The Wrap: DoD Exclusive – Mobilizing Fulcrum; Army SBOMs Dropping Soon; ONCD Routing Fixes

Welcome to The Wrap for Tuesday, September 3!

From the newsroom at MeriTalk, it’s the quickest read in Federal tech news. Here’s what you need to know today:

?

DoD Exclusive – Mobilizing Fulcrum

The United States Department of Defense ’s (DoD) Fulcrum IT modernization strategy launched in June made news for its aim to provide better user-centric capabilities to warfighters around the globe, and the Pentagon CIO shop’s next step to push the strategy forward is to “mobilize a commitment to that vision” through adoption. That’s the thinking from DoD Acting CIO Leslie Beavers in an exclusive interview with MeriTalk in which she said, “we aren’t trying to reinvent the wheel here, there is a lot of good work already going on” with Fulcrum’s focus on 15 main objectives. “We are turning the ideas and the objectives that are written down in Fulcrum into tangible capabilities that warfighters can see, because there is nothing in the department that catches on fire faster than something that works and is easy,” Beavers said. “So, if we can make it easy for them and it works, then [they’ll] adopt it.” Please do click through for the whole talk.

?

Army SBOMs Dropping Soon

Pencil in February of 2025 – if not sooner – for the 美国军队 to begin requiring software bills of material (SBOM) for nearly all newly acquired or developed software that it buys. That timeline is laid out in an?Aug. 16 memo that responds to the Biden administration’s 2021 cybersecurity executive order which sets forth mandates for improving software supply chain security. SBOMs are detailed records that outline the components and supply chain relationships involved in creating software and act as an “ingredients list” that can be evaluated against security standards. What’s covered and what’s not?? Escaping the SBOM requirement at least for the moment are cloud services. But SBOMs will be mandatory for most other software, including new government-funded development, commercial off-the-shelf products, and open source software.

?

ONCD Maps Internet Routing Fixes

The Office of the National Cyber Director, The White House (ONCD) is out today with a new roadmap to make security fixes needed for the Border Gateway Protocol (BGP) – the protocol that underpins the way information is routed across the internet ecosystem. The 18-page roadmap features more than a dozen recommendations to government and network service providers and enlists the Cybersecurity and Infrastructure Security Agency (CISA) to create a new Internet Routing Security Working Group?to develop resources to advance the roadmap’s recommendations. What’s the problem? According to ONCD, BGP’s original design properties do not adequately address the threat to, and resilience requirements of, today’s internet ecosystem. As a result, traffic can be inadvertently or purposely diverted, which may: expose personal information; enable theft, extortion, and state-level espionage; disrupt security-critical transactions; and disrupt critical infrastructure operations. The potential for widespread disruption of internet infrastructure, whether carried out accidentally or maliciously, “is a national security concern,” ONCD said. “Internet security is too important to ignore which is why the Federal government is leading by example by pushing for a rapid increase in adoption of BGP security measures by our agencies,” said White House National Cyber Director Harry Coker.

?

Cyber Sprint Kick-Off

Office of the National Cyber Director, The White House , along with the U.S. Office of Personnel Management (OPM) and the Office of Management and Budget (OMB), is kicking off its planned 30-day cybersecurity sprint on Sept. 4 with the aim of easing the cybersecurity workforce shortage. Speaking this afternoon at the Billington CyberSecurity Summit in D.C., National Cyber Director Harry Coker explained that the cyber workforce shortage is not due to a lack of talent in the United States, so the Federal government is focusing its efforts on hiring and recruiting initiatives. “The task at hand is to find that talent, hire the talent, motivate that talent, inspire, develop, and retain that talent. That’s what we have to do,” Coker said today, adding that the 30-day ‘Service for America’ sprint being launched tomorrow also encompasses “AI and other high-impact jobs.” Last week, Seeyew Mo – the assistant national cyber director for workforce, training, and education –?teased ?the coming sprint. Mo said the sprint will focus on filling about 3,000 open jobs in the 2210 series – or the IT management series.

?

Once again, let’s “call IT a day,” but we'll bring you more tomorrow. Until then please check the MeriTalk breaking news website throughout the day for the latest on government IT people, process, and policy. And finally, please hit the news tip jar [with leads, breaking news, or simply your two cents] at [email protected] .