Device lock boxes may be a thing of the past for Pentagon workers, DISA says
- By Lauren C. Williams
- May 20, 2020
Some Pentagon personnel may be able to start bringing in their devices to secure facilities thanks to an upcoming pilot program with the Defense Information Systems Agency.
Stephen Wallace, systems innovation scientist for DISA's emerging technology directorate, said the agency was working with the Pentagon to allow workers to bring approved devices using SafeCase, which blocks a phone's sensors such as the microphone, into secured spaces instead of leaving them in a lockbox.
"It's kind of anti-modern work," Wallace said of having to "give your device up and effectively have nothing as you move around for the rest of your day" at an AFCEA International and George Mason University virtual event on May 19.
Wallace said, when the case is engaged, white noise is transmitted through the device's microphone and the camera is blocked so the only thing emitting from the device is a radio signal. External sensors can't be remotely turned on and even if it were, there would be nothing but white noise and a black screen that would inhibit recording.
The pilot program under its assured identity initiative, in which the Air Force is already participating, would start in the Pentagon once anti-coronavirus work protocols are eased.
DISA is also prototyping watch wearables to continuously authenticate a paired phone and permit access to a secure container on the device.
"When the wearable is removed or breaks communication with the device, that secure container on the device is locked," Wallace said.
Since the pandemic was declared, DISA has been contending with cyber threats as defense personnel take advantage of telework to stem the spread of coronavirus infections. As a result, it ramped up its cloud-based browser internet isolation pilot to protect DOD's networks from internet-based threats.
Wallace said DISA saw 1,338 URLs that were good at the time the user clicked were later considered problematic by reputation engines.
"A lot of times what we do is very heavily based on the reputation of the websites and the known [quality] of any given information but it's often dated information. It's dated the moment it's updated. And so by using an automated isolation platform, you eliminate that risk," Wallace said.
That way, the data doesn't make it back to the end point, he said.
The capability has also given DISA insight into user behavior through data loss prevention. "With something like isolation, we see everything that the user does as they interface with the browser. Every input that's provided, every file that's uploaded," Wallace said.
"When you apply DLP capabilities against that you really see a tremendous amount of information generated and interesting insight into [user] behavior," he said.
Wallace also said an isolation contract would be awarded and broadly deployed in the next month and scaling it to non-DOD agencies.
Lauren C. Williams is a staff writer at FCW covering defense and cybersecurity.
Prior to joining FCW, Williams was the tech reporter for ThinkProgress, where she covered everything from internet culture to national security issues. In past positions, Williams covered health care, politics and crime for various publications, including The Seattle Times.
Williams graduated with a master's in journalism from the University of Maryland, College Park and a bachelor's in dietetics from the University of Delaware. She can be contacted at [email protected], or follow her on Twitter @lalaurenista.
Click here for previous articles by Wiliams.