Pulse


Pulse

By GCN Staff


Pentagon ponders access beyond the CAC

The Defense Department is exploring ways to build on the success of its Common Access Card (CAC) by extending identity management options to mobile devices.

For today’s DOD, mobile identity and access management depends on the CAC, which in turn is tied to the Defense Enrollment Eligibility Reporting System. DEERS is the central database that DOD's Defense Manpower Data Center uses to manage the identities of roughly 42 million troops, civilians, contractors, dependents and retirees. 

DOD officials said they are exploring ways to move the department away from the bulky external card readers on which CACs rely. Officials are examining possibilities in near-field communications — the technology that allows some Android users to share data by touching phones — as well as in derived credentials employed via options such as microSD and SIM cards that are inserted into devices. Even biometric identification is on the table, according to a report in FCW

But any next-generation identity management solutions will have to clear policy and technology hurdles — and not just at the Pentagon. Read more on the challenges of two-factor mobile identification at FCW.

Posted on Dec 09, 2013 at 10:07 AM1 comments


New E-Verify security enhancement helps deter employee fraud

An enhancement to the Homeland Security Department's E-Verify program will help identify and deter fraudulent use of Social Security numbers (SSNs) for employment eligibility verification.

Using a combination of algorithms, detection reports and analysis, Citizenship and Immigration Services will identify patterns indicating fraudulent use of SSNs and then lock and flag those numbers in the E-Verify system.

E-Verify is a free Web-based service offered by the Department of Homeland Security that allows employers to quickly verify the employment eligibility of new employees. In fiscal 2013, E-Verify was used to authorize workers in the U.S. more than 25 million times, representing a nearly 20 percent increase from fiscal 2012.

The new enhancement strengthens E-Verify by using standards that have proven effective in protecting individual identity. Just like a credit card company will lock a card that appears to have been stolen, CIS may now lock SSNs in E-Verify that appear to have been used fraudulently, the agency said in a statement.

If an employee attempts to use a locked SSN, E-Verify will generate a “Tentative Nonconfirmation” (TNC). The employee receiving the TNC will have the opportunity to contest the finding at a local Social Security Administration field office. If an SSA field officer confirms the employee’s identity correctly matches the SSN, the TNC will be converted to “Employment Authorized” status in E-Verify.

Posted on Dec 06, 2013 at 8:16 AM0 comments


Can fuel cells integrated into server racks power data centers?

In a recent blog post, Microsoft senior research program manager Sean James shared the findings of a research paper on fuel cell powered data centers.

This study described the “collapse of the entire energy supply chain — from the power plant to the server motherboard — into the confines of a server single cabinet.”

The researchers show that by integrating fuel cells with IT hardware, they can cut much of the power electronics out of the conventional fuel cell system. Advantages to fuel cell powered data centers compared to traditional data centers include:

  • Improved reliability. Points of failure will be limited to a single server rack, and a battery backup is not required, so the system will be more reliable.
  • Lower infrastructure costs. The elimination of electrical distribution, backup, and transformation in the data center, as well as power conditioning equipment in the fuel cell, will reduce infrastructure costs.
  • Improved efficiency. Power effectiveness will increase, and high-efficiency fuel cells will double total system efficiency.
  • A universal data center design can be achieved. The fuel cell powered system design can be mass produced and deployed almost anywhere in the world without the difficulties of purchasing electrical equipment used for traditional systems.

However, there is still work to be done. “With the potential to double the efficiency of traditional data centers, we see tremendous potential in this approach, but this concept is not without challenges,” said James in his blog post. “Deep technical issues remain, such as thermal cycling, fuel distribution systems, cell conductivity, power management and safety training that needs to be further researched and solutions developed. But we are excited about working to resolve these challenges.”

Posted on Dec 04, 2013 at 8:47 AM2 comments


D.C. government sees growth in mobile device program

The D.C. government partnered with Good Technology to improve its mobile device management under the firm’s “Good for Government” program. The firm released a case study this month showing wireless messaging support in the district has grown from 300 to 2,250 in the last three years.

The effort was part of a plan by the city’s government to improve mobile services for more than 80 district agencies,

including Child and Family Services, Department of Corrections, Emergency Management Agency, Department of Motor Vehicles, and Metropolitan Police Department.

The growth in the number of users is “impressive,” says Good, but it still represents only about 5 percent of the government’s total workforce of 39,000.

The company’s Good for Government program supports multiple devices and mobile operating systems, including iPhone, Android and Windows Mobile, which allows agencies to choose the device, carrier and plan that works best for their needs. It also eliminates the possibility of a single point of failure during an emergency.

According to the case study, Good for Government has helped district agencies increase productivity and efficiency with real-time, synchronized access to email messages, calendars and contacts on employees’ devices.

Posted on Dec 02, 2013 at 8:47 AM0 comments


Report lays groundwork for cyber-physical systems research

The Cyber Security Research Alliance released a report that lays out a logical road map for designing security into cyber-physical systems (CPS), which are IP-based systems that support the nation’s critical infrastructure and increasingly the target of cyberattackers. 

CPS manipulate critical infrastructure operations such as power and water, industrial systems, transportation systems, medical devices, security systems, building automation and emergency management. 

The report summarizes findings from an April 2013 workshop where industry, government and academic researchers explored how to address vulnerabilities in the global IT supply chain, government-industry information sharing on cyberattacks and CPS vulnerabilities, and approaches to CPS product assurance and trustworthy operational readiness.

CSRA is working on specific research topics associated with the report. Institutions and individual researchers interested in learning more about research opportunities may contact the CSRA via the CSRA website.

Posted on Nov 22, 2013 at 10:50 AM0 comments