April 2, 2024 | International, Land
November 13, 2019 | International, C4ISR, Security
Here are some new tools coming to protect the supply chain
By: Andrew Eversden
The Department of Defense is working with a unnamed company to mitigate cybersecurity vulnerability discovered in a technology used by the Pentagon, the DoD's Deputy Chief CIO Michele Iversen said Nov. 12.
Without going into specific detail, Iversen said the department is working to remove the product.
“The company was compromised [and] had a big cybersecurity vulnerability,” said Iversen, speaking at Fifth Domain's annual CyberCon conference. “And we have seen bad things coming from those products, so we are looking at how to use our authorities ... [to] block those products or companies for national security systems.”
This highlights a broader issue facing the DoD: how to protect its supply chain.
To mitigate supply chain risk, Iversen said that she is working on a supply chain illumination tools. She said that these are useful because its made up of publicly available information that doesn't need any level of classification.
Specifically, she said she's working on a decision support tool where she can expose a “bare minimum set of publicly available supply chain information.”
“So when people are going to look and make their purchases, they have information available to them,” she said.
She said, ultimately, she wants the DoD CIO's office to offer that tool as a service.
The National Institute of Standards and Technology is also starting to develop cybersecurity tools. NIST's Jon Boyens, acting deputy chief of the computer security division, said that his team at the standards agency is working on a supplier inter-dependency tool “to look at different suppliers and their criticality” to allow for government to be more effective in asking for capabilities during the procurement process.
“Industry is saying, ‘You know, we've invested in this but we're not getting any incentives' ... and so they're kind of looking for incentives for investing in technology,” said Boyens.
Iversen said that technology research and development also presents its own attack surface with which it needs to grapple. If the research and development was done in a foreign country, that presents a unique set of threats. For example, Iversen pointed to back-up software being placed into a nuclear command-and-control system.
“Maybe you just say anything where the R&D ... [is] done in those countries is just off limits,” Iversen said. “It just makes common sense. It's fixing stupid.”
On the same subject
-
-
May 26, 2022 | International, Naval
Photos show China has fielded another semi-submersible transport ship
The official China Military Online website showed the semi-submersible heavy ship Yinmahu transporting a Type 958 air-cushioned landing craft.
-
December 8, 2020 | International, Aerospace, Naval, Land, C4ISR, Security
Contract Awards by US Department of Defense - December 07, 2020
ARMY West-MGE JV,* Tempe, Arizona, was awarded a $40,000,000 firm-fixed-price contract for civil works and hydrology and hydraulics services. Bids were solicited via the internet with 15 received. Work locations and funding will be determined with each order, with an estimated completion date of Dec. 7, 2025. The U.S. Army Corps of Engineers, Albuquerque, New Mexico, is the contracting activity (W912PP-21-D-0001). AIR FORCE International Enterprises Inc., Talladega, Alabama, has been awarded a $12,469,948 firm-fixed-price, indefinite-delivery/indefinite-quantity (IDIQ), requirements contract for F-16 modular low power radio frequency (MLPRF) and dual mode transmitter (DMT) repairs. This contract provides for the repair of both MLPRF and DMT, which function as part of the radar systems of each F-16 C/D aircraft. Work will be performed in Talladega, Alabama, and is expected to be completed Dec. 6, 2025. This award is the result of a competitive acquisition and one offer was received. Funding for the initial order is not presently available due to the contract being a requirements-type IDIQ. The Air Force Material Command, Hill Air Force Base, Utah, is the contracting activity (FA8251-21-D-0004). U.S. TRANSPORTATION COMMAND Air Transport International Inc., Wilmington, Ohio, has been awarded a task order HTC711-21-F-W009 under contract HTC711-19-D-W002 in the estimated amount of $7,650,630. The contract provides international, commercial, door to door, cargo transportation services. Multiple or single modes (e.g. airlift, sealift, linehaul) of transportation may be used in any combination to move cargo globally. The task order period of performance is from Dec. 4, 2020, to March 6, 2021. Fiscal 2021 transportation working capital funds were obligated at award. U.S. Transportation Command, Directorate of Acquisition, Scott Air Force Base, Illinois, is the contracting activity. (Awarded Dec. 4, 2020) *Small business https://www.defense.gov/Newsroom/Contracts/Contract/Article/2438179/source/GovDelivery/