The U.S. Spent $2.2 Million on a Cybersecurity System That Wasn’t Implemented — and Might Have Stopped a Major Hack

ProPublica is a Pulitzer Prize-winning investigative newsroom. Sign up for The Big Story newsletter to receive stories like this one in your inbox.

NEW YORK—As America struggles to assess the damage from the devastating SolarWinds cyberattack discovered in December, ProPublica has learned of a promising defense that could shore up the vulnerability the hackers exploited: a system the federal government funded but has never required its vendors to use.

The massive breach, which U.S. intelligence agencies say was “likely Russian in origin,” penetrated the computer systems of critical federal agencies, including the Department of Homeland Security, the Treasury Department, the National Institutes of Health and the Department of Justice, as well as a number of Fortune 500 corporations. The hackers remained undetected, free to forage, for months.

The hackers infiltrated the systems by inserting malware into routine software updates that SolarWinds sent to customers to install on its products, which are used to monitor internal computer networks. Software updates customarily add new features, remove bugs and boost security. But in this instance, the hackers commandeered the process by slipping in malicious code, creating secret portals (called “back doors”) that granted them access to an untold bounty of government and company secrets.

The incursion became the latest — and, it appears, by far the worst — in a string of hacks targeting the software supply chain. Cybersecurity experts have voiced concern for years that existing defenses, which focus on attacks against individual end users, fail to spot malware planted in downloads from trusted software suppliers. Such attacks are especially worrisome because of their ability to rapidly distribute malicious computer code to tens of thousands of unwitting customers.

This problem spurred development of a new approach, backed by $2.2 million in federal grants and available for free, aimed at providing end-to-end protection for the entire software supply pipeline. Named in-toto (Latin for “as a whole”), it is the work of a team of academics led by Justin Cappos, an associate computer science and engineering professor at New York University. Cappos, 43, has made securing the software supply chain his life’s work. In 2013, Popular Science named him as one of its “Brilliant Ten” scientists under 40.

Cappos and his colleagues believe that the in-toto system, if widely deployed, could have blocked or minimized the damage from the SolarWinds attack. But that didn’t happen: The federal government has taken no steps to require its software vendors, such as SolarWinds, to adopt it. Indeed, no government agency has even inquired about it, according to Cappos.

“In security, you almost never go from making something possible to impossible,” Cappos told ProPublica, during two video interviews from Shanghai, where he is teaching. “You go from making it easy to making it hard. We would have made it much harder for the [SolarWinds] attackers, and most likely would have stopped the attack.” Although the SolarWinds breach was a “really sneaky” approach, Cappos said, “in-toto definitely can protect against this. It’s very possible to catch it.”

In-toto’s system has supporters among experts in the government and corporations. When ProPublica asked Robert Beverly, who oversees in-toto’s federal grant as a program director at the National Science Foundation, whether using in-toto could have saved the government from the hack, he replied, “Absolutely. There seems to be some strong evidence that had some of the, or all of the, in-toto technologies been in place, this would have been mitigated to some extent.” Beverly, whose NSF responsibilities include “cybersecurity innovation for cyberinfrastructure” and who is on leave from his post as a computer science professor at the Naval Postgraduate School, added that it’s impossible to know for sure what impact in-toto would have had, and that the system remains at an early stage of adoption. “Unfortunately,” said Beverly, “it often takes some of these kinds of events to convince people to use these kinds of technologies.”

Some companies have embraced in-toto, and others, like Microsoft, have expressed interest. “I am a big fan of in-toto,” Kay Williams, head of Microsoft’s initiatives in open source and supply-chain security, said in an email to ProPublica. A second Microsoft program manager, Ralph Squillace, praised in-toto in a recent NYU press release for applying “precisely to the problems of supply chain confidence the community expects distributed applications to have in the real world.” (After Williams’ initial response, Microsoft declined to comment further.)

One senator blasted the government’s failure to use a system it paid for. “The U.S. government invested millions of dollars in developing technology that can protect against this threat, and while several large technology companies have already adopted it, they are the exception,” said Sen. Ron Wyden, D-Ore., a member of the Senate Intelligence Committee. “The government can speed up industry adoption of this best practice by requiring every government contractor to implement the best available technology to protect their supply chains.”

