The Contracting Education Academy

Contracting Academy Logo
  • Home
  • Training & Education
  • Services
  • Contact Us
You are here: Home / Archives for hackers

June 6, 2019 By AMK

People are key to securing the defense-industrial supply chain

Infiltrating the defense supply chain is one of the most insidious means by which attackers can compromise our nation’s communications and weapons systems. Successfully targeting a single component of the defense industrial base can cause a ripple effect that can significantly impact everything from data centers to war fighters in theater.

The Department of Defense’s new “Deliver Uncompromised” security initiative is designed to tackle this problem at its root cause: third-party suppliers. In essence, the DoD is requiring its suppliers to bake security into their applications from the beginning of the production process. A “good enough” approach that just clears the bar for minimal security criteria is no longer good enough. Security must be ingrained in the very fabric of the entire production process.

Security starts with people

The process starts with people. They are responsible for ensuring that the solutions that comprise the supply chain work as designed and are inherently secure. They work closely with highly sensitive and proprietary information that is attractive to enterprising hackers. They are the first line of defense.

Unfortunately, those same factors make people the most attractive attack vector. When a malicious actor wants to gain access to a component or system, it’s often easier to just steal someone’s credentials than it is to try and find their way around a firewall. Obtaining a simple password is often enough to gain access to a critical system that can then be compromised, or information that can be exploited.

Keep reading article at: https://www.fifthdomain.com/opinion/2019/05/13/people-are-key-to-securing-the-defense-industrial-supply-chain/

Filed Under: Government Contracting News Tagged With: acquisition process, Affordable Health Care Act, controlled unclassified information, CUI, cybersecurity, defense, Defense Industrial Base, defense programs, defense solutions, DFARS, DoD, hackers, Sea Dragon, security, security threat, supply chain

March 19, 2019 By AMK

Army bets big on service contracts to fix aging IT

The Army’s information technology is too old, and modernization is too slow.

So the service needs a “fundamentally different” strategy that relies heavily on the private sector, Lt. Gen. Bruce Crawford said the Army has to start relying on contractors to own and operate IT on the Army’s behalf — what he calls “enterprise IT as a service” — and start moving on-base IT to Defense Department clouds.

“Around 70 percent overall of that [IT] infrastructure — in the case of voice, it’s probably as high as 90 percent — is at or near end of life,” Crawford told the Association of the US Army.  “[It] would take beyond the year 2030 — if we stayed on the current path — to modernize. We ran into one brick wall after another [asking], ‘how do we get speed,’” Crawford continued. So, about six months ago, he and Lt. Gen. Steve Fogarty, head of Army Cyber Command, realized “we needed to do something fundamentally different.”

This effort’s urgent because the aging IT on Army bases can’t protect data from high-end hackers, provide the bandwidth for new augmented-reality training systems or support combat units waging high-intensity warfare against great powers (i.e., Russia and China), Crawford said. “This reform and modernization initiative,” he said, “is less about saving money than it is about increasing operational effectiveness throughout the force.”

Keep reading this article at: https://breakingdefense.com/2019/03/army-bets-big-on-service-contracts-to-fix-aging-it/

Filed Under: Government Contracting News Tagged With: Army, Army Cyber Command, cloud, DoD, hackers, infrastructure, IT, modernization, technology

November 8, 2018 By AMK

DoD task force addresses the growing threats to critical technology

Amid an alleged campaign of hacking by the Chinese government, efforts are taking place to prevent the exfiltration of data and protect sensitive information that is stored in the U.S. government and the defense-industrial base.

In a memo dated Oct. 24, Secretary of Defense Jim Mattis announced the creation of the Protecting Critical Technology Task Force to safeguard critical American technology.

“Each year, American businesses lose hundreds of billions of dollars while our military superiority is challenged,” Deputy Secretary of Defense Patrick M. Shanahan said in a statement. “Together with our partners in industry, we will use every tool at our disposal to end the loss of intellectual property, technology and data critical to our national security.”

The PCTTF will report to Shanahan and Gen. Paul Selva, the vice chairman of the joint chief of staff. It includes representatives from the Central Intelligence Agency and the Defense Security Service, according to an industry official briefed on the matter.

Keep reading this article at: https://www.fifthdomain.com/dod/2018/11/02/a-new-dod-task-force-addresses-the-growing-threats-to-critical-technology/

Filed Under: Government Contracting News Tagged With: CIA, cyberattacks, cybersecurity, cyberthreat, DoD, DSS, hackers, intellectual property, technology

May 16, 2018 By AMK

Agency that vets Pentagon contractors’ security isn’t keeping up with the threat, audit finds

The Pentagon agency responsible for vetting contractors that handle classified information isn’t keeping up with the threat, according to an auditor’s report released Monday.

The Defense Security Service, or DSS, is responsible for vetting the security of over 12,000 contractor facilities, but could only accomplish about 60 percent of its workload during the 2016 fiscal year, according to the Government Accountability Office report.

That’s despite DSS’ own statement “that the United States is facing the most significant foreign intelligence threat it has ever encountered,” the report states.

DSS security reviews are broadly similar to the personal security clearances that government employees and contractors undergo and include issues such as a company’s foreign ties and risky past behavior.

