VET – Vetting Commodity IT Software and Firmware

Slides:

Advertisements

Similar presentations

From Real-Time Intercepts to Stored Records: Why Encryption Drives the Government to Seek Access to the Cloud Peter Swire Moritz College of Law Ohio State.

Advertisements

1 of 14 Information Access Management Interventions © FAO 2005 IMARK Investing in Information for Development Information Access Management Interventions.

Quality Liaisons March 6th, Please sit by level.

Mobile Devices in the DoD

IT Essentials 5.0 Overview February Cisco Public © 2013 Cisco and/or its affiliates. All rights reserved. 2.

Networking Project By Tanya Rush Integrating Technology into the Classroom Curriculum.

Copyright © 2012 AirWatch, LLC. All rights reserved. Proprietary & Confidential. Mobile Content Strategies and Deployment Best Practices.

Secure Mobile IP Communication

Principles of Information Technology

Communications Room: Router/WAP, Switch, Server, Patch Panel Communications Room: Router/WAP, Switch, Server, Patch Panel Hard-wired Ethernet Ports… Site.

Campus Wide Microsoft Agreement for Desktop Suite Education Enrolment Solutions (EES agreement)

© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Fundamentals of Information Systems Security.

Middle School Lesson 2 Activity 3 – The Guessing Game

A mobile single sign-on system Master thesis 2006 Mats Byfuglien.

Laboratory Assistant Analysts in the pharmaceutical industry often use a range of equipment to analyse raw materials, products and packaging components.

Assignment 3 LTEC 4550 Cason Parker. Network Hub A Network Hub is a device that connects other devices together using Ethernet cables. Hubs are unintelligent.

Net Neutrality By Guilherme Martins. Brief Definition of what is Net Neutrality? Network neutrality is best defined as a network design principle. – Think.

By: Mike Yerina. Internet Regulation: The Internet Regulation is a very important part of the world today and without it there would be huge changes in.

Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.

Network Security Philadelphia UniversityAhmad Al-Ghoul Module 11 Exploring Secure Topologies  MModified by :Ahmad Al Ghoul  PPhiladelphia.

What is a Computer Network? Two or more computers which are connected together.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

By: Colby Shifflett Dr. Grossman Computer Science /01/2009.

Chapter 14 Managerial issues in networking. Overview Network design Network management – Hardware – Software Technology standards Role of government and.

1 Enforcing Compliance: A Patch Management Strategy That Works.

The Basics of Networking. Rick Graziani What is networking? Communication! An interconnection of computers and other devices: –Printers.

Deploying a Certification Authority for Networks Security Prof. Dr. VICTOR-VALERIU PATRICIU Cdor.Prof. Dr. AUREL SERB Computer Engineering Department Military.

Clinic Security and Policy Enforcement in Windows Server 2008.

Unleashing Mobile Broadband WiPipe Central MANAGED SERVICES Secure, Manage, & Maintain the Edge of the 3G/4G Network.

Operational Capability: An underlying simplification of a data encoding standard has been developing over the past decade and is being demonstrated in.

Chapter Overview Network Communications.

From Real-Time Intercepts to Stored Records: Why Encryption Drives the Government to Seek Access to the Cloud Professor Peter Swire The Privacy Project.

SCHOOLS AND LIBRARIES PROGRAM OF THE UNIVERSAL SERVICE FUND E-Rate.

Current Job Components Information Technology Department Network Systems Administration Telecommunications Database Design and Administration.

Cloud Computing Zach Ciccone Claudia Rodriguez Annia Aleman Xiaoying Tu Nov 14, 2013.

Basic Network Concepts Introduction to Computing Lecture#28.

SBIR/STTR Programs Introduction John Ujvari, MBA SBIR Program Specialist North Carolina SBTDC Phone: Web:

IT Infrastructure Chap 1: Definition

Chapter 5 Contract review Contract review process and stages

Objectives Overview Identify the qualities of valuable information Describe various information systems used in an enterprise Identify the components of.

Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing.

INTRODUCTION. The security system is used as in various fields, particularly the internet, communications data storage, identification and authentication.

A+ Certification Oct. 9, 2012 release. CompTIA A+ Certification Vendor Neutral Certification 2 exams exams ISO Certified.

LeToia Crozier, Esq., CHC Vice President, Compliance & Regulatory Affairs Corey Wilson Director of Technical Services & Security Officer Interactive Think.

Computer network  A network consists of multiple computers connected to each other to share data and resources.

Backdoors: How Will Government Agencies Adapt to Cybersecurity on the Internet? Professor Peter Swire Ohio State University Internet Law Scholars WIP New.

