Posts in category: Uncategorized

The Cybersecurity and Infrastructure Security Agency and the FBI have released a Secure by Design Alert concerning cross-site scripting vulnerabilities, or XSS.

CISA said Tuesday that XSS can be prevented and ought not to be present in software products, yet they continue to appear, providing threat actors with exploit opportunities.

According to the alert, XSS can be brought about by the failure of a software maker to properly escape, validate or sanitize inputs, making it possible for threat actors to inject malicious scripts into web applications.

The alert calls on leaders at technology manufacturers to instruct personnel to conduct a review of such deficiencies and develop a strategic plan to prevent them moving forward.

The alert also recommends that technology manufacturers review the principles of secure by design software as outlined in a previous guidance.

The Potomac Officers Club’s 2024 Intel Summit will bring together top Intelligence Community officials, government decision-makers and industry executives to discuss the future of American intelligence. Register now to attend this important event!

The National Oceanic and Atmospheric Administration and Esri have signed a partnership agreement to collaborate and build a prototype open data platform designed to deliver actionable ocean and coastal data to decision-makers and communities.

NOAA said Monday the demonstration project’s end goal is to design an information system that could enable users to access, interpret and use ocean and coastal data to address critical issues.

“Combining NOAA’s ocean and coastal expertise with Esri’s long history of user-centered tools will unlock the true value of these data in the hands of the communities that need them most,” said NOAA Administrator Rick Spinrad.

The two institutions will use NOAA’s massive data stores and Esri’s geospatial technical capabilities to develop the prototype, which will serve as a proof of concept for translating the agency’s data into actionable intelligence or issue-relevant information like renewable energy siting or conservation planning.

They also expect the prototype ocean and coastal data hub to serve as a primary component in the development of cross-sector partnerships among nongovernmental organizations, academia, ocean communities and the private sector to help identify gaps. 

“We are happy to collaborate with NOAA to help make their comprehensive and authoritative ocean and coastal data a mapping resource for decision-making, conservation and education,” said Jack Dangermond, president of Esri.

After six months, NOAA and Esri will reassess the agreement to determine how to advance their work.

The Department of Defense’s Office of the Under Secretary of Defense for Research and Engineering — or USD R&E — has issued a document establishing policy and procedures for the verification, validation and accreditation of models, simulations, distributed simulations and related data.

The latest DOD Instruction, titled DOD Modeling and Simulation Verification, Validation and Accreditation, took effect Tuesday.

The document outlines the responsibilities of the USD R&E director of operational test and evaluation and heads of the Defense Intelligence Agency, National Geospatial-Intelligence Agency and Defense Health Agency, among other officials, when it comes to verifying and accrediting models and simulations.

The instruction, for instance, directs the USD R&E to coordinate with the department’s component heads to develop policies, plans and procedures for implementing and managing VV&A for models, simulations and associated data and foster cooperative research, development, investment and application of VV&A technologies.

The document establishes the basis for credible modeling and simulation across the department and includes a section for VV&A documentation requirements.

Heidi Shyu, DOD’s under secretary for research and engineering and a 2024 Wash100 awardee, approved the latest instruction.

The Marine Aviation Logistics Squadron 11 and Marine Fighter Attack Squadron 232 tested the AGM-158A joint air-to-surface standoff missile, U.S. Marine Corps’ newest F/A-18 Hornet weapon, on Aug. 27 to 28 at the Marine Corps Air Station Miramar in San Diego, California.

According to the USMC, the two squadrons were the first to conduct ordnance operations with the new Hornet missile.

During the testing, live AGM-158A JASSM was loaded onto the F/A-18 of the VMFA-232 to assess the loading procedures, including the aircraft loading sequence and post-loading checks, and verify the compatibility of the software.

Maj. Bradley Kirby, 3rd Marine Aircraft Wing aviation ordnance officer, pointed out that the integration of the AGM-158A JASSM, with its advanced sensors, range, and precision-strike capabilities, enables the Hornet to strike targets from beyond the reach of enemy air defenses.

“This added capability will greatly increase 3rd Marine Aircraft Wing’s ability to support the joint force and enable greater freedom of maneuver across all operational domains,” stated Kirby.

