The National Spectrum Consortium will have five years to disburse the money to its members, according to a press release announcing the deal. The goal is to promote novel uses of 5G telecommunications technology — including internet of things management, cloud computing, augmented reality and big-data processing tools. The contract is called the Spectrum Forward OTA.

The idea behind the consortium is that the money will get to companies and academic partners faster than the DOD could do on its own.

“An Other Transaction Agreement is the most effective method to encourage rapid prototyping in the US Government,” Tony Melita, executive director of the National Spectrum Consortium, said in the release. ​“By bringing industry, academia and the government together, the NSC will tackle the toughest spectrum-related technological challenges facing our nation and the world.”

This is not the first award to the consortium from the DOD. Earlier this year, it received contracts to help work on some of the “5G test beds” the DOD is building, according to the consortium. The test beds are agreements with telecommunications companies that allow them to use military bases to trial new 5G technology. The DOD hopes that by providing space that has fewer regulations on 5G testing, companies can hasten development of the tech. The military also wins by getting to use successful 5G connections to modernize base operations.

“Now, as 5G takes hold, we need to invest in the development of a new wave of capabilities that will once again redefine the technology landscape,” said Sal D’Itri, chairman of the NSC.

5G promises to deliver ultra-fast communications with huge bandwidth, opening many new possibilities for technology to share data quickly, with both civilian and military applications.

The post DOD gives $2.5B to consortium to develop 5G tech prototypes appeared first on FedScoop.

The senators further requested that CBP‘s IG look into the agency’s legal analysis prior to beginning use of Venntel‘s surveillance tool without either a warrant or the Department of Homeland Security‘s Privacy Office performing a privacy impact assessment.

This is the second time in two months senators have asked an IG to investigate an agency’s warrantless use of the Northern Virginia-based company’s database. The first led to an ongoing investigation within the IRS.

“CBP is not above the law, and it should not be able to buy its way around the Fourth Amendment,” reads the senators’ letter to DHS IG Joseph Cuffari sent Friday. “Accordingly, we urge you to investigate CBP’s warrantless use of commercial databases containing Americans’ information, including but not limited to Venntel’s location database.”

Officials confirmed CBP’s domestic phone tracking on a Sept. 16 call with Senate staff. The letter signed by Sens. Ron Wyden of Oregon, Elizabeth Warren of Massachusetts, Sherrod Brown of Ohio, Edward Markey of Massachusetts and Brian Schatz of Hawaii notes the agency refused a followup request for information and stated that its legal analysis is privileged.

The senators pointed out the Supreme Court‘s 2018 Carpenter v. United States decision, which found that collection of significant quantities of historical phone location data constitutes a search under the Fourth Amendment requiring a warrant. They want to know if CBP lawyers felt the ruling did not apply to data purchased by the government.

When IRS IG J. Russell George agreed to investigate his agency’s use of Venntel’s surveillance tool he did so with the caveat that Congress would be informed of the results “to the extent allowable under the law.”

The post Another agency draws attention of senators for warrantless use of phone data appeared first on FedScoop.

The passage of the bill, sponsored by Sens. Josh Hawley, R-Mo., and Rick Scott, R-Fla., follows in the footsteps of actions several federal agencies, including the U.S. Army, Transportation Security Agency, State Department and the Department of Homeland Security, have already taken to ban TikTok from use on government devices.

The House also included a similar measure in its version of the fiscal 2021 National Defense Authorization Act, suggesting it’s favorable of moving legislation banning the app from federal devices.

“In light of all we know, it is unthinkable to me that we should continue to permit federal employees, those workers entrusted with sensitive government data, to access this app on their work phones and computers,” Hawley said in a statement. “I’m encouraged by the bipartisan support we have seen in this body to hold the Chinese Communist Party accountable and that includes, by the way, holding accountable those corporations who would just do China’s bidding. And, if I have anything to say about it, we won’t be stopping here.”

TikTok, owned by Chinese company ByteDance, has faced a bumpy road in recent days after President Trump threatened to ban the platform’s use in the U.S., alleging national security risks from the firm’s ties to the Chinese government. Since then, Microsoft has stepped in with an offer to buy TikTok’s operations in the U.S., and potentially elsewhere.

The post TikTok could soon be banned from federal devices appeared first on FedScoop.

The bases include: Fort Hood, Texas; Naval Base Norfolk, Virginia; Joint Base Pearl Harbor-Hickam, Hawaii; Joint Base San Antonio, Texas; the National Training Center at Fort Irwin, California; Camp Pendleton, California; and Tinker Air Force Base, Oklahoma.

