Defense & National Security

July’s “Winning the Race: America’s AI Action Plan,” released by the White House, contains helpful recommendations for the energy sector as the use of AI becomes more prevalent and, with it, the need for more energy. The plan recommends the use of an existing consultation and coordination process for expediting the federal permitting and review of large infrastructure projects to cover all eligible data center and data center energy projects. It also recommends optimizing existing grid resources, prioritizing the interconnection of reliable power sources, ensuring sufficient generation exists to support data centers, and embracing new technology and sources of energy.

Continue Reading Power Up: What the AI Action Plan Means for the Energy Sector

On June 6, 2025, President Trump issued a new executive order, “Sustaining Select Efforts to Strengthen the Nation’s Cybersecurity and Amending Executive Order 13694 and Executive Order 14144” (EO), signaling the construction of a fortified cyber defense across federal operations. This directive updates the nation’s digital stronghold, modernizing risk management, defending against quantum and artificial intelligence (AI) threats, and drawing sharper lines in the battle against foreign cyber adversaries. For technology companies and federal suppliers, this is a clarion call to reinforce their digital walls and sharpen their defenses. Agencies will soon build these secure-by-design principles into every contract and procurement decision. In this era of fortress-building, failing to meet these standards not only will leave your gates unguarded but also could bar you from the entire federal marketplace. The EO may read like ordinary policy, but don’t be misled: It’s a direct command for companies to strengthen their cyber defenses or be locked out of federal opportunities altogether.

Continue Reading Building the Cyber Fortress: New Cybersecurity Executive Order Targets Quantum, AI, and Supply Chain Security

The Department of Defense (DoD) is revving its engines again—this time to rocket past its own software acquisition drag. Launched via an April 24 memo from Acting DoD CIO Katie Arrington, the DoD’s Software Fast Track (SWFT) Initiative entered a 90‑day sprint to redefine Accelerating the Authority to Operate (ATOs), aiming to replace the outdated Risk Management Framework (RMF) with AI‑enabled, continuous compliance workflows. Officially live on June 1, 2025, SWFT isn’t a fully cleared runway—it’s a mission in motion, with Requests for Information (RFIs) out and industry poised to respond. But the real turbulence won’t be technical—it’ll be cultural: Can Pentagon policy and personnel move at Top Gun pace?

Continue Reading The Need for Speed: DoD’s “Software Fast Track” Targets Bureaucracy at Mach 2

On April 15, 2025, the Department of Defense (DoD) released official guidance on Organizationally Defined Parameters (ODPs) appearing in the newly published NIST SP 800-171 Revision 3. At the same time, the DoD reaffirmed that contractors must continue complying with Revision 2 thanks to a previously issued class deviation. What does this mean in plain terms? The DoD is slowly pulling back the curtain on the next major shift in cybersecurity compliance. Still, the full prestige hasn’t happened yet.

Continue Reading The “Prestige”: DoD Unveils NIST SP 800-171 Revision 3, Organizationally Defined Parameters

Sequels are rarely better than the films that precede them, and yet, sometimes a story is just too compelling to be limited to just one film. At the tail end of a summer full of Hollywood sequels, the Department of Defense (DoD) released a long-gestating sequel of its own. On August 15, 2024, DoD published a Proposed Rule that would revise the DoD Federal Acquisition Regulation Supplement (DFARS) to implement Cybersecurity Maturity Model Certification (CMMC) 2.0 into DoD contracts in the near(ish) future. This follows a December 2023 Proposed Rule, discussed here, establishing the CMMC 2.0 requirements in broad strokes. In this latest Proposed Rule, DoD proposes several changes to the DFARS that would do the following:

Continue Reading CMMC and DFARS 252.204-7021—Is the Sequel Better than the Original?

The third revision of NIST Special Publication 800-171 brings substantial changes across several key areas: the structure of control families has been expanded to better address new threats, individual security controls have been updated to enhance overall system security, and the criteria for tailoring these controls to specific organizational needs have been clarified, all in

DOD released a final rule which updates the DFARS to address requirements outlined in Executive Order 14005, “Ensuring the Future is Made in All of America by All of America’s Workers.” Marcos Gonzalez explains the changes and what contractors should be aware of while making adjustments to their supply chains in order to continue supplying

Cyber incidents involving critical infrastructure pose a serious risk to the US. In March 2024, the Environmental Protection Agency and the National Security Advisor warned state governors about potential attacks on drinking water and wastewater facilities by specific Iran- and China-aligned hackers. The following month (on April 4, 2024), in an attempt to prepare for such attacks and otherwise improve the federal government’s ability to collect and analyze data related to cyber incidents on critical infrastructure, the Cybersecurity and Infrastructure Security Agency (CISA) issued a proposed rule to implement cyber incident reporting requirements under the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA). Enacted in an omnibus appropriation, CIRCIA directed CISA to issue rulemaking requiring the reporting of cyber incidents or the payment of ransoms in response to cyberattacks affecting critical infrastructure.  

Continue Reading CISA’s CIRCIA Proposed Rule: Another Player Enters the Reporting Regime

Arm me with harmony.” – Treach, Naughty By Nature[1]

On May 14, 2024, the National Institute of Standards and Technology (NIST) dropped the third remix…er, revision…of its Special Publication (SP) 800-171, “Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations.” It even came with a critical sidekick in the form of the companion assessment guide, “NIST SP 800-171A, Revision 3,” which gives organizations the necessary lowdown on “assessment procedures and methodologies” to check if they’re playing by NIST SP 800-171’s rules. Over a year in the making after previous releases in May and November of 2023, NIST’s finalized revision takes inspiration from industry by laying down the cybersecurity rules that contractors should expect to follow when handling Controlled Unclassified Information (CUI) for the US Department of Defense (DoD). While DoD isn’t requiring contractors who handle CUI to roll with Rev. 3 just yet, contractors can expect that DoD will eventually bring Rev. 3 into the mix for DFARS 252.204-7012, “Safeguarding Covered Defense Information and Cyber Incident Reporting” (DFARS 7012), and will be harmonizing it with the upcoming Cyber Maturity Model Certification (CMMC) program at some point soon.

Continue Reading NIST SP 800-171 Revision 3 Goes Final: Who’s Down with ODP?