Horizon Cutting-room Links: Wednesday, 15 January 2025

Federal agencies in the Washington, DC area are Open. Employees are expected to begin the workday on time. Normal operating procedures are in effect. Mostly clear, with a low around 21. Northwest wind around 15 mph, with gusts as high as 29 mph.

“Trump defense pick vows ‘warrior culture’,” Semafor

“Army combat veteran and former Fox News host Pete Hegseth vowed to bring a ‘warrior culture’ to the Pentagon, saying he would prioritize ‘meritocracy’ over diversity and inclusion policies. Separately, lawmakers grilled him over past sexual assault allegations, which he dismissed as a ‘smear campaign,’ and questioned him about the limits of US military power; Hegseth didn’t directly say whether he would use the military to take control of Greenland or the Panama Canal”

“A breach of Gravy Analytics’ huge trove of location data threatens the privacy of millions,” TechCrunch

“The full scale of the data breach isn’t yet known, but the alleged hacker has already published a large sample of location data from top consumer phone apps — including fitness and health, dating, and transit apps, as well as popular games. The data represents tens of millions of location data points of where people have been, live, work, and travel between.”

“In its data breach notice filed with Norway, Unacast said it identified on January 4 that a hacker acquired files from its Amazon cloud environment through a ‘misappropriated key.’… Gravy Analytics sources much of its location data from a process called real-time bidding, a key part of the online advertising industry that determines during a milliseconds-short auction which advertiser gets to deliver their ad to your device. During that near-instant auction, all of the bidding advertisers can see some information about your device”

“Outgoing Air Force secretary floats options for 6th-gen jet program,” Defense One

“Possible alternatives to a manned 6th-generation combat jet include a more affordable, ‘F-35 follow- on’ aircraft that could manage robot wingmen, the outgoing Air Force secretary said. … [R]ecent analysis has highlighted the ‘value’ in pursuing a crewed 6th-gen jet.”

“Another option to address some of the same mission areas is to focus more on long-range strike, like next-gen cruise missiles. … The service could also just keep buying the 5th-generation F-35 and go all-in on drones—an idea Kendall said he wouldn’t do ‘personally’.”

“The outgoing Air Force secretary cautioned that many of the regulations and red tape the Pentagon has to deal with are required by Congress. And being able to run an efficient business isn’t the same as running an efficient government, Kendall said, in an apparent reference to DOGE co-leader Elon Musk.”

“DOD Amends DFARS Implementing SBIR/STTR Data Rights, What it Means for Small Business,” PileroMazza client alert

“The Rule, among other things, amends DFARS 252.227-7018, the principal contract clause applicable to the SBIR/STTR Program, to update the SBIR/STTR data protection period to a single, non-extendable 20-year period. ... Additionally, the Rule amends DFARS 252.227-7018, which now provides the Government, upon expiration of the SBIR/STTR data protection period, perpetual Government Purpose Rights rather than Unlimited Rights. The Rule also clarifies that SBIR/STTR data encompasses all technical data or computer software developed or generated in the performance of a Phase I, II, or III SBIR/STTR contract or subcontract. Further, the Rule clarifies that while the parties may mutually negotiate special license rights, the parties may only do so after contract award.”

“FBI hacked thousands of computers to make malware uninstall itself,” the Verge

“Infected computers contact a command-and-control server run by the hackers, which has its IP address hard-coded into the malware. From there, hackers can remotely access users’ files and obtain information about infected computers, such as their IP addresses. At least 45,000 IP addresses in the US have contacted the command-and-control server since September 2023, according to the FBI.

“The FBI used this very exploit to remove PlugX from infected computers. In collaboration with French law enforcement, which launched a PlugX deletion operation of its own, the FBI gained access to the command-and-control server and requested the IP addresses of infected computers. It then sent a native command to make PlugX delete the files it created on victims’ computers.”

"Overlapping Contracts, Protests, and Growing Data Demands: The Current State of IDIQ Contracting,” Allen Federal Partners

“Multiple Award Indefinite Delivery Indefinite Quantity (MAIDIQ) contracting is at a crossroads. The use of these contracts, some of which are better known as Government Wide Acquisition vehicles (GWAC’s), soared in the late 1990’s in response to legislative changes designed to spur innovation, especially in IT contracting. Today, MAIDIQ’s are a strong foundation of both IT and professional service acquisition. Are there, however, cracks in that foundation? A quick look at the market shows that there are.”

Allen sharply notes there are too many vehicles, too many protests, and too much administration in another excellent post.