The app, named Insider Threat Sentry or InT Sentry, allows users to access videos, infographics and general news about insider threat detection. The app is available on the public app store for iOS and Android, and it arrives as Department of Defense officials have shown an elevated interest in fighting insider threats, which can range from physical attacks to quiet cybersecurity incidents. The department named last September as “insider threat awareness month.”

The app is for delivering useful content to national-security workers, not for reporting or tracking real-time threats. Other surveillance tools are used by parts of the military to monitor emerging threats.

“These days, everyone lives on their phone and tablet,” said Rebecca Morgan, chief of the Center for Development of Security Excellence’s Insider Threat Division. “InT Sentry allows security professionals, insider threat practitioners, and anyone with an interest in national security to easily access high quality resources.”

The Department of Defense has been trying to increase its overall use of mobile technology. It recently signed a deal to speed up the process for mobile apps to pass security checks and earn authorities to operate (ATOs).

The Center for Development of Security Excellence partnered with the Office of the Undersecretary of Defense for Intelligence and Security and the National Insider Threat Task Force to create the insider-threat app. In the iOS app store, the developer is listed as QuickSeries, a mobile app developer for educational material.

Recent insider-threat incidents include the shooting at Naval Air Station Pensacola and the June 10 arrest of a soldier on terrorism charges for planning an attack on his unit and feeding information to a neo-Nazi group.

The post DOD’s counterintelligence agency launches mobile app on insider threats appeared first on FedScoop.

The technology represents a completely new way for military personnel in the field to provide information directly to the top, O’Shaughnessy says, and the process is putting new command and control ideas into practice. The companies working with NORTHCOM on the project include Palantir and Esri, with help from Apple. Another firm with expertise on highly secure apps — the Northern Virginia-based Monkton — is also contributing.

About 700 U.S. soldiers, airmen and sailors under O’Shaughnessy’s command are responding to the coronavirus pandemic alongside civilian health care workers. Commanders can get twice-daily updates on the physical and mental health of the personnel, O’Shaughnessy said during a webinar in early May.

“I was concerned about how we were going to control them, how we were going to keep in touch with them,” the general said, “so we went back to our technology efforts.”

Two of the apps, Esri’s “Survey 123” and Palantir’s “Palantir Mobile” allow service members to log in and fill out forms on how they are physically and mentally feeling with others being for logistics and medical reporting.

The new apps are a part of a technology modernization revolution O’Shaughnessy said the pandemic has brought to NORTHCOM and the North American Aerospace Defense Command (NORAD), which O’Shaughnessy also leads. Both commands are also using its own tech developments in the fight agains COVID-19.

Technology being developed as part of Joint All Domain Command and Control (JADC2) — the military’s network-of-networks Internet of Things — is being used to oversee the use of the apps. Using the apps in a JADC2 architecture has enabled both “enhanced communications and Common Operating Pictures,” allowing commanders to integrate information into easy-to-access dashboards, according to Northern Command spokesman, Bill Lewis. The added advantage of using the JADC2 model instead of typical command and control networks was having real-time access to data that can be used to inform decisions much faster than other methods.

“Ultimately, the command tried to field a capability that increases the Commander’s understanding of the fight against COVID, the real-time status of our deployed forces, and our ability to communicate with those forces,” Lewis told FedScoop in an email.

Using JADC2 helped feed predictive analytics to monitor and project COVID-19 cases. The command used a new platform developed with the help of Google called “AIsmartONE” to use artificial intelligence initially designed with JADC2 to predict the spread of coronavirus, Lewis said. The platform analyzed data on hospital capacity, reproductive rates and other metrics, that directly informed decision making on where the general deployed personnel across the country, decision he said that have helped save lives.

“That’s exactly what we want to do on the homeland defense mission set and frankly that’s what we want to do as a Department of Defense,” he said.

The post Northern Command calls upon Palantir, Apple and others to bring new tech to coronavirus fight appeared first on FedScoop.

