DIRECTOR'S NOTE
McCrary Institute for Cyber & Critical Infrastructure Security
Working to protect and advance U.S. interests in the areas of cyber and critical infrastructure security.
Dear readers,
At the Cyber Initiatives Group (CIG) summit this week, CISA Director Jen Easterly opened up to The Cipher Brief about the grave and escalating risks of “attacks against pipelines, against water facilities, against transportation nodes, against communications, all to induce societal panic.” Recent Chinese cyber intrusions are just the “tip of the iceberg,” she warned.
With Salt Typhoon still not in the rearview mirror, it was an especially timely opportunity to unpack threat developments with colleagues. It was great to participate in this forum with CIG principals and to lead an informative one-on-one discussion with DHS Assistant Secretary for Cyber, Infrastructure, Risk, and Resilience Iranga Kahangama. And at this week’s CyberNext conference, it was likewise excellent to look back and look forward at cyber policy alongside Assistant National Cyber Director for Cyber Policy and Programs Nick Leiserson, former Deputy National Cyber Director Drenan Dudley, Cybersecurity Coalition coordinator Ari Schwartz, and McCrary senior fellows Matt Hayden and Michael Daniel.
This week on Cyber Focus, I sat down with veteran cybersecurity journalist Eric Geller, whose work you’ve seen in leading outlets including POLITICO, WIRED and The Record, to discuss the regulatory landscape heading into the next administration and more. Our conversation covered changes in cybersecurity priorities under different U.S. administrations, major incidents such as Salt Typhoon and their implications for telecom security, cyber risks to agriculture, and the challenges of implementing software liability and establishing duty-of-care standards. “The tech industry really needs to figure out where it stands on how much regulation it wants,” Eric said.
A quartet of tech veterans and policy thinkers – former State Department counselor Philip Zelikow, Carnegie Endowment for International Peace president Mariano-Florentino Cuéllar, former Google chairman and CEO Eric Schmidt, and RAND president and CEO Jason Matheny – collaborated on an important paper at the Hoover Institution about securing democratic advantage in the domain of frontier AI, stressing that “the national security agenda for AI goes well beyond just evaluating the safety of private products.” The defensive agenda they suggest calls for three circles of international cooperation: among core participants in coalition defense, among AI producers and among the wider community worried about the risks. At CyberScoop, former ODNI national intelligence manager for cyber Jim Richberg emphasized the need for public and private sector collaboration to address generative AI’s interdependent energy and security requirements.
It's an urgent time to address threats to the energy sector and related critical infrastructure. Kevin Poireault at Infosecurity Magazine reports on a new ReliaQuest report that found a 42% surge in attacks on utilities over the past year. The Play ransomware group particularly set its sights on utilities with a 233% rise in successful attacks. And other sectors are also feeling the brunt: After a ransomware attack hit emergency services in Wood County, Ohio, dispatchers have had to revert back pen and paper to record emergency calls, Sophia Fox-Sowell reports at StateScoop.
We saw a disconcerting alert this week in another critical sector. As Marianne Kolbasuk McGee reports at HealthcareInfoSecurity, the FDA issued a bulletin urging blood suppliers to bolster their cybersecurity practices in an effort to prevent and mitigate incidents that could upend the system. FDA warned that recent incidents “have revealed gaps in cybersecurity measures and exposed vulnerabilities in the highly interconnected computer systems and networks used to ensure the safety and availability of the blood supply.”
Looking beyond earthbound systems, Beijing is increasingly using maneuvering satellites to crisscross geosynchronous Earth orbit in order to keep eyes on, and potentially do harm to, their U.S. counterparts, according to Space Force and industry officials, Theresa Hitchens reports at Breaking Defense. She also reports on Space Development Agency Director Derek Tournear’s greatest concerns: weak cybersecurity across the constellation and shaky supply chains. “If we have a cyber vulnerability, it doesn’t matter whether I have two satellites or 2,000 satellites – we could be vulnerable to that,” he said.
