GovCon & Cyber Weekly Debrief (3/16–20)
This week's Weekly Debrief covers COVID-19 and its impact on government contractors, Federal cyber policy, NIST's suggestions for securing virtual meetings, and the Pentagon's legislative proposal for the Space Force.
"This week the Office of Management and Budget issued a memo asking federal agencies and departments to offer “maximum telework flexibilities” to eligible employees. A top representative for the federal services industry says it won’t do much good for contractors—or public health—if contracting officers aren’t specifically told to modify the relevant legal agreements."
"As the U.S. government works to mitigate the devastating public health and economic ramifications of the novel coronavirus, federal contractors should be on alert for potential restrictions from state and local governments and guidance from their customers, lawyers from the firm Morrison & Foerster said March 19."
"With the Coronavirus Disease 2019 (COVID-19) spreading across the globe, efforts to contain it and to mitigate its serious health consequences are causing increasing disruptions to international and domestic business."
"The government needs to collect and store better data to develop a more effective cyber strategy and strengthen defenses, Cyberspace Solarium Commission members said March 17. The Cyberspace Solarium Commission, which laid out several cyber policy recommendations March 11, suggested that the broader federal government and private sector adopt the Department of Defense’s defend forward policy, in which the DoD can operate on foreign networks, as part of a larger national strategyfocused on using both military and non-military tools to deter adversaries."
"With more federal employees working from home, the National Institute of Standards and Technology gave advice on how to keep virtual meetings secure. NIST recommended limiting the reuse of access codes for web meetings and conference calls, and limiting the recording of meetings unless necessary. The agency also suggested using multi-factor authentication for meetings to discuss sensitive issues."
"WASHINGTON — The Pentagon has sent proposed legislation to Capitol Hill that would help clarify the role of the Space Force and fill in some details on how the new service will be organized.But while the proposal was initially anticipated to answer some major questions — like whether the service will have a vice chief or how to incorporate the Guard and Reserve forces — the version sent to Capitol Hill earlier this month kicks most of those issues down the road."
This week's Weekly Debrief covers COVID-19 and cybersecurity issues, quantifying cyber risk, cloud misconfigurations and the need for DevSecOps, the best/worst browsers for privacy, and privacy issues with sharing smartphone location data to help combat the spread of COVID-19.
"Risk. According to Mirriam-Webster the word has several meanings. First is "possibility of loss or injury: PERIL." A little down the list comes, "the chance of loss or the perils to the subject matter of an insurance contract, also: the degree of probability of such loss." Now, from a business perspective, we're getting somewhere."
"While organizations can take plenty of steps to ensure employees are well-equipped to work remotely in a secure manner, threat actors of all stripes are already taking advantage of the COVID19/coronavirus situation. Never ones to miss an opportunity, attackers are ramping up operations to spread malware via Covid19-themed emails, apps, websites and social media. Here’s a breakdown of potential threat vectors and techniques threat actors are using to attack organizations."
"Developers have become accustomed to deploying apps in data centers with what could be described as a 'crunchy hard outer layer,' to keep their data center secure. But when it comes to the public cloud, 'it just doesn’t exist that way,' said Ryan Olson, vice president of threat intelligence with Palo Alto Networks’ Unit 42 research team."
"As a result of the COVID-19 outbreak, cybercriminals increasingly are targeting organizations that now have more remote workers and fewer IT and security staff at the ready to mitigate hacker attacks and intrusions, security experts say."
"MICROSOFT EDGE RECEIVED the lowest privacy rating in a recently published study, which compared the user information collected by major browsers. Yandex, the less-popular browser developed by the Russian Web search provider Yandex, shared that dubious distinction; Brave, the upstart browser that makes privacy a priority, ranked the highest."
"The White House and the Centers for Disease Control and Prevention are asking Facebook, Google and other tech giants to give them greater access to Americans' smartphone location data in order to help them combat the spread of the coronavirus, according to four people at companies involved in the discussions who are not authorized to speak about them publicly."
. . .