Network equipment used in a modern office

John Morris 1 Hot Topic - IP Services Wiretapping the Internet EDUCAUSE Policy Conference May 20, 2004 John Morris, Center for Democracy and Technology.

Communications & Networks National 4 & 5 Computing Science.

Proposed UW Minimum Computer Security Standards From C&C 28 Jan 2005 Draft.

NITRD Networking and Information Technology Research and Development Program 19 March 2009.

Networking Computers Types of Network. Learning Objectives: By the end of this topic you should be able to: compare the characteristics of a local area.

Information Systems CS-507 Lecture 32. Physical Intrusion The intruder could physically enter an organization to steal information system assets or carry.

Securing a Host Computer BY STEPHEN GOSNER. Definition of a Host  Host  In networking, a host is any device that has an IP address.  Hosts include.

Activu-Powered Video Wall Prominently Featured during President Obama’s Visit to the National Cybersecurity and Communications Integration Center On January.

SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #

Huawei established its R&D centre in Bangalore and currently employs more than 2000 R&D engineers and has invested approximately USD 300 Million.

Department of Computer Science Introduction to Information Security Chapter 7 Activity Security Assessment Semester 1.

In an increasingly competitive industry is certified by a recognized provider as Microsoft exam will dramatically improve your chances busy. Microsoft.

School network wireless, and land based By Benjamin Houlton.

Jordan Population and Housing Census 2015

Components of information systems

The Future? Or the Past and Present?

IS4550 Security Policies and Implementation

Implementing Client Security on Windows 2000 and Windows XP Level 150

Department | Website | Phone Number

Name of Event Name of Event Date, location, department

Anuj Dube Jimmy Lambert Michael McClendon

Guidelines for building security policies. Building a successful set of security policies will ensure that your business stands the best possible chance.

Presentation transcript:

VET – Vetting Commodity IT Software and Firmware DARPA – SN – 13 – 07 In about April of 2012 it was noted by the DoD and other groups that foreign governments had access to 80 percent of the world’s communications, event military-grade encryption. This was mainly being done to two companies that provided the world with equipment and services used by 45 of the top 50 telecommunication centers in the world. This company brag that a third of the world’s population is hook up to its network gear, as well as being the third largest of Smart Phone company in the world. This access gave their government’s unbridled, backdoor access into data and proprietary information belonging to some 140 nations. This access could have allowed widespread spying and sabotage in the event of any hostilities . To answer this attach on our communication system on March 26 2013 the president signed into law restrictions on the acquisition of equipment from the offending company / government to not be used by the National Science Foundation, NASA, and the Departments of Commerce and Justice. As well as action being taken by the Australian, British, and Indian governments. In addition DARPS has put out a proposal for the creation of their VET program. This proposal with was dated for 12-19-2012 was extended until 2-1-2013 covering the tools and technology needed to protect our communication networks.

The DARPA VET program will seek to demonstrate that it is technically feasible for the Department of Defense (DoD) to determine that the software and firmware shipped on commodity Information Technology (IT) devices are free of broad classes of backdoors and other hidden malicious functionality. Some common examples of commodity IT devices include mobile phones, network routers, servers, printers, fax, and computer workstations With the main charge to the ACTA from the FCC being to protect the network from harm then it should be a natural next step for the ACTA and the Test LABs to add the DARPA “VET Program” test requirements for testing before an US Number is applied to any device under test. It should also be noted that because the devices being affected to-date, can be both IP and TDM. It is subjected that the device testing requirement governing the ACTA should be extended to cover IP based devices as well. There by covering every types of IT and telecommunication equipment that can be connected to the National Network from harming the Network be it IP or TDM. It should also be noted that with the test sampling requirement on the Test LADs under the ACTA rules that the repeat testing of any device from time to time should keep harmful technology from being added to any device after the fact.

The VET program must overcome three major technical challenges in order to demonstrate that potential deployment scenarios, are technically feasible: Defining malice - Given a sample device, how can DoD analysts produce a prioritized checklist of software and firmware components to examine and broad classes of hidden malicious functionality to rule out? (2) Confirming the absence of malice - Given a checklist of software and firmware components to examine and broad classes of hidden malicious functionality to rule out, how can DoD analysts demonstrate the absence of those broad classes of hidden malicious functionality? (3) Examining equipment at scale - Given a means for DoD analysts to demonstrate the absence of broad classes of hidden malicious functionality in sample devices in the lab, how can this procedure scale to non-specialist technicians who must vet every individual new device in DoD before deployment?