*** Patrick Grother, a computer scientist at the National Institute of Standards and Technology who administers the agency's Face Recognition Vendor Test, says that vendors should take a look at improved technology made possible by convolutional neural networks. "There is low-hanging fruit there -- easy gains in accuracy to be had just by replacing an algorithm." Read more in FCW's sibling publication GCN.
*** The Defense Information Systems Agency is preparing a new capability that would change how it does virtual private network services.
Charles Osborn, DISA's acting director for the infrastructure executive directorate, told FCW following the Independent Telecommunications Pioneers Association event Dec. 6, the agency has an initially operational capability that allows automated provisioning for VPN services through Storefront.
"Essentially the customer would be able to log in through Storefront and order VPN services and then it would go out to the controllers and actually provision it without any human touching it other than the customer," as long as the resources, such as a path, ports, bandwidth, are available on both sides, Osborn said.
Syncing databases from two different bases on the non-classified internet protocol network (NIPRNET) via a VPN used to take upwards of 30 days after a request was submitted through the telecommunications service request and orders process via Storefront, which includes human validation. The new, real-time capability would allow authorization and provisioning within 90 seconds, Osborn said.
No word yet on when DISA customers will get access to the capability.
*** A Government Accountability Office audit of seven major federal agencies found that they have all put in place policies, procedures and guidelines around the removal of personal information from cyber threat indicator sharing programs that meet requirements established in the 2015 Cybersecurity Information Sharing Act.
That law set out eight principles around fair information practices designed to minimize exposure of and remove "personal information or information that identifies a specific person not directly related to a cybersecurity threat" in information sharing programs like Automated Indicator Sharing. That includes principles such as transparency around collection practices, seeking consent for such collection down to the individual level if practicable, articulating relevant authorities to collect personal data and putting in place appropriate safeguards to protect it.
The Departments of Homeland Security, Justice, Defense, Commerce, Energy, Treasury and the Office of the Director of National Intelligence were all found to have put in place "policies, procedures, and guidelines that met the eight CISA provisions relevant to the removal of personal information from cyber threat indicators and defensive measures," according to a letter sent to the Senate and House Intelligence Committees by Nick Marinos, director of cybersecurity and data protection issues at GAO.
Correction: This post was updated Dec. 7 to correct the spelling of Charles Osborn's name.
Posted on Dec 07, 2018 at 8:51 AM