The Department of Homeland Security (DHS) workforce has become increasingly mobile, driving the need for secure mobility solutions and a coordinated approach and framework to guide the selection and implementation of common enterprise mobility solutions. To accelerate the safe and secure adoption of mobile technology within DHS and the federal government, the DHS Science and Technology Directorate (S&T) Cyber Security Division (CSD) within the Homeland Security Advanced Research Project Agency (HSARPA) created the Mobile Security research and development (R&D) Program.
Mobile Security R&D Program Goal: “Accelerating the adoption of secure mobile technologies by government and industry to enable the homeland security mission.”
The Mobile Security R&D program has three efforts address in R&D:
Our dependency on mobile technology makes it an attractive and lucrative target for cyberattacks. A broad range of threats now challenges both government and consumer mobile devices. The government faces additional threats from advanced nation-state actors. Additionally, attacks can also focus on and jeopardize government employees’ physical wellbeing, finances, or privacy. Moreover, a security compromise of both the government and government employee’s mobile systems can lead to unauthorized access to, change of, or destruction of government functions.
The key developments in mobile threats include the following:
- The mobile ecosystem is complicated because it is comprised of different original equipment manufacturers (OEMs), operating systems platforms, application development tools, mobile network infrastructure, and much more. The complex and varying degree of inter-dependencies within this ecosystem makes for a broad and varied attack surface that presents unique security challenges for mobile technology users.
- Malware has grown substantially in the U.S., driven by an increase in threats that hold devices and their data hostage in exchange for payment (ransomware).
- Mobile threat sophistication is increasing. Malware has entered the marketplace pre-installed on certain devices thereby compromising the supply chain. Mobile-based malware now employs sophisticated self-defense techniques, such as evading attempts to detect and defeat the malware.
Mobile network infrastructures face unmitigated attacks. Reports suggest protection mechanisms are rarely implemented in carrier infrastructure, and there is limited ability to protect against geolocating users through their devices. The geolocation risk is exacerbated by legal global roaming partnerships between carriers.
To respond to these evolving threats and security challenges, S&T’s CSD has developed and will transition programs to accomplish several strategic objectives and initiatives. Through this work, S&T will ensure DHS is poised to bridge current capability gaps and deploy solutions that effectively, efficiently, and securely enable the DHS mission. The Mobile Security R&D program has established three overarching objectives to achieve its vision: strategic partnerships; research and development (R&D); and tech championing.
Objective 1: Partner with DHS components and federal stakeholders to identify operational requirements and capability gaps.
The Mobile Security R&D program leverages the efforts of existing federal and DHS mobility working groups to gather and prioritize remediation of mobile security capability gaps preventing mobile implementations both at the federal level and across the Homeland Security Enterprise (HSE). These groups include the following federal and DHS working groups:
Federal Interagency Working Groups:
- Federal Chief Information Officers (CIO) Council’s Information Security and Identity Management Committee (ISIMC) Mobile Technology Tiger Team (MTTT)
- ISIMC Identity, Credential and Access Management Sub Committee (ICAMSC)
- Mobile Services Category Team (MSCT)
- MTTT Mobile Application Security Vetting Working Group
DHS Mobility Working Groups:
- Mobility Initiative-5 (MI-5)
- Mobile Community of Practice
- President’s National Security Telecommunications Advisory Committee (NSTAC) Network Security Information Exchanges (NSIE)
Objective 2: Develop innovative, secure mobile solutions to enhance the DHS mission
The Mobile Security R&D program has established several initiatives with private industry and academia through long-range Broad Agency Announcements (BAAs), targeted BAAs, Small Business Innovation Research (SBIR) funding, and Other Agencies Technology Solutions (OATS) SBIRs. S&T has awarded mobile technology research contracts to address primary gaps identified through its partnerships with other DHS components and federal agencies. These efforts address needs in three R&D areas:
Objective 3: Champion the technology created by the program to support its transition into operational practice.
Transitioning the developed technology into operational use is an integral part of the Mobile Security R&D Program. Starting with the first objective, we engage stakeholders early to help drive research and identify customers that are able to be in involved. During and after research execution, the Mobile Security R&D Program conducts outreach to educate and raise awareness of the innovative technologies being developed by the program. Outreach activities include hosting technology showcases, engaging directly with federal CIOs, engaging in matchmaking, and facilitating pilot projects to promote early adoption of a technology.
- V. Sritapan and A. Stravou, “Mobile App Testing for the Enterprise,” in ISSA Journal, vol.14, issue 3, March 2016.
- K. Carver, V. Sritapan and C. Corbett, "Establishing and Maintaining Trust in a Mobile Device," in IT Professional, vol. 17, no. 6, pp. 66-68, Nov.-Dec. 2015.
