Pulse


Pulse

By GCN Staff


Sandia exploring ephemeral biometrics for insider threat monitoring

The Sandia National Laboratories is researching the use of ephemeral biometrics for identity management and insider threat monitoring and is looking for partners, according to an announcement in Federal Business Opportunities.

With ephemeral biometrics, individual identities are tied to active, living biometric data. Using this research, the Energy lab intends to significantly improve the authenticity and integrity of cyber identities.

Ephemeral biometrics will “significantly enhance the defensive capabilities of cyber and physical protection industries by enabling them with proactive insider threat management tools capable of actively mapping cyber/virtual activities into physically monitor-able and controllable identities,” the lab said in its FBO announcement.

Sandia already conducts research in security analyses, application of RIMES (Risk Informed Management of Enterprise Security), response force modeling, cyber security, physical security and supply chain security. Sandia also has advanced biosensor monitoring capabilities combined with a world class fabrication facility to design next generation biometric monitoring diagnostics.

Sandia is seeking Cooperative Research & Development Agreements (CRADA) or Work for Others (WFO) partnership agreements to enable improvements in cybersecurity authentication and for designing and implementing proactive insider threat management tools. 

Posted on Jun 05, 2014 at 9:27 AM0 comments


NSA gives Lockheed cyber incident response accreditation

Lockheed Martin earned accreditation from the National Security Agency under a new NSA program designed to recognize companies suited to help other organizations respond to cyberattacks.

The NSA’s Cyber Incident Response Assistance Accreditation (CIRA) program meets a growing need to leverage the cyber security expertise of industry leaders, according to Lockheed.

To be qualified as a CIRA service provider, Lockheed Martin said it was evaluated based on its ability to deliver consistent services and maintain a qualified staff to deliver cyber incident response services.

The evaluation process also included a review of the company's ability to deliver 21 critical focus areas of incident response assistance services to owners and operators of National Security Systems.

The CIRA program is a part of the NSA Information Assurance Directorate’s National Security Cyber Assistance Program. The program focuses on intrusion detection, incident response, vulnerability assessment and penetration testing.

Posted on Jun 03, 2014 at 12:42 PM0 comments


Opening up competition in federal IT

The Public Spend Forum, a group focusing on public-sector procurement, analyzed government IT spending  and found that a  “check the box culture” and a broken requirements and procurement process inhibits competition and limits innovation.

Its recent report, Billions in the Balance: Removing Barriers to Competition & Driving Innovation in the Public-Sector IT Market makes several recommendations for IT managers:

  • Establish clear lines of authority and accountability.
  • Develop a simple needs and outcomes statement instead of voluminous RFPs.
  • Engage the market early.
  • Develop a cost/outcome (ROI)-focused IT strategy. 
    • Focus on minimizing cost/outcome as the ROI of a government program
    • Implement flexible IT architectures as recommended in the ACT-IAC 7S for Success Framework.
    • Emphasize prototyping and approaches for minimum viable product rollouts.
    • Avoid monolithic acquisition approaches and instead leverage existing procurement vehicles and allow use of alternative vehicles.
  • Encourage smart risk taking.
  • Reduce burdensome requirements and speed up the procurement process.

The Public Spend Forum provides best practices, industry news and open discussion for the public-sector procurement community.

Posted on Jun 02, 2014 at 1:29 PM0 comments


NIST to help IT developers build in security

The National Institutes of Standards and Technology has launched an effort to develop guidelines for building security into IT systems from the beginning instead of at the end of the IT development process.

NIST, which is asking for public comment on initial guidelines for the project, said it wanted to bring in “widely recognized systems and software engineering principles to bear on the problem of information system security from the beginning … rather than trying to tack it on at the end.”

"We need to have the same confidence in the trustworthiness of our IT products and systems that we have in the bridges we drive across or the airplanes we fly in," said Ron Ross, a NIST Fellow.

The guidelines represent an effort to bring the principles of building reliable physical structures to software engineering design, according to NIST.

“Systems security engineering processes, supported by the fields of mathematics, computer science and systems/software engineering, can provide the discipline and structure needed to produce IT components and systems that enjoy the same level of trust and confidence,” according  to NIST.

NIST has released the first set of those guidelines for public comment in a new draft document, Systems Security Engineering: An Integrated Approach to Building Trustworthy Resilient Systems.

The current draft -- and the first stage of the planned process -- describes the fundamentals of systems security engineering and covers 11 core technical processes in systems and software development.

Later public drafts will add material supporting principles of security, trustworthiness and system resilience; use case scenarios; and important nontechnical processes such as risk management and quality control procedures.

NIST asked for comments on the draft by July 11, 2014, which should be sent to sec-cert@nist.gov. NIST expects to publish the final, complete version of the engineering guidelines by December 2014.

Posted on May 27, 2014 at 8:31 AM0 comments


Boeing launches MicroTAC tactical data analytic platform

Boeing has developed a new tactical data analytic suite – called MicroTAC – that the company says provides an information advantage to warfighters, even when network connectivity may be unavailable or unsuitable for the mission.

Running on a lightweight, battery-powered portable device similar to a laptop, MicroTAC can continuously accept data in the field and almost immediately provide an accurate picture of the unfolding information environment, according to Boeing.

While tactical data analysis requires an Internet connection, a MicroTAC user can accept new data, such as from a flash drive, search and analyze it and access predictive analytics while disconnected from networks.

“When warfighters bring MicroTAC into theater, they have a full suite of deployable analytic technologies at their fingertips to take in, analyze and disseminate information in near real-time, especially when communications are unreliable,” said Jeff Brown, director of Boeing’s Intelligence Systems Group.

MicroTAC is fully integrated with Boeing’s existing TAC software, which persistently monitors data and extracts relevant information in real time.

Posted on May 23, 2014 at 9:22 AM0 comments