The U.S. Air Force’s Air Operations Center Weapon System (AOC-WS) program has reached a key milestone in its effort to replace its legacy systems for command-and-control planning and execution with the achievement of minimum viable product (MVP) status by its set of software applications called Kessel Run All Domain Operations Suite (KRADOS).

An MVP is an early version of the software that warfighters can use and assess to help developers iterate and further develop an application’s capabilities to a “more complete operational package,” the service’s Kessel Run unit said Wednesday.

“Only a year after delivering stand-alone applications to support operations, we’ve fielded an MVP suite of nine applications connected by a common data layer for usability assessment and user feedback,” said Col. Brian Beachkofski, commander of Kessel Run.

The KRADOS MVP incorporates previous and new software tools to come up with an integrated system that can support an air operations center’s planning and execution process.

“The AOC WS is Kessel Run’s most complex development effort, and while the program still has a long road ahead, we are definitely picking up speed and the KRADOS MVP is an important point of progress,” said Col. Timothy Hofman, chief of AOC and AFFOR Requirements Division at Air Combat Command.

Kessel Run will continue to develop KRADOS over the next year, enabling the service to start transitioning the legacy Theater Battle Management Core Systems out of the AOC WS program.

The National Security Agency (NSA) has issued a cybersecurity advisory outlining ways on how the Department of Defense (DOD), National Security System (NSS) and defense industrial base network owners ensure the security of connected operational technology.

The document calls on NSS, DOD and DIB system operators and owners to assess the value against costs and risks for enterprise information technology to OT connectivity, NSA said Thursday. The advisory outlines recommendations to improve cybersecurity for connected enterprise IT-to-OT networks.

Some of the recommendations are adding sensors and monitoring all cross-domain connections whenever remote access is allowed; creating a known OT network map and device settings baseline; and assessing and prioritizing OT network cybersecurity needs to identify required mitigations.

NSA also highlighted the importance of adopting a risk analysis strategy to help system operators and owners manage and protect OT networks from cyber threats.

To register for this virtual forum, visit the GovConWire Events page.

The National Cybersecurity Center of Excellence (NCCoE) has unveiled the final version of its white paper on post-quantum cryptography. The white paper sheds light on the challenges related to the adoption of post-quantum cryptographic algorithms once the new standards for using them are developed, the National Institute of Standards and Technology’s NCCoE said Wednesday.

The document also discusses the impact of quantum computing on classical cryptography, specifically on public-key cryptographic systems, planning requirements for migration to post-quantum cryptography and NIST’s next steps to help facilitate the migration.

Government and industry stakeholders use cryptographic technologies to validate the source and safeguard the integrity and confidentiality of data. However, the development and implementation of standards and infrastructures to support the adoption of new post-quantum cryptographic algorithms could take years to complete.

Leaders of the National Science Foundation and its policymaking body said at a House subcommittee hearing Wednesday that President Biden’s fiscal 2022 discretionary budget proposal supports agency work across the science and engineering (S&E) fields.

NSF Director Sethuraman Panchanathan told members of the House Research and Technology subcommittee the administration requested a $10.17 billion budget for the agency, up 20 percent from the current funding levels, and called for the formation of a technology directorate that will focus on emerging technology development efforts.

“Fields such as artificial intelligence and quantum information science hold the promise of incredible job growth, prosperity, and strengthened national security,” he noted.

Panchanathan said research innovation investments coupled with partnerships among the government, commercial and academic sectors help sustain U.S.’ edge in science and technology.

At the same meeting, Ellen Ochoa, chair of NSF’s National Science Board, overviewed a 10-year roadmap for the national S&E enterprise.

Vision 2030 outlines three trends identified by the board through an analysis of its biennial Science and Engineering Indicators data, namely the globalization of science and engineering, growth of knowledge- and technology-intensive industries and the demand for STEM talent.

“It is on this foundation, and in the context of the three trends that call for urgency, that NSB, in concert with NSF, wants to partner with policymakers and stakeholders, including this committee, to build NSF’s future,” Ochoa said.

Several bills intended to increase research funding are being lobbied both in the House and Senate. The NSF for the Future Act seeks to more than double the agency’s annual budget to $18.3 billion by 2026, while the Securing American Leadership in Science and Technology Act seeks a long-term investment strategy for basic research and infrastructure.

The National Institute of Standards and Technology (NIST) has issued a draft document outlining procedures that federal agencies and nonfederal organizations can use to assess enhanced security requirements for controlled unclassified information (CUI). 

The draft NIST Special Publication 800-172A seeks to help organizations develop evaluation plans and conduct assessments and includes procedures that can be used in self-assessments, government-sponsored assessments and independent third-party assessments, NIST said Tuesday.

“The findings and evidence produced during the assessments can be used to facilitate risk-based decisions by organizations related to the CUI enhanced security requirements,” the document reads.

The assessment procedures are arranged into 10 families: access control; awareness and training; configuration management; identification and authentication; incident response; personnel security; risk assessment; security assessment; system and communications protection; and system and information integrity.

NIST is seeking input on the procedures, including the determination statements and assessment objectives, and the approach used to integrate organization-defined parameters into determination statements for assessment objectives.

Public comments are due June 11th.

The General Services Administration (GSA) announced that its Transactional Data Reporting (TDR) pilot program exceeded targets in three of nine evaluation metrics for the fiscal year 2020.

Those metrics are contract-level pricing, data completeness and small business performance, Jeff Koses, senior procurement executive at GSA’s Office of government-wide policy, wrote in a blog post published Tuesday.

Koses said transactional data is now 98 percent complete and that usage of transactional data by contracting officers has improved.

The 2016 TDR rule seeks to promote transparency and reduce burden by requiring contractors to report transactional sales data from Multiple Award Schedules and other governmentwide contracts on a monthly basis.

“As GSA considers how to build these practices into a broader strategy to expand transparency and create less burden on our industry partners, we plan to train contracting officers on the benefits of having access to more granular prices paid information and to support these efforts with management guidance, as necessary,” he wrote.

Koses added that the agency will also look at the ability of Federal Supply Schedule contracting officers to use transactional data for price negotiations; training and tools for category managers that are currently not impacted by TDR; communication to industry partners ahead of changes; impacts on current and future contractors under the GSA Schedule and the impact of an expanded data collection on GSA’s capability to use data it currently collates.

The Cybersecurity and Infrastructure Security Agency (CISA) is working with several agencies and departments on pilot programs to determine whether it is feasible to aggregate cloud logs into a system that could help CISA analyze data and identify cyber threats, FCW reported Wednesday.

CISA intends to "see if it's possible to send their logs to our aggregation point and make sense of them as a community together," Brian Gattoni, the agency’s chief technology officer, said at an event Wednesday.

"We've run pilots through the [Continuous Diagnostics and Mitigation] program team, through our capacity building team to look at endpoint visibility capabilities … to see if that closes the visibility gap for us,” he added.

Gattoni said some cloud service providers have an infrastructure in place that could support CISA’s data aggregation efforts, but the agency is exploring ways to come up with its own capabilities to gain visibility into networks.

"There's a lot of slips between the cup and the lip when it comes to data access rights for third party services, so we at CISA have got to explore the use of our programs like [CDM] as way to establish visibility … and also look at possibly building out our own capabilities to close any visibility gaps that may still persist," he said.

To register for this virtual forum, visit the GovConWire Events page.