|
Army Tackles Cyber Costs with $49M Lifeline for Small Defense Firms
HUNTSVILLE, AL – May 08, 2026 – The U.S. Army is launching a landmark initiative to shield the smallest and most vulnerable members of the nation's defense supply chain from the crushing financial weight of mandatory cybersecurity regulations. The new program, known as the Next-gen Commercial Operations in Defended Enclaves (NCODE), aims to provide an affordable pathway to compliance for small businesses, ensuring their innovative capabilities are not lost to the defense ecosystem.
See: https://briefglance.com/articles/army-tackles-cyber-costs-with-49m-lifeline-for-small-defense-firms
Companies interested in the NCODE Marketplace see: Next-Gen Commercial Operations in Defended Enclaves – link to Marketplace at the bottom of the page
Simplifying CMMC Compliance and Breaking Down Its Controls
The post Simplifying CMMC Compliance and Breaking Down Its Controls appeared first on Welcome to the PKWARE Blog – PKWARE®.
Those seeking contracts with government agencies must meet many requirements and guidelines regarding cybersecurity. Each entity has its own, including the Department of Defense (DoD). Introduced in 2024 and being implemented in phases, Cybersecurity Maturity Model Certification 2.0 (CMMC) sets new rules around protecting controlled unclassified information (CUI) and federal contract information (FCI). CCCM compliance has lots of complexities; let’s talk about how to simplify and streamline it.
https://securityboulevard.com/2026/04/simplifying-cmmc-compliance-and-breaking-down-its-controls/
Agencies Urge ‘Trust and Verify’ as Supply Chain Cyber Risks Shift
Federal officials warn of growing supply chain risks, from small vendor gaps to human-targeted threats and limited partner visibility.
This “visibility gap” is particularly acute for DLA, where roughly 60% to 65% of partners are small businesses that lack the massive cybersecurity budgets of defense titans, he added. Roberts said that the Cybersecurity Maturity Model Certification (CMMC) is less about new rules and more about “accountability” and that the government must move past the initial vetting process.
“We have to get better at it post-award, because even then, particularly with what we do within Department of War, mergers are more incentivized by bad actors because they want access to [DOW] information,” Roberts explained.
https://govciomedia.com/agencies-urge-trust-and-verify-as-supply-chain-cyber-risks-shift/
FIPS Compliance: How to Harden Your Infrastructure Before the 2026 Deadline
The post FIPS Compliance: How to Harden Your Infrastructure Before the 2026 Deadline appeared first on PowerDMARC.
https://securityboulevard.com/2026/04/fips-compliance-how-to-harden-your-infrastructure-before-the-2026-deadline/
Does the following article indicate that “q-day” is here or is much closer than expected?
Does China’s Jiuzhang 4.0 computer herald the age of quantum supremacy?
New programmable photonic quantum computing prototype completed a complex calculation in microseconds, developers say
China has unveiled its latest photonic quantum computer, Jiuzhang 4.0, with researchers saying it can outperform the world’s fastest classical supercomputer by a vast margin, further strengthening Beijing’s push towards quantum supremacy.
The results, published on May 13 in the peer-reviewed journal Nature, mark the latest milestone in China’s rapidly advancing quantum programme led by a team of scientists at the University of Science and Technology of China headed by Chinese quantum physicist Pan Jianwei.
https://www.scmp.com/news/china/science/article/3353602/does-chinas-jiuzhang-40-computer-herald-age-quantum-supremacy
9 PQC Algorithms Advance
The National Institute of Standards and Technology (NIST) moved nine quantum-resistant signatures closer to approval for use, giving agencies another step forward in the long-running push to protect sensitive data from future quantum computing threats. NIST advanced the post-quantum cryptography algorithms to the third round of evaluation under its signature-focused competition, which began in 2022. The algorithms are: FAEST, HAWK, MAYO, MQOM, QR-UOV, SDitH, SNOVA, SQIsign, and UOV. The agency is looking to expand and diversify its portfolio of PQC digital signatures, and this round follows an initial field of 40 candidates. Fourteen made it to round two, and now nine are moving ahead. NIST said it weighed security, cost and performance, and implementation characteristics in making the cut. The review phase is expected to last about two years. With the federal quantum-ready deadline now set for 2035, the clock is definitely ticking.