The in-toto system requires software vendors to map out their process for assembling computer code that will be sent to customers, and it records what’s done at each step along the way. It then verifies electronically that no hacker has inserted something in between steps. Immediately before installation, a pre-installed tool automatically runs a final check to make sure that what the customer received matches the final product the software vendor generated for delivery, confirming that it wasn’t tampered with in transit.

Cappos and a team of colleagues have worked to develop the in-toto approach for years. It’s been up and running since 2018. The project received a three-year grant from the National Science Foundation that year, aimed at promoting “widespread practical use” of in-toto. (Later in 2018, President Donald Trump signed the Federal Acquisition Supply Chain Security Act, aimed at protecting government secrets from software supply-chain threats.)

In-toto could block and reveal countless cyberattacks that currently go undetected, according to Cappos, whose team includes Santiago Torres-Arias, an assistant electrical and computer engineering professor at Purdue University, and Reza Curtmola, co-director of the New Jersey Institute of Technology’s Cybersecurity Research Center. In an August 2019 paper and presentation to the USENIX computer conference, titled “in-toto: Providing farm-to-table guarantees for bits and bytes,” Cappos’ team reported studying 30 major supply-chain breaches dating back to 2010. In-toto, they concluded, would have prevented between 83% and 100% of those attacks.

“It’s available to everyone for free, paid for by the government, and should be used by everyone,” said Cappos. “People may still be able to break in and try to hack around it. But this is a necessary first step and will catch a ton of these things.” The slow pace of adoption is “really disappointing,” Cappos added. “In the long game, we’ll win. I just don’t know that we want to go through the pain that it’ll take for everyone to wise up.”

One of in-toto’s earliest adopters, starting in 2018, was Datadog, a SolarWinds competitor that provides monitoring software for internet cloud applications. Now a publicly traded company with 2020 revenues of nearly $600 million, its customers include Nasdaq, Whole Foods and Samsung. Datadog uses in-toto to protect the security of its software updates. In an NYU press release, Datadog staff security engineer Trishank Kuppusamy, who worked on the program’s design and implementation, said that what distinguishes in-toto is that it “has been designed against a very strong threat model that includes nation-state attackers.” (Datadog did not reply to ProPublica’s requests for comment.)

The General Services Administration, which provides access to software for federal government agencies, still lists SolarWinds products available for purchase. But it said in a statement that “compromised versions” of SolarWinds programs identified by DHS are no longer available.

SolarWinds itself declined to weigh in on whether its hack could have been prevented. “We are not going to speculate on in-toto and its capabilities,” a spokesman said in an emailed statement. “We are focused on protecting our customers, hardening our security and collaborating with the industry to understand the attack and prevent similar attacks in the future.”

Previously little known to the general public, SolarWinds is a public company based in Austin, Texas, with projected 2020 revenues of just over $1 billion. It boasts of providing software to 320,000 customers in 199 countries, including 499 of the Fortune 500 companies. In a recent SEC filing, the company said its flagship Orion products, the vehicle for the cyberattack, provide about 45% of its revenues. A SolarWinds slogan: “We make IT look easy.”

After the hack was discovered, SolarWinds’ stock plunged, and it is now facing shareholder lawsuits. The company has shifted aggressively into damage-control mode, hiring CrowdStrike, a top cybersecurity firm; elite Washington lobbyists; a crisis-communications advisor; and the newly formed consulting team of Christopher Krebs, the former director of the Cybersecurity and Infrastructure Security Agency (who was famously fired for contradicting Trump’s claims of mass voting fraud) and Alex Stamos, former security chief at Facebook.

News of what’s now known as the SolarWinds attack first came on Dec. 8. That’s when FireEye, perhaps the nation’s preeminent hack-hunter, announced that it had itself fallen victim to a “highly sophisticated state-sponsored adversary” that had broken into its servers and stolen its “Red Team tools,” which FireEye uses to try to hack into the computer networks of its clients as a test of their cyber-defenses. FireEye soon discovered the attackers had gained access through corrupted updates to the SolarWinds Orion network-monitoring software that it used.

On the evening of Dec. 13, CISA issued an emergency directive, identifying SolarWinds as ground zero for the hack and alerting federal agencies using Orion products to disconnect them immediately. Over the following weeks, investigators discovered that SolarWinds had been targeted back in early September 2019, when hackers started testing their ability to inject code into its software updates. After remaining undetected for months, they inserted malware in new updates between February and June 2020. SolarWinds estimated these infected updates affected “fewer than 18,000 of its customers.”

