DHS Works Through Gaps New Tech Presents in R&D
The Department of Homeland Security’s Science and Technology division has funded the development of products based on new technologies to assist with the agency’s mission. However, as these technologies reach the market, they routinely come with gaps — both gaps between the technologies’ capabilities and their purpose for the end user — as well as security gaps that leave the government open to data breaches and other attacks.
A common gap with new technologies in the Secret Service’s Office of Technological Development and Mission Support comes from a disconnect between the researchers and the users, said the office’s Assistant Special Agent in Charge Scott Gee. In one case, the Secret Service built cutting-edge servers for the investigative branch to store and examine forensic data.
“The problem became … I don’t have a tool to be able to exploit [the servers’ processing power] effectively,” Gee said at the DHS S&T Cybersecurity and Innovation Showcase on March 18. “We’re breaking things and looking for someone to help us fix them.”
While S&T can create these tools, and has incorporated feedback from users in building them, the development process takes weeks to months. In the meantime, users rely on older technologies to do their jobs.
“I looked at a lot of spreadsheets most days,” Gee said when asked about what he did while waiting for the new tool.
Research and development teams need to concentrate on connecting the initial project to the final product to ensure the result is worth S&T’s investment, said Nadia Carlsten, director of commercialization for the division. Her office is encouraging researchers to incorporate user feedback throughout the development process to ensure that the product will be useful to its target audience and will not immediately require the development of new tools to harness their potential.
Even when DHS S&T or the projects it funds can deliver complete products, they must balance rollout with taking the time to ensure the new technologies are free of vulnerabilities. Alma Cole, chief information security officer for Customs and Border Protection lauded the progress of new technologies, including devices for border patrol agents that record their movements in real time, as well as systems that have streamlined the authorization process for those crossing the border. He also cautioned, “as we create these efficiencies, the risk … is also going up dramatically,” highlighting that as these technologies become critical to accomplishing their mission, an attack on any of them becomes more and more disruptive.
For DHS’ private-sector partners, however, delaying a technology’s release to test for security flaws is hard to sell as a business model. “Filling the gaps … has very little ROI,” said Robert Schmidt, a founding member of cybersecurity firm CyVantage.
One solution DHS is examining is better integrating vulnerability and penetration testing as part of the development process for any new technology. Cole said that CBP is testing the security of new technologies throughout the process so that a product is secure as it is released, rather than waiting until the product is complete before testing it. He also mentioned that CBP launched a pilot program late last year for white-hat hackers to conduct penetration testing on DHS’s systems.
“I’m making that a key part of that information testing program,” Cole said. “We really like what we’ve seen so far.”
This is a carousel with manually rotating slides. Use Next and Previous buttons to navigate or jump to a slide with the slide dots
-
Why Storytelling Belongs in a Federal Leader’s Toolkit
Lucinda Wade and Mahua Mitra discuss the art of crafting compelling narratives and how to use the technique to inspire others.
19m listen -
Navy Chief Points to More Autonomous Systems, Robotics by 2027
Adm. Lisa Franchetti's new plan prioritizes development of autonomous systems to prepare the Navy for growing aggression from China.
5m read -
Facing Evolving Cybersecurity Challenges
Hear from federal cybersecurity experts discuss strategies for staying informed about the latest threats, tools and policies.
30m watch -
GSA Taps Dovarius Peoples as Deputy CIO
Peoples previously served as CIO of the U.S. Army Corps of Engineers and oversaw the service's cloud migration and data modernization.
1m read