This page serves as a dynamic resource for OODA Network members looking for insights into the US Federal Government as a market. The information here includes federal related news, listed in the right hand column, and longer form research provided our members, highlighted below.
OODA Salon: A member discussion of build vs buy in the federal ecosystem
In the age of great power competition, the need for government to be able to tap into commercial innovation has never been greater. But it can be hard for government decision-makers to know when it is best to leverage existing commercial capabilities or to hire defense integrators or use internal staff to create their own solutions. Questions of building vs buying have been around for decades. Numerous high level studies exist on this topic, incudling many by the Defense Science Board and the congressionally mandated Software Acquisition and Practices (SWAP) study. This is not a topic with simple answers. But now more than ever it is one that is important to keep pushing on.
DHS Science and Technology Directorate (S&T) releases Artificial Intelligence (AI) and Machine Learning (ML) Strategic Plan Amidst Flurry of USG-wide AI/ML RFIs
An artificial intelligence security strategy (see “Securing AI – Four Areas to Focus on Right Now”) should be the cornerstone of any AI and machine learning (ML) efforts within your enterprise. We also recently outlined the need for enterprises to further operationalize the logging and analysis of artificial intelligence (AI) related accidents and incidents based on an “AI Accidents” framework from the Georgetown University CSET. The best analysis is a sophisticated body of work on AI-related issues of morality, ethics, fairness, explainable and interpretable AI, bias, privacy, adversarial behaviors, trust, fairness, evaluation, testing and compliance.
Zero Trust Will Yield Zero Results Without A Risk Analysis
Over the past four years there has been an avalanche of new Zero Trust products. However during the same period there has been no measurable reduction in cyber breaches. Zero Trust is a concept where an organization has Zero Trust in a specific individual, supplier or technology that is the source of their cyber risk. One needs to have Zero Trust in something and then act to neutralize that risk. Thus buying a Zero Trust product makes no sense unless it is deployed as a countermeasure to specific cyber risk. Buying products should be the last step taken not the first. To help enterprises benefit from Zero Trust concepts here is a modified OODA loop type process to guide your strategy development and execution.
Building Resilient Supply Chains and Semiconductor Manufacturing
The White House issued an Executive Order on securing America’s supply chains, calling for “an immediate 100-day review across federal agencies to address vulnerabilities in the supply chains of semiconductor manufacturing and advanced packaging. The final review was delivered in June of 2021. The final report is an exhaustive 250-page document, of which 60 pages are dedicated to a semiconductor and advanced packaging supply chain risk assessment, along with sections on opportunities and challenges ahead, concluding with recommendations.
Inspired by COVID-19 HPC Consortium, Cabinet-level National Science and Technology Council’s Blueprint for a National Strategic Computing Reserve
The ad-hoc creation of the COVID-19 High-Performance Computing (HPC) Consortium during the coronavirus pandemic revealed the unintended consequences of the shift of personnel and computational power for emergency use. It also compelled the National Science and Technology Council to do an analysis of the Consortium’s resources, processes, and structures to explore the creation of a National Strategic Computing Reserve (NSCR). We break down the NSCR blueprint.
The Smart Way For Contractors To Meet New DoD CMMC and DFARS Requirements
Any company that seeks to do business with the Department of Defense, including subcontractors, must comply with new regulations designed to reduce the risks to the nation of cyber threats. Changes to government rules over the last 5 years have included a steadily increasing number of technical requirements for security programs, new requirements to report to government if there is a breach of systems, and requirements to be able to conduct forensics if there is a need for an investigation.
DHS Worried About Ransomware Attacks for 2020 Election
According to an intelligence report issued by the Department of Homeland Security, one of the top 2020 election security concerns is ransomware. A report entitled “Cybercriminals and Criminal Hackers Capable of Disrupting Election Infrastructure”, echos concerns CISA head Chris Krebs articulate at the Black Hat security conference in early August. According to the report, the weeks leading up to the election are likely to be the highest risk for ransomware attacks.
The Clean Network Initiative: Another Nail in the Coffin of An Open Internet
For over twenty years the United States has consistently been the strongest voice for an open Internet that connects people all around the world. It was not a place for sovereignty and closed borders, the priorities of Russia, China, Iran, and other states scared of how the free flow of information might undermine their regime’s hold on their people. Until last week, that is.
The Future Includes Manned Vertical Lift and Attack Helicopters
Manned Attack Helicopters will remain an essential part of the Vertical Lift Force in the United States for the foreseeable future, despite the recent proliferation of unmanned aerial vehicles. As the existing fleet of manned attack helicopters approaches end of life, the U. S. Military prepares to replace, update and repair these critical assets.
This special report, prepared for OODA Network Members, will be of interest to any executive in the aerospace and defense sector as well as strategists seeking insights into the near future of military capabilities.