Back on this planet, it’s a prime season for scams and breaches. As Beth Maundrill reports at Infosecurity Magazine, the UK’s Information Commissioner’s Office found that a naughty list of sorts in the form of public reprimands is having a nice impact on stemming data breaches and encouraging security compliance. That brings us to a particularly notable breach disclosure this week and, not to sugarcoat it, the hands-down headline of the week: “Glazed and confused: Hackers find hole in Krispy Kreme’s security,” Daniel Croft reports at CyberDaily.au.
This week by the numbers:
It’s also been a busy and productive week on Capitol Hill and for the House Homeland Security Committee. The House passed H.R. 9769, the Strengthening Cyber Resilience Against State-Sponsored Threats Act sponsored by Rep. Laurel Lee (R-Fla.), and H.R. 9689, the DHS Cybersecurity Internship Act sponsored by Rep. Yvette Clarke (D-N.Y.). The first bill directs CISA to convene an interagency task force aimed at addressing the ongoing threats posed by Volt Typhoon, Salt Typhoon and other state-linked cyber adversaries, while the other establishes a new cybersecurity internship program across DHS to address gaps in the cyber workforce and improve career opportunities for young people. At CyberScoop this week, senior fellow Mark Montgomery and Jiwon Ma held up TSA as a model for guiding an agency and its workforce through evolving cyber threats.
After clearing the House on Wednesday, the National Defense Authorization Act heads to the Senate. With provisions including spyware mitigation and more DoD flexibility for cybersecurity procurement, the NDAA makes for a little light weekend reading at 1,813 pages.
War Eagle,
Frank Cilluffo
TODAY'S TOP 5
FAKE NORTH KOREAN IT WORKERS INDICTED: Fourteen North Korean nationals have been indicted in a scheme using information technology workers with false identities to contract with U.S. companies — workers who then funneled their wages to North Korea for development of ballistic missiles and other weapons, the head of the FBI office in St. Louis said Thursday. The Associated Press reports that the scheme involving thousands of IT workers generated more than $88 million for the North Korean government, and workers stole sensitive information from companies or threatened to leak information in exchange for extortion payments.
FILLING THE SOLARWINDS GAPS: Four years after the SolarWinds cyber attack, the Cybersecurity and Infrastructure Security Agency and federal agencies have closed many of the gaps that made the incident possible. That’s according to Jeff Greene, executive assistant director for cybersecurity at CISA, Federal News Network reports. During an event hosted by the Cybersecurity Coalition on Thursday, Greene described the impact of the 2020 software supply chain incident. The Russia-linked hackers used the widely used SolarWinds software as a vector to infiltrate the networks of nine federal agencies. The hackers likely had access to victim networks for months before the campaign was detected in November 2020.
A SALT TYPHOON HACK-BACK?: Chinese-backed hackers’ intrusion into telecommunications systems in the U.S. and around the world raised questions in a Senate hearing about whether American cyber warriors should be further authorized to digitally retaliate against their adversaries in the East, NetxGov/FCW reports. Witnesses with backgrounds in national security and cyber policy told Senate Commerce Committee lawmakers that an offensive deterrence strategy — the act of hitting back at enemy hackers to disrupt their systems — would make China think twice about spelunking into communications networks and other critical U.S. infrastructure.
REGULATING AI IN HEALTHCARE: The Food and Drug Administration grappled with questions about how to regulate generative artificial intelligence in medical devices at its first digital health advisory committee meeting, MedTech Dive reports in a piece detailing four takeaways from the meeting. To date, the agency has authorized nearly 1,000 AI-enabled medical devices, but none of those devices use adaptive or generative AI. However, the technology is being explored in other healthcare applications not regulated by the FDA, such as generating clinical notes for physicians.
NATIONAL CYBER DIRECTOR'S FUTURE: Cybersecurity experts are urging a revamp of the Office of the National Cyber Director, GovInfoSecurity reports. The Center for Cybersecurity Policy and Law says the three-year-old office needs a clearer mission, more resources and the authority to lead cybersecurity policies for other government agencies to bolster U.S. cyber defenses. The report recommends codifying the national cyber director as the federal government's lead external cyber official and clarifying the director's policymaking role related to other senior leaders.
