By: James Lint, Senior Editor for InCyberDefense and Contributor, In Homeland Security
During the Global Security Exchange (GSX) conference hosted by ASIS International this week in Las Vegas, InfraGard’s National Congress took place. The Congress meeting featured a thought-provoking keynote panel discussion in regard to software.
Keynote Panel Discussion
A panel, “Securing the DoD Supply Chain & Security as the 4th Pillar of the DoD Acquisition Process” was moderated by Mr. Matthew Miller, Vice President of Special Programs at InfraGard National. The three panelists, each with over 30 years of experience, were:
Daniel Payne, Director of Defense Security Service (DSS)
Cindy Morgan, principal of Pikes Peak, LLC
Harvey Rishikof, Chair of the American Bar Association Standing Committee on Law and National Security
Director Payne Describes Need to Protect Technology
Director Payne started his career at CIA counterintelligence. With over 36 years of counterintelligence experience, he has a strong understanding of national security requirements.
“DSS is out there to protect our critical technologies,” he said. “DSS supports 32 [federal] agencies in the protection of critical technologies.”
Payne announced that security clearance background investigations are reverting to DSS. The mission was previously carried out by the Office of Personnel Management (OPM) and before that by DSS under its old name, the Defense Investigative Service. Some elements in the Intelligence Community will not be included in this DSS move.
“DSS will take over the Sensitive Compartmented Information Facility (SCIF) accreditation,” Payne added. He explained that this move will mean greater standardization of SCIF accreditation rules and interpretation of the regulations.
“DSS will become the Functional Manager for DoD Counterintelligence, and they are working on a Presidential Executive Order,” Payne said. But elements of the EO may change after some future discussions.
There will be substantial growth at DSS’ 46 offices, Payne predicted. “They currently have about 900 personnel, and will move to 5000 or 6,000 personnel.” So this is a god time for job hunters to get prepared for various new positions opening.
Morgan Seeks Translators to Put US Security Products into Other Languages
Sometimes, government agencies have overseas offices or have large numbers of non-English speaking employees, Morgan noted. She has worked to make security education software match the language of the workforce. We find translators to put our security products into other languages, she explained. Ideas like Morgan’s can increase the security of organizations.
Rishikof Discusses Compliance Motivation and Ways to Have Clean Code on Software
Rishikof’s ideas focused on motivating compliance and having clean code on U.S. government purchase of software. Often, software code is released early and modified in updates, he said. That gives bad actors and nation-states the opportunity to insert code that transmits organizational data to an unfriendly location.
“We are in the era similar of the pre-building codes eras; our software code and software assurance has no UL codes or standardization,” Rishikof noted. “For building software for cyber products, there are no requirements for software assurance.”
Rishikof would also like to see tax breaks for companies that offer assurances that their software is malware-free. Additionally, he suggested that insurance companies could give premium discounts to companies that create software that has not been infected by malware or other additions by foreign governments.
GSX Conference Offers Attendees the Opportunity to Learn More about InfraGard
The InfraGard booth at the GSX conference gave potential members the opportunity to learn more about what InfraGard is. There is no cost to join and benefits include the chance to network with fellow professionals employed by the Federal Bureau of Investigation (FBI) and other security and law enforcement organizations. Local chapter meetings help members stay current on industry threats.