defence department – РИСК-АКАДЕМИЯ – АНО ДПО ИСАР

DISA Opens Bidding on $11.7B IT Modernization Contract: Top 20

riskacademy — Sat, 12 Dec 2020 01:54:30 +0000

The Defense Information Systems Agency will outsource most network management, cybersecurity, and technical services functions serving 22 at Defense Department agencies to a single contractor , according to a final request for proposals released on Dec. 8.

Defense Enclave Services, with its massive scope and implications for the future of the Pentagon’s IT acquisition strategy, is the subject of this week’s Top 20 Opportunities. The contract will have a maximum dollar value of $11.7 billion over a possible 10-year lifespan.

DISA officials had planned to release the final RFP in September, but delayed the process to give DOD chief information officer Dana Deasy time to complete a review of the program. The agency intends to evaluate bids throughout the spring and summer of 2021 and make an award decision in the first quarter of fiscal 2022.

Potential bidders have until Feb. 8 to respond to the RFP.

4th Estate Network Modernization

DES will serve as the primary vehicle for the Pentagon’s planned 4th Estate Network Optimization (4ENO) program, referring to the 22 civilian-led agencies, collectively known as the “fourth estate.” They include DISA, the Defense Logistics…

Making software more than ‘IT thing’ — FCW

riskacademy — Mon, 16 Nov 2020 03:21:14 +0000

Defense

Making software more than ‘IT thing’

By Lauren C. Williams
Nov 15, 2020

Software modernization has a branding problem, and it’s going to take more than the colloquial culture shift to speed up the Defense Department’s adoption of modern tech capabilities.

“Part of the marketing of this is to make sure that being good at software escapes the domain of IT people and really gets thought of in the context of making us more effective at warfighting,” Peter Ranks, the deputy CIO for information enterprise, told FCW.

“The real challenge for the leadership, I think, is not to just latch on to the tech piece of this, but to really be willing to dig in and have the sustained focus to kind of impact culture,” Ranks said.

But the bureaucracy isn’t built for software’s rapid development, increased demand and security needs — something that played a major role during the Defense Department’s response to tech needs spurred by the pandemic and teleworking.

“We’ve…

Pentagon easing pandemic travel restrictions

riskacademy — Thu, 24 Sep 2020 14:54:50 +0000

To listen to the Federal Newscast on your phone or mobile device, subscribe in PodcastOne or Apple Podcasts. The best listening experience on desktop can be found using Chrome, Firefox or Safari.

The Defense Department is steadily lifting the travel restrictions it imposed in response to COVID-19. This week’s update from the Pentagon shows just over half of the military’s worldwide installations are now in the “green” category — meaning servicemembers can move to and from those bases without special permission. Four bases were added to the unrestricted list in the past week. DoD considers several factors in deciding whether to change an installation’s status, including whether adequate health care services are available at the base and conditions in the local community.

Inspectors general on the Pandemic Response Accountability Committee warn a job well done tracking about $3 trillion in coronavirus spending still means billions in fraud. The committee’s acting chairman Michael Horowitz says only 1% of fraudulent spending would rival the Justice Department’s annual budget. He says current indicators suggest that the actual level of misspent funds…

DoD CIO attempts to remove non-technical obstacles to digital transformation

riskacademy — Mon, 03 Aug 2020 18:05:56 +0000

For Defense Department chief information officer Dana Deasy, digital transformation was never just about the cloud.

This is why making the Air Force’s dev/sec/ops program, known as Platform One, a DoDwide enterprisewide service is an important milestone.

Dana Deasy is the DoD chief information officer.

Deasy said Platform One will make it easier for the military services and defense agencies to modernize applications.

“My office recently designated one of the most mature dev/sec/ops platforms within the department, the Air Force Platform One, as an enterprise service which has the effect of making this capability broadly-available across the DoD. That designation also links directly into the software acquisition policy released by Acquisition and Sustainment that encourages both the uses of dev/sec/ops and adoption of existing enterprise services,” Deasy said during a briefing with reporters on July 30. “While we tend to focus on technology when we talk about software, it is important to acknowledge that progress is delivering — delivering capability more rapidly will depend as much on non-technical enablers such as changes to acquisition policy, cyber risk…

Securing the supply chain at its most vulnerable: The reseller channel

riskacademy — Wed, 29 Jul 2020 22:38:10 +0000

From cyber hackers to counterfeit products, phishing, ransomware and theft of intellectual property, agencies face significant cyber threats from their supply chains. There is growing concern focused on the reseller channel, an often vulnerable link. In too many cases, agencies are trusting without verifying and opening the door to potential threats.

