This week's Weekly Debrief covers the SolarWinds breach, a Senate bill to modernize the government's response to cyberattacks, DNA's request to abort the CUI program, Amazon's newest JEDI protest, and DoD's first CMMC pathfinder contracts.

Cyber

NextGov – CISA: SolarWinds Is Not the Only Way Hackers Got Into Networks

• "The fallout from the SolarWinds breaches will be far more difficult and time-consuming to remediate than originally assumed, as the attackers likely found more ways to enter federal networks than just the SolarWinds Orion product and have been targeting IT and response personnel, according to the government’s lead cybersecurity agency."

Wired – No One Knows How Deep Russia's Hacking Rampage Goes

• Since as far back as March, Russian hackers have been on a sinister tear. By slipping tainted updates into a widely used IT management platform, they were able to hit the United States Commerce, Treasury, and Homeland Security departments, as well as the security firm FireEye. In truth, no one knows where the damage ends; given the nature of the attack, literally thousands of companies and organizations have been at risk for months. It only gets worse from here."

FedScoop – Senate bill would modernize government response to agency cyberattacks

• "A bipartisan duo of senators introduced legislation late last week to update the Federal Information Security Modernization Act (FISMA) by clarifying how agencies share information about breaches in federal data systems."

DNI

FAS – DNI Tries to Abort Controlled Unclassified Info Policy

• "In a bureaucratic bombshell, Director of National Intelligence John Ratcliffe has asked the White House to rescind a ten-year-old executive order that required a uniform policy for marking and handling 'controlled unclassified information' (CUI)."

Defense

TechCrunch – Amazon asks judge to set aside Microsoft's $10B DoD JEDI cloud contract win

• "It’s been more than two years since the Pentagon announced its $10 billion, decade-long JEDI cloud contract, which was supposed to provide a pathway to technological modernization for U.S. armed forces. While Microsoft was awarded the contract in October 2019, Amazon went to court to protest that decision, and it has been in legal limbo ever since."

FNN – Pentagon reveals first contracts to serve as pathfinders for CMMC

• "The Defense Department on Thursday disclosed the first seven contracts that are likely to be the initial test cases for the Cybersecurity Maturity Model Certification (CMMC) program, DoD’s new approach to shoring up its suppliers’ IT security."

. . .

#govconjudicata #weeklydebrief #govcon