The National Institute of Standards and Technology is seeking position papers that will shape the agenda for a two-day virtual workshop in June as part of efforts to improve software supply chain security and comply with a White House executive order meant to strengthen U.S. cybersecurity.

The workshop will kick off on June 2 and will provide NIST a platform to share plans on the development of software-related guidelines and standards and discuss ideas and information about the content and approach that the institute should consider as it works on the standards, NIST said Monday.

NIST is requesting two-page position papers in five areas: criteria for designating “critical software,” initial list of secure software development lifecycle standards, guidelines and best practices, guidelines outlining security measure that should be applied to the use of critical software by the federal government, initial minimum requirements for testing software source code and guidelines for software integrity chains and provenance.

“All suggestions in position papers must be consistent with and within the scope of the assignments specified by the EO. Topics and speakers selected for the workshop will be based largely on these position papers,” NIST said.

Position papers are due May 26th.

A strike force composed of the FBI, U.S. attorneys and other federal law enforcement agencies have launched more than 24 grand jury investigations in the U.S. and abroad to counter bid-rigging, market allocation, price-fixing and other fraudulent schemes targeting federal contracts.

Members of the Procurement Collusion Strike Force have trained more than 8,000 procurement managers and officials at hundreds of agencies and companies in the past year to prevent bid-rigging and other crimes, FBI said in a May 12 news release.

Inspectors general from the Department of Homeland Security (DHS), General Services Administration (GSA), U.S. Postal Service and other agencies also participated in the training to detect red flags associated with price-fixing and other criminal activities. The strike force also has trained over 400 data scientists in the past six months. 

Richard Powers, deputy assistant attorney general and head of DOJ antitrust division’s criminal enforcement efforts said the strike force has prioritized the use of data analytics and relied on data from inspectors general and partnering agencies.

“We’re focused on and using the data available to us to identify potential collusion and fraud in the data to provide leads to help us spot problems earlier,” Powers said.

If you’re interested in federal data management efforts, then check out GovCon Wire’s Data Innovation Forum coming up on June 15. To register for this virtual forum and view other upcoming events, visit the GovConWire Events page.

Nicolas Chaillan, chief software officer of the U.S. Air Force, said there are 200 teams across the Department of Defense applying DevSecOps with 650 software containers, Breaking Defense reported Monday.

Chaillan told the publication that PlatformOne, DOD’s DevSecOps infrastructure program that seeks to speed up software development and deployment, has saved $12.5 million and a year per application.

He said the Pentagon can “effectively save between 12 to 18 months per program for every five-year cycle of planned time" through DevSecOps automation.

DOD has published DevSecOps version 2.0 documents meant to accelerate app development. The documents include a fundamentals guide, a playbook and a reference guide for Cloud Native Computing Foundation Kubernetes.

Chaillan, who is one of the leaders behind the documents, has begun working with the Joint Staff J6 to bring DevSecOps to the Joint All Domain Command and Control initiative.

“The goal is to bring all the great work we’ve done with all these programs and help with the adoption of PlatformOne in JADC2 as an enterprise service that will be available for teams,” he said.

The effort will include the use of zero trust and identity management in addition to DevSecOps.

A Federal Trade Commission report says consumer losses related to cryptocurrency investment scams grew 10-fold year-over-year to more than $80 million from October 2020 to March 2021.

FTC said Monday it analyzed almost 7,000 complaints from digital currency fraud victims during the six-month period and found that the median value they lost was $1,900.

In some cases, scammers used a prominent figure in the cryptocurrency space by promising an investor they would increase the amount sent to their wallet, the agency noted.

Consumers reported losing at least $2 million to Elon Musk impersonators, according to FTC’s consumer protection data spotlight. The commission added that another tactic by scammers involves giving people “investment tips” through message boards that direct them to fake investment sites.

FTC said investment scams are the main form of fraud where consumers in their 20’s and 30’s are losing their money, adding that over half of investment scam losses were specifically in cryptocurrency.

Meanwhile, the agency also highlighted that people between the ages of 20 to 49 were five times more likely to report investment scam losses in cryptocurrency than those in older age groups.

The National Security Agency and Morgan State University have partnered to detect cyber vulnerabilities in modern vehicles.

NSA said Friday its Ghidra reverse-engineering tool helped the partnership identify these weaknesses, as part of the agency's larger effort to demonstrate the tool.

Brian Knighton, a member of NSA’s Ghidra Team, said the critical systems and sensor-gathered data of a vehicle are surrounded by privacy risks if not protected by cybersecurity.

Knighton said vehicles are now within the internet of things, where vendor-based security is only provided for about five years. Vehicles, in contrast, require long-term security.

Kevin Kornegay, who leads Morgan State University’s Cybersecurity Assurance and Policy Center, said IoT technology presents risks related to privacy, malware, geolocation and cybersecurity.

“This research project leverages our core competency in hardware reverse engineering,” Kornegay said.

The National Institutes of Standards and Technology (NIST) asks the public to comment on a white paper that tackles the confidence of people in the security of internet of things devices.

NIST said Friday its document titled “Establishing Confidence in IoT Device Security: How do we get there” will explore the mechanisms of confidence regarding the security of available IoT devices.

The paper aims to initiate public conversation about how this confidence can be achieved. The agency used extensive research and input from stakeholders and experts to produce the white paper.

Interested parties may submit feedback to iotsec@nist.gov through June 14. Emails must have “IoT Confidence Mechanism Comments” written on the subject line.