If you’re reading this, then you have a computer. And whether it sits on a desk or rides around with you in a pocket, you want it to be secure. November 30 is Computer Security Day. This year, it just so happens to also fall on Cyber Monday—a day when millions of online shoppers are relying on invisible 0s and 1s as they click their way to the perfect present.
All of this ecommerce is convenient, but of course it comes at a cost. Any widely adopted technology must withstand an unavoidable onslaught of hacking attempts. In honor of computer security, take a break from filling up your virtual shopping cart to learn about some recent cyber solutions the Department of Homeland Security (DHS) Science and Technology Directorate (S&T) has helped upload into our digital society.
Thousands of DHS employees have government-issued cellphones to conduct official business while on the go, but all of those devices are susceptible to cyber threats and thus require safeguarding. The Mobile Device Security project partners DHS with various private software companies and academic institutions focused on addressing this concern. Together, working groups collaborate to develop tamper-proof modules, continuous authentication, and access control functions that make our mobile devices more secure.
Unfortunately, some level of criminal activity is inevitable. S&T’s Cyber Forensics work focuses on breaching rather than fortifying computer systems. Mobile devices often contain location information, text messages, emails, photos, and video that could serve as vital evidence in an investigation. The Cyber Forensics Working Group (CFWG) is composed of federal, state, and local law enforcement representatives who provide mission requirements and identify capability gaps when it comes to addressing the areas of most immediate concern. CFWG recommendations led to the enhancement of an open-source digital forensics platform known as Autopsy a few years ago to better serve law enforcement.
Just last year, S&T’s Homeland Security Systems Engineering and Development Institute updated the Common Weakness Enumeration (CWE) list of the top 25 most dangerous software errors. This compilation ranks the most frequent and critical errors that can lead to serious vulnerabilities in software. The previous update was in 2011. The CWE team, which is sponsored by the Cybersecurity and Infrastructure Security Agency, leveraged approximately 25,000 Common Vulnerabilities and Exposures entries submitted by volunteers from around the world. This isn’t the only S&T effort shoring up software, though.
The Software Assurance Marketplace (SWAMP) provides a suite of secure and dependable analysis services to help reduce the number of vulnerabilities deployed in new software systems. Cybersecurity centers at several universities contribute to this project. Researchers and developers can test their code, educators can offer hands-on training to our future workforce, and the quality and adoption rate of software assurance tools are advanced for all.
This is just a glimpse at some of our many research efforts. While computer security probably isn’t something that you think about every day, you can rest assured that it is for us. S&T is hard at work behind the scenes so you can have a safer time in front of your screen. Learn more about what we’re doing to make America cyber safe on our website.