What Executives Need To Know About The Report of the Cyberspace Solarium Commission
This special report begins with an executive level overview of key take-aways from the report but transitions into recommended actions for business executives. The report makes it clear that there are actions you can take today that will give your business competitive advantage in the market.
OODA Video: The Intelligence Workstation of the Future
This video provide additional context on our concept of an Intelligence Workstation of the Future. The Intelligence Workstation of the Future will empower analysts in new ways, combining the most modern analytical and visualization tools with enterprise security and governance technologies. This post explores this workstation, leading to actionable recommendations that organizations can put in place now to bring this concept to reality sooner vice later.
Cybersecurity Expert Admits to Espionage and International Kidnapping Charges
A long-standing cybersecurity professional Elizabeth Jo Shirley, of Hedgesville, West Virginia, has admitted to unlawfully retaining a document containing national defense information and committing international parental kidnapping, the Department of Justice announced. Shirley attempted to sell classified information from the National Security Agency to the Russian government.
Bobbie Stempfley of Carnegie Mellon University Software Engineering Institute
The leadership team at OODA have had the pleasure of working with and learning from Bobbie Stempfley since her leadership of the Department of Defense Computer Emergency Response Team (DoD CERT) after she established it in the late 1990’s. This OODAcast captures insights from Bobbie that can inform the action of leadership of corporate and government leaders alike.
OODA Video: Your Data Strategy in a Hybrid Cloud Environment
The agility and improved mission support associated with the widespread move to cloud computing has made this megatrend one of the most positive forces in IT today. Some of the greatest benefits to enterprises come with the ability to smartly mix public and private clouds in hybrid cloud environments. However, optimizing the use of multiple public clouds and on-prem solutions comes with challenges, especially with how data is managed in this environment.
OODAcast with Congressman Will Hurd
In this OODAcast, OODA LLC CEO Matt Devost interviews Congressman Will Hurd in a wide ranging discussion that touches on issues of geopolitical risk, cybersecurity, cyber risk and ways to help ensure our nation is prepared to compete and win in an age of rapid technological innovation. Quantum Computing, Artificial Intelligence, Advanced Communications (5G) and other mega-trends of technology are examined, as well as insights into leadership in the modern world.
DHS Warns that Conspiracy Theories Are Inciting Attacks Against Communications Infrastructure
The Department of Homeland Security has issued an intelligence alert highlight the threat to communication infrastructures posed by conspiracy theories linking 5G technology to Covid-19. The alert highlights that DHS expects the attacks to increase as the disease spreads to include attacks against telecommunication industry workers.
Considerations Regarding America’s Latest 5G Strategy
The White House quietly released its National Strategy to Secure 5G, outlining the Trump Administration’s approach to securing fifth generation communications infrastructure at home and abroad. It was published concurrently with the president’s signing of the Secure 5G and Beyond Act, signaling alignment from the executive and legislative branches to advance American leadership in this space. Although officials note that the subsequent implementation plan will be much more detailed, it’s worth taking a closer look at the strategy’s main thrusts. In this article, I recap the strategy’s four lines of effort and offer additional considerations for decision-makers.
What The Wartime CEO Needs To Know About Covid-19 Government Contracting Rules, Risks and Opportunities
This report focuses in on actionable insights CEOs need to know about the flowing from new regulations, requirements and the new Coronavirus Aid, Relief and Economic Security, or “CARES” Act. It concludes with specific recommendations for actions to take to accelerate your government business.
An Executive Review of new USG Guidelines for Dark Web Intelligence Collection
In February, the Department of Justice’s Cybersecurity Unit published a document that focuses on the risks practitioners face when gathering intelligence from online sources like the Darknet and what the ramifications of certain actions are when performing intelligence collection. The publication highlights several hypothetical situations in which the practitioner may face legal consequences for missteps when interacting with Darknet sellers and obtaining information from these forums.
I Was Asked to Review a Major City’s Emergency Response Plan. Here’s What I Told Them.
On March 12, a major city I’ve worked with on emergency planning and counterterrorism issues over the past two decades asked me to review their response plan around COVID-19. Here is what I told them: You guys have done the easy part. Luckily, you have a population with no known
DHS Cyber Agency Issues Guidance for Keeping Teleworkers Secure
DHS CISA has issued guidance for securing remote workers as companies execute their teleworking contingencies resulting from the social isolation requirements for COVID-19.
Sea Services showcase new capabilities at AFCEA WEST
OODA’s Chris Ward attended the annual AFCEA and US Naval Institute Sea Service Conference in San Diego (WEST 2020). The central theme of the conference was around Navy, Marine and Coast Guard readiness for great power competition. In this article she compiles her observations and take-aways from the event.
Election Security Initiatives are Falling Short According to New Government Report
The Government Accountability Office has warned that CISA planning is falling short of what is needed to secure the 2020 Presidential election. Delays in developing strategic and operational plans and a lack of staff focused on election security initiatives makes it likely that election security mission aspirations will fall short. Notably, GAO warns that “CISA will not be well-positioned to execute a nationwide strategy for securing election infrastructure prior to the start of 2020 election activities.”
