Used and nonauthentic counterfeit electronic components are widespread throughout the defense supply chain. According to the Defense Advanced Research Projects Agency, over the past two years alone, more than 1 million suspect parts have been associated with known supply-chain compromises.
The problem is pervasive, with both expensive and inexpensive electronic parts being targeted. Counterfeit or otherwise suspect electronic components present a critical risk for the Department of Defense, where a malfunction of a single part could lead to system failures that can put missions at risk.
A new DARPA program seeks to develop a tool to verify the trustworthiness of a protected electronic component without disrupting or harming the system.
The DARPA Supply Chain Hardware Integrity for Electronics Defense (SHIELD) program seeks proposals to develop a small (100 micron x 100 micron) component, or dielet, that authenticates the provenance of electronics components. Proposed dielets should contain a full encryption engine, sensors to detect tampering and would readily affix to microchips and other components.
“SHIELD demands a tool that costs less than a penny per unit, yet makes counterfeiting too expensive and technically difficult to do,” said Kerry Bernstein, DARPA program manager. “The dielet will be designed to be robust in operation, yet fragile in the face of tampering. What SHIELD is seeking is a very advanced piece of hardware that will offer an on-demand authentication method never before available to the supply chain.”
The dielet will be inserted into the component at the manufacturing site or affixed to existing trusted components, without any alteration of the host component’s design or reliability. There is no electrical connection between the dielet and the host component. Authenticity testing could be done anywhere with a handheld probe or with an automated one for larger volumes.
Probes need to be close to the dielet for scanning. After a scan, an inexpensive appliance (perhaps a smartphone) uploads a serial number to a central, industry-owned server. The server sends an unencrypted challenge to the dielet, which sends back an encrypted answer and data from passive sensors—like light exposure—that could indicate tampering.
“The Department of Defense puts severe demands on electronics, which is why a trusted supply chain is so important” said Bernstein. “SHIELD is a technology demonstration leveraging the asymmetry of scaling for security. While the program is being funded by DARPA, industry will adapt future implementations to make the technology scalable to the industry and the defense supply chain.”
SHIELD is seeking proposals that would revolutionize electronic authentication with scalability and advanced technology not available today. DARPA will host a Proposers’ Day Workshop in support of the SHIELD program on March 14, 2014.
Posted on Feb 28, 2014 at 11:41 AM0 comments
The board of Cook County, Ill., approved technology upgrades to track the location of county vehicles and automate building inspections in a move away from a paper-based system.
The Automated Vehicle Location (AVL) system will provide real-time GPS tracking of county vehicles. The county anticipates that over the next several years the new technology will improve emergency response times and speed snow removal and roadway maintenance. The AVL system also will capture performance data within county departments. The $1.7 million contract takes effect March 1, 2014.
“This is a way for Cook County to ensure that we know where county vehicles, and the employees using them, are located during the workday,” said Cook County Board President Toni Preckwinkle when announcing the program.
“This information also will allow us to more effectively manage our resources and make sure we provide the best services in the right location. This is one of the ways we plan to use data to improve the county’s performance and operations.”
County vehicles will be linked to desktop, mobile and Web-based systems using the county’s geographic information system architecture. The AVL system also will help the county increase work-place safety and productivity.
The board also passed the final phase of the county’s Building and Zoning Permit Tracking Application. The e-permit process creates a mobile tool for field inspectors and allows one-stop shopping for residents seeking County permits.
“E-permits will provide the public with quicker access to permits, cut back on counter-time and move the county towards an automated system for building inspections,” Interim Chief Information Officer Mary Jo Horace said.
Posted on Feb 28, 2014 at 10:53 AM0 comments
The crackdown on drunk driving could be moving to the next level with a new alcohol testing system that combines traditional breathalyzers with government-grade facial recognition software.
The handheld, wireless, portable breath alcohol device incorporates automated facial recognition and GPS with every single test. The technology is being used for long-term, unsupervised alcohol testing of first-time and low-level drunk drivers, according to the announcement by Denver-based Alcohol Monitoring Systems.
A SCRAM Remote Breath uses facial recognition software the company calls Automated Facial Intelligence to digitally map the facial features of the offenders as they take the test to match and compare those features to baseline images stored within the system, ensuring that the person taking the breath test is the offender required to submit to testing.
