The Wrap: NIST Advances PQC Signatures; DoD cATO Progress; State Dept. FY25 Priorities

Welcome to The Wrap for Thursday, October 25!

From the newsroom at MeriTalk, it’s the quickest read in Federal tech news. Here’s what you need to know today:

NIST Advances PQC Signatures

Federal officials aren’t sure when quantum cyberattacks will begin, but the National Institute of Standards and Technology (NIST) is busy readying defenses for when these cyber threats might show up. At the 2024 AFCEA Tech Summit on Oct. 24, Bill Newhouse, the cybersecurity engineer and project lead for the National Cybersecurity Center of Excellence at NIST, announced that, after sifting through 40 post-quantum cryptographic (PQC) signatures, they’ve narrowed it down to 14 contenders for rigorous evaluation. These PQC signatures are designed to withstand the lightning-fast assaults of quantum computers, those digital speedsters capable of cracking traditional codes in the blink of an eye. Unveiling three out of four encryption algorithms in August – CRYSTALS-Kyber, CRYSTALS-Dilithium, and Sphincs+ – to enhance general encryption and safeguard digital signatures, Newhouse noted that the fourth algorithm, FALCON, is set to be released as a draft by the end of this year. “We think we’ll start seeing some hints that adversaries have this capability, but we don’t know how far in the future that’s going to be,” said Phil Stupak, assistant national cyber director of the Office of the National Cyber Director, The White House , speaking at the same event.?

DoD cATO Progress

The United States Department of Defense (DoD) has been on the hunt for its next big thing in cybersecurity – potential candidates for continuous authority to operate (cATO) authorizations. During his keynote at the AFCEA Tech Summit on Oct. 24, DoD Chief Information Security Officer David McKeown announced they’ve got some promising contenders lined up, but no official “you got it” yet. Earlier this year, the DoD’s CIO unveiled a guide aimed at helping agencies navigate the cATO process, focusing on DevSecOps platforms. To snag a cATO, candidates must show they can continuously monitor risk, engage in active cyber defense, and utilize an approved DevSecOps blueprint that ensures a secure software supply chain. The three candidates currently in the running are all based in DevSecOps environments. So, stay tuned – these cyber contenders are vying for their shot at operating glory!

State Dept. FY25 Priorities

During the Nextgov/FCW and Route Fifty Cloud Summit on Thursday, Jimmy Hall, the Chief Information Officer (CIO) for the 美国国务院 ’s Bureau of Intelligence and Research (INR) (INR), unveiled his game plan for FY 2025, and spoiler alert: it’s all about modernizing, securing, and expanding the IT ecosystem. First up: modernization. Hall is keen on transforming the IT landscape to keep pace with the bureau’s broader goals, particularly in the realm of digital transformation. Next, he’s all about cybersecurity because keeping the IT ecosystem secure is as crucial as having a solid defense. Then there's the expansion of INR’s cloud presence. Hall proudly announced they've upgraded from zero to a Top Secret (TS) cloud presence. Hall also sees emerging technologies like artificial intelligence (AI) as invaluable allies in the quest for threat detection and traffic analysis, aiming to provide top-notch service while modernizing their IT approach.

Davenport Tagged as DAF CDAO

Congratulations to Susan Davenport on her new role as the Department of the United States Air Force ’s (DAF) chief data and AI officer (CDAO). With over 30 years of experience, she’s set to lead the charge in shaping the future of data and AI for both the Air Force and the Space Force. Part of her mission includes driving the DAF’s ambitious goal to be “AI ready” by 2025 and “AI competitive” by 2027. Davenport will focus on implementing strategies that enhance analytics, digital transformation, and responsible AI use – ensuring the DAF stays ahead in the tech race.

?

Once again, let’s “call IT a day,” but we'll bring you more next week. Until then, please check the MeriTalk breaking news website throughout the day for the latest on government IT people, process, and policy.

And finally, please hit the news tip jar (with leads, breaking news, or simply your two cents) at [email protected].