Precisely what the hackers saw, and stole, has yet to be determined and is under investigation. But the full impact of the breach is becoming clearer, as we now know it touches several tech companies, including Microsoft. The software giant has also labored to limit the damage by helping seize an internet domain in the U.S. that the hackers used to siphon data from some SolarWinds customers.

Stamos told the Financial Times, in an interview after being hired to help SolarWinds, that he believed the attackers had embedded hidden code that would continue to give them access to companies and government agencies for years. He compared the situation to Belgian and French farmers going out into their fields where two world wars were fought and discovering an “iron harvest” of unexploded ordnance each spring.

Dmitri Alperovitch, who co-founded CrowdStrike (the cybersecurity firm SolarWinds has hired to investigate the hack) before leaving last year to start a nonprofit policy group, said he thinks that, in theory, the in-toto system could work. But he warned that software is so complex, with many products and companies in the supply chain, that no one defense is a panacea. Still, he agrees that in-toto could provide protection, and said “it’s always a good thing to have more protection for supply chains.”

Russian intelligence services have clearly identified supply-chain attacks “as a much better way to get in,” offering “a much bigger set of targets,” Alperovitch said. “This is an indictment of the entire cybersecurity industry, as well as the intelligence community, that they were able to orchestrate such a broad, sweeping attack right under our noses.”

Judiciary Antitrust Subcommittee Investigation Reveals Digital Economy Highly Concentrated, Impacted By Monopoly Power

WASHINGTON—The House Judiciary Committee’s Antitrust Subcommittee released the findings of its more than 16-month long investigation into the state of competition in the digital economy, especially the challenges presented by the dominance of Apple, Amazon, Google, and Facebook and their business practices.

The report, entitled Investigation of Competition in the Digital Marketplace: Majority Staff Report and Recommendations, totals more than 400 pages, marking the culmination of an investigation that included seven congressional hearings, the production of nearly 1.3 million internal documents and communications, submissions from 38 antitrust experts, and interviews with more than 240 market participants, former employees of the investigated platforms, and other individuals. The full report may be downloaded by clicking here.

“As they exist today, Apple, Amazon, Google, and Facebook each possess significant market power over large swaths of our economy. In recent years, each company has expanded and exploited their power of the marketplace in anticompetitive ways,” said Judiciary Committee Chairman Jerrold Nadler (NY-10) and Antitrust Subcommittee Chairman David N. Cicilline (RI-01) in a joint statement. “Our investigation leaves no doubt that there is a clear and compelling need for Congress and the antitrust enforcement agencies to take action that restores competition, improves innovation, and safeguards our democracy. This Report outlines a roadmap for achieving that goal.”

After outlining the challenges presented due to the market domination of Amazon, Apple, Google, and Facebook, the report walks through a series of possible remedies to (1) restore competition in the digital economy, (2) strengthen the antitrust laws, and (3) reinvigorate antitrust enforcement.

The slate of recommendations include:

  • Structural separations to prohibit platforms from operating in lines of business that depend on or interoperate with the platform;
  • Prohibiting platforms from engaging in self-preferencing;
  • Requiring platforms to make its services compatible with competing networks to allow for interoperability and data portability;
  • Mandating that platforms provide due process before taking action against market participants;
  • Establishing a standard to proscribe strategic acquisitions that reduce competition;
  • Improvements to the Clayton Act, the Sherman Act, and the Federal Trade Commission Act, to bring these laws into line with the challenges of the digital economy;
  • Eliminating anticompetitive forced arbitration clauses;
  • Strengthening the Federal Trade Commission (FTC) and the Antitrust Division of the Department of Justice;
  • And promoting greater transparency and democratization of the antitrust agencies.

“After conducting this country’s first major congressional antitrust investigation in decades in which we held hearings, heard from experts and questioned the CEOs of dominant tech platforms, I can say conclusively that self-regulation by Big Tech comes at the expense of our communities, small businesses, consumers, the free press and innovation,” said Congresswoman Pramila Jayapal. “By reasserting the power of Congress, we now have a thoroughly researched and meticulously reasoned roadmap for the work ahead as we rein in anti-competitive behavior, help prevent monopolistic practices and allow innovation to thrive. I’m looking forward to continuing this urgent work.”

