security threat | The Contracting Education Academy

September 24, 2020 By cs

Comments on government supply chain rule push for better definitions and more time

Industry groups and other comments highlight the difficulty of complying with a provision of last year’s defense authorization act that requires the removal of products from companies including Huawei and ZTE.

The broad, ambiguous language of Congressionally-mandated rule for government contractors to remove products and services from companies that pose threats to national security is complicating implementation, according to public comments.

The comment period for the interim Federal Acquisition Rule implementing Part B of Section 889 — a provision of the 2019 National Defense Authorization Act — closed last week, and the more than 30 comments submitted raise questions related to fundamental compliance issues.

While in general, commenters agree with the rule’s intent, groups representing industry, including the National Defense Industrial Association, BSA | The Software Alliance, the Coalition for Government Procurement and the Internet Association submitted detailed letters to Regulations.gov outlining compliance challenges. Nearly all asked for extended timelines for implementation and better definitions for key terms and phrases used in the regulation.

Keep reading this article at: https://www.nextgov.com/cybersecurity/2020/09/comments-government-supply-chain-rule-push-better-definitions-and-more-time/168460/

December 11, 2019 By cs

Top DoD scientist sets up task forces to look at industrial base, infrastructure

The Defense Department’s top scientist is concerned about the state of defense businesses, critical infrastructure and security of microelectronics in the military, and he’s asking some of the Pentagon’s top minds to look into the issues.

In three Oct. 30 memos to the Defense Science Board — a group of military, civilian, science and academic experts sponsored by DoD — Defense Undersecretary for Research and Engineering Michael Griffin asks that task forces be set up to assess the businesses the Pentagon needs to create weapons and how to protect the military’s resiliency. He also asks a task force to look at how to ensure trustworthy microelectronics are used in military systems.

The 21^st Century Industrial Base for National Defense Task Force is tasked with taking proactive steps to increase the depth, breadth and security of the defense industrial base.

The memo gives the task force up to 12 months to study how the industrial base can respond to the need for the military to surge and mobilize. It will also look at how industry can adapt modernization practices to continuously adapt to threats.

Keep reading this article at: https://federalnewsnetwork.com/defense-main/2019/11/top-dod-scientist-sets-up-task-forces-to-look-at-industrial-base-infrastructure/

June 6, 2019 By AMK

People are key to securing the defense-industrial supply chain

Infiltrating the defense supply chain is one of the most insidious means by which attackers can compromise our nation’s communications and weapons systems. Successfully targeting a single component of the defense industrial base can cause a ripple effect that can significantly impact everything from data centers to war fighters in theater.

The Department of Defense’s new “Deliver Uncompromised” security initiative is designed to tackle this problem at its root cause: third-party suppliers. In essence, the DoD is requiring its suppliers to bake security into their applications from the beginning of the production process. A “good enough” approach that just clears the bar for minimal security criteria is no longer good enough. Security must be ingrained in the very fabric of the entire production process.

Security starts with people

The process starts with people. They are responsible for ensuring that the solutions that comprise the supply chain work as designed and are inherently secure. They work closely with highly sensitive and proprietary information that is attractive to enterprising hackers. They are the first line of defense.

Unfortunately, those same factors make people the most attractive attack vector. When a malicious actor wants to gain access to a component or system, it’s often easier to just steal someone’s credentials than it is to try and find their way around a firewall. Obtaining a simple password is often enough to gain access to a critical system that can then be compromised, or information that can be exploited.

Keep reading article at: https://www.fifthdomain.com/opinion/2019/05/13/people-are-key-to-securing-the-defense-industrial-supply-chain/

Industry groups and other comments highlight the difficulty of complying with a provision of last year’s defense authorization act that requires the removal of products from companies including Huawei and ZTE.

The Defense Department’s top scientist is concerned about the state of defense businesses, critical infrastructure and security of microelectronics in the military, and he’s asking some of the Pentagon’s top minds to look into the issues.

Search this Website