James Shappell, director of the DOD Insider Threat Management and Analysis Center at the Defense Counterintelligence and Security Agency, discussed at a recent symposium how DITMAC works to mitigate and prevent insider threats at the installation level through the Prevention, Assistance and Response program, DVIDS reported Wednesday.

Under the PAR program, DITMAC hires, trains and assigns PAR coordinators to Department of Defense joint bases in an effort to help civilian leaders and commanders understand and counter insider risks.

“Our PAR program is designed to give commanders the right amount of detail and information so they can make informed, risk-based decisions on how they should best move forward to support their personnel,” Shappell said at the event.

He went on to explicate DCSA’s efforts to mitigate risks from trusted insiders across the enterprise, including initiatives to meet its personnel security mission.

“We run 95% of the background investigations for the federal government and we adjudicate the security clearances for the Department of Defense,” Shappell said. “Then we run Continuous Vetting for the Department of Defense and a large population of non-DOD entities. So, from a personal security perspective, the gatekeepers at DCSA have a great opportunity to lead the charge on stopping people from getting in the front door.”

The DSCA official also raised the agency’s Center for Development of Security Excellence and how it helps promote security education training and awareness.

Data-centric cybersecurity and automated classification can help the U.S. military achieve battlespace dominance due to their ability to protect information regardless of its location or users, Shannon Vaughn, general manager of Virtru Federal and U.S. Army Reserve officer, wrote in an article in C4ISRNET.

In his opinion piece, Vaughn talks about the emergence of data dominance as one of the most critical elements of military missions, and how non-conventional cyber defense is the ideal approach moving forward.

To implement a data-centric approach, the military must classify and tag their information according to level of sensitivity. Effective tagging and classification can be leveraged by mission teams to control the access and use of their information, giving them built-in security controls instead of device-based protection, according to Vaughn.

Mission teams should utilize a combination of attribute-based access control, or ABAC, and automated classification and tagging to streamline and expedite the process. Vaughn recommended ABAC that is enabled by the Trust Data Format standard, which features military-grade encryption and is approved by the Office of the Director of National Intelligence.

The General Services Administration, NASA and the Department of Defense are seeking feedback on a proposed rule that intends to standardize cybersecurity contractual requirements for unclassified federal information systems as part of the implementation of a section within the 2021 cybersecurity executive order.

The proposed rule outlines cybersecurity procedures, policies and requirements for contractor services to build, implement, maintain or operate a FIS, including policies for using cloud and non-cloud computing services, according to a Federal Register notice published Tuesday.

“This rule underscores that compliance with these requirements is material to eligibility and payment under Government contracts,” the notice reads.

The proposed policy, which was introduced as an amendment to the Federal Acquisition Regulation, will apply to the acquisition of commercial products and services.

For FIS using non-cloud computing services, the proposed regulation details requirements for records management and government access, assessments, specification of additional security and privacy controls and cyber supply chain risk management, among others.

Comments on the proposed rule are due Dec. 4.

The Department of Homeland Security Science and Technology Directorate is working with the Cybersecurity and Infrastructure Security Agency on multiple projects to protect the country’s cyber systems and networks, S&T Undersecretary Dimitri Kusnezov said.

The directorate is marking the beginning of Cybersecurity Awareness Month with initiatives on shared intelligence resilience, identity proofing technologies and training tools for identifying malicious activity and actors.

According to Kusnezov, S&T’s Cybersecurity Threats Technology Center is leading the Shared Intelligence Resilience project, which will use artificial intelligence and machine learning to help organizations and distributed systems identify and address IT vulnerabilities. The institute is working on another AI study aimed at leveraging human-machine teaming to deter the adversarial use of AI in zero trust platforms.

The directorate’s Biometric and Identity Technology Center is investigating the effectiveness and security of smartphone-based identity proofing technologies in distinguishing legitimate users from impostors. BITC is collaborating with several agencies including the Transportation Security Administration, the National Institute of Standards and Technology and the Homeland Security Investigations Forensic Laboratory,

On Feb. 28, 2024, the Potomac Officers Club will host its fifth Annual Artificial Intelligence Summit to showcase the latest technologies and bring together experts and vendors in the field of AI. Register as early as now to take part in the event.