CYBER FOCUS PODCAST
In the latest episode of Cyber Focus, host Frank Cilluffo sits down with Eric Geller, a leading cybersecurity journalist who contributes to top outlets including POLITICO, WIRED and The Record. Together, they unpack Geller’s reporting on expectations for changes in AI regulation and cybersecurity under the incoming Trump administration. They also discuss vulnerabilities within critical infrastructure sectors such as agriculture and telecommunications. Geller offers insights into systemic challenges, the evolving threat environment, and the need for innovation in tackling cybersecurity policy and governance.
SUBSCRIBE TO CYBER FOCUS: YouTube | Spotify | Apple Podcasts
CYBER AND CI UPDATES
ATTACKS AND INCIDENTS
Communications
Kiwi telecom Compass Communications confirms ransomware attack
The RA World ransomware gang has listed Auckland-based telecommunications company Compass Communications as a victim on its darknet leak site, claiming to have stolen 250 gigabytes in the attack. According to the leak post, the stolen data includes financial data, customer information, human resources data, and details of the company’s ongoing projects. No ransom amount has been listed, however the ransom deadline is listed as January 1 2025. (CYBERDAILY.AU)
Cryptocurrency
Bitcoin ATM firm Byte Federal hacked via GitLab flaw, 58K users exposed
Byte Federal is the largest US operator of Bitcoin ATMs across the United States, with over 1,200 ATMs located in forty-two states, allowing people to exchange cash for cryptocurrency. The company is now sending out data breach notifications warning that it suffered a data breach in November after hackers gained access to its systems by exploiting a GitLab vulnerability. (BLEEPINGCOMPUTER.COM)
Cybercrime
Rydox cybercrime marketplace shut down and three administrators arrested
The Rydox marketplace has conducted over 7,600 sales of personally identifiable information (PII), stolen access devices, and cybercrime tools, which generated at least $230,000 in revenue since its inception in or around February 2016. These sales included PII, credit card information, and login credentials stolen from thousands of victims residing in the United States. (JUSTICE.GOV)
Education
Hackers ask for cryptocurrency in apparent ransomware attack on Rutherford County, Tenn., Schools
On Wednesday afternoon, members of a hacker group worked to prove it did have sensitive information from Rutherford County Schools (RCS). Hackers posted a photo on the dark web that appeared to show staff members’ personal information two weeks after the district announced a “network interruption.” (WKRN.COM)
Minnesota schools must report cybersecurity incidents under new law
Minnesota’s approach to shoring up cybersecurity protections through mandated reporting comes as schools are increasingly vulnerable to ransomware attacks. The new law, which took effect Dec. 1, also applies to local governments and state agencies. Minnesota faced challenges with K-12 cybersecurity when a ransomware gang claimed responsibility for a 2023 cyberattack on Minneapolis Public Schools. The cybercriminals in that case publicly leaked sensitive files that they claimed to belong to the 35,000-student district. (K12DIVE.COM)
Healthcare
N.Y. health group fined $550K in unpatched vulnerability hack
New York State regulators have levied a $550,000 fine against a healthcare group that tried - but failed - numerous times to patch a critical zero-day vulnerability in a Citrix NetScaler appliance used for telemedicine services. Hackers ended up exploiting the flaw, stealing 196 gigabytes of data in an incident affecting about 242,000 patients and employees. (HEALTHCAREINFOSECURITY.COM)
Screen Actors Guild Health Plan sued after September data breach exposes healthcare info
On December 2, the union’s health plan informed members and California regulators that hackers broke into an employee’s email account in September. An investigation found that while the union health plan’s systems were not breached, the email account “contained emails and attachments that included some participants’ names and Social Security numbers, and, in some cases, may also have contained information associated with claims and health insurance information, such as participants’ health plan participant identification numbers, if applicable.” (THERECORD.MEDIA)
L.A.-area cyber attack could impact 17M patient records