The “i911” app is currently being used in the Pacific Northwest and has the clearance to be implemented at Coast Guard districts across the country. While the guard describes the software as “groundbreaking” in a news release, it behaves like similar technology already used by law enforcement and consumers. Its adoption by the Coast Guard, however, represents a step in a more modern direction for an agency whose legacy IT systems are on the “brink of catastrophic failure,” according to its top officer, Adm. Karl Schultz.

The i911 application allows Coast Guard fleets to access phone location data through a web-based interface for mariners in need of a rescue, according to the release. Boaters don’t need to download anything as long as they can click a link texted to them from rescuers and enable the sharing of their location data.

“While VHF radio remains the most reliable form of distress communication, this tool gives the Coast Guard another avenue to rapidly locate mariners in distress utilizing smart phone technology,” said Lt. Cmdr. Colin Boyle, the command center chief of the 13th district in Washington that is the first to adopt the technology.

In February, Schultz called for a “tech revolution” to increase off-shore connectivity and modernize legacy systems across the service. Much of the guard’s plan revolves around cloud migration and upgrading hardware on cutters, mid-sized ships that make up the bulk of the service’s fleet. These initiatives are designed to improve services and better take advantage of applications like i911.

The tech is a free service developed by Callyo Incorporated, a mobile technology company that caters to the law enforcement market. The application is also used by other law enforcement agencies across the country, according to the company’s website. The application can only access location data during rescue operations with the permission of the distressed mariner.

“In addition, the location sharing feature is only utilized during an active search and rescue case and can be turned off by the mariner at any time,” Boyle said in a news release.

Procurement documents show the Coast Guard had a “Cooperative Research and Development Agreement” with Callyo in 2019. That year, the Guard ran pilot programs for the app’s use, which lead to several successful rescues, the guard said. While the 13th district in the Pacific North West is the first part of the guard to fully implement the technology, the rest of the service has the authority to adopt it.

This type of technology has been prevalent for years and widely used in many other industries. Phones-based location data is used in services like Apple’s “Find My” app, which allows authorized location data viewing for devices and many companies use large-scale data aggregation of smart phone location data.

The post Coast Guard extends mobile connectivity to distressed mariners with ‘i911’ appeared first on FedScoop.

Monday the company announced its delivery of new automated testing software to ensure the security of mobile applications used across DOD components and other federal agencies. The software tests for National Information Assurance Partnership (NIAP) compliance, a standard that will help mobile apps receive faster authority to operate (ATO) approvals, the company said.

NowSecure’s work with the military will allow the further migration of services to mobile devices and help ensure the apps they are hosted on are secure, according to the Air Force. The company started its work with the military during an Air Force Pitch Day event in 2019 when it was given a Small Business Innovation Research (SBIR) award.

“Mobile has been a particularly challenging spot because when you think about the mobile devices themselves, they are not sitting behind layers of defenses…they are mobile devices that have lots of sensors,” NowSecure Founder Andrew Hoog told FedScoop in an interview. “It becomes even more important to be able to have that automated testing.”

The technology that NowSecure brings will enable both third-party and in-house mobile apps to be tested in days, not the usual months it takes to achieve NIAP compliance, which is just one of the requirements for the ATO process. For apps that are constantly being updated, by the time the months-long process is over, several updates have already been released and will need to go through the process again.

“Given the quantity and frequency of updates, you must have automation,” Hoog said.

About 85 percent of the apps NowSecure tests have at least one security flaw, some with many more, Hoog added. NowSecure can test both iOS and Android-based apps.

The Air Force recently enhanced its ability to work with contractors on penetration testing of IT networks and fast-tracking cybersecurity ATOs to try and solve similar problems for other network devices. The changes to both IT network testing and mobile apps come as the military tries to modernize technology to more effectively carry out its mission.

NowSecure’s new software was delivered to the Air Force’s Business and Enterprise Systems Product Innovation (BESPIN) office, which works with private sector developers. It’s another one of the department’s Star Wars-themed tech hubs.

