CYBERSECURITY
The name of this intrusion-prevention app for Android might be less than transparent, but its purpose is not. APE was designed to monitor network traffic on smartphones and block any activity that isn’t playing by the rules, whether it comes from malware, viruses or a hacker.
“I initially focused on a slightly dif- ferent problem,” said Mark Mitchell, APE’s developer and a senior multidis- cipline systems engineer at Mitre. “In my personal experience, I noticed what seemed to be a lack of publicly available information about what types of attacks were being used against smartphones
in the wild. This caused me to look into monitoring network traffic on smartphones.”
Then Mitchell had an “Aha!” moment. “Instead of just monitoring network traf- fic and recording statistics and meta- data, I thought, ‘Why don’t I just block the attacks in real time?’”
Mitchell began building APE nearly two years ago but said it was put on hold for a time. “Then we were accepted into the Department of Homeland Secu- rity’s Transition to Practice Program, a technology accelerator that focuses on enabling technology transition from the lab into the broader marketplace,” he said. “They’ve helped us to further focus on a real-world problem and to validate the market and the technology itself.”
APE examines all IPv4 network traffic that enters and leaves the smartphone via cellular or Wi-Fi connections and then compares the traffic to a locally stored rule set that defines malicious behavior. If the traffic violates the rules, the app blocks the data packet. The app can also block specific IP addresses, likely attack byte patterns and unneces- sary protocols.
According to Mitchell, APE is designed to be invisible to users unless a prob- lem is detected. And a key to the app’s effectiveness is the fact that it is an app instead of part of the operating system.
“It operates in normal user space, so it can be updated much more quickly than the operating system itself,” Mitchell said. “A patch for Android typically takes at least a few weeks to deploy, or it can take
months, or you may never get a patch.” Mitchell said the future of APE — its
exact feature set and market appearance — will be up to a commercialization partner. Although the timing is unclear, “we’ve had interest from a few compa- nies,” he said.
And what about the name? The “A,” somewhat recursively, stands for “APE.” The “P” stands for “prevention.” And the “E”? It’s just the third letter in “prevention.”
Finalist
Leading by example
on CDM
Continuous Diagnostics and Mitigation Program
Department of Homeland Security
The Continuous Diagnostics and Mitiga- tion Program tackles a Sisyphean task: giving 124 federal civilian agencies and state, local, regional and tribal govern- ments the tools to identify and address network security risks in near-real time.
Based on commercial tools, the CDM program helps standardize cybersecurity reporting, strengthen situational aware- ness and support risk-based decision- making at the enterprise level. The first task orders for the $6 billion program were issued in 2014, but it’s only in the past year that deployments have started to take hold.
And DHS, which manages the governmentwide program, has gone to great lengths to adopt CDM itself and demonstrate what it can do for govern- ment security.
CDM was conceived years before the 2014 task orders, but until the establish- ment of a CDM program management office, DHS’ own implementation was far behind schedule and in jeopardy
of failing. The CDM team — based in the DHS CIO’s office but working with components across the department
— corrected course and successfully implemented CDM Phase 1, Wave 1 as scheduled.
In 2017, DHS became the first federal agency to officially implement a CDM program, and for the first time, senior
DHS leaders had a dashboard that shows them what is on the network. More important, that insight allows them to make better-informed decisions on cybersecurity risk assessments — something the department continues to work on with other agencies.
Finalist
IC collaboration,
secure and at speed
Security Accreditation in the C2S Isolated Cloud Region Intelligence Community
When CIA officials decided in 2013 to work with Amazon Web Services to cre- ate a dedicated cloud environment for the intelligence community, there were lots of questions, and many of them centered on security.
“Neither side knew how it was going to turn out,” CIA CIO John Edwards said of the partnership in a recent speech. Yet four years later, it has proven to be “the best decision we’ve ever made” and argu- ably “the most secure thing out there” — not least because it’s a cloud completely decoupled from the public internet.
One of the biggest benefits has been the speed with which intelligence agen- cies can innovate in the Commercial Cloud Services, or C2S, environment. However, ensuring that those innova- tions are themselves compliant and secure has posed new challenges. So the CIA turned to Telos, the creator of Xacta 360, to protect C2S and all its data.
The Xacta 360 automated risk manage- ment and security compliance software scans the cloud environment for vulnera- bilites and threats based on intelligence community standards, overlays, controls and audits. With the compliance automa- tion and continuous monitoring, C2S
is now able to provision and authorize in minutes or hours what previously required weeks or even months.
That speedy security and the agile col- laboration it enables have been a “game changer for the community,” Edwards said.
36 GCN OCTOBER/NOVEMBER 2017 • GCN.COM