The Dec. 1 attack downed computer and most phone systems at PIH Health Downey Hospital, PIH Health Whittier Hospital and PIH Health Good Samaritan Hospital in Los Angeles. Also compromised were urgent care centers, doctors offices and a home health and hospice agency operated by PIH. PIH officials on Wednesday declined to comment on a threatening typewritten letter purportedly faxed by the cyber criminals late last week, saying they are working with a cyber forensic specialist and the FBI to untangle the ransomware attack. The FBI also declined to discuss the ongoing investigation. (GOVTECH.COM)
Phishing
Cybercriminals are using virtual hard drives to drop RATs in phishing attacks
Mountable virtual hard drive files, typically in .vhd and .vhdx formats, allow users to create virtual volumes that function like physical drives in a Windows environment. While these files have legitimate uses in software development and virtual machines, cybercriminals have increasingly exploited them to deliver malware, experts have warned. Recent research by Cofense Intelligence has revealed such tools are now being used to bypass detection mechanisms like Secure Email Gateways (SEGs) and antivirus solutions to drop Remote Access Trojans (RATs). (TECHRADAR.COM)
Spain busts voice phishing ring for defrauding 10,000 bank customers
The Spanish police, working with colleagues in Peru, conducted a simultaneous crackdown on a large-scale voice phishing (vishing) scam ring in the two countries, arresting 83 individuals. Thirty-five of the arrested people were located across Spain, including in Madrid, Barcelona, Mallorca, Salamanca, and Vigo, and another 48 were arrested in Peru. The leader of the ring was also apprehended in Spain during the 29 simultaneous raids conducted by the cooperating police forces, which also seized cash, mobile phones, computers, and documents. (BLEEPINGCOMPUTER.COM)
Attacker has Techdirt reclassified as phishing site, proving Masnick’s Impossibility Law once again
It didn’t work with Palo Alto Networks, but somehow it did with Cloudflare. It’s unclear if it was tried anywhere else, and how well it worked if it was tried elsewhere. Thankfully, Cloudflare was quick to respond and to fix the issue. On top of that, the company was completely open and apologetic about how this happened. In fact, Cloudflare’s CEO Matthew Prince noted that this kind of thing might be worth writing about, given that it was a different kind of attack (though one he admitted the company never should have fallen for). (TECHDIRT.COM)
Ransomware
New ransomware strain drives rising attack levels
Akira was the most active threat actor this month with 87 attacks. RansomHub was knocked off of the top spot to second position with 80 attacks, followed by ElDorado in third with 43 attacks, and Killsec in fourth with 33 attacks. North America remained the most targeted region, accounting for 58% of total global attacks (326) a noteworthy increase from 272 in October, and Europe followed with 20% of attacks (114). The Russian-attributed threat group Sandworm was responsible for sustained espionage activity across both regions, with particular focus on the energy sector in Europe. (SDCEXEC.COM)
What do we know about the new ransomware gang Termite?
Termite is rapidly burrowing into the ransomware scene. While its name is new, the group is using a modified version of an older ransomware strain: Babuk. This strain of ransomware has been on law enforcement’s radar for quite some time. In 2023, the US Department of Justice indicted a Russian national for using various ransomware variants, including Babuk, to target victims in multiple sectors. (INFORMATIONWEEK.COM)
THREATS
Critical infrastructure
In food and beverage, cybersecurity Is a remote access and supply chain problem
Nearly 90% of respondents to a survey said one or more cyber attacks of the previous 12 months originated from third-party supplier access to the cyber-physical systems (CPS) environment. 41% said that was the cause of five or more attacks. More than half (57%) admitted to having only partial or no understanding of third-party connectivity to their CPS environment. (FOODPROCESSING.COM)
Cybercrime
Treasury’s Office of Cybersecurity and Critical Infrastructure Protection issues consumer advisory to protect against cyber fraud during the holiday shopping season
Since the onset of the COVID pandemic, cyber and fraud scams have significantly increased, costing consumers billions of dollars per year. In the advisory, OCCIP details several tips consumers should follow to avoid being scammed. (TREASURY.GOV)
Recommended by LinkedIn
Insider threat
Cybersecurity 'insider threats' fall into seven categories, says researcher
