GovCon & Cyber Weekly Debrief (3/30–4/3)
This week's Weekly Debrief covers a number of issues, such as the CMMC (NIST will be helping with standards for third-party assessors), research shows the Pentagon is using other buying tools 10 times more often (OTAs and SBIRs), and GSA's e-commerce plans and OPM merger.
"About 3,500 people have registered for the first of a series of webinars organizers are planning to meet the high demand for knowledge of how the Pentagon’s Cybersecurity Maturity Model Certification program will work."
"The National Institute of Standards and Technology will play a “core” role in setting standards for third-party assessors to participate in the Defense Department‘s new Cybersecurity Maturity Model Certification (CMMC)."
"Literally and figuratively, there’s no area of military activity that’s further away from the coronavirus than U.S. military assets in space. But the economic effects of the counter-virus lockdown are causing potentially fatal problems for some young space companies and that could threaten the Defense Department’s plans."
"The amount of funding for defense research awarded through other transaction authorities have increased nearly tenfold in five years, according to a new analysis seen exclusively by Defense News. The report, by data and analytics firm Govini, shows the use of OTAs and small business innovation research contracts has expanded to the point that, in 2019, the two methods accounted for $9.6 billion, or 10 percent of the Defense Department’s research, development, test and evaluation spending."
"The Defense Department is getting what seems like almost universal pushback on its legislative proposal to classify its spending plans for future years. The Pentagon floated the proposal for the 2021 defense authorization bill. It would hide the Future Years Defense Plan (FYDP) from the public, the Congressional Research Service and the Government Accountability Office. The FYDP calculates what DoD thinks it will spend on programs and services five years out from the present."
"The General Services Administration's push to create an electronic purchasing portal for federal agencies has been shoved to the sidelines by the government's more urgent demands for IT hardware and service support for telework."
"Democrats on the House Oversight and Reform Committee said that the Trump administration would violate provisions of the 2020 National Defense Authorization Act blocking the planned merger of the Office of Personnel Management and the General Services Administration if it moves forward with plans to rescind OPM’s authority to operate two federal buildings in the Washington, D.C., area."
This week's Weekly Debrief includes articles on cybercriminals targeting Zoom, Google, and Teams, Marriott's second data breach, best practices to manage third-party risk, privacy settings on Zoom, and coronavirus-era surveillance and biometric systems posing privacy problems.
"The increased video conferencing activity due to COVID-19 has given cybercriminals the opportunity to use typosquatting and URL hijacking by imitating many of the top conferencing platforms."
"International hotel chain Marriott today disclosed a data breach impacting nearly 5.2 million hotel guests, making it the second security incident to hit the company in recent years." At the end of February 2020, we identified that an unexpected amount of guest information may have been accessed using the login credentials of two employees at a franchise property," Marriott said in a statement."
"Just five years ago, many companies focused their cyber defense efforts almost entirely on their own organizations. Today, they are increasingly concerned about third-party risks, with good reason.According to Ponemon Institute's "US Cost of a Data Breach Study," third-party organizations accounted for 42% of all breach cases, dropping only slightly from 44% of all cases in 2008."
"THE NOVEL CORONAVIRUS has impacted the global economy, daily life, and human health around the world, changing how people work and interact everyday. But in addition to the pressing threat the virus poses to human health, these rapid changes have also created an environment in which hackers, scammers, and spammers all thrive."
"There’s a good chance you hadn’t heard of Zoom when 2020 started. Unless you regularly participate in business-focused video chats, the enterprise-oriented tool wasn’t part of your regular routine. Then came COVID-19 and social distancing, of course, making video chat the closest option many people have for responsible face-to-face interaction. Suddenly, Zoom’s typical uses—earnings reports, powerpoint slides—started living alongside online happy hours and remote board game sessions."
"As the COVID-19 pandemic grips the globe, new surveillance methods are already raising new privacy and security challenges despite the still-early days of this crisis. Chief among these potential problems is the sudden turn by the government toward using geolocation data to track millions of Americans' cell phones in monitoring the spread of the disease."
. . .