Cisco inks $1.2B software contract with DISA
The Defense Information Systems Agency has awarded Cisco a $1.2 billion indefinite-delivery/indefinite-quantity contract for software services, the Department of Defense announced Monday.
The software Cisco will be providing is “Cisco Smart Net Total Care and Software Support Services,” according to a public release about the contract. The performance period will start with a one-year base but could be extended up to three years if all goes well.
The DOD’s request received three proposals, the department said.
Cisco’s Smart Net software is designed to help resolve IT issues and keep enterprise software for large organizations up to date, according to its website. It’s tech that “that keeps your IT running smoothly,” a promotional video claims.
DISA has been consolidating the networks of combat support agencies and taking on the responsibility to run their help desks. It’s unclear if this contract is directly related to that initiative.
Agriculture CISO Venice Goodwine takes role with Air Force
Venice Goodwine has left the Department of Agriculture to lead the U.S. Air Force’s enterprise IT function.
Goodwine started in the role of director of enterprise IT for the Air Force under CIO Lauren Knausenberger last Monday, a source familiar with the matter told FedScoop.
She served as USDA’s chief information security officer since late 2018, overseeing a $208 million cybersecurity budget, according to the agency. Before that, she had a long tenure in the military, serving as a senior cybersecurity officer advising the Air Force CISO and a senior program manager in the Marine Corps Systems Command.
While at USDA, she led improvements to the agency’s cybersecurity maturity score under the House Committee on Oversight and Reform’s Federal IT Acquisition and Reform Act (FITARA) Scorecard from an F to a B grade.
She spoke with FedScoop in January 2020 about the emerging importance of a zero-trust security framework in the federal government, acknowledging that “identity is now the new perimeter” for cybersecurity. “I understand that my data will now be at Starbucks and outside of my actual perimeter and how am I actually going to protect that data throughout its lifecycle?” she said at the 2020 Zero Trust Security Summit.
USDA did not comment on Goodwine’s departure prior to publication.
FBI seeks assistance with major IT modernization initiatives
The Federal Bureau of Investigations is looking for an IT vendor to help with enterprise-wide IT modernization projects, it said in a request for information.
The request states the FBI is gathering information to help inform a five-year indefinite delivery/indefinite quantity contract it plans to issue for enterprise-wide IT support. The RFI lists four areas for which the FBI is looking for contractor support: the FBI’s enterprise IT strategic plan, transforming FBI IT infrastructure, the enterprise data strategy and the data science roadmap.
“As technology continues to become more complex and interwoven, the FBI’s enterprise information technology (IT) must evolve into a customer-centric set of unified services readily available, secure, and always focused on enabling the work of front-line personnel,” the RFI states. “The FBI must be nimble, agile, and mission-focused to continue to meet the growing demands and needs of the users and communities it supports.”
The FBI’s office of the chief information officer was created in 2016, but has since seen two major reorganizations in 2017 and 2019, and work continues to “centralize, supplement, and effectively coordinate existing efforts.” That work continues through this latest contract it is preparing and aims to be accelerated by the contract’s eventual award.
Zero trust, identity management and DOD network security strategies
Defense agency leaders — aware of the shortcomings of “defense in depth” security approaches — are exploring other security frameworks, like zero trust, to better protect networks from identity-based attacks.

Read the full report.
According to a recent Okta report, the Air Force is one of several agencies using modern identity and access management tools to assist with security and user experience.
It is working to “centralize IAM across 33 systems and 200 applications,” the report says. Additionally, among other capabilities, the IAM platform allows them to streamline auditing and reporting tools and user behavior analytics to uncover anomalies.
The report describes how Okta’s zero trust architecture is being used as a foundation to secure DOD resource across on-premise and cloud environments to help defense organizations manage their extended enterprise, and by making it possible for them to:
- Embrace the secure cloud, at scale — while also extending the same strong authentication to on-prem apps, such as WAM.
- Reduce the complexity of managing separate password and authentication policies across on-premise and cloud resources.
- Provide a consistent and seamless access experience for end users, eliminating password fatigue and improving onboarding time.
