View from Arch Street

Astronomers from the United States made a major discovery of the origin of cosmic rays made using a complex mix of high-tech instruments and observatories located around the globe including at the South Pole and in space.  This technique known as multi-messenger astronomy has the potential to unlock numerous mysteries of the galaxy and usher in a new era of science.

The lead observatory — the IceCube Neutrino Observatory — funded by the National Science Foundation and operated by the University of Wisconsin is a leading-edge detector that looks up through the earth to detect tiny neutrinos flowing through our planet and ourselves. It was conceived and built in the 1990’s when scientists theorized that neutrinos existed by were not yet detected. Tim Clancy of Arch Street helped advocate for IceCube funding as part of the NSF budget request and led delegations to the South Pole to inspect the construction of the experimental observatory.

 

The Air Force Research Lab is interested in incubator and accelerator programs that can help developers explore the potential military use of commercial technologies. AFRL Space Vehicles program manager, Air Force Captain Jacob Singleton noted in a recent interview that the lab currently works with accelerators that invest in space platforms while other AFRL directorates focus on other technology areas.

“Our strength is in bringing a new perspective to their product as a potential customer, letting them know what the Armed Forces needs and how they could adapt their product or service to make that happen,” he added.

Arch Street is pleased to work with NYSTEC which is an Air Force partner for commercialization and tech transfer through NYSTEC’s IgniteUNY initiative. We see greater interest in technology commercialization across all federal agencies and laboratories and look forward to expanding and extending the very successful IgniteU model to multiple federal research partners.

 

 

 

The New America Foundation has released a new report on U.S. cybersecurity efforts at the state-level. The report focuses on three key areas: responding to cyber incidents, protecting critical infrastructure, and supporting the development of a cyber workforce. One notable recommendation is a call for greater formalization and institutionalization of federal-state functions such as cyber information sharing. Such activities tend to succeed on personal relationships and connections but often decline when key individuals leave or change responsibilities.

The U.S. National Institutes of Standards and Technology (NIST) is taking public comments on its major risk management publication (SP 800-37) for information systems.  This document provides guidelines for applying the NIST Risk Management Framework (RMF) to information systems and organizations.

The RMF includes a disciplined, structured, and flexible process for organizational asset valuation; control selection, implementation, and assessment; system and common control authorizations; and continuous monitoring. It also includes activities to help prepare organizations to execute the RMF at the information system level. The RMF promotes the concept of near real-time risk management and ongoing system and common control authorization through the implementation of continuous monitoring processes; provides senior leaders and executives with the necessary information to make efficient, cost-effective, risk management decisions about the systems supporting their missions and business functions; and integrates security and privacy into the system development life cycle.  Use of the NIST RMF is mandated for federal information systems by the Federal Information Security Management Act (FISMA).

Comments are due by June 22nd.

The Cyber Security and Information Systems Information Analysis Center (CSIAC) will host a webinar on the cybersecurity of Department of Defense Critical Infrastructure on April 25 @ 12:00 pm EDT.

The presenter will be Dr. Paul Losiewicz, Senior Scientific Advisor at Quanterion Solutions Incorporated and the Cybersecurity and Information Systems Information Analysis Center (CSIAC).

The webinar will cover DoD policy concerns and current R&D efforts in the field of cybersecurity & critical infrastructure protection.  Topics will include Weasel Board being developed at Sandia National Laboratory, More Situational Awareness for Industrial Control Systems (MOSAICS), sponsored by PACOM and NORTHCOM, and recent policy concerns relating to cyber security and Utilities Privatization of Critical Infrastructure. This webinar will also report the results of a panel discussion from the DHS Joint Industrial Control Systems Working Group (JICSWG) meeting April 9-11 at Albuquerque NM.

To register please go to:  Cybersecurity of DoD Critical Infrastructure

 

The National Institute of Standards and Technology (NIST) Cybersecurity Center of Excellence (NCCoE) is proposing a model use case project to enhance the energy sector’s asset management capabilities for operational technology (OT).  Arch Street is currently a member of the NCCoE Energy Sector Community of Interest that provides guidance to NCCoE on energy sector cybersecurity challenges.

The objective of this use case is to provide guidance on how energy companies may enhance OT (Operational Technology)/ICS (Industrial Controls System) asset management by leveraging capabilities that may already exist in an operating environment or by implementing new ones.

The new NIST project will include the development of a reference design and use commercially available technologies to develop an example solution that will help energy organizations address the security challenges of OT asset management.

This project will describe methods for managing, monitoring, and baselining assets and will also include information to help identify threats to OT assets. It will result in a publicly available NIST Cybersecurity Practice Guide, a detailed implementation guide of the practical steps required to implement a cybersecurity reference design that addresses this challenge.

Technology vendors are encouraged to provide products and technical expertise to NIST via a CRADA to support and demonstrate security platforms for the Energy Sector Asset Management Project.  Applications are open on a first-come, first-served basis.  For more information see the announcement in the Federal Register released today, March 26, 2018.

After a long saga, the FY 2018 Omnibus Appropriations is out.

For full text of the various sections see the Consolidated Appropriations Act, 2018

One area of interest for Arch Street is funding for cybersecurity R&D and technology transfer activities in the Department of Homeland Security Science and Technology Directorate.  Earlier budgets had proposed major cuts to these programs but at first glance, funding has been boosted and language prioritizing technology transfer and partnership intermediaries included.

More to come.

Full text of the DHS S&T appropriations (pdf)