The U.S. Department of Homeland Security (DHS) and the General Services Administration (GSA) hosted an industry day to address companies’ questions regarding DHS’s Request for Information (RFI) regarding mobile threats and defenses.
More than 100 people representing technology companies attended the event Wednesday in response to the RFI, which was released on July 7 and addressed threats rooted in applications, software, networks, mobile enterprises, and physical devices. DHS seeks technological capabilities and practices to combat such threats, which can come in the form of malicious applications, ransomware, compromised Bluetooth devices, fraudulent SIM cards, and malicious Wi-Fi networks masquerading as legitimate Wi-Fi networks. The purpose of the industry day was to answer questions from companies, rather than collect information from them.
“We had a good turnout,” said Vincent Sritapan, program manager in the Cyber Security Division at DHS’s Science and Technology Directorate (S&T). “We’re not looking at how great their product is. We’re looking at defense.”
At the event, which was held at GSA’s headquarters in Washington, D.C., Sritapan asked companies to write their questions on notecards and submit them. During a break, Sritapan and his team compiled and formulated answers to the queries. The rest of the industry day was devoted to answering the questions.
Some companies asked about the gravity with which DHS will regard certain threats. For example, one representative asked how seriously the DHS will consider the threat posed by the remote exploitation of cellular baseband flaws. DHS stated that they will take such threats extremely seriously.
Although the recent industry day’s purpose was to answer companies’ questions, DHS will begin to glean information soon. Responses to the RFI are due Aug. 22. On Aug. 2, DHS will host another industry day in Menlo Park, Calif., to answer questions on the West Coast.
“We held two industry days because we know that not everyone can come to D.C.,” Sritapan said. “That’s not where the tech companies are. We’re taking the effort to go to them.”
DHS’s RFI is meant to gather information for a study Congress commissioned on Dec. 18, 2015. The Cybersecurity Act of 2015 mandated that DHS and the National Institute of Standards and Technology (NIST) conduct a study on mobile threats and defenses. Mobile security is an important issue, as S&T and NIST have detected 225 mobile threats to date. The final report to Congress is due Dec. 16.
“It’s a joint effort,” Sritapan said. “We have to come up with a plan on accelerating mobile device security. S&T is interested in finding the gaps.”