As the last mile in federal supply chains, the channel manages an enormous amount of federal data, including Controlled Unclassified Information (CUI). While large original equipment manufacturers (OEMs) have vigorous supply chain practices, and some resellers will have all the required controls in place, other resellers do not have the resources to combat threats in the reseller channel. Adversaries exploit the reseller because it is the most cost effective opportunity, and vulnerabilities with small resellers are often magnified, resulting in a disruption in the entirety of a supply chain.

Consider, there are thousands of small resellers selling to federal agencies, the Defense Department, and the Intelligence Community. The barrier to entry is low. There is also often intense economic pressure to sell products, regardless…

Pentagon’s Enterprise DevSecOps Initiative Presents an Ambitious Model for the Future of Software

riskacademy — Fri, 24 Jul 2020 17:08:42 +0000

Nicolas Chaillan has his work cut out for him. His title alone—chief software officer for the Air Force—bears the weight of an entire concept, where the talents of specialists in development, security and operations, are fused to make and maintain more sound products faster, and his supervisors want him to produce 100,000 people from his mold within a year.

“I was the first chief software officer. I don’t think there’s any others yet,” Chaillan said. “When I first started, we had dozens of teams doing all that work in disparate and uncoordinated environments.”

Chaillan is now also co-lead for the Defense Department’s Enterprise DevSecOps initiative. He spoke with Nextgov about the effort, which got its start back in August 2018 while he was at the Office of the Secretary of Defense for Acquisition and Sustainment.

In a traditional stepped “waterfall” model of software production and use, tasks associated with security and operations—such as testing and maintenance—are at the bottom end. The concept of DevSecOps puts them on an even plane with the design and coding phases of the process. With all these intrinsically linked activities happening at the same…

US Cybercom virtual war game girds against increased threats, IT News, ET CIO

riskacademy — Fri, 26 Jun 2020 11:32:50 +0000

Foreign hackers are taking advantage of the coronavirus pandemic to undermine institutions and threaten critical infrastructure, a top U.S. military cyber official said Thursday.

The comments from Coast Guard Rear Adm. John Mauger of U.S. Cyber Command came a day after Defense Department officials briefed reporters on virtual war games that digital combatants from U.S. and allied militaries have been holding to sharpen their abilities to counter online threats with real-world impact.

“We’ve seen increased adversary activity” since the pandemic began, Mauger said on a conference call, declining to discuss the threat in more specific detail. “We’re one part of the whole of government effort to defend our democracy in this complex cyber environment.”

On Wednesday, Cybercom offered reporters a window into what it described as its largest virtual training exercise to date – in this case, a simulated attack on an airfield’s control systems and fuel depots. Attackers tried to plant malware and gain access through phishing while defenders hunted for the intruders and their tools.

The Defense Department has hosted similar training exercises in previous years for its own fighters, as well as…

Senate Defense bill would eliminate DoD’s chief management officer

riskacademy — Thu, 25 Jun 2020 15:27:56 +0000

Just a little more than two years after the Pentagon complied with a Congressional mandate to create a new senior position to focus on business management and reform, lawmakers appear fully prepared to abandon the idea.

The Senate’s version of the 2021 National Defense Authorization Act, released by the Senate Armed Services Committee on Tuesday, includes provisions would eliminate the position of Defense Department chief management officer. If enacted, it would follow through on an intention Congress expressed in last year’s bill, when lawmakers included language opining that DoD has “faced significant structural challenges in implementing the Chief Management Officer position since its inception.”

The inception wasn’t all that long ago. Congress created the CMO’s office in the 2017 NDAA, making it the Pentagon’s third-highest ranking position, and it didn’t take effect until February of 2018.

Even so, the office is viewed “nearly unanimously” as having not met Congress’ intent of driving lasting and meaningful business reforms throughout the military services and Defense agencies, according to a Congressionally-directed study the Defense Business…

Top 25 Cyber Execs to Watch in 2020: Coalfire Federal’s Bill Malone

riskacademy — Sun, 17 May 2020 23:00:19 +0000

Bill Malone, Coalfire Federal

Under President Bill Malone’s leadership, Coalfire Federal in 2019 completed the successful transition from an 8(a)/small business to a large cybersecurity services provider. Coalfire Federal grew 20%, achieved its ISO 20000 certification to go along with its IS0 9001/27001 and CMMI III and was named to the Top Workplaces for 2019 by The Washington Post.

As a Federal Risk and Authorization Management Program third-party assessment organization, Coalfire continued to support the ever-growing cloud services provider market and to advise federal clients on cloud security.

Why Watch:

Coalfire Federal’s top priority in 2020 is to leverage its multiframework experience to become one of the first accredited 3PAOs in the Defense Department’s emerging Cybersecurity Maturity Model Certification program. The Pentagon’s priority now is to safeguard every mission and to ensure security in every vendor along its supply chain, including the largest industrial contractors and the smallest administrative and support firms, Malone noted in a recent GCN article.

“With the move to the cloud, mission-critical priorities must be…