Marcus Bailey

The Department of Defense requested about $38.6 billion for FY 2022 for its unclassified information technology, such as communications systems and business systems.

We reviewed the performance of DOD’s 25 major IT business programs, management of cybersecurity and supply chain risks, and more. Among other things, we found:

• 19 of the 25 programs did not fully report data measuring progress on system performance
• Programs reported progress on only 77 of 172 performance targets
• 15 of the 25 reported having an approved cybersecurity strategy and provided a copy to validate

Full Article

U.S. Space Force has kicked off development of a seven-year contract for cybersecurity services to protect the ground networks that manage its space assets.

Space Force’s cyber operations division has dubbed the contract Digital Bloodhound and it will be a multiple-award, task-order contract. The solicitation is expected before the end of the year with an award by the end of March 2023.

The cyber operations division currently has two product lines for defensive requirements for cybersecurity and national security called Manticore and Kraken, according to the Sam.gov posting.

Full Article

To better manage and protect against cybersecurity risks the Environmental Protection Agency (EPA) must establish an enterprise-wide cybersecurity risk assessment framework, the Government Accountability Office (GAO) said in its latest annual priority recommendations report to the agency.

GAO outlined 12 priority recommendations for EPA that fall into six focus areas – including ensuring cybersecurity at EPA.

Federal agencies continue to face a growing number of cyber threats to their systems and data. According to Federal guidelines, agencies need to effectively identify, prioritize, and manage their cyber risks to protect themselves against these threats.

Full Article

The National Cybersecurity Center of Excellence (NCCoE) has released a new draft project description, Software Supply Chain and DevOps Security Practices: Implementing a Risk-Based Approach to DevSecOps. Publication of this project description begins a process to solicit public comments for the project requirements, scope, and hardware and software components for use in a laboratory environment.

Full Article

Rapidly growing employee identities, third-party partners, and machine nodes have companies scrambling to secure credential information, software secrets, and cloud identities, according to researchers.

In a survey of IT and identity professionals released Wednesday from Dimensional Research, almost every organization — 98% — experiences rapid growth in the number of identities that have to be managed, with that growth driven by expanding cloud usage, more third-party partners, and machine identities. Furthermore, businesses are also seeing an increase in breaches because of this, with 84% of firms suffering an identity-related breach in the past 12 months, compared with 79% in a previous study covering two years.

Source: https://www.darkreading.com/operations/identity-related-breaches-last-12-months

Europol on Tuesday announced the dismantling of an organized crime group that dabbled in phishing, fraud, scams, and money laundering activities.

The cross-border operation, which involved law enforcement authorities from Belgium and the Netherlands, saw the arrests of nine individuals in the Dutch nation.

The suspects are men between the ages of 25 and 36 from Amsterdam, Almere, Rotterdam, and Spijkenisse and a 25-year-old woman from Deventer, according to a statement from the National Police Force.

Source: https://thehackernews.com/2022/06/europol-busts-phishing-gang-responsible.html

The Cybersecurity and Infrastructure Security Agency is developing a guide to help agencies overcome the challenges of managing cyber supply chain risks.   

According to Brian Paap, Cyber Engineering Consultant at CISA, the agency has been working on how to approach Cyber Supply Chain Risk Management (CSCRIM) over the past two years.

CISA recently ran a pilot designed to figure out all of the measures required to stand up and sustain a CSCRIM program within federal departments and agencies.  

Paap noted CISA has recently developed the Overview and Guidelines document, which combines learnings from NIST 161 and elements of NIST 853, Rev 5 and several other resources.   

Source: https://governmentciomedia.com/cisa-developing-guidelines-managing-cyber-supply-chain-risks