Pulse


Pulse

By GCN Staff


States to get security services to boost cyber info sharing

The Department of Homeland Security is rolling out a plan to offer states and territorial government organizations a set of free managed security services, including intrusion detection and prevention, netflow analysis and firewall monitoring.

The services will be provided by the Center for Internet Security’s Multistate Information Sharing and Analysis Center (MS-ISAC), a 24x7 operations center that provides real-time network monitoring, threat warnings and incident mitigation and response. 

The plan is part of a multipronged effort to boost government threat information sharing and cooperation called for in the National Institute of Standards and Technology’s Cybersecurity Framework, a set of voluntary guidelines released by NIST in February to promote the protection of critical systems and management of cybersecurity risk. 

Phyllis Schneck, DHS deputy undersecretary for cybersecurity for the National Protection and Programs Directorate (NPPD), said making the managed services available and adopting the NIST framework a key step making local government information systems secure. 

“The adoption of the framework will encourage longer term risk-based planning and better security overall – this is a win-win and we are excited to be able to provide such tactical assistance to our state and territorial stakeholders,” she said in a recent blog post.

To help promote the use of the NIST framework and coordinate projects to strengthen information sharing, DHS this February launched the Critical Infrastructure Cyber Community (C3) Voluntary Program, which will help coordinate critical infrastructure operations, DHS said. 

In its first year, the C3 Voluntary Program will focus on engaging with “sector-specific agencies,” including the defense industrial base, energy and emergency services sectors to adopt the NIST framework.

Later phases of the program will “reach out to all critical infrastructure (groups) interested in using the framework,” according to DHS. 

The C3 program will also encourage the critical infrastructure community to “manage cybersecurity as part of an ‘all hazards approach’ to enterprise risk management,” according to DHS. 

Posted on Mar 04, 2014 at 11:48 AM1 comments


API layer fuels official US Navy mobile app

Thanks to a strong application programming interface layer, the U.S. Navy has been able to effectively launch a mobile app to connect sailors and their families with relevant and updated content.

The app, built by Web developer Mobomo, brings together content from around the fleet and makes it available in a single, constantly updating app. Users can view photos of its ships and submarines and watch videos of drones being launched. It provides users with all the relevant information they need whenever they need it.

“It’s about being where it matters, when it matters,” said Mobomo COO Brian Lacey at the recent MobdevGov conference in Rosslyn, Va.

Users can create a customizable experience by selecting themes, video playlists and image galleries relative to their deployment, career and interests. Sailors and their families can stay up to date with news alerts and calendar tools.  

The mobile app also features an interactive map, which shows the locations of all bases, events and deployed forces.

Lacey said the importance of an API layer is often overlooked, and that the app would not have worked without it. The function of the API layer in this case is to pull in the multimedia content and push it out to different devices. It is essentially operating as an adaptor plug to make the app functional on a number of platforms.

The API has made the app available for the iPhone, iPad, Android phones, Android tablets, Windows 8 tablets and Chromebooks. By connecting to the different platforms, the API lets users instantly configure the app, creating push notifications as well as adding and deleting feeds, video content and breaking news alerts.

The API layer also provides the app’s security, preventing hackers from accessing  its source code.

Posted on Mar 03, 2014 at 10:57 AM0 comments


Internet2's 100G network speeds genomics research

Scientists running genomic analyses at George Washington University’s Colonial One High Performance Computing Center will pilot ultra-high-speed 40 gigabit/sec data transfers of their research from the National Institutes of Health’s National Library of Medicine using new 100 gigabit/sec links to the Internet2 network.

“High-speed transfers via Internet2’s network will enable us to provide our genomic clients with faster results, ultimately hastening discovery and therapeutic decisions," Raja Mazumder, associate professor of biochemistry and molecular medicine at the GW School of Medicine and Health Sciences, said in an announcement

Mazumder is also co-developer of the High-performance Integrated Virtual Environment (HIVE), a genomic analysis platform that speeds up the analysis of genomic data. 

“Internet2 is pleased to be part of this public-private collaboration. Our 100 gigabit network enables a high-performance genomics platform like HIVE to realize its full potential by removing external bottlenecks,” said Michael Sullivan, associate director, Internet2.