The categories have been developed by Dr. Karen Renaud, Reader in the Department of Computer & Information Science, working with colleagues from Mississippi State University, Charles Sturt University and Abertay University. They were created as part of a framework to help organizations better identify and address insider threats—employees who may unwittingly or deliberately cause a damaging breach of computers, software or other information systems. (TECHEXPLORE.COM)
Malware
New stealthy Pumakit Linux rootkit malware spotted in the wild
A new Linux rootkit malware called Pumakit has been discovered that uses stealth and advanced privilege escalation techniques to hide its presence on systems. The malware is a multi-component set that includes a dropper, memory-resident executables, a kernel module rootkit, and a shared object (SO) userland rootkit. Elastic Security discovered Pumakit in a suspicious binary ('cron') upload on VirusTotal, dated September 4, 2024, and reported having no visibility into who uses it and what it targets. (BLEEPINGCOMPUTER.COM)
Resilience
Three-quarters of security leaders admit gaps in hardware knowledge
Most global organizations fail to consult IT security during hardware procurement, and even if they do, over three-quarters (79%) of IT and security decision makers (ITSDMs) admit to major gaps in their hardware and firmware knowledge, according to HP. The tech giant’s HP Wolf Security unit polled over 6,000 office workers and 800 IT and security decision makers in the US, Canada, UK, Japan, Germany and France. (INFOSECURITY-MAGAZINE.COM)
Cybersecurity heads up NASCIO’s 2025 Top 10 CIO priorities
While cybersecurity tied with digital government services in 2024, this year it stands alone at the top — a testament to its growing significance amid evolving threats. This year, the category also includes risk management at No. 1. Artificial intelligence surged to the second position from third on last year’s list, to little surprise given its expansive impact in state services, particularly related to generative AI (GenAI). (GOVTECH.COM)
Local governments need more cyber funding, report finds
Lack of sufficient funding is hindering the ability of local governments to practice good cybersecurity hygiene, according to a report published this week by the nonprofit Center for Internet Security. The report, the 2023 National Cybersecurity Review, found that 30% of the more than 3,000 local governments surveyed were either “not performing cybersecurity activities or are utilizing informal, ad-hoc processes.” (STATESCOOP.COM)
City launches new app to help residents protect against cyber-attacks: ‘Dallas Secure’
After downloading the free app, users can also set it up to automatically filter out phishing attempts that arrive in the form of text messages, moving them to a junk folder. The goal is to have the added protection work seamlessly in the background. Still, staying aware of threats — and the steps to ward against them — experts caution is everyone's concern. (CBSNEWS.COM)
Transportation
Bomb technicians train on trains
Philadelphia will host several high profile and heavily attended events in the next few years, including the International Federation of Football Association World Cup soccer games, the Homecoming 250 Navy and Marine Corps celebration, and the U.S. Semiquincentennial commemorating the 250th anniversary of the signing of the Declaration of Independence. Keeping everyone safe as they travel to and from these events is top of mind for first responders. As part of the preparations for these events, the Protective Security Advisor for the Southeast Pennsylvania District invited DHS S&T’s Response and Defeat Operations Support (REDOPS) program to assist with their response planning. (DHS.GOV)
Vulnerabilities
Over 300K Prometheus instances exposed: Credentials and API keys leaking online
As many as 296,000 Prometheus Node Exporter instances and 40,300 Prometheus servers have been estimated to be publicly accessible over the internet, making them a huge attack surface that could put data and services at risk. The fact that sensitive information, such as credentials, passwords, authentication tokens, and API keys, could be leaked through internet-exposed Prometheus servers has been documented previously by JFrog in 2021 and Sysdig in 2022. (THEHACKERNEWS.COM)
Microsoft Windows ‘Best Fit’ character conversion ‘ripe for exploitation’
The Windows ANSI API contains a hidden trap leading to security bugs, the two researchers warn. More specifically, the conversion process can be manipulated to perform argument injection, which can lead to arbitrary code execution. Exploitation of Best Fit mappings can allow attackers to inject malicious arguments into command-line executions. (CSOONLINE.COM)
