GovCon & Cyber Weekly Debrief (4/20–24)
This week's Weekly Debrief covers several interesting topics, including CISA incorporating aspects of the CMMC into new guidance, a CMMC-AB RFP for continuous monitoring, State's intel via open-source data, Space acquisition, and a JEDI update.
"A Cybersecurity and Infrastructure Security Agency task force will release supply chain guidance that incorporates aspects of the Pentagon’s Cybersecurity Maturity Model Certification program, a CISA official said."
"The accreditation body overseeing the Defense Department’s Cybersecurity Maturity Model Certification program—the CMMC-AB—issued a request for proposal that provides insight into how the group plans to keep track of contractors outside of conducting physical audits."
"Before coronavirus pandemic, parts of the intelligence community were already preparing to deal with another major disruption to the way it does business: The rise of emerging technology."
"The Navy wants to rebuild its legacy networks but needs to speed up its acquisitions first, according to Aaron Weis, the military service's CIO."
"Senior Defense Department officials are reviewing a report on reforming space acquisitions, according to U.S. Space Force Vice Commander Lt. Gen. David Thompson, who added the report could be sent to Congress in the near future."
"A federal judge will allow the Department of Defense to reconsider certain aspects of its enterprise cloud procurement despite opposition from Amazon, according to a court decision filed April 17."
This week's Weekly Debrief covers several interesting topics, including network segmentation, coronavirus scams, public sector ransomware attacks, NFL cybersecurity, the Illinois biometric privacy law, and the global privacy landscape.
"When IT leaders hear about segmentation, their first thought is usually about dividing a network up using VLANs or VXLANs. But segmentation also plays a critical security role in securing dynamic multi-cloud environments, IoT and BYOD strategies, and automated workflows in today’s highly distributed environments."
"Consumers' and small-business owners' expectations and attitudes toward government communications could make them more susceptible to coronavirus-related cybercrime, new data shows. An overall lack of skepticism combined with a willingness to engage may increase their risk."
"To pay or not to pay? That is the question many public-sector organizations must grapple with when faced with a complex ransomware attack – even while the COVID-19 pandemic rages on around them."
"Cybersecurity researchers from ESET on Thursday said they took down a portion of a malware botnet comprising at least 35,000 compromised Windows systems that attackers were secretly using to mine Monero cryptocurrency."
"The NFL draft is slated to start Thursday, and thanks to the COVID-19 pandemic, it will be the first virtual version of the event ever presented. This raises a few cybersecurity concerns, according to researchers and the teams themselves — but the NFL is planning on knocking the security ball straight through the uprights."
"A survey of U.S. corporate leaders released only a few months ago found those CEO’s ranking cyber threats and the potential over-regulation of data privacy among the greatest challenges to the growth of their organizations."
"In response to the global Covid-19 pandemic, employers and schools have turned to remote work and e-learning solutions, including meetings and classes held via Zoom, Google Hangouts, and Google’s “G Suite for Education,” among other applications."
"Data privacy is a human right. Consumers demanded their governments take action in protecting their privacy and finally, governments started listening. Europe was the first and jump-started this global trend of keeping data safe and regulated. They began by enforcing the General Data Protection Regulation (GDPR) in May 2018, which significantly increased the protection of people’s online data rights."