Page 15 - FCW, Nov/Dec 2017
P. 15
SPONSORED CONTENT
blockchain as a promising solution. “As blockchain continues to evolve, state governments can start taking advantage of the technology to improve their services and supply chains through pilot programs,” according to a recent NASCIO report, “Blockchains: Moving Digital Government Forward in the States.”
A growing number of government agencies are exploring the possibilities. The Illinois Department of Innovation and Technology is working with state and local agencies to develop use cases for the technology. In a similar vein, the D.C. Blockchain Center is bringing together government agencies and industry experts around the nation’s capital to do
similar work.
The U.S. Department of Homeland Security is also
getting involved. The department’s Science and Technology Directorate is funding startups that could help address gaps in current blockchain solutions.
In some cases, the problem is not that cyber solutions don’t exist—it’s that they are di cult for many people
to deploy. That is the case with some advanced crypto- graphic techniques.
With that in mind, the Intelligence Advanced Research Project Activity (a DARPA-like group for the intelligence community) hopes to create a cryptographic toolbox that systems architects and application developers can use even if they lack cryptographic expertise.
The program, called the Homomorphic Encryption Computing Techniques with Overhead Reduction,
or HECTOR, likely will include cryptographic tools, programming languages and design and veri cation tools.
But in some cases, federal agencies take a more measured approach to driving the development of solutions. For example, the National Telecommunications and Information Administration (NTIA), which is part of the Commerce Department, is seeking industry partners interested in developing new strategies for dealing with automated distributed attacks from botnets and related technology.
For starters, NTIA wants to assess the e ectiveness of current solutions—both in terms of what works and what gaps need to be lled. But the agency also wants to get feedback on what roles the government should play in lling those gaps. Its ndings will be included in a report due by January 2018.
Federal R&D:
Botnets, Cryptography and More
Indeed, despite the booming industry for security solutions, the federal government continues to play an important role in seeding the market with new technology or funding the work of entrepreneurial vendors.
For example, the Defense Advanced Research Projects Agency (DARPA) is focusing its energies on so-called social engineering attacks, which are designed to trick people into clicking on a link that downloads malware.
Government agencies often require employees to take training that includes a session on social engineering, but the results are decidedly mixed. Humans continue to be seen as the weakest link of any cyber strategy.
DARPA proposes using bots to detect a social engineering campaign and to identify and gather information about its source. “To build secure cyber systems, it is necessary to protect not only the computers and networks that make up these systems, but the humans as well,” the broad agency announcement states.
Back to Basics
While innovation is critical to the future of cybersecurity, the WannaCry ransomware incident in May was a reminder about the importance of basic cyber hygiene.
The designers of WannaCry exploited known vulnerabilities in commercial software. According to U.S. intelligence o cials, few U.S. government agencies were infected, thanks to their disciplined approach to managing software. In contrast, organizations that failed to apply patches or upgrade their software paid the price—literally.
S-3