The announcement, made Wednesday during a press conference at the Pentagon, comes weeks after the release of the DOD’s 5G strategy. The document outlines how the department will work with private sector companies as the U.S. tries to keep pace with China and its 5G giant Huawei. Requests for proposals will be issued this summer, Joseph Evans, technical director for 5G in the DOD, said during the press conference.

“DOD recognizes industry is driving 5G,” Evans said.

Industry leaders also applauded DOD’s moves to bring real-world testing in controlled environments to the 5G race.

“There is absolutely nothing that compares to using and monitoring real world deployments,” Joel Wallenstrom, CEO of secure messaging app Wickr told FedScoop in an email. “Taking the initiative to get 5G deployed and to run services on these deployments is the kind of proactivity we need.”

Different bases will have different purposes and test different capabilities. For example, at Tinker Air Force Base the goal will be to experiment with different ways to share spectrum space for 5G telecommunications. Other bases will work on ensuring that 5G’s development will be secure and not be open to cybersecurity vulnerabilities.

One of the security models the DOD is exploring is zero trust architecture, where security checks are built in throughout the system instead of granting wide access with a one-and-done log in.

“On 5G there will be so many more devices on the network that are built to consume more bandwidth. While this might not translate into successful [denial-of-service] attacks, it will increase the cost of defensive measures,” Wallenstrom said.

The Pentagon’s mission in wiring bases and testing 5G serves two purposes, according to its strategy. The military wants to integrate 5G into its own communications system to increase the amount of data that can be sent from the field back to command posts and to also be able to increase the speed in which the private sector can deliver 5G to the public. The motivation on both fronts is to counter China’s own development of civilian and military uses of 5G, according to both the strategy and Evans.

“There are challenges that we have with our potential adversaries,” He said. “But we do not think that we are behind in any sense here.”

The post New group of DOD sites for 5G testing includes California, Hawaii, Virginia, Texas, Oklahoma appeared first on FedScoop.

The pilot project at Nellis Air Force Base will partner with an industry consortium, the 485-member Information Warfare Research Project, to develop software prototypes to leverage the increased data transmission speeds that 5G will bring. The software will include “survivable” command and control (C2) systems and wireless network enhancements, according to the Department of Defense. The Air Force will issue other transaction agreements (OTAs) for the acquisitions.

Construction on the private 5G network is expected to begin in July, and it will be fully operational in January, according to the DOD.

The military recently published a 5G strategy that outlines its goals to use its many bases and industry partnerships to advance the overall U.S. development of the wireless technology. Countering the fast technological advancement of China and its 5G giant, Huawei, are core goals of the strategy. The Air Force is partnering with the DOD’s research and engineering office to build the network.

”The Defense Department recognizes 5G technology is vital to maintaining America’s military and economic advantages,” Joseph Evans, DOD technical director for 5G, said in the release.

The technology deployed to the Nevada base will be modular. The network towers will be moveable and be tested with mobile operations centers.

Other DOD test sites for 5G include Joint Base Lewis-McChord, Washington; Hill Air Force Base, Utah; Naval Base San Diego; Marine Corps Logistics Base Albany, Georgia; and Tyndall Air Force Base, Florida.

The post Air Force adds another base to military’s 5G program, to prototype software appeared first on FedScoop.

The Air Force and DISA are currently testing phone and tablet cases that combine physical security — like coverings for cameras — and electronic methods, like having built-in biometric authentication and signal jamming. The program could allow military personnel to keep their phones with them in secure facilities that usually shun mobile devices, while helping to secure their communications when they’re just out and about.

The pilot programs are currently trying out cases with phones that handle information requiring lower-level security, but soon the tests will be pushed up to higher levels, according to the Air Force’s chief technology officer, Frank Konieczny. It’s one of the most promising efforts for the Air Force to achieve “secure mobility,” Konieczny said Tuesday during the AFCEA C4I symposium hosted by George Mason University.

“This is going to be another way of looking at how can we secure just any other phone that people buy,” he said.

The cases are designed to solve two problems: How do you make commercial devices more secure, and how do you ensure only authorized users are accessing information on them? For the pilot, the department is already partnering with industry, but Konieczny didn’t name the companies.

The case physically blocks all cameras to provide one level of cyber-hygiene. The technology also ensures nothing can come through the microphone, Steve Wallace, head of DISA’s emerging technology directorate, said during the virtual event. Other than a radio signal, everything else is “completely blocked,” he added.