“Mobile apps are critical to enabling the Air Force to meet our mission around the world,” said Capt. Michael Valentin, Air Force BESPIN operations and support service manager. “This new capability can help the Air Force, DoD and federal agencies confidently unleash more widespread development and use of mobile apps.”

The post DOD expands testing of mobile apps with new automated software appeared first on FedScoop.

The guidelines hadn’t been updated since 2013, and much has changed across the enterprise mobile device landscape in those seven years, Gema Howell, IT security engineer at NIST, told FedScoop.

Howell and her fellow authors began the revision process at the end of 2018, keeping the draft document’s structure largely the same: mobile device characteristics, threats, security tools, and deployment lifecycle.

“This is really focused on device-side threats, considerations and things you can do on the device,” Howell said. “What we want folks to be aware of are the many changes in the industry and the solutions available to them to help secure their mobile devices that are being used during this telework time to access their enterprise resources.”

The authors made “major” changes to the threat landscape section, mapping high-level threats to NIST’s Mobile Threat Catalogue while also addressing privacy implications, Howell said.

Mobile applications are increasingly problematic because they can allow adversaries attack vectors to sensitive information, especially the more apps there are on a device, she added.

Authors also addressed how mobile authentication is no longer simply a four-digit personal identification number but can involve biometrics that users might not even be aware exist.

More nuances to device deployment

The guidelines also include a more detailed outline of the mobile device deployment lifecycle:

• Identifying mobile requirements, which now involves choosing a use case.
• Reviewing inventory.
• Picking a deployment model — enterprise use only or bring-your-own-device.
• Selecting Android, iOS or both.
• Determining the needed security tools.

“The previous document focused a lot on one particular technology that was available back then, which was a mobile device management solution (MDMS),” Howell said. “Today we have a lot more options.”

MDMS may be referred to as “enterprise mobility management solutions” now. And there is also the mobile application vetting service, which monitors apps for risky behavior, and mobile threat defense, which informs the user of device-, app- or network-based threats.

NIST also added a second step to the mobile device deployment lifecycle: performing a risk assessment.

The draft document is open to public comment through June 26, 2020, after which NIST will review feedback and update the guidelines before releasing either a second or final version.

Initial feedback has largely been positive with requests for minor edits and the inclusion of related topics like how mobile devices connect to zero-trust networks, Howell said.

“So far, with the feedback that we’ve received, it seems it will go final,” she said. “But it’s hard to tell because we’re still in the beginning stages of the public comment period.”

The post NIST makes ‘major’ changes to mobile device security guidelines appeared first on FedScoop.

The VA and IBM developed the GRIT mobile app — short for Get Results in Transition — as a mental health resource for veterans as they face challenges after leaving military service and to combat the alarming rate of suicides among this population. The app allows users to “gain personal insight into their emotional well-being, provide resources to improve their individual situations, and serve as a tool to build resiliency and overall well-being using technologies which address the social determinants of health.”

After holding a five-month field test of the app late last year, the VA is interested in bringing in a vendor to migrate, host, enhance and scale it, according to a request for information released this week.

The VA says the app should focus on helping veterans with employment by:

∙ Translating their former occupational codes to civilian opportunities.
∙ Providing a place for social networking with their contacts.
∙ Supporting the mental fitness of users through games and other strategies.
∙ Developing a digital assistant-type chatbot that can “provide real-time resources including wellness, mental health, substance use and other suicide prevention resources.”

On top of this, the vendor would need to support all back-end technology — “to include any artificial intelligence, employment search capability, etc.” — and identity management, and provide customer service for users.

VA is also OK with the possibility that a completely new app might be the best solution. The RFI asks interested vendors is there is “a mobile application capable of meeting the above requirements for use on both the Android & iOS devices that is currently available,” and how much it might cost.

VA will accept responses to the RFI until March 4. The department may call on those vendors for in-person or over-the-phone briefings.

The post VA looks to enhance mental health app for transitioning veterans appeared first on FedScoop.