Learn more about how zero trust and identity management are proving to be a game-changer for DOD network security.
This article was produced by FedScoop for, and sponsored by, Okta.
US, Albania agree to develop secure 5G networks abroad
The U.S. and Albania agreed Sunday to coordinate development of secure 4G and 5G networks abroad, as the former tries to stop Western Balkans countries from buying potentially compromised Chinese infrastructure.
Without mentioning China by name, both parties acknowledged the threat foreign adversaries pose to the telecommunications supply chain.
In recent years the U.S. has struck similar agreements with the Western Balkans countries of Serbia, Kosovo and North Macedonia to assess the risk of 5G equipment supplied by vendors with connections to foreign adversaries, namely Huawei and ZTE, before buying.
“I think we’re setting a very strong example together here today, particularly on the need to make sure that when it comes to our most sensitive technology and networks, we’re working with trusted vendors,” said Secretary of State Antony Blinken.
Blinken signed the memorandum of understanding with Albanian Prime Minister Edi Rama, noting the partnership between the two countries was “growing stronger, growing deeper.”
Albania was elected to the U.N. Security Council for a two-year term beginning next year on Friday. The country previously participated in a U.S. Army-led, joint military exercise with 27 European and NATO countries called DEFENDER-Europe 21.
House lawmakers recently reintroduced legislation that would see the U.S. Development Finance Corporation fund 5G infrastructure projects in 22 Central and Eastern European countries including Albania. The bill is seen as a counter to China’s Belt and Road and 17+1 initiatives seen as taking advantage of a region that’s historically lacked telecom infrastructure since the Soviet era.
“[W]e have undertaken these issues … asking also the other countries in the region join and to put all together our effort for a very secure path of communication,” Rama said. “And to put this path of communication of very critical services in the hands of the people of Albania, in the hands of institutions of our security forces, and to not allow compromise by third actors and sometimes-malign actors.”
Tech contractor for National Nuclear Security Administration says it is investigating systems hack
A research and development consultancy that works with the Department of Energy and National Nuclear Security Administration is investigating a cyber breach.
In a statement to this publication, Sol Oriens said it had appointed a technology forensics firm to investigate the incident, and that law enforcement agencies had been informed. The company became aware of the breach last month.
Sol Oriens is a New Mexico-headquartered consulting company that provides services to federal government agencies including program management, technology management, weapons R&D and product engineering.
“Upon detecting suspicious activity within our network environment, our IT professionals immediately secured the system and we quickly recovered priority company systems.
“The investigation is ongoing, but we recently determined that an unauthorized individual acquired certain documents from our systems. Those documents are currently under review, and we are working with a third-party technological forensic firm to determine the scope of potential data that may have been involved,” a spokesperson for the contractor said.
Sol Oriens added that to date it has no indication that the incident involves client classified or critical security-related information. The consultancy firm said also that it would notify affected individuals and entities once the forensic investigation into the cyberattack concludes.
A DOE spokesperson said: “The Department of Energy is aware of the cyberattack against Sol Oriens, a veteran-owned consulting firm whose clients include the Department of Energy and the National Nuclear Security Administration.
“There is no evidence that any DOE or NNSA data was compromised and there is no risk or impact to any government systems. We continue to stay in close communication with Sol Oriens,” the spokesperson added.
The NNSA helps to manage the safety of the U.S.’s nuclear stockpile and is a semi-autonomous agency within the DOE, according to its website. It works closely with the Department of Defense and national labs on nuclear safety and use, including nuclear propulsion in the Navy and the country’s emergency response to nuclear incidents.
Hackers have found a path of least resistance by targeting small subcontractors that often do not have the resources for extensive cybersecurity defenses. Last month hackers targeted USAID by compromising an account held with email marketing company Constant Contact.
The DOE has a cybersecurity test called the “Cybersecurity Capability Maturity Model (C2M2),” companies can voluntarily use to assess the security of their networks.
News of the Sol Oriens breach was first reported by CNBC last Friday.
US, UK forge emerging technology R&D partnership
The U.S. and U.K. agreed to forge a partnership over the next two years for developing emerging technologies like artificial intelligence, quantum computers and batteries, under the revised Atlantic Charter signed Thursday.