“There is nothing but white noise heard in any kind of recording,” he said.

Ultimately the functions of the case could help extend the military’s use for mobile devices as the entire DOD is trying to extend its mobility. People who work in secure facilities are used to checking their phones at the door to ensure hackers can’t listen in to classified conversations. Popping any phone into a case might be able to change that practice, Wallace said.

DISA is “working with folks at the Pentagon to allow users to bring those devices into secured spaces,” he said.

More testing will continue after workers return to the Pentagon after the coronavirus pandemic, Wallace added.

Biometric assurance

To ensure the holder of the phone is the authorized user, the cases would have on-board technology to gather biometric information outside of fingerprints or other physical characteristics. DISA has been pursuing biometrics that allow for “continuous authentication” — tools that measure everything from a user’s voice, their typical walking speed to how they hold a phone. It’s unclear if the full range of continuous monitoring would be capable in just the phone case, but Wallace said it is a part of his agency’s plan.

The case would not be the only piece of the puzzle for DISA’s efforts on biometric assurance. During the virtual event, Wallace displayed a watch that would pair as a second factor of authentication to devices. Other ideas beyond just a phone case for security have been in the works for years as DISA has tried to upgrade assured identity access.

Some of DISA’s assured-identity programs put hundreds of factors of authentication into the hardware of a mobile phone. Biometric assurance also relies on artificial intelligence to process all the data being constantly checked by a device to ensure it is matched with the proper user.

The post Air Force and DISA working to secure off-the-shelf phones with specialized cases appeared first on FedScoop.

Monday the company announced its delivery of new automated testing software to ensure the security of mobile applications used across DOD components and other federal agencies. The software tests for National Information Assurance Partnership (NIAP) compliance, a standard that will help mobile apps receive faster authority to operate (ATO) approvals, the company said.

NowSecure’s work with the military will allow the further migration of services to mobile devices and help ensure the apps they are hosted on are secure, according to the Air Force. The company started its work with the military during an Air Force Pitch Day event in 2019 when it was given a Small Business Innovation Research (SBIR) award.

“Mobile has been a particularly challenging spot because when you think about the mobile devices themselves, they are not sitting behind layers of defenses…they are mobile devices that have lots of sensors,” NowSecure Founder Andrew Hoog told FedScoop in an interview. “It becomes even more important to be able to have that automated testing.”

The technology that NowSecure brings will enable both third-party and in-house mobile apps to be tested in days, not the usual months it takes to achieve NIAP compliance, which is just one of the requirements for the ATO process. For apps that are constantly being updated, by the time the months-long process is over, several updates have already been released and will need to go through the process again.

“Given the quantity and frequency of updates, you must have automation,” Hoog said.

About 85 percent of the apps NowSecure tests have at least one security flaw, some with many more, Hoog added. NowSecure can test both iOS and Android-based apps.

The Air Force recently enhanced its ability to work with contractors on penetration testing of IT networks and fast-tracking cybersecurity ATOs to try and solve similar problems for other network devices. The changes to both IT network testing and mobile apps come as the military tries to modernize technology to more effectively carry out its mission.

NowSecure’s new software was delivered to the Air Force’s Business and Enterprise Systems Product Innovation (BESPIN) office, which works with private sector developers. It’s another one of the department’s Star Wars-themed tech hubs.

“Mobile apps are critical to enabling the Air Force to meet our mission around the world,” said Capt. Michael Valentin, Air Force BESPIN operations and support service manager. “This new capability can help the Air Force, DoD and federal agencies confidently unleash more widespread development and use of mobile apps.”

The post DOD expands testing of mobile apps with new automated software appeared first on FedScoop.

Cybersecurity company BlueRISC is working on the software with support from the DHS Science and Technology Directorate. The goal is to allow government employees to use personal email on agency-issued devices while avoiding common security pitfalls like choosing convenience over strong security controls or accidentally sharing sensitive information.

The email software, an enhanced version the company’s EPRIVO product, will separate business from personal assets and enforce data security policies to prevent those mistakes. Adding CRoT technology will increase the control that administrators have remotely over the device.

“The EPRIVO Enterprise 2.0 email system ensures the confidentiality of email in transit, in cloud storage at an email service provider, and when stored on the mobile device, providing both physical and cryptographically based protections,” said Kris Carver, technical director at Massachusetts-based BlueRISC, in the announcement. “Users can specify controls for the emails they send, including recalling messages or preventing the receiver from forwarding a message.”

