Cybersecurity | The Contracting Education Academy

April 29, 2019 By AMK

Why the Navy is giving agencies, industry a much-needed wake-up call on supply chain risks

On page 6 of the Navy’s recent report about its cyber readiness, there is a jaw-dropping confession: “The systems the U.S. relies upon to mobilize, deploy and sustain forces have been extensively targeted by potential adversaries, and compromised to such extent that their reliability is questionable.”

Bill Evanina, director of the National Counterintelligence and Security Center in the Office of the Director of National Intelligence, wants that single sentence in the 80-page report to sink in for a second.

“The Navy’s report on their resilience and reliability is that watershed moment not only for the Department of Defense but for all agencies in the federal government, and I would even proffer in the private sector, to have an honest, internal look at their systems, their data, their capabilities and their protection mechanisms and where they have vulnerabilities and how the threats are manifested in their organizations,” Evanina said after speaking at the Intelligence and National Security Alliance (INSA) event on supply chain management in Arlington, Virginia, on April 1. “I think all agencies should take a hard look and say, ‘What can we do that is similar to this to look at our own processes and protection models?’”

The Navy report serves as a call to arms around the challenges every agency faces from systems under attack to attempts to steal information from its industrial base.

“The DON’s dependency upon the defense industrial base (DIB) presents another large and lucrative source of exploitation for those looking to diminish U.S. military advantage. Key DIB companies, primes, and their suppliers, have been breached and their IP stolen and exploited,” the report states. “These critical supply chains have been compromised in ways and to an extent yet to be fully understood.”

Keep reading article at: https://federalnewsnetwork.com/acquisition/2019/04/navy-giving-agencies-industry-much-needed-wake-up-call-on-supply-chain-risks/

April 19, 2019 By cs

Senate Armed Services Subcommittee on Cybersecurity holds hearing to discuss responsibilities of the industrial base

On March 26, 2019, the Senate Armed Services’ Subcommittee on Cybersecurity held a hearing to receive testimony assessing how the Department of Defense’s (DoD) cybersecurity policies and regulations have affected the Defense Industrial Base (DIB).

To gain a better understanding of the DIB’s cybersecurity concerns, the Subcommittee invited William LaPlante, Senior Vice President and General Manager of MITRE’s National Security Sector; John Luddy, Vice President For National Security Policy at the Aerospace Industries Association; Christopher Peters, Chief Executive Officer of the Lucrum Group; and Michael MacKay, the Chief Technology Officer of Progeny Systems Corporation.

In their opening remarks, the Chairman of the Subcommittee, Senator Mike Rounds (R-SD), and Ranking Member, Senator Joe Manchin (D-WV), acknowledged industry concerns about the DoD’s lack of clarity and disparate implementation of cybersecurity regulations, such as guidance relating to DFARS 252.204-7012 (DFARS Cyber Rule or Rule) and National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171.

Senator Rounds stated that he “expects [DoD] to come up with measured policies to make improvements in [cybersecurity]” and he “hope[s] DoD takes seriously the concerns of the DIB.” He further noted that DoD “cannot simply apply increasingly stringent cybersecurity requirements on its contractors” and that “doing so without subsidy or assistance is unlikely to particularly improve cybersecurity [for] the DIB” and would likely drive the most innovative small businesses out of the supply chain. Senator Rounds called for putting a program in place to ensure the best possible protections for contractors regardless of size and referred to the “Achilles heel” of this issue as the desire to use a large number of small contractors while still needing to protect sensitive government information. Later in the hearing, Senator Manchin expressed great concern over the cyber incidents experienced by DoD contractors and urged the witnesses to “tell [the Subcommittee] what you need . . . [the Subcommittee] is here to fix it and you’re here to tell us what’s broken.”

Keep reading this article at: https://www.insidegovernmentcontracts.com/2019/03/senate-armed-services-subcommittee-on-cybersecurity-holds-hearing-to-discuss-the-responsibilities-of-the-defense-industrial-base/

February 4, 2019 By cs

$100k ethical hacking competition, in-person at GTRI on Feb. 14th

Georgia Tech, along with the University of North Georgia, are co-hosting the Cyber 2.0 Hacker’s Challenge, inviting students and faculty from all educational institutions, as well as corporate and military cyber professionals, to participate in a live network penetration test with a grand prize of $100,000.

The First Ever Vendor-based Hackers Challenge in the USA

Threats associated with cyber-attacks are real and are growing. They are a real concern for many U.S. enterprises in healthcare, finance/banking, IT, utilities, retail, transportation and governments. All are steadily increasing their cyber defense budget and are continuously adapting new solutions and approaches. And yet, all are also willing to accept 99%, or even 95% defense, as the best that can be achieved.

Cyber 2.0, the sponsor of the Hacker’s Challenge, is a company that provides a defense solution against the spread of cyber-attacks within the organizational networks.

If you succeed in obtaining a highly classified information file, you will:

Win a $100,000 Reward

Time and Place:

Thursday, February 14th, 2019 at the GTRI (Georgia Tech Research Institute)
250 14th Street, NW, Atlanta, GA 30332
8:30 AM to 4:00 PM

Register at: www.Cyber20.com/Hackers-Challenge.aspx

The challenge includes computers and servers, configured for file sharing.
No other special configuration: no firewall and no antivirus or other defense programs are installed. The only defense mechanism is Cyber 2.0 in System.
Hackers will gain access to the network via a Wi-Fi access point.
They will also receive the admin user name and password for each of the computer and servers participating in the challenge.
To win, you need to gain access to and copy a file from the fileserver.

All those who register for the challenge must physically participate and be present at the GTRI to win.

For more information, contact: Josecylin Cole, USA Sales Channels Manager – M: {404) 375-2811 – Email: josecylin.cole@cyber20.com

January 23, 2019 By cs

Researchers: Flaws in vendor security software could leave some federal buildings vulnerable

Researchers at cybersecurity firm Tenable have discovered a number of previously unknown vulnerabilities in the access control systems of an ID card manufacturer and service provider used by federal agencies, including the Executive Office of the President.

Tenable researchers announced Monday they had found several weaknesses in the control system used by IDenticard, called PremiSys, which if exploited could allow an unauthorized person to gain access to secure buildings and disable locks, as well as exfiltrate user data or otherwise modify accounts using administrator privileges.

According to a blog posted Monday, the PremiSys system uses hardcoded usernames and passwords for administrator credentials that cannot be changed by the customers. The system also uses default usernames and passwords for database access, which the users can only change by sending preferred passwords to IDenticard, an additional step that some might not take, opting instead to leave the default credentials in place.

Keep reading this article at: https://www.nextgov.com/cybersecurity/2019/01/researchers-flaws-vendor-security-software-could-leave-some-federal-buildings-vulnerable/154231/

January 15, 2019 By cs

Due to shutdown, Cybersecurity Reskilling Academy applications remain open

Federal employees looking to learn cybersecurity skills now have more time to apply for a White House-backed education program.

The application deadline for the charter class of the Federal Cybersecurity Reskilling Academy was supposed to be Friday, but due to the ongoing partial government shutdown, that deadline has been indefinitely postponed.

Federal CIO Suzette Kent tweeted Thursday that the application process for the academy remained open while the shutdown is ongoing.

What’s unclear at this point is how long the application period will be extended and how the shutdown will affect the timeline for assessing and forming the academy’s first cohort. FedScoop reached out to OMB for comment.

Keep reading this article at: https://www.fedscoop.com/despite-shutdown-kent-says-reskilling-academy-applications-remain-open/