NewsBrief June 25, 2021

Defense Logistics Agency Needs to Address Risk Management Deficiencies in Inventory Systems

(GAO@100) A Department of Defense task force concluded in 2018 that DOD’s inventory management systems were potentially vulnerable to attack. These systems, run by the Defense Logistics Agency, are used to manage the defense supply chain. We reviewed efforts to reduce the risks in 6 inventory management systems. The agency has taken some prescribed risk management actions but could do more. For example, we found 69% of its plans to fix identified security weaknesses were not carried out on time. We made 5 recommendations to improve the cybersecurity of these systems. Read More

Contract Spending Up Nearly $80 Billion in One Year

(FEDweek) Federal agency spending on contracts increased by nearly $80 billion in fiscal 2020 over the prior year to some $665 billion, GAO has said, with spending related to the pandemic accounting for $35 billion of the increase. The agency’s annual compilation of contract spending shows that once again, DoD spent more than all other agencies combined on contracts, nearly $422 billion compared with some $243 billion. Of the others, HHS and VA—two departments with substantial duties related to the pandemic—replaced Energy as the top spender, with about $41 billion and $37 billion, respectively. Read More

Industry matters when assessing cyber risk to the defense industrial base

(fedscoop) Manufacturing and research and development companies — not simply small and medium-sized businesses (SMBs) — bear the highest risk of cyberattacks within the defense industrial base, according to a BlueVoyant report released Tuesday. The New York City-based cybersecurity company independently analyzed available third-party data from a sample of 300 small and medium-sized defense contractors and found industry mattered more than size in determining cyberattack risk. Smaller businesses remained more susceptible within their industries. Read More

Model life-cycle transformation in the next decade

(McKinsey & Company) In the decade since US banking regulators published their seminal guidance on model-risk management (OCC Bulletin 2011-12 and SR Letter 11-7), the development, monitoring, testing, and validation of models have evolved considerably. While earlier rules focused narrowly on validation, SR 11-7 introduced a more comprehensive approach. In particular, the guidance addressed the potential for erroneous model outputs, taking into account errors originating between design and implementation. It also created an expectation that decision makers would understand model limitations and avoid using models at odds with their original purposes. Read More

DOD looks to boost cloud capabilities on foreign soil/span>

(fedscoop) The Department of Defense is looking for the support of foreign countries to build data centers and cloud computing capabilities outside of the U.S. to boost its global connectivity, according to a new cloud strategy document released in late May. The challenge is that the DOD needs to have total control of and access to both its data and the computing resources it will use to analyze it, but many foreign countries have laws that allow them as host nations to access any data stored on their soil. According to the department’s new Outside the Continental United States (OCONUS) Cloud Strategy, that would be a problem that requires DOD to negotiate directly with host nations and lean on commercial cloud service providers to keep its data and cloud capabilities private. Read More

Monitoring cyberspace activity in space

(Federal News Network) When you think of space, you don’t think of it as the frontline of cyber war, but that’s not the case. Many important aspects of U.S. critical infrastructure are controlled from space, and could be vulnerable to cyber attacks from malicious hackers. To help prevent that, the Cybersecurity and Infrastructure Security Agency has formed a Space Systems Critical Infrastructure Working Group. It will be a mix of government and industry members that will develop strategies to minimize risks to space systems. To learn more, I spoke with Jim Platt, the chief of Strategic Defense Initiatives at the Department of Homeland Security. Read More

DOD to elevate cyber, network testing in new exercises

(fedscoop) The Department of Defense will hold large-scale exercises this calendar year to test the resiliency of battlefield networks and project how the U.S. military would cope if it comes under sustained cyber attack while fighting future wars. The latest exercises will differ from current war games that focus on guns and tanks or experimenting with emerging tech, Lt. Gen. Dennis Crall, chief information officer for the Joint Staff said Monday. They will be focused on testing the Joint All Domain Command and Control (JADC2) strategy, where networks connect all military operations in air, land, sea, space and cyberspace. Read More

New algorithm helps autonomous vehicles find themselves, summer or winter

(ScienceDaily) Without GPS, autonomous systems get lost easily. Now a new algorithm developed at Caltech allows autonomous systems to recognize where they are simply by looking at the terrain around them — and for the first time, the technology works regardless of seasonal changes to that terrain. The general process, known as visual terrain-relative navigation (VTRN), was first developed in the 1960s. By comparing nearby terrain to high-resolution satellite images, autonomous systems can locate themselves. Read More

Machine Learning on Frontera Aids Earthquake Risk Prediction

(HPCwire) Our homes and offices are only as solid as the ground beneath them. When that solid ground turns to liquid — as sometimes happens during earthquakes — it can topple buildings and bridges. This phenomenon is known as liquefaction, and it was a major feature of the 2011 earthquake in Christchurch, New Zealand, a magnitude 6.3 quake that killed 185 people and destroyed thousands of homes. An upside of the Christchurch quake was that it was one of the most well-documented in history. Because New Zealand is seismically active, the city was instrumented with numerous sensors for monitoring earthquakes. Post-event reconnaissance provided a wealth of additional data on how the soil responded across the city. Read More

‘Giant arc’ stretching 3.3 billion light-years across the cosmos shouldn’t exist

(Space.com) A newly discovered crescent of galaxies spanning 3.3 billion light-years is among the largest known structures in the universe and challenges some of astronomers’ most basic assumptions about the cosmos. The epic arrangement, called the Giant Arc, consists of galaxies, galactic clusters, and lots of gas and dust. It is located 9.2 billion light-years away and stretches across roughly a 15th of the observable universe. Read More