“This comprehensive report is a roadmap to a future where digital behemoths with considerable power over their markets are kept accountable to consumers, small businesses, and their workers,” said Rep. Hank Johnson, Chairman of the Subcommittee on Courts, Intellectual Property and the Internet. “By following these recommendations, we can bolster antitrust protections to ensure consumer choice, data privacy, and affordability in online marketplaces. But in doing so, we must also answer the overarching question that we’ve been grappling with: How do we remain a country where small businesses can thrive, even as we shift from brick and mortar to lines of code? That is our challenge now.”

Rep. Val Demings added, “Our investigation revealed an alarming pattern of business practices that degrade competition and stifle innovation. These companies have made remarkable advancements that have shaped our markets and our culture, but their anticompetitive acts have come at a cost for consumers and small businesses. Competition must reward the best idea, not the biggest corporate account. We will take steps necessary to hold rulebreakers accountable. I thank Chairman Cicilline for his leadership, and will continue to work for a fair marketplace and a tech industry that can advance quality of life for every person without undermining it for others.”

“Small businesses are the backbone of our economy and they must be able to compete on a level playing field,” said Rep. Lucy McBath. “We must do all we can to ensure our economy remains fair, our entrepreneurs have the incentive to innovate, and our small businesses are given the opportunity to prosper and create new and good-paying jobs.”

“This investigation has revealed that Apple, Amazon, Facebook, and Google were committed to drowning out competition through unfair and anti-competitive practices – often doing so at the expense of user privacy and innovation,” said Rep. Scanlon. “We must do everything we can to protect consumers and this report is a roadmap to the work that lies ahead. I look forward to developing and introducing legislation to restore fairness to the digital marketplace.”

A D V E R T I S E M E N T

FAA Statement on Boeing 737 Max

FAA-logo

WASHINGTON—Federal Aviation Administration

The FAA is ordering the temporary grounding of Boeing 737 MAX aircraft (PDF) operated by U.S. airlines or in U.S. territory. The agency made this decision as a result of the data gathering process and new evidence collected at the site and analyzed today. This evidence, together with newly refined satellite data available to FAA this morning, led to this decision.

The grounding will remain in effect pending further investigation, including examination of information from the aircraft’s flight data recorders and cockpit voice recorders. An FAA team is in Ethiopia assisting the NTSB as parties to the investigation of the Flight 302 accident. The agency will continue to investigate.

— Photo credit: Boeing

40-Year milestones marked by celebrations with Small Business, Academia, and Public Sector Executives

WASHINGTON, D.C. — BDPA Members, ICT Industry Mission-Partners, and Small Business executives visited Samsung’s Solutions Center during a 40th anniversary celebration and Holiday Soirée at 700 Penn in Washington, D.C. This season’s theme, “Innovation Beyond 5G“, was coined to welcome Industry’s next generation of professionals and students into our fifth decade of community service.

National BDPA’s Washington, D.C. Chapter (BDPADC) was chartered by Norman Mays in 1978. That same year, Samsung Electronics produced over 4 million black-and-white televisions, the most in the world. Later in 1978, Samsung Electronics established their first overseas office in the United States, Samsung Electronics America (SEA).

samdc05On Saturday, December 8, 2018, Samsung and BDPADC co-hosted this year’s 40-year milestone celebrations in Samsung’s new solutions center. Mr. Terry Halvorsen (above and left photos), Executive Vice President and CIO for Samsung Electronics America, Inc., hosted Small Business executives and BDPA Members for a very unique Holiday gathering and tour of the new Capitol Hill facility.

Located at 700 Penn, the solutions center showcases 5G and Secure-5G solutions with modular LED display technologies tailored for a wide variety of vertical industry sectors, demonstrations, and related policies.

For more information about BDPA, community programs across the nation’s 40 BDPA chapters, and technical career development activities within the National Capital Region, visit → BDPADC.org.

Join. Partner. Innovate beyond 5G with local BDPA Chapters and Mission Partners.

— Sources: Samsung USA and BDPA Washington, D.C.

