13 novembre 2019 | International, C4ISR, Sécurité

Here are some new tools coming to protect the supply chain

By: Andrew Eversden

The Department of Defense is working with a unnamed company to mitigate cybersecurity vulnerability discovered in a technology used by the Pentagon, the DoD's Deputy Chief CIO Michele Iversen said Nov. 12.

Without going into specific detail, Iversen said the department is working to remove the product.

“The company was compromised [and] had a big cybersecurity vulnerability,” said Iversen, speaking at Fifth Domain's annual CyberCon conference. “And we have seen bad things coming from those products, so we are looking at how to use our authorities ... [to] block those products or companies for national security systems.”

This highlights a broader issue facing the DoD: how to protect its supply chain.

To mitigate supply chain risk, Iversen said that she is working on a supply chain illumination tools. She said that these are useful because its made up of publicly available information that doesn't need any level of classification.

Specifically, she said she's working on a decision support tool where she can expose a “bare minimum set of publicly available supply chain information.”

“So when people are going to look and make their purchases, they have information available to them,” she said.

She said, ultimately, she wants the DoD CIO's office to offer that tool as a service.

The National Institute of Standards and Technology is also starting to develop cybersecurity tools. NIST's Jon Boyens, acting deputy chief of the computer security division, said that his team at the standards agency is working on a supplier inter-dependency tool “to look at different suppliers and their criticality” to allow for government to be more effective in asking for capabilities during the procurement process.

“Industry is saying, ‘You know, we've invested in this but we're not getting any incentives' ... and so they're kind of looking for incentives for investing in technology,” said Boyens.

Iversen said that technology research and development also presents its own attack surface with which it needs to grapple. If the research and development was done in a foreign country, that presents a unique set of threats. For example, Iversen pointed to back-up software being placed into a nuclear command-and-control system.

“Maybe you just say anything where the R&D ... [is] done in those countries is just off limits,” Iversen said. “It just makes common sense. It's fixing stupid.”

https://www.fifthdomain.com/smr/cybercon/2019/11/12/here-are-some-new-tools-coming-to-protect-the-supply-chain/

Sur le même sujet

  • COVID-19: Army Delays Missile Defense Network Test EXCLUSIVE

    8 avril 2020 | International, Aérospatial, Terrestre, C4ISR

    COVID-19: Army Delays Missile Defense Network Test EXCLUSIVE

    The long-awaited IBCS battle network is meant to connect a wide range of Army radars and weapons – and potentially other services' as well – for anti-aircraft and missile defense. By SYDNEY J. FREEDBERG JR. WASHINGTON: The Army has indefinitely postponed a major test of its IBCS air and missile defense network to protect the soldiers and civilians involved from the COVID-19 coronavirus, Breaking Defense has learned. A battalion of air defense troops who'd been training for weeks at White Sands Missile Range have been sent back to home base. Even more important for public health, technical experts from multiple Army agencies and contractors will no longer have to travel to the test. Known formally as a Limited User Test, the event requires participation from across the country, the head of the Army's air & missile defense modernization task force, Bring Gen. Brian Gibson, told me in late March. The LUT would involve both soldiers and civilians from Fort Sill, the Army's artillery & air defense center; Huntsville, headquarters for the service's missile procurement; and extensive support from the host facility, White Sands Missile Range, as well as neighboring El Paso, Tex., Gibson said. Other participants would come from even further afield, such as Army Test & Evalucation Command (ATEC) at Aberdeen Proving Grounds. “There are testers from afar that come in to oversee that test,” Gibson told me. “Those are all variables that are part of this daily assessment on should we, can we, do we continue?” Ironically, the soldiers training for the test were probably safer than the general public – as long as they were isolated in the desert at the vast White Sands Missile Range. But if one of them were somehow exposed to the coronavirus, Gibson warned, the patient would be in close quarters with lots of other soldiers and a long way away from a hospital. “Certainly, being away from large population centers is a different dynamic, [and] most of the time that is positive,” Gibson told me in March, “but, also, we're very cognizant that's still a pretty large number of individuals we have together in tight quarters that are further away from population centers where most of the health care infrastructure and support is.” There have been no reports that any soldiers involved have fallen ill. The test had been scheduled to begin May 15, after weeks of intensive training and preparation. No new date has been set, but if the Army can start the LUT up in July – far from a foregone conclusion – it can keep the high-priority program on schedule. Why IBCS Matters What is IBCS? The name is an awkward nested acronym for Integrated Air & Missile Defense (IAMD) Battle Command System. The network is intended to share data and commands seamlessly among a wide range of historically incompatible systems across the Army and, potentially, the other services. As such, it's the No. 1 priority in the Army's air & missile defense portfolio, which is in turn one of the service's Big Six priority areas for modernize. The program's been in the works for over a decade with many ups, downs and delays, but the Army and lead contractor Northrop Grumman are confident they have turned IBCS around. Four years ago, an earlier — disastrous — Limited User Test revealed software problems that led the Army to delay the program four years and overhaul the entire program. Since that 2016 LUT, the Army and Northrup have been bringing soldiers and engineers together frequently to try out the latest software upgrades and make fixes, rather than waiting for feedback from a major test event. The Army even brought in the Air Force for an experiment in which an F-35A Joint Strike Fighter successfully transmitted targeting data on a missile to IBCS. Compatibility with IBCS is now mandatory for all future Army air & missile defense systems, which has been a stumbling block for the Israeli-made Iron Dome. Top brass have even begun touting IBCS as a key building block of the future Joint All-Domain Command & Control (JADC2) mega-network meant to coordinate all the armed services in a future war with Russia or China. So the Army and Northrop were understandably eager to show off how well the latest version of IBCS performs. When they'll have a chance to do so depends less on what they do themselves than on the progress the entire nation makes against an insidious and invisible enemy. https://breakingdefense.com/2020/04/covid-19-army-delays-missile-defense-network-test-exclusive