President Biden and U.K. Prime Minister Boris Johnson struck the agreement ahead of the G7 Summit in Cornwall, England, which promises to increase funding for research and development around climate change, cancer, future disease outbreaks and supply chain security.
Revisions to the 80-year-old charter emphasize democracy and human rights, defense and security, science and innovation, and economic prosperity as the two countries look to counter efforts by foreign adversaries like China and Russia to undermine them and gain a technological advantage.
“We will continue to strengthen collaboration in science and technology,” reads the agreement. “This will facilitate increased joint world-class research, as well as encourage the development of rules, norms and standards governing data sharing, technology, and the digital economy that reflect our values and principles.”
Moving forward the President’s Council of Advisors on Science and Technology and Prime Minister’s Council for Science and Technology will coordinate more closely.
Similarly the new U.S. National Center for Epidemic Forecasting and Outbreak Analytics and the new U.K. Health Security Agency Centre for Pandemic Preparedness will work together to eliminate infectious disease threats before they become epidemics or pandemics. That includes scaling detection with the development of an integrated, global surveillance system, the Global Pandemic Radar, as well as genomic sequencing.
“Enhancing global surveillance is critical to achieving our collective ambition to deliver safe, effective and affordable vaccines, therapeutics and diagnostics within 100 days of a future pandemic threat being identified,” reads the agreement.
With respect to climate change, clean energy technologies are another focus of the partnership.
The revised Atlantic Charter makes it clear the U.S. and U.K. intend to manage potential abuses of emerging technologies through international institutions and laws. That includes opposing disinformation campaigns targeting democratic elections, boosting cybersecurity and maintaining a free and open internet.
On the security front, the charter promises to deliver a “robust” data access agreement between the U.S. and U.K. — given their “appropriately high level” of information protections — to support law enforcement investigations into cyberattacks and terrorism while upholding privacy. Both countries vowed to work with tech companies to further such work.
Biden taps IT company CEO Del Toro to be secretary of the Navy
The president nominated former Naval officer and current CEO of a small IT company, Carlos Del Toro, to be secretary of the Navy.
Del Toro has been president and CEO of SBG Technology Solutions since 2004, according to LikedIn. Prior to this, he served more than two decades in the Navy, including deployments commanding a missile destroyer and working in the office of the Secretary of Defense.
At SBG he worked closely with the federal government on a range of issues, according to a White House statement.
“As CEO and President of SBG Technology Solutions, Del Toro has supported defense programs across a host of immediate and long-term Navy issue areas, including shipbuilding, AI, cybersecurity, acquisition programs, space systems, health, and training,” the statement said.
The Navy has struggled with cybersecurity and modernizing its IT systems. A 2019 report found major gaps in both the Navy and its industrial suppliers’ networks, a problem previous secretaries have tried to prioritize, despite high turnover in the top job.
New-era authentication key widens trusted access to federal resources
The recent wave of highly public cyberattacks has cast a spotlight on last month’s White House executive order on cybersecurity, and the need for agencies to modernize their cybersecurity and authentication systems.
The executive order’s call for implementing zero-trust architecture, and new requirements to focus on more modern authentication strategies, signals an important turning point for government, say cybersecurity experts.

Read the full report.
“This executive order will affect many organizations, both in the public and private sector, that work with the government [including] financial services, healthcare, the public sector, critical infrastructures, high tech, and education,” commented David Treece, Director Solutions Architecture at Yubico in a new report on modernized multifactor authentication (MFA) strategies.
The new directives lay out the need for agencies to implement a more multifaceted and modernized approach to authentication that can support today’s widely distributed and dynamically configured networks, according to a new report, produced by FedScoop and underwritten by Yubico.
The limits of CAC/PIV cards
The report highlights the rapidly evolving nature of authentication tools and the need for agencies to expand upon traditional public key infrastructure (PKI) methods. While the government’s long-established PKI-based Common Access Card (CAC) and Personal Identity Verification (PIV) credentials remain foundational to controlling access to defense and civilian systems respectively, they still have their limits.
