Pages Navigation Menu

News

Last days for GeoEye

Posted by on Jan 9, 2013 in News | Comments Off on Last days for GeoEye

Last days for GeoEye

DigitalGlobe and GeoEye have received antitrust approval from the Justice Department to merge under the DigitalGlobe name, the satellite imaging companies announced today on their web sites.

The Justice Department's Antitrust Division confirmed the approval in a statement:

“The Division analyzed the potential competitive effects of DigitalGlobe’s proposed acquisition of GeoEye. Given DoD’s decision not to exercise its full-year option for GeoEye’s EnhancedView imagery contract, the Division focused on the merger’s potential effects on the commercial customers and concluded that the merger was not anticompetitive,” the agency said.

Earthquake damage to the National Cathedral in Port-au-Prince. Credit: GeoEye

The companies expect to close the deal by Jan. 31.

The nod from the Justice Department's Antitrust Division all but seals the Longmont, Colo. Company’s purchase of its onetime rival GeoEye of Herndon, Va. The Federal Communications Commission and National Oceanic and Atmospheric Administration must also chime in, but the companies do not expect those agencies to stand in the way of the closing.

Justice approval was a potential hurdle because the combination would leave one commercial satellite company to sell imagery to Google and other mapping services, and to the National Geospatial-Intelligence Agency.

The merger dance, which will impact hundreds of GeoEye employees in the Washington, D.C., suburbs, was triggered earlier this year when the Obama administration announced it would scale back a 10-year imagery program called Enhanced View. The National Geospatial-Intelligence Agency was paying for imagery from the companies, and in GeoEye’s case, contributing funds for construction of the firm's next satellite. NGA announced earlier this year it would stop buying services from GeoEye as of Nov. 30, 2012 and keep a $70 million contribution to the new satellite.

Interview: Homeland at risk

Posted by on Jan 7, 2013 in Comms, Interviews, News, The Homeland | 1 comment

Interview: Homeland at risk

Paul Benda must not sleep well. As director of the Homeland Security Advanced Research Projects Agency, his job is to wring everything he can from a science and technology budget that took a 50 percent whacking in 2012. Benda is hopeful his budget will bounce back to $485 million in 2013. Even if it does, his bottom line remains this: U.S. spending on homeland security technologies is inadequate for the long list of terrible ways the country could be targeted. The list includes biological attacks; agricultural sabotage; loose nukes; cyber attacks on banks or other infrastructure. Benda discussed his strategies for making progress despite a tight budget. Excerpts>>

Director Paul Benda, Homeland Security Advanced Research Projects Agency

Why do we need HSARPA?>> It’s statutory law as part of the Homeland Security Act. There's an answer for you. It turns out that the challenges that DoD and the intel community face are completely and utterly different than the homeland security challenges we’ve got. If you look at counter IED tools that JIEDDO (the Joint Improvised Explosive Device Defeat Organization) develops, and that DARPA develops, they work great in theater. They can blank out any radio waves as they roll down the street. If I blanked out the rf frequencies rolling down Pennsylvania Avenue, do you think that would go over very well? No it wouldn’t. What we want to do at HSARPA is leverage those investments that DoD and the intel community make, and translate them to a homeland Security application.

Out of sync>> I think our investments are tied to (intel analysis). I don’t think our budget numbers are tied to that.

Competing interests>> Is the $485 million for S and T sufficient? I have to detect submersible, semi-submersible vehicles; I have to do bio terrorism; I have to do cyber security; I have to do search and rescue missions; I have to do FEMA disaster response; I have to support U.S. Secret Service operations; I have to do data analytics for ICE (Immigration and Customs Enforcement); do counter-proliferation missions. My job really is trying to leverage what is out there either with our DoD partners or with our national lab partners and trying to make them cheaper and accessible to my homeland security operators.

'Existential threat' >> BioWatch was a program that was stood up back in 2002, 2003. We still fundamentally use the same technologies that we did 10 years ago. Even Gen 3 (sensor technology) that's coming out, while it’ll reduce the time it takes for us to detect an attack, it still detects it after the fact. If you’ve got a terrorist who can produce three kilograms of anthrax and can attack one city at a time, what technologies exist today that allow us to detect that attack in real time? There are none. If I can’t detect it in real time, my odds of interdicting them and stopping them from doing future attacks are pretty low. Our investment in that area, while not insubstantial, isn’t where it needs to be...that (bio attack scenario) is an existential threat to the nation, quite frankly.