  • Defense tech companies can apply for Pentagon loans starting next year

    1 octobre 2024 | International, Terrestre

    Defense tech companies can apply for Pentagon loans starting next year

    The effort will help companies fund the construction and equipment needed to scale production of technologies the DOD deems critical to national security.

  • Why Microsoft (Not Amazon) Could Win The Pentagon Contract

    8 janvier 2019 | International, C4ISR

    Why Microsoft (Not Amazon) Could Win The Pentagon Contract

    Beth Kindig Summary The majority of forecasts favor Amazon for the Pentagon contract while overlooking the partnerships that MS has made with the DoD since Nadella became CEO in 2014. By the first quarter of 2019, Azure Government Secret will support "Secret U.S. classified data or Defense Information Systems Agency (DISA) level 6" which is on par with Amazon. The question that remains is if the Pentagon will want to use Amazon for cloud infrastructure while using Microsoft for operating systems and software. In 2019, the biggest cloud customer in the world will be the United States Department of Defense. The DoD is currently reviewing bids to award a single cloud provider a multi-year contract. Obviously, this isn't your typical enterprise IT department, transferring from on-premise servers, or a startup who needs the flexibility of cloud infrastructure to scale. The program is called the Joint Enterprise Defense Initiative, or JEDI, and its purpose is to move the DoD's massive computing systems into the cloud. This one contract is worth $10 billion, or 25% of the current market, which currently stands at $40 billion in annual revenue. Many prognosticators and reporters unanimously believe the contract will go to Amazon Web Services. This belief is so strong that vendors, such as Oracle and IBM, made a rebuttal to Congress, believing the terms of the proposal favored Amazon. However, the majority of these forecasts overlook Microsoft's strength in security and IT, and the alliances Microsoft has been forming with the DoD since Satya Nadella became CEO in 2014. Admittedly, guessing a company other than Amazon will win the Pentagon contract is a pure gamble, however, there are strong indicators for Microsoft that should not be overlooked. Background on JEDI Contract The Pentagon contract will move 3.4 million users and 4 million devices off private servers and into the cloud. The security risks of using servers outside the Pentagon's domain are offset by physically separated government regions and hybrid solutions that extend on-premise servers by adding the cloud where necessary. The benefits of artificial intelligence, deep learning, and other technologies like virtual reality are essential for modern warfare as real-time data will inform missions when soldiers are in the field and also help to prepare them for combat. https://seekingalpha.com/article/4231824-microsoft-amazon-win-pentagon-contract

Toutes les nouvelles