Continuous vetting is designed to catch the exploitable vulnerabilities, malicious code or privacy-violating behaviors in applications, while EMM centrally manages an enterprise’s mobile devices, including their security, and can restrict use of an app or resources until a threat found through vetting is addressed.

The Homeland Security Systems Engineering and Development Institute (HSSEDI) independently evaluated two EMM solutions and six vetting solutions in 43 tests with commercial and custom apps between November and May. While all EMM and vetting solutions passed HSSEDI’s tests, each of the latter offerings were missing features — like the detection of “sideloaded” apps that circumvented normal installation — that prevented them from being recommended as the preferred option.

While some EMM solutions integrated better with particular vetting solutions than others, vetting solutions differed more widely in their strengths and weaknesses, according to HSSEDI’s report, which was finalized in late June and released Wednesday.

Together a vetting solution can share an inventory of installed apps with EMM, which can in turn update agency blacklists and whitelists to reduce their threat exposure.

HSSEDI performed the market analysis on behalf of the Mobile Security Research and Development program within the Department of Homeland Security Science and Technology Directorate.

All six vetting solutions satisfied HSSEDI’s tests by producing comprehensive, easy-to read threat reports — most also able to share a device’s app inventory and rescan updated apps quickly.

“However, most services could not perform reputation analysis, and all offerings either incorrectly labeled custom, non-market apps downloaded from the enterprise app store as sideloaded or failed to detect a sideloaded app in some way,” reads the report. “Detection of spoofed and sideloaded iOS apps was a weak point, almost certainly due to iOS platform restrictions.”

HSSEDI further found not all EMM solutions enforced compliance linked to threats that app vetting detected, and few solutions flagged out-of-date apps.

Integration remains an “emerging” process, so HSSEDI shared its results with the solutions’ respective vendors so improvements could be made — and in some cases they already have been made.

HSSEDI did not evaluate mobile threat detection, which detects and defends against runtime security threats — often using app vetting along with device- and network-level protections — and can similarly integrate with EMM.

The agency further plans to examine how continuous app vetting might work within the Continuous Diagnostics and Mitigation program run by DHS.

As a result, the agency didn’t recommend an integration scheme in its report.

“HSSEDI recommends that agencies review and understand the strengths and limitations of each tool combination and select the EMM and app vetting solution that fits their needs and desired capabilities,” reads the report.

The post Integration of app vetting with EMM is still an ’emerging’ option for agencies, report says appeared first on FedScoop.

Phones have overtaken calendars, photo albums and music players, and now they can also serve as sailor stylists. The app is the official online what-to-wear — and now how to groom — guide for all sailors. New additions include grooming and insignia-identification instructions, and updated hairstyles for female sailors.

“One of the best features of the app is the Uniform Browser which has been updated to reflect recent policy changes,” said Dave Driegert, assistant program manager for the Sea Warrior Program (PMW 240) mobility team.

Other new additions include photographs of both authorized and unauthorized hairstyles for female sailors. If photographs are not your thing, the app links to the Navy’s All-Hands website for female hairstyles, providing illustrations and examples for authorized hairstyles.

Last July, the Navy wrapped up a nearly year-long review of its hairstyle guidelines for women. The changes are now reflected in the uniform app another year later. The latest update to the guidance authorizes “a slightly broader range of acceptable hairstyles,” according to the Navy.

Grooming for men now has a whole chapter. While most sailors must keep a clean-cut face, closely trimmed mustaches are authorized in limited circumstances.

“With uniforms being phased-out and phased-in, and grooming standards changing, it can be difficult for Sailors to navigate regulations and instructions,” the news release states.

Got more questions? Don’t worry — the app has an FAQ.

The post Navy updates its ‘popular’ uniform app appeared first on FedScoop.

The solution comes in the form of a mobile app. The Battle Record Information Core Environment app (BRICE for short) is a tablet-based iOS app that allows maintainers to record their work for the official record while still on the floor next to the aircraft in question, eliminating the need to walk over to a desktop and pull up the Air Force’s legacy maintenance record system.

