The Pentagon Goes Shopping For A New Mobile Phone

Uploaded on 2015-09-24 in NEWS-Cybersecurity News, INTELLIGENCE--USA, GOVERNMENT-National, FREE TO VIEW

2014_11_FedTalks-560.jpg

Defense Department CIO Terry Halvorsen

The U.S. Defense Department made news last spring when Ash Carter became the first defense secretary in almost 20 years to visit Silicon Valley. In a media call Tuesday, Pentagon Chief Information Officer Terry Halvorsen told a handful of reporters what the Pentagon plans to learn from the private sector, including technology that could automate cyber response, and also provided updates on a plan to outfit parts of the Pentagon with Wi-Fi. 

Here are a few takeaways from that conversation:
1. Sometime in the fall, DOD plans to test out smartphones that can access top-secret information.
Halvorsen confirmed DOD is deploying the top-secret smartphones in the fall, but declined to provide any more detail on the efforts because, he said, “I don’t want people to know when we’re actually going live with those.” He added that the Pentagon has already done some preliminary testing on the phones and is ”continuing to see great results on that.”
2. By the end of fiscal year 2016’s first quarter, DOD plans to deploy civilian employees into Silicon Valley for 6-month rotations, Halvorsen said. This program, modeled after another program that sends military employees for year-long rotations in the private sector, is part of a series of efforts to connect with Silicon Valley tech talent, including a new Pentagon outpost in California, as well as $75 million investment in a coalition of companies and universities working on flexible and wearable electronic devices.
3. DOD is trying to adapt private sector cyber technology.  
The Pentagon is paying attention to cyber solutions offered by startups, Halvorsen said. “Many times they may have really good ideas, but in their initial format they just don’t scale,” he said. “What I’m working with Silicon Valley on, and what we’re trying to [find out] is ‘where do we do the testing to see if they will scale? First of all, where do we test to see if they really will work?’” He added the Pentagon wants to be able to complete pilot programs and tech experiments faster. ”But we also need Silicon Valley to be able to understand that when you can field a tool for 5,000 to 10,000 people, and there’s a market for that, I am not the market for that,” Halvorsen said. “ What I need to look at has to be able to scale to millions of people.”
DOD also wants to automate cyber defense. For now, officials are looking at the basics, such as automatically patching updates. ”At a certain point, I want to be able to have some cyber defense completely automated where a certain set of conditions occur, and the system takes its own response,” Halvorsen added. 

The Pentagon is keeping pace with Fortune 50 companies in terms of cloud adoption, Halvorsen said.
Commercial companies are using private and commercial, just as DOD is, he said. “We’re all trying to find what is going to be that hybrid sweet spot, and how much [data] do you put out there,” he said. 
Within DOD, as in the private sector, there isn’t going to be “one cloud answer . . . there’s going to be some stuff that goes into a perfectly commercial cloud, that’ll work,” he said. “There are going to be things that go into a hybrid cloud where it might be a partnership with the federal government and DOD, maybe federal and state governments.”
An incident in which computers in Pentagon’s food court were hacked, potentially exposing employee information, isn’t really the DOD CIO’s problem.  
“If the food court was hacked, that would not be the DOD that was hacked,” Halvorsen said, adding that he did not have any more data about the incident. 

But he said that plans to install Wi-Fi, including a guest network, in the Pentagon are moving forward and the network is on track to be operational by the end of December. The department is prioritizing major meeting areas and some common spaces. “The key part for us is having all of the sensors in place to assure me that I am using Wi-Fi in all the right ways, and then when I want to say, ‘OK, now turn off the Wi-Fi because I’m doing something else,’ I can be assured that the Wi-Fi is off,” he said.
DefenseOne:  http://bit.ly/1L2VD1j

 

 

 

« FBI Urges Firms to Plan For Cyber Attack
India and US Cyber Agree Security Pact to Combat Crime »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CloudInsure

CloudInsure

CloudInsure is a Cloud Insurance platform designed to specifically address emerging liabilities within the Cloud environment.

TWNCERT

TWNCERT

TWNCERT is the National Computer Emergency Response Team of Taiwan.

Luxar Tech

Luxar Tech

Luxar's network visibility products enable enterprises and service providers to monitor network traffic, improve security and optimize efficiency.

Wallix

Wallix

Wallix is a software company offering privileged access management solutions for enterprises, public organizations and cloud service providers

Global Forum on Cyber Expertise (GFCE)

Global Forum on Cyber Expertise (GFCE)

GFCE is a global platform for countries, international organizations and private companies to exchange best practices and expertise on cyber capacity building.

SecuTech Solutions

SecuTech Solutions

SecuTech is a global leader in providing strong authentication and software licensing management solutions.

Redshift Consulting

Redshift Consulting

Redshift is an information management and information security consulting company offering a full range of services from infrastructure design to security assessments and network monitoring.

GitGuardian

GitGuardian

Enable developers, ops, security and compliance professionals to enforce security policies across public and private code, and other data sources as well

OptimEyes.ai

OptimEyes.ai

OptimEyes.ai is a unique AI-powered, on-demand SaaS solution for cyber-security, data privacy and compliance risk modeling.

Vertex Cyber Security

Vertex Cyber Security

Vertex provide Cyber Security Services to small to large businesses including Advise, Consulting, Adding Security Partnership, Penetration Testing, ISO 27001-2 and Audits.

Cyber Octet

Cyber Octet

Cyber Octet is an IT Solution, Security, Training and Services company. We provide training and services from Web Application Security to ISO 27001 implementation.

Sec3

Sec3

Sec3 is a security and research firm providing bespoke audits and cutting edge tools to Web3 projects.

MIS Solutions

MIS Solutions

MIS Solutions is a managed cloud and IT security partner making technology work for you.

OrbiSky Systems

OrbiSky Systems

OrbiSky Systems is a British tech startup specializing in data management and cybersecurity solutions.

modePUSH

modePUSH

modePUSH is a cybersecurity company focused on end-to-end breach response from Digital Forensics to Restoration across the enterprise and cloud environments.

Clumio

Clumio

Clumio provides autonomous backup and recovery for critical cloud data.