NIST has proposed two new building blocks to improve email security and to provide security services based on personal identity verification (PIV) credentials through mobile devices.
The building blocks cover cybersecurity implementations that apply to multiple industry sectors and will be incorporated into many of the National Cybersecurity Center of Excellence’s sector-specific use cases. Final versions of the building blocks result in NIST Cybersecurity Practice Guides (Special Publication series 1800), which describe the practical steps needed to implement a cybersecurity reference design.
The draft building block "Domain Name System-Based Security for Electronic Mail" proposes using the DNS-based Authentication of Named Entities (DANE) protocol to help prevent unauthorized parties from reading or modifying an organization's email or using it as a vector for malware.
The draft building block "Derived Personal Identity Verification (PIV) Credentials" proposes a way for mobile devices to use two-factor authentication without specialized card readers, which read the identity credentials embedded in on-card computer chips to ensure authorized access to computer systems or facilities. With derived credentials, mobile device users could get the same level of security with their mobile devices that desktop users get with card-reader access.
The comment period for each is open until Aug. 14, 2015.
Posted on Jul 07, 2015 at 1:00 PM0 comments
Although the explosion of the SpaceX rocket in late June grounded the NASA/Microsoft Sidekick project for the time being, the partners still hope to get the HoloLens augmented reality system to the astronauts aboard the International Space Station to give them Earth-bound expert assistance when and where they need it and reduce crew training requirements.
Sidekick works in two different ways, expert mode and procedure mode. Expert mode uses Skype to show an operator on Earth what ISS crew members sees, allowing the earthbound expert to coach them through tasks with real-time guidance or drawn annotations, rather than relying on written or voice instructions. Procedure mode uses holographic illustrations displayed on top of objects being used by the crew.
Sidekick will be used and evaluated in NASA’s Extreme Environment Mission Operations (NEEMO) 20 expedition in July when a group of astronauts and engineers will spend two weeks living in Aquarius, the world’s only undersea research station.
The project is part of a bigger part of a larger NASA/Microsoft partnership to explore applications of holographic computing in space. Another program, known as OnSight, will enable scientists to work virtually on Mars using the HoloLens technology.
Posted on Jul 06, 2015 at 10:38 AM0 comments
The House of Representatives has officially jumped on the open source bandwagon. A June 25 announcement declared that U.S. representatives, committees and staff would be able to procure open source software, participate in open source software communities and contribute code developed with taxpayer dollars to open source repositories.
Uncertainty had hung over the question of whether open source software, communications and code contributions were permitted within Congress because of restrictions relating to soliciting gifts. It has now been determined that — in general —members and staff in the House, when conducting official business, have a choice between using proprietary technology and open source solutions, according to the joint announcement by the OpenGov Foundation, the Sunlight Foundation and the Congressional Data Coalition.
Within Congress, support for open source software has been growing. In the next few weeks, Rep. Blake Farenthold (R-Texas) and Rep. Jared Polis (D-Colo.) plan to launch a House Open Source Caucus.
“We now have clear guidance on the use of open source software in the House of Representatives,” said Rep. Darrell Issa (R-Calif.). Members of Congress and the open source community can work collaboratively to improve online access to the Congress and bring the institution more in line with other flexible, modern organizations that use open source solutions to realize cost-savings and greater efficiency.”
In October 2014, the OpenGov Foundation, Sunlight Foundation and Congressional Data Coalition jointly called for rules changes that would permit the use and publication of open source software by House offices.
Posted on Jun 29, 2015 at 12:52 PM0 comments
Michigan has launched a geographic information systems open data website to let the GIS community search, preview and browse and download geospatial datasets or view them on Esri ArcGIS maps.
The site provides access to updated geospatial data on boundaries, geology, demographics, public health and other categories to help those in natural resources, public safety, environment, health and human services, transportation and tourism make more informed decisions.
The data can be downloaded as Esri shapefiles, spreadsheets or KML files, as well as accessed via API.
“This new site is a key piece of our overall efforts to make information open and available to citizens,” said David Behen, director of Michigan’s Department of Technology Management and Budget. “Pulling it all together in one place will improve the overall experience for everyone.”
Posted on Jun 24, 2015 at 1:41 PM0 comments
When BP’s Deepwater Horizon rig ruptured in the Gulf of Mexico in 2010, oil gushed into the water faster than agencies could respond. And the problem wasn’t just stopping the leak, it was informing the public about extent of the damage and progress on fixing it.
“The public imaging of this really wasn’t a home run for the Coast Guard at day one,” Adm. Paul Zukunft, Commandant of the U.S. Coast Guard, admitted in a recent keynote address at the Center for Strategic and International Studies.
So the Coast Guard worked with the National Oceanic and Atmospheric Adminstration to develop the Emergency Response Management Application (ERMA), an online mapping tool that integrates both static and real-time data in an easy-to-use format for environmental responders and decision makers.
By putting the data “out on the Internet,” Zukunft said, “people could navigate through it and not wait for the next CNN news cast” to find out what was happening with the oil spill.
Before long, the joint mapping application exploded. “[W]ithin 12 hours we had 200,000 hits…The next day it was two-and-a-half million. And then the public trust level went up as transparency of information went up as well,” he said.
The application was subsequently adapted for oil Alaskan oil spills in 2012.
"Arctic ERMA builds on the lessons we learned on usability, data management and data visualization from the Deepwater Horizon/BP disaster," said Amy Merten, then with NOAA’s Office of Response and Restoration.
Beyond visualization of oil spills, NOAA’s Data Integration, Visualization, Exploration and Reporting tool, or DIVER, manages and integrates data from the myriad sources that collected information during the five years following the Deepwater Horizon spill.
“NOAA pledged from the start of the Deepwater event to be as transparent as possible with the data collected,” said NOAA Administrator Kathryn D. Sullivan. “The DIVER data warehouse approach builds upon that original pledge and is another significant step in making NOAA’s environmental data available for the research community, resource managers and the general public.”
Posted on Jun 22, 2015 at 1:41 PM0 comments