The U.S. Department of Homeland Security’s Science and Technology Directorate is working to improve the resiliency of smartphones and other mobile technologies through directed research and development initiatives. Not as secure as office computers, mobile devices are becoming the preferred target for malicious actions by cyber adversaries. In many cases, smartphones, tablets and other electronic devices simply do not have the same protections available for more traditional computing technologies, experts say. The level of attacks also is moving “deeper down the mobile device stack,” from the application and mobile operating system layers to the hardware and infrastructure layers, according to the department.
Aiming to accelerate the U.S. government’s use of secure mobile technologies, the Cyber Security Division (CSD) in the Department of Homeland Security (DHS) is pursuing several research and development (R&D) projects, among other efforts, that focus on two main areas: mobile device security and mobile application security. The projects and related vendors are working to improve device security:
As enterprises mobilize business processes, more and more sensitive information passes through and resides on mobile devices. BlackBerry, a virtual grandfather in the handheld devices world, offers chief information officers (CIOs) an idea of what they’re up against when attempting to ensure the security of data flying through cyberspace.
Smartphones and tablets offer more storage, processing power and functionality than an enterprise-class mainframe computer did less than a generation ago. Such dramatic advances make mobile devices powerful business tools and allow military forces to conduct combat missions around the clock, regardless of location.
Rep. Ted Lieu is no stranger to having his cellphone "hacked." Intruders recently were able to track his whereabouts, eavesdrop on conversations with staff members and access his text messages and email.
Fortunately for Lieu, the intrusion was part of a 60 Minutes segment last year that the TV news program did to highlight mobile device vulnerabilities. The California Democrat knew of the hackers who had successfully exploited his phone's Signaling System Seven, aka SS7, security flaw that compromises the global network that connects phone carriers. The same vulnerabilities still exist one year later, Lieu shared on Thursday during a Capitol Hill demonstration about mobile security, or lack thereof.
Blue Tech Inc.,* San Diego (W52P1J-17-D-0009); Iron Bow Technologies LLC,* Chantilly, Virginia (W52P1J-17-D-0010); Red River Computers Co. Inc.,* Claremont, New Hampshire (W52P1J-17-D-0011); Intelligent Decisions Inc.,* Ashburn, Virginia (W52P1J-17-D-0012); NCS Technologies Inc.,* Gainesville, Virginia (W52P1J-17-D-0013); Dell Federal Systems LP, Round Rock, Texas (W52P1J-17-D-0014); Strategic Communications LLC,* Louisville, Kentucky (W52P1J-17-D-0015); GovSmart Inc.,* Charlottesville, Virginia (W52P1J-17-D-0016); and Ideal Systems Solutions Inc.,* Minnetonka, Minnesota (W52P1J-17-D-0017), were awarded a $2.5 billion firm-fixed-price contract for Army Desktop and Mobile Computing-3 (ADMC-3).
Global security readiness received an overall score of 70 percent, or a C- rating, on the 2017 Global Cybersecurity Assurance Report Card, a decline of six points from last year and lower than the U.S. tally of 78 percent, according to recently released survey results.
The survey, created by Tenable Network Security and conducted by CyberEdge Group, solicited insights from 700 security practitioners in nine countries and across seven like-industries to calculate the global index score. It measures practitioners’ attitudes and perceptions rather than actual cybersecurity system effectiveness and seeks to determine whether cyber defenses meet expectations.
A tiny London-based firm has a way with words, particularly when they are arranged in groups of three. It has parsed the planet into 3-meter-by-3-meter (about 10-foot-by-10-foot) squares in a global addressing system, applying an algorithmic engine to assign three-word identifiers to each and every one of the 57 trillion squares that compose a global map.
The future of the U.S. Marine Corps lies in apps. Warfighting applications will transform mobility, much like the assembly line did for the automotive industry, predicts Kenneth Bible, Marine Corps deputy chief information officer.
“The automobile was around for many years before anybody could afford it,” says Bible, also the Corps’ deputy director of command, control, communications and computers (C4). “The idea of an automobile wasn’t really disruptive. It was when the assembly line opened up mass production and drove the cost down that the market changed ... and average citizens could buy a car and retire their wagon and horses.