Those working in command centers requiring simultaneous access to multiple systems, for instance, can generally only use their CACs to access one system at a time. CAC and PIV cards also require specialized contact-based card readers — to prevent someone from eavesdropping on the traffic that goes between the card and the card reader — making them difficult to use with modern devices such as mobile smartphones and tablets.
Those and other limitations led a small group of engineers from Yubico in 2008 to develop the YubiKey, a hardware security key that utilizes DoD-approved PKI cryptography and Identify Federation Service (IFS) solutions to authenticate users as an alternative to CACs.
YubiKeys provide “a form factor that is as strong as the CAC or the PIV and can be used across multiple devices without a smart card reader,” explains Jeff Frederick in the report. Frederick is lead technical resource for the public sector team at Yubico. The YubiKey has since become a DOD-approved alternative authenticator.
Fast forward to the advent of cloud computing, the ubiquitous reliance on multiple mobile computing devices, and most recently, the massive redistribution of the government’s workforce during the pandemic, and the need for more modern and adaptable alternatives to multi-factor authentication has grown exponentially.
That led Yubico to work with various certificate authority (CA) vendors as well as with Google, Microsoft and other leading technology suppliers to advance the capabilities of remote authentication, says Frederick.
Most notably, Yubico became a founding member of the non-profit FIDO (Fast Identity Online) Alliance, formed to address the lack of interoperability among authentication devices. Yubico engineers have also teamed up with organizations to develop open, scalable and interoperable mechanisms which work effectively in the cloud and ultimately, are aimed at supplanting the reliance on passwords.
That has spawned a comprehensive line up of YubiKeys, capable of supporting multiple authentication protocols, allowing users to access accounts four-times faster than other two-factor authentication (2FA) and cut support calls by 92%, according to the report. And unlike other 2FA, YubiKeys store no data, require no network connection and don’t run on software — which is why users have experienced zero account takeovers.
The report highlight’s Yubico’s latest all-in-one multi-protocol YubiKey 5 FIPS Series is designed to meet the highest authenticator assurance level (AAL3) requirements from NIST for government and regulated industries.
“YubiKeys provide six, multi-factor authentication protocols all on one physical piece of hardware,” says Frederick, including the ability to support both legacy and modern security protocols, using static passwords, one-time passwords (OTP), PIV (smart card), OpenPGP, FIDO U2F and FIDO2. Additionally, Yubico designed the hardware so that the authentication secret is stored on a separate secure chip built into the YubiKey, so that it cannot be copied or stolen.
“Government agencies can use the YubiKey to bridge the gap to the future,” adds Rob Konosky, director for Yubico’s federal defense business. “There’s no reason to wait to start issuing hardware security keys such as the YubiKey to every single, soldier, sailor, airman and marine that has strong authentication needs.”
Download the full report and learn how Yubico can help accelerate your agency’s journey to zero trust.
This report was produced by FedScoop and underwritten by Yubico.
Glavy nominated as top IT officer for US Marine Corps
The Biden administration has nominated Maj. Gen. Matthew Glavy as the next deputy commandant for information of the U.S. Marine Corps.
The deputy commandant post was created in 2017, and is the service’s equivalent of a uniformed CIO.
Glavy will replace Lt. Gen. Loretta “Lori” Reynolds, the current deputy commandant for information. Glavy, if confirmed by the Senate, will get his third star and rise to the rank of lieutenant general.
“Deputy Commandant for Information develops and supervises plans, policies, and strategy for operating in the Information Environment and identifies requirements in doctrine, manpower, training, education, and equipment in order to support Marine Air Ground Task Force operations in the Information Environment,” according to the Marine Corps website.
Glavy currently serves as the head of Marine Corps Forces Cyberspace Command at Fort Meade, Maryland. It is currently unclear who will replace Glavy at the Marine’s cyber component command.
The Marine Corps falls under the oversight of the Department of Navy, and Glavy would work with the top IT official in the department, CIO Aaron Weis. The Department has been working to upgrade its cybersecurity and implement a new “strategic vision” for its IT.