Tag Archives: Department of Homeland Security

A Look at Homeland Security Innovation Strategy

Posted on by

The mission of the Department of Homeland Security (DHS) is to "secure the nation from the many threats we face." An underlooked key to this statement is the word "many." Agencies under the Department are responsible for managing our borders, protecting the nation from cyber and physical threats, and supporting recovery from natural disasters and cyber attacks. To meet this mission, DHS has been embracing innovative approaches and emerging technology to supplement the efforts of the workforce charged with meeting these varied threats.

The DHS Innovation, Research & Development Strategic Plan laid out eight scientific areas as focal points for research to support national security:

  • Advanced sensing
  • AI and autonomous systems
  • Biotechnology
  • Climate change
  • Communications and networking
  • Cybersecurity
  • Data integration, analytics, modeling, and simulation
  • Digital identity and trust

As part of its work in each of these areas, DHS will be researching how emerging technology can support mission efforts as well as the risks technology poses to national security. In this blog, we'll take a look at the activity in a couple of these areas. Continue reading

How Government is Acquiring AI

Posted on by

Just as cloud computing upended how government buys technology, agencies are now having to adapt to acquire fast-evolving artificial intelligence (AI) technology. AI is proving to be a key tool in helping government improve the efficiency and connection of its workforce and deliver improved service to citizens, but the promises of this new technology come with risks. To ensure AI solutions are secure and ethically designed, agencies are implementing a number of guardrails to ensure the safe and effective use of powerful technology.

How to Use AI

The Office of Management and Budget (OMB) developed a policy document to harness the benefits and mitigate the risks of AI for Federal agencies. This guidance provides details on how to use AI securely and effectively with a focus on five key areas: risk management, transparency, responsible innovation, workforce, and governance. Continue reading

How the Healthcare Industry Is Working to Become Immune to Ransomware

Posted on by

The first known ransomware attack occurred in 1989 and was targeted at the healthcare industry. The attention and attractiveness of healthcare organizations to ransomware hackers have not waned in the decades since. In fact, attacks are growing by 70-100 percent year over year. In 2023, there were over 460 ransomware attacks impacting U.S. health organizations, making it the most targeted industry.

This year, a major attack delayed prescription fillings and led to cash flow issues at facilities across the country. The American Healthcare Association said that 94% of hospitals have reported financial impact from the incident, with some losing upward of $1 billion per day in revenues. Continue reading

The Changing Identity of Identity Management

Posted on by

A key element of the move to zero trust is the use of "strong multi-factor authentication (MFA) throughout their enterprise." While identity management has been indicated by many as the "low hanging fruit" of a zero-trust journey, it is by no means easy. In fact, recent guidance from the Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) called it "notoriously difficult."

Key challenges to implementing MFA include:

  • Lack of standards - the CISA/NSA guidance pointed to confusion over MFA terminology and vague policy instructions as primary challenges to implementing more secure access. A joint committee of European Union (EU) and U.S. experts addressed this same issue in the Digital Identity Mapping Exercise Report, which aimed to define specific digital identity technical terminology. For example, the group found some definitions, such as "authoritative source" and "authentication factor," are identical between the U.S. and EU, whereas others, like "identity" and "signature," remain only partially matched.
  • Phishing - bad actors do not always hack the system; they hack the process, gaining entry through social-engineering tactics that grow more sophisticated by the day. The CISA/NSA report called on the vendor community to provide MFA services with additional investments and greater defenses against sophisticated attacks.
  • Rise of Generative AI - The Department of Homeland Security (DHS) is working to ensure technologies can determine if a submitted image is legitimate or a hacker's spoof. This "liveness detection" is needed to ensure that a submitted selfie is really a photo of a person, not a mask, photo of a photo, or other technique to try to get past the check.

Continue reading