- R. Johnson, N. Kiourtis, A. Stavrou and V. Sritapan, "Analysis of content copyright infringement in mobile application markets," Electronic Crime Research (eCrime), 2015 APWG Symposium on, Barcelona, 2015, pp. 1-10.
- R. Johnson, M. Elsabagh, A. Stavrou and V. Sritapan, "Targeted DoS on android: how to disable android in 10 seconds or less," 2015 10th International Conference on Malicious and Unwanted Software (MALWARE), Fajardo, 2015, pp. 136-143.
- Z. Ali, J. Payton and V. Sritapan, "At Your Fingertips: Considering Finger Distinctness in Continuous Touch-Based Authentication for Mobile Devices," 2016 IEEE Security and Privacy Workshops (SPW), San Jose, CA, USA, 2016, pp. 272-275.
- Salles-Loustau G, Sadhu V, Pompili D, Zonouz S, Sritapan V., "Secure Mobile Technologies for Proactive Critical Infrastructure Situational Awareness," Proceedings of IEEE International Symposium on Technologies for Homeland Security (HST), Walham, MA, 2016.
- M. Phillips, N. Stepp, J. Cruz-Albrecht, V. De Sapio, T Lu, V. Sritapan, “Neuromorphic and Early Warning Behavior-Based Authentication for Mobile Devices,” Poster session presented at IEEE International Symposium on Technologies for Homeland Security (HST), Walham, MA, 2016.
- R. Johnson, A. Stavrou, V. Sritapan, “Empowering Android MDMs Using Non-Traditional Means,” Poster session presented at IEEE International Symposium on Technologies for Homeland Security (HST), Walham, MA, 2016.
- S&T Leading Development of Secure Mobile Apps, April 10, 2018
- S&T and APCO Partner to Improve Interoperability and Security of Public Safety Mobile Apps, November 7, 2016
- DHS S&T, DARPA Co-Leading Development of Higher-Level Mobile Device Authentication Methods, July 20, 2016
- DHS S&T Announces Four SBIR Awards to Secure Mobile Device Firmware, May 30, 2018
- S&T Announces Release of Mobile Security R&D Program Guide Vol. 2, April 13, 2018
- DHS S&T Pilot Project Helps Secure First Responder Apps From Cyberattacks, December 18, 207
- DHS S&T Awards $750K To Manassas, Va.-based Tech Firm For Mobile Application Development Security Research, October 11, 2017
- DHS S&T Awards $640K to the Critical Infrastructure Resilience Institute for Supply Chain Cyber-Threats Research, September 14, 2017
- DHS S&T Awards $8.6 Million for Five Mobile Application Security R&D Projects, September 6, 2017
- DHS S&T Awards Metronome Software $750K to Strengthen Security of First Responder Sensor Systems, August 14, 2017
- DHS Delivers Study on Government Mobile Device Security to Congress, May 4, 2017
- DHS S&T commercializes first ever Bluetooth access control capability for virtual mobile infrastructure, February 8, 2017
- DHS S&T to Demonstrate Cyber Technologies at RSA 2017, February 6, 2017
- DHS Seeks Input to Study Safeguards to Mobile Devices; Industry Day Events to Follow, July 18, 2016
- DHS S&T Awards SBIR Contract to Mclean Small Business for Mobile Security Research and Development, July 12, 2016
- DHS to Hold Mobile App Security Research and Development Industry Day, June 6, 2016
- DHS S&T’s Mobile Security Performer to be First R&D Performer Added to GSA IT Schedule 70, April 8, 2016
- S&T Awards $10.4M in Mobile Security Research Contracts, September 3, 2015
- S&T Awards $1.3M to Yorktown Heights NY Company, September 1, 2015
- S&T Awards $759K to UNC Charlotte, August 24, 2015
- S&T Awards $576K to Rutgers University, August 19, 2015
- S&T Awards $1.7M to Fairfax VA Company, August 19, 2015
- S&T Awards Hartford Conn Company $790K for Research, August 12, 2015
- S&T Awards $2.2M to Malibu Calif Company, August 12, 2015
- DHS S&T Awards $1.2M to Rockville Company, August 6, 2015
- DHS S&T Awards $2.9 Million for Mobile App Security Research, July 23, 2015
- DHS S&T Applies Mobile App Archiving Technology to Copyright Infringement, July 17, 2015
- DHS S&T Expands Mobile App Archiving Technology, April 8, 2015
- DHS S&T’s Mobile Security Performer to be First R&D Performer Added to GSA IT Schedule 70, April 8, 2015
- DHS S&T App Technology Transitions to Commercial Market, December 5, 2014
- DHS Study on Mobile Device Security
- Mobile App Security Study: Securing Mobile Applications for First Responders
- Mobile Device Security Fact Sheet
- Mobile Security R&D Program Guide, Volume 2
Program Manager: Vincent Sritapan