OODA Network Interview: Dr. James N. Miller
One of our nation’s best strategic thinkers, Dr. James N. Miller has spent his career helping the Department of Defense make good, unbiased policy decisions. He has also worked extensively in academia, helped establish the Center for New American Security (CNAS), and worked to establish the Defense Adaptive Red Team to address a whole host of emerging threat issues. In this interview, he describes his career progression and the thinking and leadership models that have enabled him to think through solutions to our most complex national security problems.
“Defending our democracy from truth decay and the decline of bipartisanship is our most pressing National risk.”
Is Space Critical Infrastructure?
The establishment of the Space Information Sharing and Analysis Center (ISAC) was announced earlier this year with the mission to enhance the space community’s ability to prepare for and respond to cyber vulnerabilities, incidents, and threats. Although the Space ISAC won’t be fully up and running until early 2020, the industry group is already pursuing a hefty agenda item: lobby the federal government to designate commercial space systems as critical infrastructure (CI).
Mitigating Risks To America’s Cognitive Infrastructure
This is the second of a series on our nation’s most neglected critical infrastructure, our cognitive infrastructure. The first post dove into the nature of the challenge and why it is so important for our future that the threats to our cognitive infrastructure are understood and addressed. This post flows from that one and suggests ways the nation can mitigate many of these risks.
America’s Most Critical Infrastructure is also Our Most Neglected Infrastructure
This special report is the first of a two-part series designed to both inform OODA members on the nature of challenges to our nation’s most critical infrastructure and provide recommendations for action that can mitigate these challenges. Our thesis is that America’s most critical infrastructure is our cognitive infrastructure. This is also the most attacked and least defended. In short, our most important critical infrastructure is also our most neglected infrastructure.
CISA Outlines Agency’s Strategic Intent
The newly formed Cybersecurity and Infrastructure Security Agency (CISA)has released a strategic intent document outlining the agencies role in protecting U.S. critical infrastructure and cyberspace. It is important for OODA Network Members to track the emergent roles and responsibilities of this agency as it will be a critical component of cyber and infrastructure security moving forward.
Startup Tech CEO: How do you form a federal channel partner strategy?
This is the next in our series of special reports for OODA members focused on federal business strategies for the Startup CEO (find them all here). This special report focuses on channel partner strategies for high tech firms.
Startup Tech CEO: When do you stand up your federal office?
This is the next in our series of special reports for OODA members focused on federal business strategies for the Startup CEO (find them all here). This special report is written for the tech CEO considering when to stand up a federal office. You will want to time this just right.
Startup Tech CEO: How do you Work With Federal Systems Integrators?
This is the next in our series of special reports for OODA members focused on federal business strategies for the Startup CEO (find them all here). This special report is written for the tech CEO seeking insights into the federal systems integrator community. It is based on years of direct experience.
Startup Tech CEO: How can you learn government mission needs?
If you are a tech CEO building an awesome new capability that improves the ability of organizations, there is a very high likelihood that government agencies will have an interest. The government organizations that will have the most interest are those that will see your technology as critical to mission accomplishment. This makes learning government mission needs extremely important.
Startup Tech CEO: These are the AI/ML capabilities DoD says they need the most
Tech CEOs can be a huge help to DoD by tracking their mission needs and providing input on capabilities that meet them. We can make it easy for you to do just that. We have just been asked to help provide inputs on companies that meet key needs of the Joint Artificial Intelligence Center (JAIC). Let us know if your firm has a solution that is a fit.
What Business Needs To Know About The New Way DoD Will Measure Your Security Posture
The Department of Defense is establishing a new approach they expect their contractors, and sub-contractors to leverage. This is meant to help reduce risk and mitigate many challenges observed in implementing existing security/compliance regulations in the defense industrial base. Our review of this approach leaves us optimistic that this new approach is a positive change. Here is what you need to know.
The Cyber Threat To NASA’s Artemis Program
NASA is enabling another giant leap for humanity. With the Artemis program, humans will return to the Moon in a way that will enable establishment of gateways to further exploration of not just the Moon but eventually the entire solar system.
The Intelligent Enterprise Series: Special reports from OODA focused on corporate intelligence
Useful Standards For Corporate Intelligence: Based on lessons learned from the US intelligence community and corporate America
Optimizing Corporate Intelligence: Tips and best practices and actionable recommendations to make intelligence programs better.
A Practitioner’s View of Corporate Intelligence: insights aimed at corporate strategists seeking competitive advantage through better and more accurate decision-making.
An Executive’s Guide To Cognitive Bias in Decision Making: Cognitive Bias and the errors in judgement they produce are seen in every aspect of human decision-making, including in the business world. Companies that have a better understanding of these cognitive biases can optimize decision making at all levels of the organization, leading to better performance in the market.