The technology automatically identifies 90 to 95 percent of the photos captured each day, while the remaining five to 10 percent are flagged by law enforcement for manual review, according to the SCRAM Systems website.
Alcohol Monitoring Systems developed the SCRAM Continuous Alcohol Monitoring unsupervised test in 2003. The transdermal alcohol testing system involves an ankle bracelet that samples an offender’s sweat every half hour, 24/7 to measure for alcohol consumption.
It is mainly used for high-risk alcohol offenders however, and SCRAM Remote Breath could provide courts with a less-intensive option for lower level offenders. Alcohol Monitoring Systems believes the new test will increase the number of courts utilizing technology to manage their alcohol offenders. Offenders may move up to Continuous Alcohol Monitoring if they fail a Remote Breath test, or move down to Remote Breath if they demonstrate a prolonged period of sobriety.
Posted on Feb 26, 2014 at 10:26 AM0 comments
NIST's National Cybersecurity Center of Excellence has proposed two new cybersecurity building blocks, one to help organizations develop capabilities for attribute-based access control, and the other to help address enterprise security issues that result from the use of mobile devices to access company resources.
Building blocks are cybersecurity implementations that apply to multiple industry sectors and are expected to be incorporated into many of the center's sector-specific use cases, the agency said in its announcement.
The draft Attribute Based Access Control building block proposes an identity management system that allows multiple enterprises to exchange and validate employee attributes such as title, division, certifications and training. This would allow an organization like a disaster recovery team to grant a visiting doctor access to a range of hospital resources using risk-based policy enforcement.
The technology demoed in this building block will use commercially available technologies and be modular, allowing organizations flexibility in their implementations based on their network infrastructures. Comments should be submitted to email@example.com by March 28, 2014.
The draft Mobile Device Security for Enterprises building block proposes a system of commercially available technologies that provide enterprise-class protection for mobile platforms that access corporate resources.
The building block will examine security technologies that can enable enterprise risk management for users to work inside and outside the corporate network using a securely configured mobile device. It will also incorporate a layered approach that allows enterprises to tailor solutions to their business needs. Comments should be submitted to firstname.lastname@example.org by March 28, 2014.
Posted on Feb 26, 2014 at 10:03 AM0 comments
Report: Digital Government: Pathways to Delivering Public Services for the Future, from Accenture
Key Points: The United States is ranked sixth in the world in its use of digital government to communicate with and engage citizens. “Digital government” includes offering portals to access public services as well as employing digital channels and social media. Singapore, Norway, the United Arab Emirates, South Korea and Saudi Arabia all ranked above the United States.
Despite investing heavily in digital technologies, the Citizen Satisfaction Survey revealed many segments of the U.S. population feel uncomfortable adopting mobile and cloud technology to interact with government.
Smart mobile devices are becoming a more universal channel for interacting with government, with U.S. federal agencies launching 140 free applications on iOS and Android platforms in English and Spanish. But 43 percent of U.S. citizens surveyed said they are not interested in using mobile devices in the future to communicate with government departments offering public services.
Although cloud computing offers great potential to securely and efficiently store and share government and citizen data, the United States ranked among the last three countries in citizens’ interest in using it for interacting with their governments. The report suggests citizens may be concerned about data security and privacy: specifically, how enterprise data is safeguarded and shared in third-party environments.
According to U.S. citizens, the top three priorities for improving future public services are to provide cost-efficient, sustainable services, to deliver a clear and stable long-term vision and to better understand better the priorities of citizens and communities.
The federal government has seen success with IRS e-services. This program provides taxpayers with online services to improve voluntary compliance and reduce tax gaps. Of the 147.6 million tax returns filed in September 2012, 113.8 million (77 percent) were done online.
The IRS2Go smartphone app has been a major reason for the success of the e-service. The app lets citizens request and track their tax returns and account statements. It has helped the IRS avoid issuing $4.2 billion of potentially fraudulent refunds.
Bottom Line: Although the United States is one of the most experienced countries in the development of digital government services, its citizens are neither satisfied nor confident in the government’s ability to deliver public services to meet their future needs.
Posted on Feb 25, 2014 at 10:19 AM0 comments