NSA chief explains new cyber directorate | FCW


The National Security Agency’s new cyber directorate wants to bridge gaps between government agencies and the defense industrial base, according to the agency’s chief Gen. Paul Nakasone.

“NSA’s new cybersecurity directorate, which opened for business last week, will give us a laser focus on these challenges,” said Nakasone, who also leads U.S. Cyber Command, during an Oct. 9 keynote at the FireEye Cyber Defense Summit in Washington, D.C.

Nakasone named three reasons behind standing up the cybersecurity directorate, which is headed by Anne Neuberger and stood up Oct. 1: to combat an evolving threat landscape, capitalize on ability to set security standards and make vulnerability assessments, and enhance partnerships with Cyber Command, Homeland Security, FBI and industry.

Source: NSA chief explains new cyber directorate — FCW

Former Navy Secretary: Effective Cybersecurity Requires Persistent Presence | Nextgov


If you lead an organization of any size in the United States today, you sit atop a powerful technology stack. Your communications, calendar and finances coordinate instantly, globally—as long as the networks keep working, and you have access to that data. Disrupting those networks creates chaos.

In nearly eight years as Secretary of the Navy, I faced a steep challenge on how to manage cyber threats at the pace of 8 million attempted intrusions a day in an organization of 900,000 people.

Here’s how we maintained presence in the cyber domain—and you can too …

Source: Former Navy Secretary: Effective Cybersecurity Requires Persistent Presence – Nextgov

NSA official: ‘Dumb’ software supply chain attacks still prevalent | FCW


While much of the discussion around supply chain security has focused on the parts, components and gear that make up an organization’s physical IT assets, a growing number of experts are making the case that vulnerabilities in the software supply chain may represent the larger cybersecurity threat over the long haul.

A 2018 survey of 1,300 IT security professionals by cybersecurity firm CrowdStrike found that nearly 80% of respondents said their organizations needed to devote more resources to their software supply chain, and 62% said the issue was being overlooked during IT spending decisions.

That lack of attention may be creating easy pathways for malicious hackers. According to Cheri Caddy, director of public private partnerships at the National Security Agency, rudimentary, easily exploitable software vulnerabilities are still the most common ways bad actors get into systems and networks.

Source: NSA official: ‘Dumb’ software supply chain attacks still prevalent — FCW

NSA Warns of Vulnerabilities in Multiple VPN Services | Nextgov


Nation-state actors are actively exploiting vulnerabilities in three different virtual private network services to gain access to users’ devices, according to the National Security Agency.

In an advisory issued Monday, NSA said international hackers were taking advantage of bugs in older versions of virtual private network applications produced by Pulse Secure, Fortinet and Palo Alto Networks. Users of the products are “strongly recommended” to update their systems, the agency said.

Source: NSA Warns of Vulnerabilities in Multiple VPN Services – Nextgov

GSA Certifies Two More Vendors Ahead of Task Order Deadline on $50B Telecom Contract  | Nextgov


Two more vendors on the General Services Administration’s $50 billion Enterprise Infrastructure Solutions telecom contract received an authority to operate, or ATO, verifying they can provide a baseline of cybersecurity for the infrastructure that enables agencies’ IT to function.

BT Federal and Harris have been added to the list of completed ATOs, where they join AT&T, CenturyLink and Verizon. The remaining four vendors—CoreTech, Granite, MetTel and MicroTech—are still in progress, GSA confirmed.

Source: GSA Certifies Two More Vendors Ahead of Task Order Deadline on $50B Telecom Contract  – Nextgov

Protection from Ransomware Attacks Isn’t as Simple as Insurance | Nextgov


Local governments facing an onslaught of ransomware attacks are increasingly turning to insurance to protect them if hackers successfully take control of a city’s computer system.

But experts warn that local governments may not be getting the level of protection they need through basic policies. And when insurance companies opt to pay ransoms, rather than cover the (sometimes exorbitant) cost to recover data, they make local governments a bigger target for hackers.

Source: Protection from Ransomware Attacks Isn’t as Simple as Insurance – Nextgov

The Pentagon is Standing Up a Nonprofit to Assess Vendor Cybersecurity  | Nextgov


The Defense Department is looking to stand up a nonprofit organization to measure the strength of its contractors’ cybersecurity practices.

The group would be responsible for running the vendor accreditation process under the Pentagon’s new Cybersecurity Maturity Model Certification, or CMMC. The framework, which was released in draft form last month, will serve as a yardstick for determining if contractors are taking sufficient steps to protect the sensitive military data that resides on their networks.

Source: The Pentagon is Standing Up a Nonprofit to Assess Vendor Cybersecurity  – Nextgov

NIST looking for partners to secure energy IoT | FCW

null
The National Institute for Standards and Technology is looking to enter into cooperative research agreements for products and technical expertise that can secure energy-related internet-of-things devices.

In a posting scheduled to be published Oct. 8 in the Federal Register, NIST is asking all interested organizations to submit letters of interest to enter a Cooperative Research and Development Agreement with the agency to “provide an architecture that can be referenced and develop guidance for securing [industrial IoT devices] in commercial and/or utility-scale distributed energy resource environments.”

Source: NIST looking for partners to secure energy IoT — FCW

Jim Langevin’s view from the Hill | FCW


Few lawmakers in Congress today cover as much ground in cybersecurity policy as Rep. Jim Langevin (D-R.I.).

From his perch as chairman of the House Armed Services Committee and a member of the House Homeland Security Committee, Langevin has visibility and input into many of the most critical offensive and defensive issues confronting the U.S. government in cyberspace today. He’s also co-founder of the Congressional Cybersecurity Caucus and a member of the U.S. Cyber Solarium Commission.

Source: Jim Langevin’s view from the Hill — FCW

Ganzi company sells off $7.5bn property units


Marc Ganzi’s Colony Capital has raised $7.5 billion by offloading two of its real-estate operations in advance of its Zayo acquisition.

Digital Bridge, led by Ganzi (pictured), is merging with Colony and is the company that is due to buy Zayo for $14.3 billion in the first half of next year in a joint move with Swedish investor EQT.

One of the two money-raising deals, announced this week, sees it selling its industrial warehouses to Blackstone group for $5.9 billion. This deal includes 465 light industrial buildings in 26 US markets, mainly aimed at last-mile logistics companies.

Source: Ganzi company sells off $7.5bn property units