Keep reading this article at: https://www.nextgov.com/cybersecurity/2018/05/agency-vets-pentagon-contractors-security-isnt-keeping-threat-audit-finds/148201/

Filed Under: Government Contracting News Tagged With: cyber, cybersecurity, Defense Security Service, DoD, DSS, hack, hackers, Pentagon, security, security clearance

April 3, 2018 By AMK

Researchers at Georgia Tech design robot to defend factories against cyberthreats

It’s small enough to fit inside a shoebox, yet this robot on four wheels has a big mission: keeping factories and other large facilities safe from hackers.
Cybersecurity experts have a new tool in the fight against hackers – a decoy robot. Researchers at Georgia Tech built the “HoneyBot” to lure hackers into thinking they had taken control of a robot, but instead the robot gathers valuable information about the bad actors, helping businesses better protect themselves from future attacks.

Meet the HoneyBot. 

Developed by a team of researchers at the Georgia Institute of Technology, the diminutive device is designed to lure in digital troublemakers who have set their sights on industrial facilities. HoneyBot will then trick the bad actors into giving up valuable information to cybersecurity professionals.

The decoy robot arrives as more and more devices – never designed to operate on the Internet – are coming online in homes and factories alike, opening up a new range of possibilities for hackers looking to wreak havoc in both the digital and physical world.

“Robots do more now than they ever have, and some companies are moving forward with, not just the assembly line robots, but free-standing robots that can actually drive around factory floors,” said Raheem Beyah, the Motorola Foundation Professor and interim Steve W. Chaddick School Chair in Georgia Tech’s School of Electrical and Computer Engineering. “In that type of setting, you can imagine how dangerous this could be if a hacker gains access to those machines. At a minimum, they could cause harm to whatever products are being produced. If it’s a large enough robot, it could destroy parts or the assembly line. In a worst-case scenario, it could injure or cause death to the humans in the vicinity.”

Internet security professionals long have employed decoy computer systems known as “honeypots” as a way to throw cyberattackers off the trail. The research team applied the same concept to the HoneyBot, which is partially funded with a grant from the National Science Foundation. Once hackers gain access to the decoy, they leave behind valuable information that can help companies further secure their networks.

“A lot of cyberattacks go unanswered or unpunished because there’s this level of anonymity afforded to malicious actors on the internet, and it’s hard for companies to say who is responsible,” said Celine Irvene, a Georgia Tech graduate student who worked with Beyah to devise the new robot. “Honeypots give security professionals the ability to study the attackers, determine what methods they are using, and figure out where they are or potentially even who they are.”

The gadget can be monitored and controlled through the internet. But unlike other remote-controlled robots, the HoneyBot’s special ability is tricking its operators into thinking it is performing one task, when in reality it’s doing something completely different.

“The idea behind a honeypot is that you don’t want the attackers to know they’re in a honeypot,” Beyah said. “If the attacker is smart and is looking out for the potential of a honeypot, maybe they’d look at different sensors on the robot, like an accelerometer or speedometer, to verify the robot is doing what it had been instructed. That’s where we would be spoofing that information as well. The hacker would see from looking at the sensors that acceleration occurred from point A to point B.”

In a factory setting, such a HoneyBot robot could sit motionless in a corner, springing to life when a hacker gains access – a visual indicator that a malicious actor is targeting the facility.

Rather than allowing the hacker to then run amok in the physical world, the robot could be designed to follow certain commands deemed harmless – such as meandering slowly about or picking up objects – but stopping short of actually doing anything dangerous.

So far, their technique seems to be working.

In experiments designed to test how convincing the false sensor data would be to individuals remotely controlling the device, volunteers in December 2017 used a virtual interface to control the robot and could not to see what was happening in real life. To entice the volunteers to break the rules, at specific spots within the maze, they encountered forbidden “shortcuts” that would allow them to finish the maze faster.

In the real maze back in the lab, no shortcut existed, and if the participants opted to go through it, the robot instead remained still. Meanwhile, the volunteers – who have now unwittingly become hackers for the purposes of the experiment – were fed simulated sensor data indicating they passed through the shortcut and continued along.

“We wanted to make sure they felt that this robot was doing this real thing,” Beyah said.

In surveys after the experiment, participants who actually controlled the device the whole time and those who were being fed simulated data about the fake shortcut both indicated that the data was believable at similar rates.

“This is a good sign because it indicates that we’re on the right track,” Irvene said.

This material is based upon work supported by the National Science Foundation under Grant No. 544332. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the National Science Foundation.

Source: http://www.rh.gatech.edu/news/604462/robot-designed-defend-factories-against-cyberthreats

Filed Under: Georgia Tech News Tagged With: cyber attacks, cyber incidents, cyberthreat, Georgia Tech, hackers, honeybot, honeypot, manufacturing, NSF, robotics

  • 1
  • 2
  • Next Page »

Popular Topics

abuse acquisition reform acquisition strategy acquisition training acquisition workforce Air Force Army AT&L bid protest budget budget cuts competition cybersecurity DAU DFARS DHS DoD DOJ FAR fraud GAO Georgia Tech GSA GSA Schedule GSA Schedules IG industrial base information technology innovation IT Justice Dept. Navy NDAA OFPP OMB OTA Pentagon procurement reform protest SBA sequestration small business spending technology VA
Contracting Academy Logo
75 Fifth Street, NW, Suite 300
Atlanta, GA 30308
info@ContractingAcademy.gatech.edu
Phone: 404-894-6109
Fax: 404-410-6885

RSS Twitter

Search this Website

Copyright © 2021 · Georgia Tech - Enterprise Innovation Institute