Are cyber compliance requirements getting in the way of security?

C4ISR & Networks

When systems simply can’t meet existing security mandates, Archer advises developing new mandates from the ground up. “NIST offers a process for security assessment that flows from an understanding of adversarial capabilities, types and sensitivities of data or controls to be protected, and available budget,” Archer said. “Following this process, you can identify potential security risks specific to the system and then develop practices to secure the system against those risks becoming vulnerabilities.”

PERMALINK

DARPA looks to measure privacy protection

GCN

“Privacy, especially when it comes to data, can be difficult to pin down. Security measures are key, but when done wrong can add to the difficulty, making it hard for authorized users to effectively access the data they need. So the Defense Advanced Research Projects Agency has been funding research efforts to develop technologies that could help bridge troublesome privacy gaps.”

PERMALINK

Isaac Potoczny Jones: Encryption Debate – The Issue Isn’t Strong Crypto; It’s Easy Crypto

NextGov

strong encryption is not the real issue that faces law enforcement now. In reality, strong encryption has been available for decades. The real issue that government agencies are facing today is actually easy, default, and ubiquitous crypto. Ease of use and security are both in the interest of the public, and in line with the White House cybersecurity priorities.

PERMALINK

Mobile security Q&A with Isaac Potoczny-Jones: Securing the mobile minimum viable app

CSO

We know application security is one of the most important aspects of data security, but if software teams are moving more quickly than ever to push apps out, security and quality assurance needs to be along for the process. The flip side is minimum apps and features could mean less attack surface. To get some answers on the state of mobile app security and securing the MVP, we reached out to Isaac Potoczny-Jones research lead, computer security with a computer security research and development firm Galois.

PERMALINK

DDoS Defense: Better Traction in Tandem?

Security Intelligence

With DDoS tools and hacking-as-a-service now available for purchase at virtually any Dark Web marketplace and effectively being advertised through public attacks, companies are understandably concerned. Even when caught midstream, it’s difficult to respond before servers start failing and other, more sophisticated attacks take aim at critical corporate data. As a result, dealing with DDoS has become a top priority for organizations like the DHS, which just awarded a $1.7 million contract to tech company Galois in hopes of strengthening DDoS defense.

PERMALINK

Department of Homeland Security doles out $1.7 million for DDoS protection

The Washington Times

Galois of Portland announced on Monday this week that the federal government has contracted the company to develop technology capable of countering DDoS attempts — elementary but often successful cyberattacks in which hackers cause a computer system to collapse by subjecting it to a sudden surge in traffic. Individuals ranging from politically-motivated hacktivists to state-sponsored cyberwarriors have relied on DDoS attacks to take entire systems offline. And yet while the lasting effects may be minimal, downtime suffered by the likes of a major financial institution — or, as Galois’ contract suggests, a government agency — may cause immeasurable damages.

PERMALINK

Adam Wick on Security, Formal Methods, Types, Unikernels, HaLVM, DRM

InfoQ

Adam Wick leads the systems software group at R&D company Galois, Inc. Galois does research in formal methods, programming languages, OS, compiler engineering, and security. Adam has worked in a variety of fields from HW synthesis to web apps, but has recently focused on network and OS security. Amongst his current jobs, he also maintains HaLVM and oversees Galois’ projects using it.

PERMALINK

Galois NSTIC pilot: Creating secure data storage and access for the IoT

SecureID News

Galois focuses on cyber security, primarily serving the U.S. government, and with its NSTIC pilot funding the company will pilot a project to build a tool that can enable the storing and sharing of private information online. The data storage system will rely on biometric authentication. Project partners also plan to develop transit ticketing on smartphones and integrate the secure system into an Internet of Things (IoT) enabled smart home.

PERMALINK

Rob Wiltbank of Galois: Maintaining a Singular Focus on High-Assurance Systems

WashingtonExec

Making systems as they were intended – that’s been the focus of Portland-based tech company Galois from the very beginning. For the past 15 years, the company has focused on research and development of technologies that protect networks, systems, devices and vehicles. That critical work has translated into sizable contract wins, most recently, with the award […]

PERMALINK

David Archer: The unrealized potential of interagency total information sharing

Government Computer News

Significant events tend to trigger significant reactions. In the immediate aftermath of 9/11, fingers pointed to the lack of information sharing among government agencies at every level as the root of our inability to predict the attack, which unsurprisingly led to calls for total information sharing (TIS). Then, on the heels of a string of […]

PERMALINK