Warrant Officer Josiah Hood, VMFA-232 ordnance officer, noted that the JASSM validation and verification process will be the basis of checklists for the Marine Corps and the Navy to use against future adversaries.

The Marine Corps plans to add AGM-158B JASSM extended range and AGM-158C long-range anti-ship missiles to F-35B/C’s arsenal to enhance its long-range, maritime strike capabilities.

A memorandum of understanding has been signed between the Department of Commerce’s Economic Development Administration and the Department of Defense’s Defense Innovation Unit.

The aim of the MOU is to integrate the Tech Hubs Program of the EDA — which seeks to invest in U.S. regions that could become globally competitive in critical technologies and industries — with the regional outreach initiatives of the DIU, according to a news article posted Monday on the DIU website.

The ultimate goal of the effort is to help connect U.S. innovations to scaling, commercialization and procurement opportunities.

EDA Deputy Assistant Secretary Cristina Killingsworth commented on the agreement, saying it will help innovators in the U.S. better take advantage of connections, assets and resources. She went on to say that members of the Tech Hub consortia “will gain insights into DoD needs, have opportunities to showcase cutting-edge technologies—from autonomous systems to durable batteries—and hopefully secure contracts to supply these critical innovations to DoD.”

For her part, DIU Deputy Director for Commercial Operations Liz Young McNally said the agreement will allow her agency to better act as an “on-ramp” for organizations that seek to work with the DOD and the rest of the government.

McNally added that because of its regional economic development work, EDA is “an ideal partner” for the DIU, which helps commercial companies scale their work and deliver capabilities to warfighters.

Isabel Casillas Guzman, head of the Small Business Administration, and Federal Trade Commission Chair Lina Khan discussed the efforts of SBA and FTC to help improve the competitiveness of small businesses.

SBA said Monday that Guzman cited the agency’s work to enhance competition in government contracting and small business lending.

In fiscal year 2023, small enterprises accounted for 28.4 percent of all contracting dollars.

SBA noted that its rulemaking that sought to simplify loan programs has resulted in a doubling of small-dollar loans under the 7(a) loan program.

“Under the Biden-Harris Administration, the SBA, the FTC, and other federal agencies have worked to ensure equitable market opportunity, and discussions like today’s are a crucial part of our continued work together to prioritize competition and a level playing field for our small businesses,” said Guzman.

“Equipping entrepreneurs with knowledge, networks, and resources to navigate federal agencies and regulation strengthens them so they can compete successfully in the marketplace,” she added.

Meanwhile, FTC has developed a final rule to prohibit noncompete clauses, a measure that could lead to the formation of 8,500 new businesses each year.

“A key part of the FTC’s work is making sure our markets are open, fair, and competitive so that small businesses and entrepreneurs have a fair shot,” said Khan.

“The ability to start and run your own business is a core part of our American economic freedoms, and the FTC is going to keep using all of our tools to make sure small businesses and entrepreneurs can compete,” the chairwoman added.

Guzman and Khan held the discussion during the annual meeting of SBA’s Regional Regulatory Fairness Boards.

The Cybersecurity and Infrastructure Security Agency has developed a guidebook by which it will coordinate and support the cybersecurity efforts of the federal civilian executive branch. 

Titled “FCEB Operational Cybersecurity Alignment,” or FOCAL, the CISA plan provides the broad concepts for organizing federal cybersecurity and identifies action steps in five priority areas that agencies can take in 2025, CISA said Monday.    

The FOCAL plan’s priorities are aligned with each agency’s standards and reporting requirements, with each priority area addressing a goal, such as building a cybersecurity architecture resilient to evolving cyberthreats. 

FOCAL’s other priorities include the management of the vulnerabilities of the FCEB’s interconnected assets in the cyber environment. The plan also prioritizes the creation of a cyber supply chain risk management system, including third-party structures.

According to Jeff Greene, CISA executive assistant director for cybersecurity, FCEB agencies must be proactive and united to counter the persistent cyberthreats hanging over interconnected federal data and systems. “The actions in the FOCAL plan orient and guide FCEB agencies toward effective and collaborative operational cybersecurity and will build resilience,” he added.