The Pentagon Goes Shopping For A New Mobile Phone

Uploaded on 2015-09-24 in NEWS-Cybersecurity News, INTELLIGENCE--USA, GOVERNMENT-National, FREE TO VIEW

2014_11_FedTalks-560.jpg

Defense Department CIO Terry Halvorsen

The U.S. Defense Department made news last spring when Ash Carter became the first defense secretary in almost 20 years to visit Silicon Valley. In a media call Tuesday, Pentagon Chief Information Officer Terry Halvorsen told a handful of reporters what the Pentagon plans to learn from the private sector, including technology that could automate cyber response, and also provided updates on a plan to outfit parts of the Pentagon with Wi-Fi. 

Here are a few takeaways from that conversation:
1. Sometime in the fall, DOD plans to test out smartphones that can access top-secret information.
Halvorsen confirmed DOD is deploying the top-secret smartphones in the fall, but declined to provide any more detail on the efforts because, he said, “I don’t want people to know when we’re actually going live with those.” He added that the Pentagon has already done some preliminary testing on the phones and is ”continuing to see great results on that.”
2. By the end of fiscal year 2016’s first quarter, DOD plans to deploy civilian employees into Silicon Valley for 6-month rotations, Halvorsen said. This program, modeled after another program that sends military employees for year-long rotations in the private sector, is part of a series of efforts to connect with Silicon Valley tech talent, including a new Pentagon outpost in California, as well as $75 million investment in a coalition of companies and universities working on flexible and wearable electronic devices.
3. DOD is trying to adapt private sector cyber technology.  
The Pentagon is paying attention to cyber solutions offered by startups, Halvorsen said. “Many times they may have really good ideas, but in their initial format they just don’t scale,” he said. “What I’m working with Silicon Valley on, and what we’re trying to [find out] is ‘where do we do the testing to see if they will scale? First of all, where do we test to see if they really will work?’” He added the Pentagon wants to be able to complete pilot programs and tech experiments faster. ”But we also need Silicon Valley to be able to understand that when you can field a tool for 5,000 to 10,000 people, and there’s a market for that, I am not the market for that,” Halvorsen said. “ What I need to look at has to be able to scale to millions of people.”
DOD also wants to automate cyber defense. For now, officials are looking at the basics, such as automatically patching updates. ”At a certain point, I want to be able to have some cyber defense completely automated where a certain set of conditions occur, and the system takes its own response,” Halvorsen added. 

The Pentagon is keeping pace with Fortune 50 companies in terms of cloud adoption, Halvorsen said.
Commercial companies are using private and commercial, just as DOD is, he said. “We’re all trying to find what is going to be that hybrid sweet spot, and how much [data] do you put out there,” he said. 
Within DOD, as in the private sector, there isn’t going to be “one cloud answer . . . there’s going to be some stuff that goes into a perfectly commercial cloud, that’ll work,” he said. “There are going to be things that go into a hybrid cloud where it might be a partnership with the federal government and DOD, maybe federal and state governments.”
An incident in which computers in Pentagon’s food court were hacked, potentially exposing employee information, isn’t really the DOD CIO’s problem.  
“If the food court was hacked, that would not be the DOD that was hacked,” Halvorsen said, adding that he did not have any more data about the incident. 

But he said that plans to install Wi-Fi, including a guest network, in the Pentagon are moving forward and the network is on track to be operational by the end of December. The department is prioritizing major meeting areas and some common spaces. “The key part for us is having all of the sensors in place to assure me that I am using Wi-Fi in all the right ways, and then when I want to say, ‘OK, now turn off the Wi-Fi because I’m doing something else,’ I can be assured that the Wi-Fi is off,” he said.
DefenseOne:  http://bit.ly/1L2VD1j

 

 

 

« FBI Urges Firms to Plan For Cyber Attack
India and US Cyber Agree Security Pact to Combat Crime »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Paessler

Paessler

Paessler is a leading worldwide provider of network monitoring software.

Nimbusec

Nimbusec

Nimbusec scans your website around the clock and informs immediately if it has been hacked or manipulated

Astra Security

Astra Security

Astra's website security solution provides real-time protection against malware, hackers, SQLi, XSS, DDoS, LFI and RFI.

Exprivia

Exprivia

Exprivia is active in the design, development and integration of IT systems including cyber security.

Sabasai

Sabasai

Sabasai specialises in all aspects of insider threat management from training and education to building security frameworks and insider threat programs to on-site risk & vulnerability assessments.

Online Business Systems

Online Business Systems

Online Business Systems is an information technology and business consultancy. We design improved business processes enabled with robust and secure information systems.

Asia Data Destruction (ADD)

Asia Data Destruction (ADD)

ADD is the leading IT Assets Disposal and Data Destruction Company in Thailand.

CyVolve

CyVolve

Cyvolve is the next great leap forward in data security, ensuring constant encryption and pervasive control over all your data.

NodeSource

NodeSource

NodeSource helps organizations run production-ready Node.js applications with greater visibility into resource usage and enhanced awareness around application performance and security.

Cyber Range Solutions (CRS)

Cyber Range Solutions (CRS)

CRS provides cyber security training and improve security team performance by providing a hyper realistic, virtual training environment.

Auriga Consulting

Auriga Consulting

Auriga is a center of excellence in Cyber Security, Assurance and Monitoring Services, with a renowned track record of succeeding where others have failed.

Capital Network Solutions

Capital Network Solutions

Capital Network Solutions are a highly accredited managed IT services and consultancy provider, specialising in cyber security, infrastructure and communications.

RMRF Tech

RMRF Tech

RMRF is a team of cybersecurity engineers and penetration testers which specializes in the development of solutions for early cyber threat detection and prevention.

Cyera

Cyera

Cyera is the data security company that gives businesses context and control over their most valuable asset: data.

EPIQ Infotech

EPIQ Infotech

EPIQ Infotech is a trusted consulting and implementation partner for Oracle JD Edwards and Amazon Web Services (AWS).

CyberTest

CyberTest

CyberTest offers cybersecurity consulting and penetration testing services that helps organizations and businesses securing their assets.