Cyber insurance >> If you look at a significant cyber attack that could take down part of the financial industry, the economic impact of that attack could easily reach into the billions. So, do you think $60 million dollars as an insurance policy for that makes sense?

2012 budget cut>> I’m hopeful in the discussions that we’ve had with Hill staff and with others that they view that cut as a mistake. They felt that that was too draconian of a cut for S and T. Where they want to take the department in terms of efficiencies, they recognize the need to have investments in technologies to get there.

Tough calls>> All of our R and D investments go through a portfolio review process where we have set up this assessment framework. We bring in outside experts as well as our internal customers, and we grade the programs after a briefing by our program managers. How well is that program aligned with this assessment framework? How well is it meeting goals? When we received a cut like that (50 percent cut in 2012), having this portfolio review process allowed us to really scale back to those highest performing programs. But in the end, we ended up cutting good work as well, because when you cut 50 percent you’re getting down to the bone at that point.

Re-starting programs>> In terms of our border security programs, we really cut back on tunnel detection and activity monitoring. Even though those were good programs and necessary, DoD has a fairly significant investment in that. We were trying to maintain forward progress with zero money by leveraging DoD’s work in that area. That’s one where we’ll probably put some money back in so we can pilot some of those technologies specific to DHS missions and DHS needs.

Tunnel challenge>> You’ve got a border town on the U.S. side and the Mexican side, and they share storm sewers. People always wonder, 'Well why don’t you just put bars on the front ends of them?' Well, if someone gets in that tunnel, and gets trapped and the water’s coming, they drown. Even if you put bars on them, they can cut them. So, how do we measure if there’s people in those tunnels or not? And then how do we give (border patrol officers) situational awareness and maintain officer safety if someone goes in there.

Secure Border Initiative lessons>> I was part of the team that did the follow-on analysis of alternatives that resulted in the recommendation to the secretary of killing that program (SBInet). Lesson one is to make sure we don’t presuppose a technology solution. People thought these integrated fixed towers with the radars and the cameras would work across the entire border. I think that CBP (Customs and Border Protection) vastly underestimated the amount of effort required to create a fully integrated system that could do that in terms of the comms challenges.

HSARPA's role on SBInet>> It didn't actually (go through HSARPA). The Science and Technology Directorate has the statutory authority to coordinate all R and D in the department. Would you call SBInet an R and D program, or would you call it a technology integration program? It turned out that there was a lot more R and D needed than anyone expected, but I think they (CBP) originally thought it was a commodity buy kind of thing – at least Boeing certainly sold it that way.

New approach>> Look at border security between points of entry – the SBInet problem. How do border patrol agents do their work today? Well, they’ve got patrols, they’ve got dispatch, they might have underground sensors. We map that out in the operational context: 'This is how you do your work today. How can technology help you do your job better?' It’s a subtle shift but we’re not asking the border patrol guys, 'Hey do you guys need a better underground sensor or camera?' We’re actually saying, 'So this is how you do your work today, right?' Hey, I was talking with my DARPA friends over there, they got this high tech sensor. What if we replaced this sensor with that sensor?' We go through that kind of systems analysis.

Tensions with component agencies>> The story’s much different than it was six years ago. The components (Customs and Border Protection; Immigration and Customs Enforcement; Transportation Security Administration, etc.) are very interested in working with us in terms of actually providing us funding to help us do our jobs. Whereas in the past, they were okay going off on their own.

New 'R and D strategies'>> We’re interviewing (component managers) one level below the component head. We want to do the systems analysis that says, 'How do you do your work?' and then pick where we can have the most impact with the littlest R and D investment. Then we propose technologies we think can help them solve those priorities. We’re doing this for every component within DHS.

Smartphones>> Our communications infrastructure can be spotty, especially on the border. Border patrol officers will use radios, and where they don’t have radio comms, they’ll use a personal cell phone. You can’t let the lack of comms completely degrade your mission effectiveness. We have to be aware of where to use smartphones. It would be great for them to have a smartphone that knows where the sensors are and they can have better situational awareness. You’d love to see as these integrated fixed towers go up so that the officers have access to that video feed. If we ever get to the point of having tactical UAVs flying along the border, you’d want these guys to have access.