IoT cloud cracked by 'open sesame' over-the-air attack
Internet of Things (IoT) vendor Ruijie Networks has shored up its Reyee cloud management platform against 10 newly discovered vulnerabilities that could have given adversaries control of thousands of connected devices in a single cyberattack. The Fuzhou, China-based infrastructure maker's Ruijie Networks devices, are commonly used to provide free Wi-Fi in public settings like airports, schools, shopping malls, and governments across more than 90 countries. (DARKREADING.COM)
Researchers uncover symlink exploit allowing TCC bypass in iOS and macOS
The flaw, tracked as CVE-2024-44131 (CVSS score: 5.3), resides in the FileProvider component, per Apple, and has been addressed with improved validation of symbolic links (symlinks) in iOS 18, iPadOS 18, and macOS Sequoia 15. Jamf Threat Labs, which discovered and reported the flaw, said the TCC bypass could be exploited by a rogue installed on the system to grab sensitive data without users' knowledge. (THEHACKERNEWS.COM)
ADVERSARIES
Iran
New IOCONTROL malware used in critical infrastructure attacks
Iranian threat actors are utilizing a new malware named IOCONTROL to compromise Internet of Things (IoT) devices and OT/SCADA systems used by critical infrastructure in Israel and the United States. Targeted devices include routers, programmable logic controllers (PLCs), human-machine interfaces (HMIs), IP cameras, firewalls, and fuel management systems. The malware's modular nature makes it capable of compromising a broad spectrum of devices from various manufacturers, including D-Link, Hikvision, Baicells, Red Lion, Orpak, Phoenix Contact, Teltonika, and Unitronics. (BLEEPINGCOMPUTER.COM)
Russia
Gamaredon deploys Android spyware ‘BoneSpy’ and ‘PlainGnome’ in former Soviet States
The Russia-linked state-sponsored threat actor tracked as Gamaredon has been attributed to two new Android spyware tools called BoneSpy and PlainGnome, marking the first time the adversary has been discovered using mobile-only malware families in its attack campaigns. "BoneSpy and PlainGnome target former Soviet states and focus on Russian-speaking victims," Lookout said in an analysis. "Both BoneSpy and PlainGnome collect data such as SMS messages, call logs, phone call audio, photos from device cameras, device location, and contact lists." (THEHACKERNEWS.COM)
In an odd bit of propaganda, Belarus claims to have its own Starlink technology
In recent days, there has been a smattering of coverage in state-run Russian media outlets about how the Belarusian army has developed its own satellite Internet service akin to SpaceX's Starlink constellation, called "Kulisa." According to the TASS news service, for example, the Kulisa mobile communications technology has "already entered service and is being used in military units of the Armed Forces." (ARSTECHNICA.COM)
GOVERNMENT AND INDUSTRY
Artificial intelligence
Survey: AI-enhanced cyberattacks seen as No. 1 threat to API security
The survey of 700 IT leaders found that 32% of respondents ranked AI-enhanced attacks as the biggest API security threat to their organization, more than unauthorized access or breaches at 26% and insufficient encryption and data protection at 14%. Additionally, 92% of survey participants said their organization was taking measures to combat such AI-enhanced attacks, while 25% said they have already encountered AI-enhanced security threats related to APIs or large language models (LLMs). (SCWORLD.COM)
AWS wants to drastically cut down AI hallucinations – here's how it plans to do it
AWS’ new Automated Reasoning checks promise to prevent models from producing factual errors and hallucinating, though experts have told ITPro that it won't be an all-encompassing preventative measure for the issue. Announced as part of AWS re:Invent 2024, the hyperscaler unveiled the tool as a safeguard in ‘Amazon Bedrock Guardrails’ that will mathematically validate the accuracy of responses generated by large language models (LLMs). (ITPRO.COM)
First responders are embracing AI amid cybersecurity concerns
The survey, which included 538 public safety professionals, was conducted between October 2 and October 23, 2024. An impressive 90% of law enforcement now support using AI, a 55% jump from last year. More than half see it as a game-changer for productivity, with 89% believing it could be a powerful tool to reduce crime and transform the public safety industry. Law enforcement agencies also showed increasing trust that AI would be used responsibly. (CYBERNEWS.COM)
