mobile authentication

DISA edges toward mobile authentication

The Defense Information Systems Agency hopes to have a viable mobile authentication alternative to the common access card in the next year.

At last year's forecast to industry event, DISA discussed "working with a chipset manufacturer that integrates some of those capabilities into that chipset," said Stephen Wallace, a systems innovation scientist who leads the Emerging Technologies Directorate at DISA. "We've now pivoted to now working with a handset manufacturer to integrate those capabilities, working our way up the stack to make it available."

Wallace told reporters during a media roundtable at DISA's forecast to industry event Nov. 4 that there's also a completely software-based prototype that's about nine months into its pilot. Ultimately, the assured identity monitoring functionality with mobile devices will feed into desktops, integrating features in a new way, he said.

"I would hope that in about a year we'll be much further along and have that continuous authentication code in the background," Wallace said.

DISA has also taken up defending against online intrusions with web browser pilots that aim to isolate threats by putting an air gap between internet and enterprise networks.

"If you really look at a modern web page -- any old news site -- it's 6-, 8-, 10,000 lines of code that get downloaded," Wallace said. "At the same time, that browser may be talking to 60 other domains just [from] you trying to go to that website, and that's what we're attempting to defend against."

The pilots scan the code for "anything malicious that's going on" while also monitoring the domains contacted by the user's browser, he said.

So far, the browser pilot programs cover about 15,000 end points, but the goal is to hit 100,000 in the next three to six months, Wallace said, with the end game of transitioning the entire department to the solution. DISA also plans to down-select the vendors involved in the next four months but the initial focus is on testing.

This article was first posted to FCW, a sibling site to GCN.

About the Author

Lauren C. Williams is a staff writer at FCW covering defense and cybersecurity.

Prior to joining FCW, Williams was the tech reporter for ThinkProgress, where she covered everything from internet culture to national security issues. In past positions, Williams covered health care, politics and crime for various publications, including The Seattle Times.

Williams graduated with a master's in journalism from the University of Maryland, College Park and a bachelor's in dietetics from the University of Delaware. She can be contacted at lwilliams@fcw.com, or follow her on Twitter @lalaurenista.

Click here for previous articles by Wiliams.


Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.