Citizens as sensors

Emergency 911 upgrades suggest the possibility

Posted by on Dec 21, 2012 in Big Data, News | Comments Off on Citizens as sensors

Citizens as sensors

Computer browsers inside the 911 call center for Virginia’s York-Poquoson-Williamsburg region are now equipped to display emergency text messages from Verizon customers. Thankfully, only a few messages have been received so far.

The 911 call center in York County, Va. Credit: TCS

The text-to-911 rollout in York County is just one example of the Federal Communications Commission's push to modernize locally-controlled 911 call centers.

AT&T, Sprint, T-Mobile and Verizon pledged earlier this month to finish the text-messaging upgrades by May 15, 2014, and the FCC has proposed making that date a requirement.

Once the text messaging is ready, the FCC expects pictures and video to follow quickly, which is where the intelligence issues come in:

If every soldier is a sensor, soon every citizen with a smartphone will be a potential sensor too.

The upgrades will be a huge endeavor. The country has approximately 7,600 911 call centers, known officially as public safety answering points. The prospect of upgrading them has sparked a fierce competition between networking specialists Intrado of Longmont, Colo., and TeleCommunication Sytems of Annapolis, Md. Each is vying to work work with the cellular carriers and local authorities. Intrado has projects underway in Iowa, Minnesota, Vermont and Washington.

When the work is done, a wireless phone user who witnesses a terrorist attack or sees something suspicious will have the power to send SMS texts and also Multimedia Messaging Service photos to 911 operators. What happens to the information after that remains unclear.

Because Next Generation 911 is being rolled out primarily to aid first responders and the deaf, little attention has been given to whether or how pictures or video would be fed to the intelligence community. In theory, an intelligence community that's just beginning to comb through Twitter feeds and social media would also have the ability to receive clues directly from citizen witnesses.

That raises lots of questions. When asked if Intrado’s database of texts and images will be compatible with the intelligence community’s networks, Intrado Vice President Michael Lee offered a simple answer: “Unless the military or CIA is using some proprietary format, I don’t think we’ve got a problem with that.”

Terry Hall, chief of emergency communications for the York-Poquoson-Willamsburg region, said any unknowns should be looked at as opportunities.

“What’s great about Next Generation 911 is it’s going to do things that you and I haven’t thought about yet. Just by the nature of it being Internet Protocol, we can do device-to device. We can do [comms from] one [device] to many,” he said.

As for intelligence applications, Hall said the likely route to analysts would be via the Virginia Criminal Information Network and the FBI’s National Crime Information Center.

For now, much of the work has to do with making sure 911 operators and dispatchers have the right policies and training to handle the data feeds.

“When we looked at being an early adopter of this, I had to sit down with my staff and look at pre-launch fears and concerns,” Hall said. “Dispatchers are going to have to learn a new language. Slang and abbreviations. How are they going to multitask between live voice and text calls? How are they going to deal with crank callers? Do they treat text as a live 911 call? Are we going to become overwhelmed and not be able to handle it? How do we handle Freedom of Information Act? Do we give medical instructions?”

Hall said about 95 percent of those issues have been worked out.

How McAfee unraveled Blitzkrieg

Posted by on Dec 15, 2012 in Big Data, News | Comments Off on How McAfee unraveled Blitzkrieg

How McAfee unraveled Blitzkrieg

McAfee Labs turned to old fashioned human intelligence to blow the cover off an online-banking scam hatched by a shadowy cyber criminal with a bad nickname.

Cyber criminals targeted 300 to 500 bank accounts in the U.S., says McAfee. Credit: McAfee

Network security watchers learned about Project Blitzkrieg on October 4, when the security firm RSA posted a blog entry saying a cyber gang was seeking to recruit “botmasters” to share the proceeds of a fraud offensive against major U.S. banks and their customers.

McAfee says that before its Dec. 13 white paper, security watchers weren’t sure if the threat was serious or a hoax.

There was good reason to wonder. The head of the gang used the Harry Potteresque nickname, vorVzakone, in his posts on a shadowy cyber criminal forum. He wrote in Russian, and even posted a grainy video of himself on YouTube.

Brian Krebs of krebsonsecurity.com reported these facts in October, and his blog was widely circulated in the security community.

