GovCon & Cyber Weekly Debrief (4/13–17)
This week's Weekly Debrief covers several interesting topics, including a CMMC update, possible tech upgrades in next COVID stimulus bill, how the intel community is dealing with COVID-19, and DoD IG finds no interference from White House in JEDI.
"The coronavirus pandemic could alter the Defense Department's timeline for starting required cybersecurity audits. Katie Arrington, the chief information security officer with the Office of the Undersecretary of Defense for Acquisition, said the first audits for the Cybersecurity Maturity Model Certification and pathfinder projects could be delayed up to a month due to the coronavirus pandemic."
"The official tally of coronavirus cases in the Veterans Affairs’ health system topped 4,400 on Wednesday, and the death count rose to 272."
"The White House has directed federal chief information officers to help prioritize particular information about the coronavirus in internet search results by incorporating new standard tags into all relevant webpages starting Wednesday."
"The next stimulus package—expected to infuse trillions of dollars into the U.S. economy—must include significant and targeted funding for federal, state and local technology upgrades, according to a group of federal IT-focused advocacy groups."
"Like any other vital institution, the U.S. intelligence community is grappling with the disruptive effects of the coronavirus — including unconventional working hours and uncertainty among the employee and contractor work forces."
"The chairman of the House Committee on Transportation and Infrastructure has teamed up with the chairman of the House Armed Services readiness subcommittee to demand answers from the Federal Communications Commission on whether reallocating a band of spectrum will damage the Global Positioning System, or GPS, as the Pentagon claims."
"The Department of Defense personnel who evaluated proposals for the $10 billion Joint Enterprise Defense Infrastructure (JEDI) cloud contract were not pressured by the White House to award the deal to Microsoft, as far as the department’s inspector general can tell."
This week's Weekly Debrief covers some interesting topics, such as threat modeling, double extortion ransomware attacks spike, shadow IT issues in wake of COVID-19, and blockchain-based VPNs and privacy tech.
"Threat modeling is a structured process through which IT pros can identify potential security threats and vulnerabilities, quantify the seriousness of each, and prioritize techniques to mitigate attack and protect IT resources.This broad definition may just sound like the job description of a cybersecurity professional, but the important thing about a threat model is that it is systematic and structured.
"The Coronavirus has prompted thousands of information security professionals to volunteer their skills in upstart collaborative efforts aimed at frustrating cybercriminals who are seeking to exploit the crisis for financial gain. Whether it’s helping hospitals avoid becoming the next ransomware victim or kneecapping new COVID-19-themed scam websites, these nascent partnerships may well end up saving lives. But can this unprecedented level of collaboration survive the pandemic?"
"Victims of ransomware attacks now face a double whammy of headaches. Cybercriminals are increasingly inflicting more pain on ransomware victims by threatening to leak compromised data or use it in future spam attacks, if ransom demands aren’t met."
"With the massive shift to telework as a result of the COVID-19 pandemic, shadow IT is becoming a more critical security issue around the world. That's because some workers are using their own hardware and sometimes downloading free applications without first taking precautions with the help of the security department."
"A panel of data and privacy experts virtually provided recommended actions and guardrails for the Senate Commerce, Science and Transportation Committee as lawmakers consider ways of utilizing big data to respond to the COVID-19 pandemic."
"Every person who goes online today fights a losing privacy battle. Every site we visit, every app we download, every service we subscribe to collects our personal data. The number of places where this accumulates online shows exponential growth. There’s no way to keep track of it all, much less control who sees it."
. . .