Beginning as a $26 million, two-year pilot project, the NCODE enclave will offer CMMC-compliant “cybersecurity as a service” for smaller firms that can’t protect themselves against advanced threats, said Army Undersecretary Gabe Camarillo.
"We're on the defense," Ron Bushar, senior vice president at Mandiant says. "I don't think we've hit a real deterrence level in this space yet. And that's going to be key to thinking through our strategy over the next few years."
On today’s battlefield, mobility isn’t optional - it’s mission-critical.
Threat actors are targeting one newly discovered and three previously known vulnerabilities in Pulse Connect Secure enterprise VPNs, according to a CISA emergency directive and alert, as well as blog posts by FireEye and Ivanti. "There is no indication the identified backdoors were introduced through a supply chain compromise of the company's network or software deployment process," FireEye noted.
Security professionals are increasingly observing multiple threat actors, from nation-states to cryptominers, exploiting the vulnerabilities. As for China-based HAFNIUM, "This is part of the much larger Chinese effort to constantly be ferreting out new vulnerabilities and then exploiting them -- with no end in sight," said Heritage's Dean Cheng. "The Chinese will pay close attention to the Biden administration response."
CMMC 1 is “what you’ve got to have to make sure your neighbor is not in your Netflix,” quipped Stacy Bostjanick, director of CMMC. “It’s very easy, and commensurate with basic cyber hygiene. I recommend that everyone get there, but as a COTS provider, you don’t have to.”
"This is the start of a new day in the Department of Defense where cybersecurity, as we’ve been saying for years is foundational for acquisitions, we’re putting our money where our mouth is. We mean it,” Katie Arrington says.
Midsized companies can offer flexibility and agility while keeping intellectual property in the hands of the government.
The NSA cannot mandate patching on its own, but the new Cybersecurity Maturity Model Certification (CMMC) allows the Pentagon to penalize companies in its supply chain that fail to adequately protect their networks.
Ellen Lord said DoD is working to develop a "microelectronics strategy," to bring manufacturing and testing to the US
Israeli officials said the message relayed during Secretary of State Mike Pompeo's hours-long visit included a very specific political warning – Israel must stop any action that strengthens the Chinese Communist Party, even if that means canceling projects already planned.
The head of the Pentagon’s Protecting Critical Technology Task Force wants to tighten security controls. That may conflict with the push to streamline acquisition.
Do more with less: streamline workflows, reduce duplication, invest upfront to save long-term.
The Pentagon is struggling to speed up acquisition at the same time it’s imposing new cybersecurity controls. But one senior official has an idea for how to do both.
“Security will be more important than speed in establishing a durable foundation for 5G’s future,” writes leading scholar Elsa Kania – and Washington must lead the way.
“We didn’t bring one of these cases because of what’s going on on the trade front,” assistant attorney general John Demers said, “and we’re not going to drop them even if we reach an agreement.”
Huawei founder Ren Zhengfei made a dramatic offer to let all comers license and modify his 5G technology. Making it secure would be a Herculean task.