13 novembre 2019 | International, C4ISR, Sécurité

Here are some new tools coming to protect the supply chain

By: Andrew Eversden

The Department of Defense is working with a unnamed company to mitigate cybersecurity vulnerability discovered in a technology used by the Pentagon, the DoD's Deputy Chief CIO Michele Iversen said Nov. 12.

Without going into specific detail, Iversen said the department is working to remove the product.

“The company was compromised [and] had a big cybersecurity vulnerability,” said Iversen, speaking at Fifth Domain's annual CyberCon conference. “And we have seen bad things coming from those products, so we are looking at how to use our authorities ... [to] block those products or companies for national security systems.”

This highlights a broader issue facing the DoD: how to protect its supply chain.

To mitigate supply chain risk, Iversen said that she is working on a supply chain illumination tools. She said that these are useful because its made up of publicly available information that doesn't need any level of classification.

Specifically, she said she's working on a decision support tool where she can expose a “bare minimum set of publicly available supply chain information.”

“So when people are going to look and make their purchases, they have information available to them,” she said.

She said, ultimately, she wants the DoD CIO's office to offer that tool as a service.

The National Institute of Standards and Technology is also starting to develop cybersecurity tools. NIST's Jon Boyens, acting deputy chief of the computer security division, said that his team at the standards agency is working on a supplier inter-dependency tool “to look at different suppliers and their criticality” to allow for government to be more effective in asking for capabilities during the procurement process.

“Industry is saying, ‘You know, we've invested in this but we're not getting any incentives' ... and so they're kind of looking for incentives for investing in technology,” said Boyens.

Iversen said that technology research and development also presents its own attack surface with which it needs to grapple. If the research and development was done in a foreign country, that presents a unique set of threats. For example, Iversen pointed to back-up software being placed into a nuclear command-and-control system.

“Maybe you just say anything where the R&D ... [is] done in those countries is just off limits,” Iversen said. “It just makes common sense. It's fixing stupid.”

https://www.fifthdomain.com/smr/cybercon/2019/11/12/here-are-some-new-tools-coming-to-protect-the-supply-chain/