2018 Holiday and 40th Anniversary Soirée | BDPADC.org Poster

Samsung Opens World-Class Showcase for Government Solutions

WASHINGTON— Last quarter, Samsung Electronics America, Inc. announced that the company will be relocating its Washington, D.C. offices into a new multi-use, operational and interactive facility in the District’s iconic Eastern Market neighborhood. On Tuesday, October 30, 2018, Samsung’s U.S. Public Affairs team and the Solutions Center relocated to 700 Pennsylvania Avenue SE, occupying 28,512 square-feet at the former Hine Junior High School location and new redevelopment site.

“At Samsung we leverage our deep understanding of and experience with the Federal Government customer to develop mission-ready solutions ,” said Terry Halvorsen, Chief Information Officer & Executive Vice President of IT and Mobile Communications at Samsung. “Samsung’s unique breadth of expertise across 5G, tailored mobile solutions, end-to-end security and workforce transformation allow us to drive towards improved government end-user experience and productivity.

This new space at 700 Penn will be a center of innovation and provide opportunities to engage, support and educate government customers, policymakers and technology leaders.”

“For 40 years, Samsung has invested in U.S. employees, partners and facilities, because engaging customers and innovators is what pushes us forward and drives American technology leadership,” said David Steel, Executive Vice President of Corporate Affairs for Samsung Electronics America.

“This investment in the nation’s capital further solidifies Samsung’s commitment in Washington and in the U.S. We will continue to be a convener on all things technology as we look ahead toward the next 40 years of innovation.”

open-house30OCT18-kscott2

Above, Keith Scott, Cyber Programs for BDPA Washington (right) discusses 5G technologies and new applications with Samsung executives during Grand Opening events.  BDPA-DC photo © 2018 bdpatoday

“We are excited to welcome Samsung’s Solutions Center to 700 Penn,” said Anthony Lanier, president and founder of EastBanc Development. “This innovative concept is an important anchor to one of D.C.’s most historic neighborhoods and aligns with our goal of marrying the new and old during the redevelopment of this area while providing Samsung’s employees with vibrant live-work-play amenities.”

Designed by architects Weinstein Studio, Esocoff & Associates and landscape architect Oehme, van Sweden & Associates, the Hine School Redevelopment Project is a new mixed-use development, which includes a 156,000-square foot office building, apartment residences, and 60,000-square feet of specialty shops, boutiques and restaurants. It has a full range of office amenities including multiple conference centers (at street level and rooftop — right photo), rooftop terrace with unobstructed 360-degree and Capitol views, fitness center, enclosed loading areas, underground parking and more.

Samsung also has a Galaxy Studio located on the Metro Level in the District’s  historic Union Station, a major transportation hub and retail destination within Washington, D.C. Guests visit the Galaxy Studio to purchase the new Galaxy S9 and Galaxy S9+, get one-on-one onboarding to new devices, use Smart Switch to transfer files and access exclusive promotions onsite. Guests can also experience Samsung’s innovative technology via several engaging product experiences.

The Washington Post reports in the past 20 years consumer tech companies like Samsung and Apple have led consumer tech revolutions that have put smartphones and tablets in the hands of more than 2 billion consumers, including working adults, children, first-responders, and now the military.


*** Samsung Electronics USA and BDPA-DC reach 40-year milestones in 2018. On Saturday, December 8, 2018, National BDPA’s Washington D.C. Chapter (BDPADC) is co-hosting a special community and holiday event in Samsung’s new facility commemorating Samsung and BDPA-DC 40-year milestones. Contact your Host BDPA Chapter for special invitations. ***


— Sources and images: Samsung Electronics USA and BDPA-DC

bdpatoday-banner-vr

cropped-bdpa-dc40_innov8.jpg

CBC TECH 2020 delegation visits Silicon Valley

WASHINGTON—Congressional Black Caucus (CBC) Diversity Task Force Co-Chairs Representatives G. K. Butterfield (NC) and Barbara Lee (CA) welcomed Representative Maxine Waters (CA), Ranking Member of the Financial Services Committee and Representative Gregory Meeks (NY), also a member of the committee, to the third CBC TECH 2020 delegation to Silicon Valley. On this trip, the members of Congress met with four technology CEOs — Brian Chesky (AirBnB), Tim Cook (Apple), Jack Dorsey (Square & Twitter), and Dan Schulman (PayPal).

cbc-tech2020

Members proposed a Tech CEO summit, where leaders of major technology corporations must come together to determine specific actions needed to increase minority representation and inclusion across tech industries.  See full story, read more …

 

 — Story and cover photo credit: Keith Moore, Open Government TV (OGTV)
BDPA-DC testimonial: photo © 2016 bdpatoday)

 

President Elevates U.S. Cyber Command to Unified Combatant Command

WASHINGTON — At the direction of the president, the Defense Department today (18 AUG 17) initiated the process to elevate U.S. Cyber Command to a unified combatant command (UCC).