AI – Friend or Foe
AI Coding Agents Could Fuel Next Supply Chain Crisis
“TrustFall” attack shows how AI coding agents can be manipulated into launching stealthy supply chain compromises.
Agentic AI is designed to operate automatically and usually invisibly to make our work easier and more efficient. AI code generators are no different. Claude Code (launched in May 2025) has become the fastest-growing tool in the startup and high-end engineering space, with the highest user satisfaction rating against its competitors.
Adversa AI has discovered a way in which its agentic behavior can be manipulated by an attacker into providing a one-click RCE, or even a potential supply chain threat. All the attacker needs to do is place attractive but malicious code as, say, a GitHub repo.
https://www.securityweek.com/ai-coding-agents-could-fuel-next-supply-chain-crisis
Will a solution for Cybersecurity come from Space?
NASA, Industry Advance High Performance Spaceflight Computing
Adopting the same high-performance computing, network switching, high-reliability and cybersecurity technologies, the company’s processors enable mission-critical edge computing for Earth-based industries such as automotive, aviation, consumer electronics, industrial systems, and aerospace. These potential applications include drones, energy grids, medical equipment, communication services, artificial intelligence, and data transmission.
By leveraging a common technology base across space and terrestrial markets, High-Performance Spaceflight Computing helps strengthen domestic industrial capabilities and reduce risk and cost for both government and commercial users.
See: https://www.nasa.gov/directorates/stmd/nasa-industry-advance-high-performance-spaceflight-computing/
Information Security Resources
The National Counterintelligence Security Center
“Know the Risk; Raise your Shield”
- Strengthen your P@SSw0rdS!
- Lock-down your social media accounts.
- Delete suspicious emails.
- Don't expect privacy when you travel.
- Know who you're talking to.
The Following are Videos. They are relatively short. They don’t specifically address cybersecurity. They do portray techniques that (are) can be used and the potential effects.
The Company Man, Protecting Americas Secrets - created by: FBI Counterintelligence https://www.youtube.com/watch?v=caPkC_lagbo
Human Targeting at Conferences and Outreach events, short video - https://www.youtube.com/watch?v=XpqOEniQK9U
Game of Pawns - https://www.fbi.gov/video-repository/newss-game-of-pawns/view
Cybersecurity Risk Management, A Framework for Assessing Risk - Supply Chain Risk Management – Source: FBI
https://www.dni.gov/index.php/ncsc-how-we-work/ncsc-know-the-risk-raise-your-shield
Protecting America’s Competitive Advantage – Flyers 1 & 2
Pulling the Plug: Why Internet Shutdowns Fail as Cyber Defense
The recent U.S.-Iran conflict has proven that cyberspace is not always a supporting domain, but one that could be decisive for victory. Before kinetic strikes commenced, Iranian adversary networks had already been mapped, penetrated, and operationalized. Intelligence derived from compromised mobile networks, traffic cameras, and persistent surveillance informed targeting decisions, culminating in a decapitation strike against Iran’s Supreme Leader. Cyber operations have not merely enabled the battlefield; they have shaped it on a scale that’s nearly unprecedented in prior conflict scenarios.
Cyber defense success needs resilience, not disconnection. Zero-trust architectures, network segmentation, continuous monitoring, and rapid response capabilities provide a more effective framework for managing risk in a contested environment.
https://oodaloop.com/analysis/security-and-resiliency/pulling-the-plug-why-internet-shutdowns-fail-as-cyber-defense/
Salesforce CEO Marc Benioff uses AI to monitor employee conversations — and your boss might be doing it too: 'Chilling'
Salesforce isn’t alone in its AI-driven monitoring of employees in company workspaces. Microsoft has embedded Copilot across its digital suite, and Google has done similarly with Gemini.
Additionally, major U.S. companies, including Walmart, Delta Air Lines, T-Mobile, Chevron and Starbucks, have used the AI firm Aware to analyze employee messages, CNBC reported.
https://www.msn.com/en-us/news/technology/salesforce-ceo-marc-benioff-uses-ai-to-monitor-employee-conversations-and-your-boss-might-be-doing-it-too-chilling/ar-AA23uDWO?ocid=entnewsntp&pc=DCTS&cvid=6a0b8af36b754bb4a5b9678260de2db9&ei=49
| 
