Weekly Debrief (12/14–18)
This week's Weekly Debrief covers the SolarWinds breach, a Senate bill to modernize the government's response to cyberattacks, DNA's request to abort the CUI program, Amazon's newest JEDI protest, and DoD's first CMMC pathfinder contracts.
"The fallout from the SolarWinds breaches will be far more difficult and time-consuming to remediate than originally assumed, as the attackers likely found more ways to enter federal networks than just the SolarWinds Orion product and have been targeting IT and response personnel, according to the government’s lead cybersecurity agency."
Since as far back as March, Russian hackers have been on a sinister tear. By slipping tainted updates into a widely used IT management platform, they were able to hit the United States Commerce, Treasury, and Homeland Security departments, as well as the security firm FireEye. In truth, no one knows where the damage ends; given the nature of the attack, literally thousands of companies and organizations have been at risk for months. It only gets worse from here."
"A bipartisan duo of senators introduced legislation late last week to update the Federal Information Security Modernization Act (FISMA) by clarifying how agencies share information about breaches in federal data systems."
"In a bureaucratic bombshell, Director of National Intelligence John Ratcliffe has asked the White House to rescind a ten-year-old executive order that required a uniform policy for marking and handling 'controlled unclassified information' (CUI)."
"It’s been more than two years since the Pentagon announced its $10 billion, decade-long JEDI cloud contract, which was supposed to provide a pathway to technological modernization for U.S. armed forces. While Microsoft was awarded the contract in October 2019, Amazon went to court to protest that decision, and it has been in legal limbo ever since."
"The Defense Department on Thursday disclosed the first seven contracts that are likely to be the initial test cases for the Cybersecurity Maturity Model Certification (CMMC) program, DoD’s new approach to shoring up its suppliers’ IT security."
. . .