Sur le même sujet

  • Contract Awards by US Department of Defense - October 12, 2018

    15 octobre 2018 | International, Aérospatial, Naval, Terrestre, C4ISR, Sécurité

    Contract Awards by US Department of Defense - October 12, 2018

    DEFENSE INFORMATION SYSTEMS AGENCY Iridium Satellite LLC, Tempe, Arizona, was awarded a non-competitive, firm-fixed-price $44,000,000 contract modification (P00008) for the extension of services on the current airtime contract (HC104714C4000) in accordance with Federal Acquisition Regulation 52.217-8. Fiscal 2019 defense working capital funds will be used. Performance will be at the contractor's facility. The period of performance for the option period is Oct. 22, 2018, through April 21, 2019. The Defense Information Technology Contracting Organization, Scott AFB, Illinois, is the contracting activity. DEFENSE LOGISTICS AGENCY Creighton AB Inc., Reidsville, North Carolina, has been awarded a maximum $35,000,000 fixed-price contract for Air Force lightweight jackets. This was a competitive acquisition with two responses received. This is a one-year base contract with four one-year option periods. Maximum dollar amount is for the life of the contract. Locations of performance are New York and North Carolina, with an Oct. 11, 2023, performance completion date. Using military service is Air Force. Type of appropriation is fiscal 2019 through 2024 defense working capital funds. The contracting activity is the Defense Logistics Agency Troop Support, Philadelphia, Pennsylvania (SPE1C1-19-D-1104). Simmonds Precision Products Inc., Vergennes, Vermont, has been awarded an $11,024,500 firm-fixed-price, indefinite-delivery/indefinite-quantity contract for electro-me actuators. This is a five-year base contract with four one-year option periods. This was a competitive acquisition with two responses received. Location of performance is Vermont, with an Oct. 15, 2023, performance completion date. Using military service is Army. Type of appropriation is fiscal 2019 Army working capital funds. The contracting activity is the Defense Logistics Agency Aviation, Redstone Arsenal, Alabama (SPRRA1-19-D-0004). Transaero Inc., Melville, New York, has been awarded a $9,500,000 firm-fixed-price, indefinite-delivery/indefinite-quantity contract for assembly clutches. This is a five-year base contract with four one-year options periods. This was a competitive acquisition with two responses received. Location of performance is New York, with a Nov. 30, 2023, performance completion date. Using military service is Army. Type of appropriation is fiscal 2019 Army working capital funds. The contracting activity is the Defense Logistics Agency Aviation, Redstone Arsenal, Alabama (SPRRA1-19-D-0002). ARMY Medvolt LLC,* Colorado Springs, Colorado, was awarded a $19,978,985 firm-fixed-price contract for upgrading the chilled water line system at the Cheyenne Mountain Air Force Station. Bids were solicited via the internet with one received. Work will be performed in Cheyenne Mountain Air Force Station, Colorado, with an estimated completion date of Oct. 15, 2020. Fiscal 2019 operations and maintenance (Army) funds in the amount of $19,978,985 were obligated at the time of the award. U.S. Army Corps of Engineers, Omaha, Nebraska, is the contracting activity (W9128F-19-C-0001). AIR FORCE Rockwell Collins, Richardson, Texas, has been awarded a $12,010,975 definitization (P000013) to previously undefinitized contract FA8204-18-C-0010 (P00005) to implement Security Classification Guide changes. Work will be performed at Richardson, Texas, and is expected to be completed by Dec. 3, 2020. Fiscal 2018, research, development, test and evaluation funds in the amount of $818,227 are being obligated at the time of award. Air Force Nuclear Weapon Center, Hill Air Force Base, Utah, is the contracting activity. NAVY Complete Parachute Solutions, Deland, Florida, is awarded a $9,270,000 modification under previously awarded firm-fixed-price contract (M00264-18-C-0007) for the Multi-Mission Parachute Course. The Multi-Mission Parachute Course provides training and technical support for all Military Free-Fall training to ensure compliance with all Federal Aviation Administration Regulations and Marine Corps Orders to safely meet the Marine Corps Training Input requirements. This contract includes four one-year option periods which, if exercised, could bring the cumulative value of this contract to $42,763,854. Work will be performed in Coolidge, Arizona, and is expected to be completed Sept. 27, 2019. If all options are exercised, work will continue through Sept. 27, 2022. Fiscal 2019 operations and maintenance (Marine Corps) funds in the amount of $9,270,000 will be obligated at the time of contract modification award and will expire at the end of the current fiscal year. The original contract was competitively solicited and competitively procured via solicitation on the Federal Business Opportunity website, with one proposal received. The Marine Corps Installation National Capital Region-Regional Contracting Office, Quantico, Virginia, is the contracting activity. FlightSafety Services Corp., Centennial, Colorado, is awarded an $8,354,866 modification (P00004) under a previously awarded firm-fixed-price contract (N6134018C0019) for aircrew training services in support of the TH-57B/C community, including instruction, operation, and curriculum support. Work will be performed at the Naval Air Station, Whiting Field, Florida, and is expected to be completed in October 2019. No funds are being obligated at time of award. The Naval Air Warfare Center Training Systems Division, Orlando, Florida, is the contracting activity. Huntington Ingalls Inc., Newport News, Virginia, is awarded a $7,031,737 cost-plus-fixed-fee modification to previously awarded contract (N00024-17-C-2103) to exercise an option for the accomplishment of planning and design yard functions for standard Navy valves of nuclear-powered submarines and aircraft carriers. Work will be performed in Newport News, Virginia, and is expected to be completed by September 2019. Fiscal 2019 operations and maintenance (Navy) funding in the amount of $600,000 will be obligated at time of award and will expire at the end of the current fiscal year. The Naval Sea Systems Command, Washington, District of Columbia, is the contracting activity. *Small Business https://dod.defense.gov/News/Contracts/Contract-View/Article/1660999/source/GovDelivery/

  • Spanish air chief calls for Madrid to meet NATO's 2 percent defense spending goal

    5 novembre 2021 | International, Aérospatial

    Spanish air chief calls for Madrid to meet NATO's 2 percent defense spending goal

    The Spanish air force's top military official wants his country to invest more in its military apparatus, to be able to defend itself at home and contribute to its international partnerships.

  • Lockheed to upgrade Chilean Air Force’s F-16 jets

    6 novembre 2023 | International, Aérospatial

    Lockheed to upgrade Chilean Air Force’s F-16 jets

    Chilean military sources say the contract is simply the start of this upgrade program and that more spending and deals are likely.

Toutes les nouvelles