14 Sep 16. Palantir Claims Army Misled To Keep It Out of DCGS-A Program. Palantir Technologies has mapped out in a motion filed with the US Court of Federal Claims what it believes are the Army’s repeated, biased attempts to block the company from working with the service to test and integrate its technology into the force’s intelligence analysis framework. Palantir sued the Army in July for issuing what it says is an unlawful procurement solicitation for the service’s next iteration of its internally developed intelligence software suite — the Distributed Common Ground System-Army (DCGS-A) — that shuts the company’s commercial offering out of the competition. The Palo Alto-based company has argued the way the Army wrote its requirements in a request for proposals to industry would shut out Silicon Valley companies that provide commercially available products. The company contended that the Army’s plan to award just one contract to a lead systems integrator means commercially available solutions would have to be excluded. (Source: glstrade.com/Defense News)
12 Sep 16. Leak Spotlights NSA’s Conflicting Missions. A top National Security Agency official revealed this month that the agency’s staff had rushed to the scene of virtually every major hack of a government computer network in the past two years.
Curtis W. Dukes, director of information assurance at the NSA, was trying to emphasize the Fort Meade-based spy outfit’s lesser-known but growing role of helping to protect the nation’s sensitive data.
But while Dukes was speaking to reporters in Washington, the cyber world was poring over a leaked cache of what appeared to be tools developed by the NSA for its more controversial activity: surveilling, spying and hacking.
The disclosure of the files — the NSA hasn’t confirmed that they’re authentic, but researchers and former NSA employees say they seem to be — underscored once again the tension between the two sides of NSA’s dual mission: breaking into computer networks overseas in search of useful intelligence about foreign governments and terrorists and helping protect America’s networks against foreign spies and other hackers.
Dukes, talking to reporters on the sidelines of an NSA conference last week, said his responsibilities included “fortifying public trust” in the agency — trust that suffered a major blow three years ago when former contractor Edward Snowden leaked details of its phone and email surveillance programs.
A group that called itself the Shadow Brokers posted files they claim came from the Equation Group, a name used in cyber circles for the NSA. Computer security analysts who have studied the files are mostly convinced they came from the agency.
In stilted English, the Shadow Brokers said they had more such files, which they would sell to the highest bidder.
A former NSA employee, who requested anonymity to discuss the agency’s sensitive operations, said he recognized details in the leaked files.
“I don’t think it was faked,” the former employee said. “It’s a big deal. Could be used to conduct active exploitation today.”
The networking giant Cisco confirmed that the leak included a previously undiscovered weakness in its products. The weakness has attracted particular attention because it is a so-called zero-day vulnerability, meaning it was unknown to the company.
The NSA’s identification of such vulnerabilities is controversial. While the NSA says it does not use them to break into American computers, there is no guarantee that another country or group of hackers has not found the same flaw.
In recent years, the government has followed a formal process to determine whether a weakness should be kept secret so it can be used to gather intelligence, or whether it should be shared to protect computer users.
The government’s policy is to favor sharing. The NSA said recently that it had done so in 91 percent of cases. Andrew Crocker, an attorney at the Electronic Frontier Foundation, said too many