It looked like it could be a bad joke or a ruse to distract experts from actual threats. On the other hand, maybe vorVzakone really was growing a criminal gang and testing Trojan software capable of stealing banking log-ins and answers to security challenge questions. RSA identified the gang's malware as a form of the previously known Gozi Trojan, and named it Gozi Prinimalka after a folder in the malware.

McAfee threat researcher Ryan Sherstobitoff knew a good mystery when he saw one. He dug into the evidence and reported his findings in the paper, “Analyzing Project Blitzkrieg, A Credible Threat.”

The paper warned that 30 major banks might indeed face massive fraud attempts, not in the fall as initially predicted by RSA, but by next spring. CNN and other media leaped on the report, and McAfee gave briefings to the FBI, Department of Homeland Security and the National Cyber Security Partnership, a private sector group working to establish voluntary security strategies.

Sherstobitoff’s first step toward decloaking blitzkrieg was a low-tech one. He needed to see the postings that vorVzakone made Sept. 9 on a cyber criminal forum. The details might steer him to relevant evidence in McAfee’s vast trove of malware samples. He could then connect the dots, if there were any, and assess the seriousness of the threat.

“I went to a source that I knew might have this connection, and he provided all of the screen shots and all of the 16 pages of chatter in Russian, and that’s where we began the investigation,” Sherstobitoff said.

VorVzakone, it turns out, was sloppy. He posted screenshots of his handy work – possibly to convince recruits that he was serious and that they should join. He redacted the IP address of a command and control server panel but forgot to redact the six-digit campaign identification number criminals rely on to stay organized.

“We were able to look up that campaign ID out of the subset of malware samples that we had and were able to find out which one was used in that particular instance,” Sherstobitoff said.

McAfee traced the hosting to servers in Des Moines, Iowa; the Netherlands and Moscow, and concluded that the gang has had an active Trojan system since April 2012. McAfee believes this was a pilot project toward a larger offensive planned for the spring of 2013. The gang began using a Romania server in August, and has compromised 300 to 500 accounts in the U.S., probably as a test.

McAfee suspects money was stolen but can’t say for sure.

“VorVzakone said that 5 million has been lost. It is quite plausible that this has already earned money, but we don’t have direct log files to actually support that yet,” Sherstobitoff said.

For now, vorVzakone has gone quiet but McAfee says the financial industry should get ready.

Mapping agency ends work with GeoEye

Posted by on Dec 10, 2012 in News | Comments Off on Mapping agency ends work with GeoEye

Mapping agency ends work with GeoEye

The divorce is now final between the National Geospatial-Intelligence Agency and GeoEye, the Herndon, Va., satellite imaging company that once envisioned a lucrative long-term partnership with the mapping agency.

Earthquake damage to the Port au Prince National Cathedral. Credit: GeoEye

On Dec. 5, NGA notified GeoEye that “effective immediately” it will end its cost-sharing agreement with the company and keep $70 million in payments toward GeoEye's next satellite, GeoEye-2, whose 2013 launch is now a question mark.

“The parties were unable to agree on mutually acceptable terms” during talks over how much control NGA should have over the new satellite, GeoEye reported in a Dec. 7 filing to the U.S. Securities and Exchange Commission.

The backdrop to the talks was NGA’s June decision to stop buying imagery services from GeoEye after Nov. 30, while continuing to do business with GeoEye’s rival, DigitalGlobe of Longmont, Colo. NGA faced a dilemma after the Obama administration announced it would dramatically scale back Enhanced View, a 10-year program to buy imagery services and, in GeoEye’s case, invest in satellite construction.

With the pie shrinking fast, GeoEye quickly agreed to be purchased by DigitalGlobe in a proposal that is now under review by the monopoly-wary Justice Department.

For GeoEye, the loss of the $70 million “is yet another reason this deal has to happen,” said consultant Andrew Koch of Scribe Strategies and Advisors. “At this point, GeoEye is pretty much flying without a safety net,” he said.

GeoEye continues providing imagery commercially, including for mapping services such as Google’s.

In the filing, GeoEye said it sought “changes” to NGA’s rights to GeoEye-2, given the mapping agency’s decision to contribute nothing beyond the $70 million. GeoEye-2 is expected to cost about $850 million including launch vehicle, insurance and ground equipment.

GeoEye did not elaborate on the changes it sought. In the past, control of a satellite’s joystick – meaning where to point it and under what conditions – has been a sensitive issue. In 2008, the intelligence community and Pentagon launched what turned out to be a short-lived effort to build a government-owned constellation of mapping satellites, called the Broad Area Space-based Imagery Collector, or BASIC.