BlueRISC integrated CRoT technology into its private email application so iOS and Android users can securely access government and personal Gmail, Yahoo and Hotmail accounts. The app can also be used on macOS and Windows computers.

Security administrators can use their own console to set the security policy for each user’s agency email account. Users retain full control of personal email accounts on the device and can add security protections using the app.

The post DHS developing tech to better secure email on government-issued mobile devices appeared first on FedScoop.

The guidelines hadn’t been updated since 2013, and much has changed across the enterprise mobile device landscape in those seven years, Gema Howell, IT security engineer at NIST, told FedScoop.

Howell and her fellow authors began the revision process at the end of 2018, keeping the draft document’s structure largely the same: mobile device characteristics, threats, security tools, and deployment lifecycle.

“This is really focused on device-side threats, considerations and things you can do on the device,” Howell said. “What we want folks to be aware of are the many changes in the industry and the solutions available to them to help secure their mobile devices that are being used during this telework time to access their enterprise resources.”

The authors made “major” changes to the threat landscape section, mapping high-level threats to NIST’s Mobile Threat Catalogue while also addressing privacy implications, Howell said.

Mobile applications are increasingly problematic because they can allow adversaries attack vectors to sensitive information, especially the more apps there are on a device, she added.

Authors also addressed how mobile authentication is no longer simply a four-digit personal identification number but can involve biometrics that users might not even be aware exist.

More nuances to device deployment

The guidelines also include a more detailed outline of the mobile device deployment lifecycle:

• Identifying mobile requirements, which now involves choosing a use case.
• Reviewing inventory.
• Picking a deployment model — enterprise use only or bring-your-own-device.
• Selecting Android, iOS or both.
• Determining the needed security tools.

“The previous document focused a lot on one particular technology that was available back then, which was a mobile device management solution (MDMS),” Howell said. “Today we have a lot more options.”

MDMS may be referred to as “enterprise mobility management solutions” now. And there is also the mobile application vetting service, which monitors apps for risky behavior, and mobile threat defense, which informs the user of device-, app- or network-based threats.

NIST also added a second step to the mobile device deployment lifecycle: performing a risk assessment.

The draft document is open to public comment through June 26, 2020, after which NIST will review feedback and update the guidelines before releasing either a second or final version.

Initial feedback has largely been positive with requests for minor edits and the inclusion of related topics like how mobile devices connect to zero-trust networks, Howell said.

“So far, with the feedback that we’ve received, it seems it will go final,” she said. “But it’s hard to tell because we’re still in the beginning stages of the public comment period.”

The post NIST makes ‘major’ changes to mobile device security guidelines appeared first on FedScoop.

Swalwell’s legislation would only apply to a few activities in the House. Members would be able to participate in committee hearings without having to be in the room, and the measure would “mandate the development of a secure remote voting system” for use only on the noncontroversial legislation that the House does under its “suspension of the rules” calendar.

The Members Operating to Be Innovative and Link Everyone (MOBILE) Resolution, as Swalwell filed it during the previous Congress, has Republican Rep. Rick Crawford of Arkansas as its top co-sponsor. There is no companion bill for the Senate.

“Modern technology belongs in Congress and my resolution would allow Members to not only spend more time with their constituents and their families, but would prove useful for a number of situations, including the public health crisis in which we currently find ourselves,” Swalwell said in a news release.

Several members of Congress have opted to self-quarantine as the U.S., in general, prepares for an increase in cases of the COVID-19 illness caused by a novel coronavirus first identified in China.

The legislation does not specify any particular technology for achieving its goals.

“The ability for Members of Congress to vote remotely if need be has been technologically feasible for decades,” Crawford said in the news release. “The ongoing Coronavirus outbreak underscores the need for Congress to embrace what the 21st Century has to offer.”

Although mobile voting systems for general elections have faced skepticism from cybersecurity experts and some lawmakers, remote votes from just a few hundred lawmakers presumably would be easier to track and validate.

Witnesses for House hearings also would be able to use the remote-participation technology.

The proposal also comes as the House has increased its attention on modernizing the technology it uses to do business. On Tuesday the House passed a resolution to implement the recommendations of the Select Committee on the Modernization of Congress. The newly created panel issued several recommendations last year, including ideas for increasing the tech expertise of members and their staffs, and making it easier for them to test out new technologies in an official capacity.

This is the fourth consecutive Congress during which Swalwell has introduced his resolution. It did not get a vote in the 2017-18 sessions. The House Rules Committee has jurisdiction over the measure.

The post Congressman reminds everyone about potential to do legislative work remotely appeared first on FedScoop.