Whitescope wins DHS S&T contest, grant

Whitescope LLC, a security research, solutions and advisory services company based in Half Moon Bay, Calif., won the Department of Homeland Security Science and Technology’s Silicon Valley Innovation Program, organized under the department’s Other Transaction Solicitation (OTS) umbrella. The program is designed to fast track security innovation in a time of great need.

“Traditional procurement and assistance processes sometimes take too long and are ineffective at deploying state-of-the-art Homeland Security innovations,” the government agency stated. “DHS has developed an Innovation framework to be implemented utilizing the flexibility of an OTS to engage non-traditional Government contractors, including start-up companies.”

The DHS S&T launched the program hoping to incentivize product developers “to open the aperture of their development roadmaps to include homeland security solutions.” The simplified "Innovation OTS" framework enables private-sector candidates to share ways for the DHS to strengthen its security architecture in a rapidly expanding environment of connected devices.

“It’s important for DHS to collaborate with the innovation community to help us find fresh solutions,” said Melissa Ho, Managing Director at the DHS S&T's Silicon Valley office. “And so far the start-up community has responded positively. They are hungry to help solve our hard problems.”

Gateway X takes top honors

Whitescope’s project, GatewayX: A Secure Wireless Gateway for IoT Devices, received top honors in the category of Securing the Internet of Things (IoT) after the company participated in the program’s first call for proposals.

Gateway X middleware inside its 802.11 wireless communications gateway is designed to identify, characterize and secure access to diverse populations of connected devices, providing continuous passive and active threat detection. The DHS S&T awarded a $200,000 contract to Whitescope to develop the solution.

“The unprecedented number of connected devices is changing the way we live, but unfortunately we cannot assume all IoT devices are inherently secure,” said DHS Under Secretary for Science and Technology Dr. Reginald Brothers. “DHS is proud to lead this fundamental effort in IoT security.”

IoT 2.0

As the IoT expands to encompass mobile devices, information technology networks, and connected sensors and devices, the DHS will continue to search for solutions that leverage communication technologies to improve situational awareness and domain protection.

Chicago-based NewNet Communication Technologies LLC, a global telecom solutions provider, urged payments industry stakeholders to implement multilayered security to protect against all forms of card present and online payment fraud. The company recommends enhancing security with every new payment scheme to mitigate fraud associated with each new product and service.

NewNet additionally stressed the need for "routine verifications of each of the entry and exit points of the networks, perimeters of the networks, every system and device in the environment dealing with the payment traffic, database servers that hold the sensitive data, and user accesses to these systems and activities performed from each of these systems and servers.”

“The IoT currently relies on TLS (or its new offshoot ‘DTLS -Datagram TLS’) as the major security protocol, and uses TCP/IP or UDP for transport,” said Tai-Kei Cheung, President, Secure Transactions at NewNet. “These use specialized protocols like DDS (Data Distribution Services) etc., for data exchanges with content-based routing; this is the case with Device to Cloud or Device to Device communications.”

Cheung concurs with other network security providers that IoT are not secure, not only for payment, but for wearables such as Fitbit trackers and Apple Watch that manage medical data.

Protecting critical infrastructure

The DHS is additionally concerned that the IoT may create additional threats to the United States' "critical infrastructure," defined in section 1016(e) of the USA Patriot Act of 2001 (42 U.S.C. 5195c(e)) as vital physical and virtual systems and assets. Incapacity or destruction of these systems and assets would impact security, economic stability, national public health or safety, or any combination thereof, the authors wrote.

Following are 16 critical infrastructure sectors and respective agencies assigned to continuously monitor them:

1. Chemical: DHS

2. Commercial facilities: DHS

3. Communications: DHS

4. Critical manufacturing: DHS

5. Dams: DHS

6. Defense industrial base: Department of Defense

7. Emergency services: DHS

8. Energy: Department of Energy

9. Financial services: Department of the Treasury

10. Food and agriculture: Department of Agriculture; Department of Health and Human Services

11. Government facilities: DHS; General Services Administration

12. Healthcare and public health: HHS

13. Information technology: DHS

14. Nuclear reactors, materials and waste: DHS

15. Transportation systems: DHS; Department of Transportation

16. Water and wastewater systems: Environmental Protection Agency

For information on future OTS solicitations, visit scitech.dhs.gov/hsip or email dhs-silicon-valley@hq.dhs.gov .

Editor's Note:

The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.