George Washington University connects to the Internet2 backbone through its new research network, the Capital Area Advanced Research and Education Network. CAAREN provides high-performance research and education infrastructure to government, education and research organizations, as well as some private-sector organizations, in the Washington, D.C. area. It aims to facilitate world-class research, education and knowledge sharing in the nation’s capital.

CAAREN is also partnering with DC-Net, a program managed by the D.C. Office of the Chief Technology Officer, to provide public and private K-12 schools, public libraries, museums, hospitals and independent research organizations with access to Internet2.

Posted on Mar 03, 2014 at 12:18 PM0 comments


ISO: Tiny, inexpensive counterfeit electronics detector

Used and nonauthentic counterfeit electronic components are widespread throughout the defense supply chain. According to the Defense Advanced Research Projects Agency, over the past two years alone, more than 1 million suspect parts have been associated with known supply-chain compromises.

The problem is pervasive, with both expensive and inexpensive electronic parts being targeted. Counterfeit or otherwise suspect electronic components present a critical risk for the Department of Defense, where a malfunction of a single part could lead to system failures that can put missions at risk. 

A new DARPA program seeks to develop a tool to verify the trustworthiness of a protected electronic component without disrupting or harming the system.

The DARPA Supply Chain Hardware Integrity for Electronics Defense (SHIELD) program seeks proposals to develop a small (100 micron x 100 micron) component, or dielet, that authenticates the provenance of electronics components. Proposed dielets should contain a full encryption engine, sensors to detect tampering and would readily affix to microchips and other components.

“SHIELD demands a tool that costs less than a penny per unit, yet makes counterfeiting too expensive and technically difficult to do,” said Kerry Bernstein, DARPA program manager. “The dielet will be designed to be robust in operation, yet fragile in the face of tampering. What SHIELD is seeking is a very advanced piece of hardware that will offer an on-demand authentication method never before available to the supply chain.”

The dielet will be inserted into the component at the manufacturing site or affixed to existing trusted components, without any alteration of the host component’s design or reliability. There is no electrical connection between the dielet and the host component. Authenticity testing could be done anywhere with a handheld probe or with an automated one for larger volumes. 

Probes need to be close to the dielet for scanning. After a scan, an inexpensive appliance (perhaps a smartphone) uploads a serial number to a central, industry-owned server. The server sends an unencrypted challenge to the dielet, which sends back an encrypted answer and data from passive sensors—like light exposure—that could indicate tampering.

“The Department of Defense puts severe demands on electronics, which is why a trusted supply chain is so important” said Bernstein. “SHIELD is a technology demonstration leveraging the asymmetry of scaling for security. While the program is being funded by DARPA, industry will adapt future implementations to make the technology scalable to the industry and the defense supply chain.”

SHIELD is seeking proposals that would revolutionize electronic authentication with scalability and advanced technology not available today. DARPA will host a Proposers’ Day Workshop in support of the SHIELD program on March 14, 2014.

Posted on Feb 28, 2014 at 11:41 AM0 comments


Tech refresh: Cook County to track county vehicles, automate inspections

The board of Cook County, Ill., approved technology upgrades to track the location of county vehicles and automate building inspections in a move away from a paper-based system.

The Automated Vehicle Location (AVL) system will provide real-time GPS tracking of county vehicles. The county anticipates that over the next several years the new technology will improve emergency response times and speed snow removal and roadway maintenance. The AVL system also will capture performance data within county departments. The $1.7 million contract takes effect March 1, 2014.

“This is a way for Cook County to ensure that we know where county vehicles, and the employees using them, are located during the workday,” said Cook County Board President Toni Preckwinkle when announcing the program.

“This information also will allow us to more effectively manage our resources and make sure we provide the best services in the right location. This is one of the ways we plan to use data to improve the county’s performance and operations.”

County vehicles will be linked to desktop, mobile and Web-based systems using the county’s geographic information system architecture. The AVL system also will help the county increase work-place safety and productivity.

The board also passed the final phase of the county’s Building and Zoning Permit Tracking Application. The e-permit process creates a mobile tool for field inspectors and allows one-stop shopping for residents seeking County permits.

“E-permits will provide the public with quicker access to permits, cut back on counter-time and move the county towards an automated system for building inspections,” Interim Chief Information Officer Mary Jo Horace said.

Posted on Feb 28, 2014 at 10:53 AM0 comments