U.S. Cyber Command Emblem

“This new unified combatant command will strengthen our cyberspace operations and create more opportunities to improve our nation’s defense,” President Donald J. Trump said in a written statement.

The elevation of the command demonstrates the increased U.S. resolve against cyberspace threats and will help reassure allies and partners and deter adversaries, the statement said.  The elevation also will help to streamline command and control of time-sensitive cyberspace operations by consolidating them under a single commander with authorities commensurate with the importance of those operations and will ensure that critical cyberspace operations are adequately funded, the statement said.

Defense Secretary Jim Mattis is examining the possibility of separating U.S. Cyber Command from the National Security Agency, and is to announce his recommendations at a later date.

Growing Mission

The decision to elevate U.S. Cyber Command (Cybercom) is consistent with Mattis’ recommendation and the requirements of the fiscal year 2017 National Defense Authorization Act, Kenneth P. Rapuano, assistant secretary of defense for homeland defense and global security, told reporters at the Pentagon today.

“The decision is a welcome and necessary one that ensures that the nation is best positioned to address the increasing threats in cyberspace,” he added.

Cybercom’s elevation from its previous subunified command status demonstrates the growing centrality of cyberspace to U.S. national security, Rapuano said, adding that the move signals the U.S. resolve to “embrace the changing nature of warfare and maintain U.S. military superiority across all domains and phases of conflict.”

Cybercom was established in 2009 in response to a clear need to match and exceed enemies seeking to use the cyber realm to attack the United States and its allies. The command is based at Fort George G. Meade, Maryland, with the National Security Agency. Navy Adm. Michael S. Rogers is the commander of U.S. Cyber Command and the National Security Agency director. The president has directed Mattis to recommend a commander for U.S. Cyber Command, and Rogers for now remains in the dual-hatted role, Rapuano said.

More Strategic Role

Since its establishment, Cybercom has grown significantly, consistent with DoD’s cyber strategy and reflective of major increases in investments in capabilities and infrastructure, Rapuano said. The command reached full operational capability Oct. 31, 2010, but it is still growing and evolving. The command is concentrating on building its Cyber Mission Force, which should be complete by the end of fiscal year 2018, he said.

The force is expected to consist of almost 6,200 personnel organized into 133 teams. All of the teams have already reached initial operational capability, and many are actively conducting operations. The force incorporates reserve component personnel and leverages key cyber talent from the civilian sector.

“This decision means that Cyber Command will play an even more strategic role in synchronizing cyber forces and training,  conducting and coordinating military cyberspace operations, and advocating for and prioritizing cyber investments within the department,”  Rapuano said.

Cybercom already has been performing many responsibilities of a unified combatant command. The elevation also raises the stature of the commander of Cyber Command to a peer level with the other unified combatant command commanders, allowing the Cybercom commander to report directly to the secretary of defense, Rapuano pointed out.

The new command will be the central point of contact for resources for the department’s operations in the cyber domain and will serve to synchronize cyber forces under a single manager. The commander will also ensure U.S. forces will be interoperable.

“This decision is a significant step in the department’s continued efforts to build its cyber capabilities, enabling Cyber Command to provide real, meaningful capabilities as a command on par with the other geographic and functional combat commands,” Rapuano said.

by Jim Garamone and Lisa Ferdinando
DoD News, Defense Media Activity

Select here for new career and internship opportunities with CSRA

DIA Director appointed new Deputy Commander for U.S. Cyber Command

Mr. Clapper and General Stewart
General Stewart (DIA) with Mr. James Clapper (DNI)

PENTAGON — Secretary of Defense Jim Mattis announced that one of the president’s general officer assignment nominations on 19 JUNE 2017 is Marine Corps Lieutenant General Vincent R. Stewart for appointment and assignment as deputy commander, U.S. Cyber Command (CYBERCOM).  General Stewart is currently serving as the director, Defense Intelligence Agency (DIA), Washington, District of Columbia.