NGA stands by its plan

Posted by on Dec 6, 2012 in Intel Analysis, News, Uncategorized | 1 comment

NGA stands by its plan

The National Geospatial-Intelligence Agency’s online apps initiative has raised eyebrows in the intelligence community for lots of reasons. There are the technical challenges of installing and maintaining an apps store on unclassified, secret and top-secret networks. There's the business challenge of convincing software developers they won't go broke in a world of online apps.

Eyebrows have raised the highest, though, over this point: NGA has set a goal of approving the new apps within two weeks of submission to the agency, a la Apple’s apps store.

NGA officials announced the two-week goal during an industry day in September at its Campus East facility in Springfield, Va. Ever since, executives have quietly wondered about the feasibility of a government agency doing anything quite so fast, especially when lawyers are involved.

In an interview with Deep Dive, Applications Services Director Mark Riccio said NGA stands by its plan.

True, he said, app reviewers face lots of security and legal considerations, including software licensing, trademark and copyrights issues. Achieving a thumbs-up or down in two weeks will require spelling out in advance the precise information NGA would need.

“That should allow for a rapid approval of these apps. It’s a goal that we’ve laid out. It’s a goal that we’re confident we can meet. And we’re challenging ourselves to meet that,” Riccio said.

The agency is aiming for user friendliness in the submission paperwork. The forms must be “as simple and as straight forward as possible” so that “a lot of the pre-coordination activity will already have taken place,” he said.

The next major milestone in the apps initiative will come sometime between January and March. That’s when NGA plans to release a document spelling out “the mechanism by which the development community out there -- large businesses, small businesses, academia -- will be able to provide us apps and then be compensated in turn for those applications should they be chosen for hosting within our apps store,” Riccio said.

NGA has apps today but they were made by NGA or submitted by other agencies or government organizations. There are about 150, Director Letitia Long said in October at the annual GEOINT Symposium. NGA wants up to thousands of apps to be available for analysts at NGA and elsewhere in the community. To get there, it’s trying to light a fire in the software industry. Companies would be paid based on the performance of the apps and their popularity among analysts. The apps would be used by analysts equipped with iPhones, iPads and Android devices approved for use in secure facilities.

The GEOINT Apps Store is up and running on the intelligence community’s unclassified network and on the top secret Joint Worldwide Intelligence Communications System called JWICS.

Riccio said the store should be available shortly where most analysts work -- on the Secret Internet Protocol Router Network, or SIPRNET. “As in any development, we’re just going through the final checks on our end to make sure that it’s going to provide the best user experience possible,” he said.

OPINION: Outraged? Look at the Bastion attack

Posted by on Dec 2, 2012 in Afghanistan, Intel Analysis, News, Opinion, Uncategorized | Comments Off on OPINION: Outraged? Look at the Bastion attack

OPINION: Outraged? Look at the Bastion attack

Hopefully all the loud congressional posturing over the Benghazi attack is being matched by quieter oversight of the decisions that preceded the Taliban raid three days later at Camp Bastion, Afghanistan.

Sgt. Bradley Atwell, 27, and Lt. Col. Christopher Raible, 40, died Sept. 14 in the Taliban's raid on Camp Bastion. Credit: Marine Corps

Insurgents crept up to the base in three groups and used old-fashioned wire cutters to penetrate the fencing. They destroyed six American Harrier jets and seriously damaged two others. Two U.S. Marines were killed in the fight to keep the insurgents from reaching their main objective, the base’s flight line.

Bastion has received less public attention than Benghazi because it lacks political spoils. That’s fine, so long as the oversight is happening. Congress should be piqued after appropriating billions of dollars for equipment and people to prevent exactly this kind of spectacular attack. Lawmakers can help by pushing for public release of the investigative report on the raid, which is the subject of Freedom of Information Act requests.

So far, the military’s public narrative would have us believe this was more of a Taliban success than a force protection and intelligence failure.

The only on-the-record description of the protections in place that night comes from an October press briefing in Afghanistan by Marine Corps Maj. Gen. Charles M. Gurganus. His regional command includes the Bastion-Camp Leatherneck-Shorabak complex and flight line. This hub of aircraft, trucking, training and management activities was supposed to be as safe as any place in Afghanistan. Afghan recruits learn basic warfighting skills at Shorabak. British, American and coalition troops use the complex as a haven on their way to and from more dangerous locations in Helmand Province.

