The Wrap: New IC Strategy, GAO Cracks Down on Cyber, Busy Week for CSRB

Welcome to The Wrap for Friday, August 11!

?

From the newsroom at MeriTalk, it’s the quickest read in Federal tech news. Here’s what you need to know today:

?

New IC Strategy

The Director of National Intelligence, Avril Haines, today released a new strategy providing the intelligence community (IC) with directions on how to navigate the next four years in national intelligence. The 2023 National Intelligence Strategy (NIS) outlines six goals that reflect the current national intelligence landscape. To name a couple: to position the IC for intensifying strategic competition; and to recruit, develop, and retain a talented and diverse workforce that operates as a united community. “The National Intelligence Strategy articulates what the Intelligence Community will need to cultivate to be effective in the future,” Haines said. Check out the rest of the strategy’s goals at the link.

?

GAO Cracks Down on Cybersecurity

The Government Accountability Office (GAO) is pushing agencies to implement security measures to protect their cloud computing services against cyberattacks, following the July hack of government cloud-based email accounts by China-based threat actors. In case you need a reminder: the hackers breached the emails systems of Federal agencies, including the Department of State and the Department of Commerce. The watchdog agency warned that because the “Federal government has recognized [the] benefits and is increasingly using cloud computing services,” any failure to implement “cloud security measures makes Federal agencies and their computer systems vulnerable to cyberattack.” This vulnerability was evident in the July breach, where hackers leveraged a flaw in a Microsoft cloud-computing environment to gain access to the email accounts.

?

CSRB Releases Lapsus$ Report

The Cyber Safety Review Board (CSRB) – established by the Department of Homeland Security (DHS) – has released its long-awaited review on the Lapsus$ hacking group, which attacked various government agencies and corporate networks from 2021 to 2022. The report comes after the CSRB announced the investigation into Lapsus$ in late 2022. The CSRB found that Lapsus$ leveraged simple techniques to evade industry-standard security tools that are a lynchpin of many corporate cybersecurity programs and outlined 10 actionable recommendations for how government, companies, and civil society can better protect against Lapsus$ and similar groups. One key recommendation: move towards a passwordless world and leverage Fast IDentity Online (FIDO)2 solutions.

?

Microsoft Hack Up Next

Speaking of the CSRB, the board announced today that its next report will assess the recent Microsoft Exchange Online intrusion and conduct a broader review of issues relating to cloud-based identity and authentication infrastructure. The review will focus on the malicious targeting of cloud computing environments, and, specifically, approaches government, industry, and cloud service providers (CSPs) should employ to strengthen identity management and authentication in the cloud. This will be the CSRB’s third review, after it examined the Log4j software vulnerability and the Lapsus$ hacking group.

?

What’s the Weather?

Cloudy, with a chance of more accurate weather forecasts. The National Oceanic and Atmospheric Administration (NOAA) announced it has upgraded two twin supercomputers responsible for the nation’s Weather and Climate Operational Supercomputing System, expanding their computing capacity by 20 percent. The enhancements to the two supercomputers – known as Dogwood and Cactus – will allow NOAA to run more complex forecasting models. In turn, NOAA can provide more detailed and accurate weather forecasts to better predict severe thunderstorms, cloud formations, and rain. Who’s to thank? The twin supercomputers are designed and operated by General Dynamics Information Technology (GDIT). With the latest upgrade, the supercomputers now operate at a speed of 14.5 petaflops each.

?

?

Once again, let’s “call IT a day,” but we'll bring you more on Monday. Until then, please check the MeriTalk breaking news website throughout the day for the latest on government IT people, process, and policy.

?

And finally, please hit the news tip jar (with leads, breaking news, or simply your two cents) at [email protected].