Defense

Device lock boxes may be a thing of the past for Pentagon workers, DISA says

advanced networking (greenbutterfly/Shutterstock.com) 

Some Pentagon personnel may be able to start bringing in their devices to secure facilities thanks to an upcoming pilot program with the Defense Information Systems Agency.

Stephen Wallace, systems innovation scientist for DISA's emerging technology directorate, said the agency was working with the Pentagon to allow workers to bring approved devices using SafeCase, which blocks a phone's sensors such as the microphone, into secured spaces instead of leaving them in a lockbox.

"It's kind of anti-modern work," Wallace said of having to "give your device up and effectively have nothing as you move around for the rest of your day" at an AFCEA International and George Mason University virtual event on May 19.

Wallace said, when the case is engaged, white noise is transmitted through the device's microphone and the camera is blocked so the only thing emitting from the device is a radio signal. External sensors can't be remotely turned on and even if it were, there would be nothing but white noise and a black screen that would inhibit recording.

The pilot program under its assured identity initiative, in which the Air Force is already participating, would start in the Pentagon once anti-coronavirus work protocols are eased.

DISA is also prototyping watch wearables to continuously authenticate a paired phone and permit access to a secure container on the device.

"When the wearable is removed or breaks communication with the device, that secure container on the device is locked," Wallace said.

Since the pandemic was declared, DISA has been contending with cyber threats as defense personnel take advantage of telework to stem the spread of coronavirus infections. As a result, it ramped up its cloud-based browser internet isolation pilot to protect DOD's networks from internet-based threats.

Wallace said DISA saw 1,338 URLs that were good at the time the user clicked were later considered problematic by reputation engines.

"A lot of times what we do is very heavily based on the reputation of the websites and the known [quality] of any given information but it's often dated information. It's dated the moment it's updated. And so by using an automated isolation platform, you eliminate that risk," Wallace said.

That way, the data doesn't make it back to the end point, he said.

The capability has also given DISA insight into user behavior through data loss prevention. "With something like isolation, we see everything that the user does as they interface with the browser. Every input that's provided, every file that's uploaded," Wallace said.

"When you apply DLP capabilities against that you really see a tremendous amount of information generated and interesting insight into [user] behavior," he said.

Wallace also said an isolation contract would be awarded and broadly deployed in the next month and scaling it to non-DOD agencies.

About the Author

Lauren C. Williams is senior editor for FCW and Defense Systems, covering defense and cybersecurity.

Prior to joining FCW, Williams was the tech reporter for ThinkProgress, where she covered everything from internet culture to national security issues. In past positions, Williams covered health care, politics and crime for various publications, including The Seattle Times.

Williams graduated with a master's in journalism from the University of Maryland, College Park and a bachelor's in dietetics from the University of Delaware. She can be contacted at [email protected], or follow her on Twitter @lalaurenista.

Click here for previous articles by Wiliams.


Featured

  • Acquisition
    Shutterstock ID 169474442 By Maxx-Studio

    The growing importance of GWACs

    One of the government's most popular methods for buying emerging technologies and critical IT services faces significant challenges in an ever-changing marketplace

  • Workforce
    Shutterstock image 1658927440 By Deliris masks in office coronavirus covid19

    White House orders federal contractors vaccinated by Dec. 8

    New COVID-19 guidance directs federal contractors and subcontractors to make sure their employees are vaccinated — the latest in a series of new vaccine requirements the White House has been rolling out in recent weeks.

Stay Connected