“The Air Force is undergoing a digital transformation even as we talk,” Maj. Gen. Cedric George, the Air Force director of Logistics, told reporters on Wednesday. “The logistics community is leading the way.”

The app, George says, was build “by maintainers, for maintainers” and in partnership Amazon Web Services as its cloud provider as well as Apple, Verizon and secure development company Monkton. The app went live in January 2019 and is currently being used by 100 maintainers at the Davis–Monthan Air Force Base in Arizona. George hopes to deploy it to 100 more by the end of this month.

The most difficult part of building the app wasn’t the actual development or even the process of integrating with the legacy system, George told FedScoop. Instead, it was the “cultural piece.” Maintainers were easily on board, he said, and leadership saw the value too. But a “frozen middle” of staff, he said, had to be convinced. For them, forgoing a system that’s been in place for years and adopting a culture of calculated risk-taking has been challenging. “I will tell you, there’s still pushback!” George said.

Meanwhile, the app is already delivering on its hassle-saving promises. In user testing surveys, 81 percent of the maintainers using the app said it saves them at least one hour per shift. There has also, George said, been a 60 percent improvement in the integrity of the maintenance data gathered with this app as opposed to through the legacy desktop-bound system.

The Air Force projects that the time savings could mean $83 million over five years in manpower cost avoidance at Davis Monthan Air force Base, Arizona. There’s also the possibility that a tool like this could help the Air Force retain its maintenance staff, something the Air Force has struggled with in recent years.

“When we signed up for aircraft maintenance, the image in our head was not sitting at a desk,” Master Sgt. Daniel Brierton said in a statement. “Maintainers are here to fix jets. This effort aides maintainers by reducing time spent on documentation, transit, and legacy IT systems.”

The post Air Force’s new aircraft maintenance app cuts down record-keeping hassles appeared first on FedScoop.

The space agency launched a new component function of its citizen science mobile application GLOBE Observer last month. It now invites users around the world to collaborate by measuring and recording tree heights. Joining in is simple — would-be citizen scientists can download the app for free, create an account and start measuring trees within minutes.

By aiming the app’s viewfinder at a tree’s top and bottom from 25 to 50 feet away, then recording the distance to the tree in human steps, the app calculates a rough height. Users also record the location of the tree and can measure and record circumference if they want to go above and beyond.

Ready to measure a tree? (Screenshot)

Eventually, NASA scientists will use this data to cross-check the tree height data gathered by the ICESat-2 satellite, which was launched in September 2018 to measure sea ice thickness and land topography.

But while the technology here is new, the program itself is certainly not. NASA’s Global Learning and Observations to benefit the Environment (GLOBE) Program launched in the 1990s as an avenue for students and teachers to take observational earth science measurements and report them back to NASA through an online database the program still uses today. Scientists would then use those measurements to support data collected by satellites. While the program worked well, its concentration in academia, and required training, kept it from really scaling.

So in 2016 NASA introduced a mobile app that anyone can use without much specific instruction. GLOBE Observer’s first function was a cloud cover recording tool. Then came the mosquito habitat mapper and the land cover app.

Most recently, on March 26, NASA launched the GLOBE Observer Trees App. With this new capacity, NASA hopes to get a “denser sampling of tree heights,” Brian Campbell, who leads the Trees effort, told FedScoop.

Tree height is an indicator of how well a given ecosystem can grow trees, Campbell said. And this, in turn, tells scientists a bunch more about that ecosystem.

It’s early days still for the Trees app, but GLOBE Observer lead Holli Kohl is hopeful about the data that will be gathered. Kohl told FedScoop she’s “very pleased” that around 25 percent of people who download the GLOBE Observer app and then go on to actually use it — that’s better than “many” citizen science programs, she said.

Campbell is similarly excited about the early results. Since the launch of Trees, his team has received over 1,700 tree height measurements from around 20 countries around the world.

“We really want [participant citizen scientists] to feel like they’re a part of a NASA mission,” Campbell said.

The post NASA has citizen scientists around the GLOBE measuring trees and more appeared first on FedScoop.