ACT-IAC Cybersecurity Innovation Initiative Search Ideas

No real accountability exists today for executives in regards to IT Security failures. Accountability should exist in cases where known security issues existed before the breach and executives failed to address them. Risk acceptance should not be used as an excuse for addressable security gaps.

Polymorphic Cipher Engine, called CipherLoc. Is the first secure commercially viable advanced Polymorphic Key Progression Algorithmic Cipher Engine (PKPA). A morphing cipher that can be used in any commercial data security industry and/or in sensitive applications: Banks, Financial transactions, Credit Cards, Securities, Stock and Bonds transactions, Emails, Phones, tablets, Servers and or computers, etc... 

More than... more »

Polymorphic Cipher Engine, called CipherLoc. Is the first secure commercially viable advanced Polymorphic Key Progression Algorithmic Cipher Engine (PKPA). A morphing cipher that can be used in any commercial data security industry and/or in sensitive applications: Banks, Financial transactions, Credit Cards, Securities, Stock and Bonds transactions, Emails, Phones, tablets, Servers and or computers, etc... 

More than... more »

Although the OPM breach has been the major source of cybersecurity discussion the past few months, it is certainly not the only issue that needs to be addressed. During the panel discussion at the NACo Summit we also covered topics like the White House Cybersecurity Sprint and how to better protect systems and data for long-term security.
If you are not familiar with the 30-day White House Cybersecurity sprint, it is... more »

The Cybersecurity landscape involves multiple iterations of systems based on the AES256 Standard. This standard is easily breached making stopping intruders at the gate an impossible proposition. the Government and Private Industry needs to put more muscle behind the research, funding, test and deployment of a true "One Time Pad" standard for protecting filaes at rest and in transmission.

Monitor data going out for anomalies, including tagging for sensitive data. This would have been a signal to spot exfiltration like in the OPM case

Clarify a “hotline” reporting channel for people who suspect an issue, in agency or government-wide – if a user sees a potential problem, can check with team to for tech assistance on whether it’s real and what are next steps. Sort of a help desk for cyber reporting.

The old adage "it takes 10,000 hours of practice to become an expert" is very true in cyber defense. We can't teach people to prevent zero day exploits but we can provide an inexpensive way to show what happens when an exploit is used. Technology today is finally available to provide ubiquitous Cyber Battlerooms, like Netflix, where you log into the cloud and "play" on a Virtual Clone Network of a government agency,... more »

Data anomalies don’t necessarily catch the extrusion of compressed data and it must be consistently and constantly applied across government. However, the technology is there for content encryption; polices are needed that govern content distribution/risk, allowing focus on critical risks.

The evolution of the cyber attacker’s techniques, skills and tools has far exceeded the pace of the cyber defender’s. Throughout the public and private sector, from federal agencies to health insurance providers, emerging threats continue to wreak havoc on enterprise networks, applications and data. Incident response teams must move faster, but the tools they’ve been given to do the job aren’t fast enough in detecting,... more »

The answer may not be “innovation” but going back to basics. It starts with comprehensive asset management. An agency has to identify ALL hardware and software assets on its network. You can’t scan hardware for configuration errors or software for missing patches if you don’t know those devices exist. Every unknown asset is a potential threat vector. This will also help compress breach-to-detection-to-response times.... more »

i. This is a big data for cyber security issue. It’s difficult to find a managed system that is not able to report on network and OS-level activity (e.g. Syslog, SNMP, etc.). We’re not talking about a log-manager or SIEM but rather the resulting data (structured and unstructured) being transferred securely into a data repository for link analysis, correlated with various sources of threat intelligence and end-point... more »

Polymorphic Cipher Engine, called CipherLoc. Is the first secure commercially viable advanced Polymorphic Key Progression Algorithmic Cipher Engine (PKPA). A morphing cipher that can be used in any commercial data security industry and/or in sensitive applications: Banks, Financial transactions, Credit Cards, Securities, Stock and Bonds transactions, Emails, Phones, tablets, Servers and or computers, etc... 

More than... more »

Polymorphic Cipher Engine, called CipherLoc. Is the first secure commercially viable advanced Polymorphic Key Progression Algorithmic Cipher Engine (PKPA). A morphing cipher that can be used in any commercial data security industry and/or in sensitive applications: Banks, Financial transactions, Credit Cards, Securities, Stock and Bonds transactions, Emails, Phones, tablets, Servers and or computers, etc... 

More than... more »

While the sharing of information is important, Funding for research into methods for immediate breach awareness the minute they occur is a critical component for detection and mitigation. There is technology available that can spot and identify attempts at intrusion at the source. As we know, i.e. OPM and others had been breached long before there was a discovery of intrusion. Much remains to be accomplished toward... more »