Government // Cybersecurity
News
9/2/2014
09:06 AM
50%
50%

Wanted By DHS: Breakout Ideas On Domestic Cybersecurity

Department of Homeland Security plans to fund cyber defense research efforts to develop pragmatic tools that can be deployed quickly, says Forrester.

 Government Data + Maps: 10 Great Examples
Government Data + Maps: 10 Great Examples
(Click image for larger view and slideshow.)

Companies, universities, and other entities that have existing but unfunded, innovative cyber security projects should take advantage of new funding from the Homeland Security Department to advance their research, according to a new report from Forrester Research of Cambridge, Mass.

The DHS cyber research effort comes at a time when cyber attacks by well-funded crime groups around the globe and hostile nation-states are on the rise, and there is a shortage of funding for technologies to help vital sectors of the economy combat a daily barrage of attacks.

Although there are dozens of legislative proposals for cyber security before Congress, no meaningful cyberbreach legislation is being considered at the moment, according to report author Ed Ferrara, Forrester's principal analyst serving Security & Risk Professionals.

[How do ex-military and ex-hackers approach cybersecurity? Read Hacker Or Military? Best Of Both In Cyber Security.]

"At the tactical agency level... this particular effort is a bright spot in a pretty bleak governmental landscape," Ferrara said. "It's not nearly enough, but it is certainly a step in the right direction."

The department earlier this year issued a broad agency announcement seeking targeted research and development for innovative cyber security tools. DHS has $95 million that it will disburse in multiple phases over the next three to five years, according to government documents.

(Source: geralt, Pixabay)
(Source: geralt, Pixabay)

DHS wants pragmatic tools that can be deployed rapidly to boost the security of public and private organizations that are part of the nation's critical infrastructure, including financial, energy, healthcare, and other sectors.

The first phase of the funding is available for tools in four key domains: data and privacy, distributed denial of service, mobile security, and cyber and physical system integration. Forrester provided more details on what's needed in each domain:

Data privacy and security
DHS seeks methods to boost privacy controls that protect individuals' personal information. To achieve this goal, the department is interested in tools and concepts related to privacy compliance, privacy-preserving federated search capabilities, and mobile computing privacy.

Distributed denial of service
The department wants to develop ways to measure such attacks, enhance communications among affected parties, drive the adoption of existing technologies to mitigate DDoS attacks, and fund the further development of DDoS defense technologies.

Mobile security
DHS wants ideas that address a number of pressing needs. One need is instrumentation for mobile devices that can authenticate users and also perform risk-based assessments on the use of the device. Other needs include a secure approach for accessing mobile device data, new security management tools for mobile devices, and innovative approaches for protecting the component layers of devices from malicious applications.

Cyber and physical integration
DHS wants tools and concepts that address secure system design, and experimental and pilot implementations of such integrated cyber and physical security systems.

Ideally, organizations benefiting from advances in integrated cyber and physical security would be able to deploy them for building and system access, enhanced payment system security, and other applications that require multifactor authentication, according to Forrester.

"Things are getting worse," Ferrara said. "The number of attacks is up, the severity of the attacks is up, and the visibility of the attacks is up. You never saw things like this on the front pages [before], and now it is front page news."

Sophisticated attacks demand real-time risk management and continuous monitoring. Here's how federal agencies are meeting that challenge. Get the new Flexibility Equals Strength issue of InformationWeek Government Tech Digest today. (Free registration required.)

William Welsh is a contributing writer to InformationWeek Government. He has covered the government IT market since 2000 for publications such as Washington Technology and Defense Systems. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
FWB
100%
0%
FWB,
User Rank: Apprentice
9/3/2014 | 9:58:19 AM
Cybersecurity & EAS
Currently the internet and local resources are the only means of addressing cybersecurity issues. However digital broadcasting, particularly TV, is an alternative that can deliver data securely over double firewall or air isolation. This can be incorporated into an improved Emergency Alert System as part of an improved IPAWS. This is a matter for FEMA to consider.
Cyber Security Standards for Major Infrastructure
Cyber Security Standards for Major Infrastructure
The Presidential Executive Order from February established a framework and clear set of security standards to be applied across critical infrastructure. Now the real work begins.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest, Dec. 9, 2014
Apps will make or break the tablet as a work device, but don't shortchange critical factors related to hardware, security, peripherals, and integration.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of December 14, 2014. Be here for the show and for the incredible Friday Afternoon Conversation that runs beside the program.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.