Gurganus said insurgents chose a “night when there was absolutely zero illumination” from the moon. He said there were “guard towers with guards in ’em” but that the attackers “came up in an area that was pretty much obscured from a lot of the towers.” The base also had sophisticated surveillance systems, but these “can’t see everywhere all the time,” he said in a video of the briefing. He said the fence wasn't alarmed.

This admission of vulnerability to a night-time attack ought to shock members of Congress. The U.S.-led coalition is supposed to rule the night – not fear it. Billions of dollars were appropriated for wide area surveillance cameras, night-vision goggles, drones and aerostats. Laser-equipped planes were flown over Afghanistan to create precise digital elevation models of the terrain.

In terms of force protection, aerostats were supposed to be a big breakthrough with their ability to look down for days at a time. The 24/7 bird’s eye view was meant to address exactly the vulnerability to terrain described by Gurganus.

One question is why the aerostat at Bastion wasn’t able to stop the attack, if it was airborne and operating. For some reason, Bastion's aerostat wasn't selected to receive one of the $5 million day-night wide area surveillance cameras the Pentagon began sending to Afghanistan in February.

Could a Kestrel wide-area system have made a difference?

Each uses multiple cameras to snap pictures of city-sized areas during the day or night. When movement is detected, force protection specialists are supposed to zoom in to identify the object using the finer resolution full motion video cameras on the aerostats.

“There are only so many to go around,” a U.S. military official said of the Kestrels. The coalition has about 100 aerostats in Afghanistan, and the first batch of Kestrels went to eight sites.

Military officials cautioned against reading too much into the decision not to send a Kestrel to Bastion. Classified wide-surveillance options might have been available, one official said. If so, why didn’t those help?

The bottom line is we don’t yet know what mistakes precipitated the attack. It could have been human error, a lack of human intelligence, a shortage of technology, or some combination of those factors.

Lawmakers should demand answers with the same fervor they’re pursuing Benghazi. Releasing the investigative documents would provide the intelligence community with an unclassified case study to improve training and decision making. With American troops expected to remain in Afghanistan after 2014, there is no time to waste.

Shamoon’s fatal flaw

Posted by on Nov 19, 2012 in Beats, Big Data, News | Comments Off on Shamoon’s fatal flaw

Here’s something to be thankful for -- Malware authors are only human. The designers of Shamoon, the data-wiping malware that hit Saudi Aramco in August, made a big goof.

Shamoon erases the very file necessary to keep the Windows operating system up and running, which means an infected computer shuts down and reboots before Shamoon can completely wipe out its host's data.

“I would look at that as a design flaw,” said Will Irace, vice president of threat research at General Dynamics Fidelis Cybersecurity Solutions, a business unit formed in August when General Dynamics completed its purchase of Fidelis, a 70-person company based in Waltham, Ma.

After the August attack, General Dynamics obtained a sample of the Shamoon code -- the company won't say how -- and ran it through a series of tests. They discovered they could “make a complete recovery of Shamoon-infected file systems,” according to a threat advisory released on Fidelis’ Threat Geek blog.

Even so, Shamoon was a big inconvenience for oil producer Saudi Aramco, not to mention a wakeup call for anyone who assumed malware designers were always more interested in stealing than destroying.

Thirty thousand of Aramco’s work stations were impacted by the malware, according to the Saudi Arabia-based Al Arabiya news service. On Sept. 12, the news service quoted Aramco as saying its networks were functioning normally again and that oil production was never threatened.

Shamoon's goal could turn out to be more notable than its impact: “The level of malice that you see in Shamoon is a little unusual. It phones home for command and control to find out what its mission is, and its mission generally is to destroy,” Irace said.

Irace doesn’t expect Shamoon to race around the world. Why? “Its propagation technique is through a channel that doesn’t usually penetrate Internet access points,” he explained.

Once Shamoon is injected into an organization, it “looks around for other Windows machines on the network for which it has the necessary privileges to write a copy of itself,” Irace said.

As much as anything, the Shamoon aftermath was a chance for Fidelis to test its marriage with General Dynamics. Fidelis specializes in malware detection; General Dynamics is best known for helping agencies and businesses recover from attacks. Executives want to bring the two skills together, which is why they set out to see if they could recover data from a computer infected with Shamoon.