Warfighters and decision makers alike laud the advent of mobile command, control, communications and computers (C4). Yet in many ways, our forces are relegated to dealing with legacy systems—even newly fielded ones—that employ relatively old technology compared with today’s rapidly evolving commercial wireless capabilities. Commercial technology development and adoption have outpaced their military counterparts, and our adversaries are exploiting this gap. Nonetheless, this same commercial technology offers our military an opportunity to greatly advance the use of mobile C4 and increase its effectiveness.
Mobile data traffic generated by cellphones and tablets will approach almost 197,000 petabytes by 2019, according to Juniper Research. That is the data equivalent to more than 10 billion Blu-ray movies.
On the same day that news headlines implicated Russian hackers in a significant cyber attack and breach on the White House, officials attending a cybersecurity summit Tuesday in the nation’s capital warned of the uptick in the number of nation-state sponsored cyber attacks against the U.S. government and businesses.
The amplification could be worrisome because cybersecurity experts already cannot keep up with, much less get ahead of, the cyber activities that pose a national threat and have risen to the level of a national emergency.
With the information world marching en masse to the cloud, one global firm is offering direct peer-to-peer encryption to reduce the threat of an intervening cyber intercept. This approach is applicable to dedicated hardware as well as to commercial off-the-shelf consumer communications equipment, and its operation is relatively transparent to the user.
“There's an app for that” is truer than ever these days. As bring-your-own-device (BYOD) and bring-your-own-app (BYOA) concepts are increasingly infiltrating government agencies, public sector information technology departments must consider the impact these apps and devices have on their own environments. In this blog post, we’ll look at two security strategies in use at agencies today and how to balance security and flexibility in today’s mobile environment.
Security Strategy 1: Pure Separation
The National Institute of Standards and Technology (NIST) is preparing recommendations to help organizations leverage the benefits of mobile apps while managing their risks. The publication’s authors are seeking public comments about the draft of "Technical Considerations for Vetting 3rd Party Mobile Applications." The deadline for comments is Sept. 18.
While apps can improve productivity, they also can introduce vulnerabilities that put sensitive data and network resources at risk. The draft publication describes tests that software security analysts can employ to find and understand these security gaps before the app is approved for use.
Do you love listening to podcasts? The new Overcast app, developed by Marco Arment, co-founder of Tumblr and creator of Instapaper, offers a simple, intuitive interface to listen to all your favorites.
What makes Overcast stand out from the many podcast options found in the app store? It allows users to download podcasts and listen anytime, even offline; search and browse new episodes; create custom playlists; subscribe to shows; enhance and normalize speech volume with Voice Boost; and adjust playback using Smart Speed to pick up extra speed without distortion.
It’s traditional for journalists to end an interview with some version of the question, “What would you like to add?” On the surface, it is the softest of softball questions—so broad and general that there is no wrong answer.
Some sources take this opportunity to repeat their major talking points. Others simply say they have nothing to add. And some will offer a warm and fuzzy, feel-good quote about partnering or working hand-in-hand, or about how great their employees are. All are perfectly legitimate responses.
But on very rare occasions, a source will take this opportunity to make news. And from a reporter’s perspective, this is the absolute best kind of answer.
Have you ever walked into a business meeting and wished you could know a bit about each person to spark real conversation and bypass typical small talk? The free Refresh app for iOS aims to make it possible by providing a quick overview of the people you're about to meet, aggregating information from across the Web.
The app syncs with your calendar, contacts and scheduled meetings to display relevant insights from Facebook, LinkedIn, Twitter and email about the people you will meet.
A key tenet of the Joint Information Environment (JIE) will be the ability of users to have access to the same information system capabilities regardless of physical location, according to Defense Information System Agency (DISA) officials. Speaking on the final day of AFCEA’s three-day JIE Mission Partner Symposium being held in Baltimore May 12-14, the panel of officials described the importance of mobile capability as well as connectivity.
Once the Joint Information Environment (JIE) is in place, the U.S. Defense Department may be able to deploy secure mobile apps much more quickly than it can with today’s cumbersome process, according to Teri Takai, Defense Department chief information officer.