Venture dollars pour into the intersection of AI and cybersecurity
While many venture investors in the cyber sector have preached patience to see how AI can be used most effectively in the industry, it seems their willingness to open their checkbooks is telling a different story. Investors seem interested in the possibilities for startups to use AI for securing the digital world — including in areas such as data protection, identity and third-party risk — or even to help secure the development of large language models themselves. (CRUNCHBASE.COM)
Energy
NERC advances extreme weather protection, energy assurance, and approves 2025 work plan priorities
At its December meeting, NERC’s Board of Trustees took important actions to mitigate extreme weather impacts on the grid, help assure adequate energy supply and strengthen cybersecurity protections through the approval of new and modified standards. To plan for the future, the Board also approved NERC’s 2025 work plan priorities, the updated ERO Enterprise Long-Term Strategy and Board compensation and meeting schedule changes beginning in 2026. (NERC.COM)
IT modernization
OMB releases federal tech impact report as Biden admin winds down
The Biden administration’s government tech policy shop released a new impact report on federal technology on Thursday, highlighting work done on artificial intelligence, cybersecurity, modernization and digital service delivery over the last four years. Clare Martorana, federal chief information officer, says that she’s confident in continued work on federal technology moving forward into the administration of president-elect Donald Trump. (NEXTGOV.COM)
DoD acquisition reform: Military departments should take steps to facilitate speed and innovation
DOD revamped its acquisition policies in 2020 to try to deliver innovative weapons faster. These weapons are often "cyber-physical" products that combine hardware and software. GAO previously found that leading companies use iterative design, testing, and feedback processes to get these kinds of products to market quickly. But some program managers weren't sure how to apply iterative development in their programs. So GAO recommended the military departments each iteratively develop a cyber-physical product as an example of how it can work. (GAO.GOV)
Space
SPACECOM and Space Force working to define ‘triggers’ for commercial reserve call up
SPACECOM Commander Gen. Stephen Whiting explained that the idea is to follow the model of the Civil Reserve Air Fleet (CRAF), managed by US Transportation Command (TRANSCOM), for leveraging commercial airlines to support military logistics operations when needed. “There’s various trigger points based on threat scenarios that might be happening, or world events where TRANSCOM can activate various stages of the CRAF to get aircraft to help with the US Air Force mobility, aircraft to move more equipment [and] people,” he said. (BREAKINGDEFENSE.COM)
New C2 software for mobile satellites will support future orbital warfare ops
The Rapid Resilient Command and Control (R2C2) program is managed by the Combined Program Office (CPO), which was stood up in 2023 to combine legacy projects from Space RCO, headquartered at Kirtland AFB in New Mexico, and the Space Force’s primary acquisition unit Space Systems Command (SSC) headquartered in Los Angeles. The program is aimed at rapidly fielding C2 capabilities for use by systems performing what the service calls dynamic space operations, using a commercial cloud architecture. (BREAKINGDEFENSE.COM)
LEGISLATIVE UPDATES
The defense policy bill is handing the Army a to-do list
The Army would upgrade its tech to protect troops downrange and improve training at home, and may put its efforts to procure open-source intelligence tools under a program executive office under proposals — add anti-drone systems, make robotic targets, pick a point PEO for open source software, and more — in the compromise version of the 2025 National Defense Authorization Act. (DEFENSEONE.COM)
EVENTS
ELECTION SECURITY HEARING: The House Administration Committee will hold the hearing “American Confidence in Elections: Prohibiting Foreign Interference” on Dec. 18.
THE STRATEGIC FUTURE OF SUBSEA CABLES: CSIS will host an event Dec. 18 to discuss cuts of critical cables and ways the U.S. government, partners and allies, and key stakeholders can take to create and maintain a secure and resilient subsea cable infrastructure.
FOLLOW THE McCRARY INSTITUTE ON LINKEDIN | X | FACEBOOK
SUBSCRIBE TO THE CYBER FOCUS PODCAST: YOUTUBE | SPOTIFY | APPLE PODCASTS