Shamoon was “the first exercise of what I expect to be a regular series of these sorts of collaborations and advisories that help customers attack problems from both directions: detection and recovery,” Irace said.

Endit

Glaring biometrics gap could close

Posted by on Nov 15, 2012 in Afghanistan, Beats, Big Data, Comms, Intel Analysis, News, The Homeland | Comments Off on Glaring biometrics gap could close

Glaring biometrics gap could close

When investigators in Afghanistan find fingerprints on defused improvised explosive devices, or soldiers gather fingerprints from villagers, they have no automated way to feed the prints into the database the U.S. set up in 2004 to keep potential terrorists out of the U.S.

Immigration and intelligence officials rely on the US-VISIT database to vet the identities of visitors against terrorist watchlists.

The Department of Homeland Security wants to close the biometrics gap by setting up an automated link between US-VISIT and the military. The agency has made a pitch to the Pentagon to get it done.

“We’re waiting to see how DoD wants to proceed,” said Greg Ambrose, chief information officer for the Untied States Visitor and Immigrant Status Indicator Technology program.

Ambrose discussed the proposal in a Nov. 13 presentation to the IEEE homeland security conference in Waltham, Mass.

As it stands, fingerprints from the military must be manually fed into the US-VISIT system. “It’s more of a sneaker-net sharing of data,” Ambrose said.

“Certainly the opportunity exists there for us to use the data that DoD has captured on the battlefield, or perhaps latent fingerprints on IEDs, to provide another decision point for Department of Homeland Security individuals,” he said.

The only network link between the battlefield and US-VISIT is an indirect one. US-VISIT has an automated interface with the FBI, and the FBI has an automated interface with the Defense Department, Ambrose said.

The goal is a “more automated interface so both groups can query in real time each other’s systems,” he said.

The proposal was made through the multi-agency board that coordinates US-VISIT.

Homeland techies enter survival mode

Posted by on Nov 14, 2012 in Beats, News, The Homeland | Comments Off on Homeland techies enter survival mode

It’s not unusual for an agency director to want more funds for his organization, but it is unusual for that director to speak frankly about it.

And so it is with Paul Benda, director of the Homeland Security Advanced Research Projects Agency, who was in Waltham, Mass., Nov. 13 to speak to technologists at the annual IEEE conference here.

Benda's big message was that to do business with his agency, technologists must focus on products that promise direct impacts on operators, such as border patrol agents, and in the near term, meaning the next three or four years. Delivering the same capability with less money definitely counts as an impact, he said.

“I am not interested in science projects,” Benda explained. “My survival as an S and T organization depends on my ability to brief in terms of what the operators care about, that the secretary of Homeland Security cares about, and that the Hill cares about,” he added. “That’s kind of the evolution of where we’re going – much less of an advanced research projects agency.”

Benda’s PowerPoint explained the shift with an f word – foraging – as in foraging for technologies that can be assembled into products.

Is this constrained mission okay with Benda? I asked him that after his talk, and it didn’t sound like it. He pined over the hundreds of millions of dollars the country spends on “one Joint Strike Fighter,” and he said the country “needs to do some nation building here at home.”

Benda’s annual budget is around $500 million – the equivalent of one office at DARPA, where Benda used to work. That’s in a good year, when Congress hasn’t slashed his spending, as it did for fiscal year 2012 to the tune of 48 percent.

Benda said the cut provided funds for FEMA disaster response. It might also have inspired his determination to make a difference to operators sooner rather than later.

Of course, Benda’s agency is far from the only U.S. group looking at national security technologies. There’s DARPA; there’s the Intelligence Advanced Research Projects Activity; the CIA’s InQTel venture capital arm; and the National Geospatial-Intelligence Agency’s InnoVision directorate

Maybe they’re digging for the breakthroughs that HSARPA can’t afford? Benda and others here don’t think so.

“DNS Security is a perfect example,” Benda said, referring to his agency’s program to secure the Internet’s domain name system, which has been targeted by malware. No other agency has the mission to protect that system, Benda said. Ditto for the “bio attack response stuff,” he said.

At least for now, though, Benda leads an advanced research group that doesn’t do advanced research, and one that’s nestled in the Department of Homeland Security’s Science and Technology directorate, but does not do science projects.