CYBERCOM’s mission is to plan, coordinate, integrate, synchronize, and conduct activities to: direct the operations and defense of specified Department of Defense information networks.  CYBERCOM also must prepare to, and when directed, conduct full spectrum military cyberspace operations in order to enable actions in all domains, ensure US/Allied freedom of action in cyberspace and deny the same to our adversaries.

Since 2009, CYBERCOM has been co-located with the National Security Agency (NSA) at Fort Meade, Maryland, sharing personnel, tactics, tools and a director.  Congress recently directed CYBERCOM to become a full unified combatant command. Both organizations, while often times conducting similar activity, are defined under different statutory terms.

CYBERCOM, as a military organization under the chain of command of the secretary of defense, is governed by Title 10 of the United States Code (USC). NSA is an intelligence organization under the scope of Title 50, with Title 10 combat service support (CSS) duties performed when necessary. These two legal distinctions help define and refine specific roles and responsibilities for the organizations that govern them.

— Sources:
Department of Defense and BDPA-DC
Photos:
bdpatoday and U.S. Marine Corps

Tech Association announces Earth Day Summit

WASHINGTON, D.C. (bdpatoday.com) — BDPA of Greater Washington, D.C. (BDPA-DC), an information and communications technology (ICT) local trade association, announces an Earth Day themed technology and cyber career summit for College, Community College, Vocational Technology, and High School students to partner with Industry.

Participating industry and government executives, information technology (IT) experts, and cybersecurity professionals serving as mentors or presenters are invited to present round-table workshops with regional mission-partners to new members, transitioning veterans, students, and general audiences to discuss emerging technologies, the Industrial Internet of Things (IIoT), and “Planet Earth.”

earth17-cyberkeyboardNow in its tenth successful year, BDPA-DC’s Advance Planning Briefing for Interns (APBi) series continues into 2017 with a Spring APBI, CyberEarth17, at the Washington Marriott Wardman Park followed by a Summer APBI, 2017 Regional Innovation Summit, at Bowie State University. Regional Innovation summits are presented on campus every June with participating Historically Black Colleges and Universities or Minority Serving Institutions (HBCU/MSIs.)

Chartered in 1978, BDPA-DC continues ICT and cybersecurity awareness campaigns with Industry, Academia, and Government. #CyberEarth17, an all-in-one science, cyber, and technology career summit with young adults. Onsite registration and check-in begin April 21-22, 2017 at the Washington Marriott Wardman Park. Online registration is open for members and the general public by visiting BDPADC.org.

earth17-collage_tracks-ori

About BDPA, Washington, D.C.
BDPA’s mission in the District of Columbia and the National Capital Region (NCR) is to bridge cybersecurity (CS), information technology (IT) and telecommunications competency gaps in urban, under-represented, and underserved communities. Local chapter goals in the National Capital Region (NCR) include, but are not limited to, providing IT and CS educational programs, industry publications, and community outreach services for professionals, young adults, and youth in direct support of software development initiatives, cyberspace workforce development, and government relations. Visit BDPADC.org for strategic partnerships, programs, and new membership information.

Microsoft Inks $927M Pentagon Deal

FORT MEADE, MD [Nasdaq]—Under a new contract with the Defense Information Systems Agency (DISA), Microsoft will provide new consulting services that include software developers and product teams “to leverage a variety of proprietary resources and source code,” as well as the firm’s premier support services like tools and knowledge centers and problem resolution assistance from developers.

pentagon-geoNasdaq reports Microsoft’s contract with DISA is a noncompetitive, single-award, firm-fixed price, indefinite-delivery/indefinite-quantity (IDIQ). The new contract comes in addition to another large award with the U.S. Department of Defense (DoD) earlier this year, which moves all of DoD’s 4 million employees to Windows 10 within a year, as well as purchasing large quantities of new laptops and related hardware.  Although Microsoft’s support for DISA mostly takes place in the U.S. (CONUS), DOD states some services may also be required at other locations outside the continental U.S. (OCONUS).

DISA is a combat support agency of the Department of Defense with 6,000 civilian employees, 1,500 active duty military personnel from the Army, Air Force, Navy, and Marine Corps, and approximately 7,500 defense contractors. DISA provides and operates command, control, and enterprise information systems.

Defense.gov: Select here to read more.

—Sources:  Nasdaq and defense.gov
Photos:  U.S. Navy and DoD

%d bloggers like this: