WEBVTT - https://subtitletools.com 00:00:04.516 --> 00:00:20.396 [ Music ] 00:00:20.896 --> 00:00:23.916 Megan Mahle: So Vincent is a colleague of mine at S&T. 00:00:24.126 --> 00:00:26.146 He's the portfolio manager in the Cyber 00:00:26.146 --> 00:00:27.986 and Physical Security Division. 00:00:28.376 --> 00:00:30.636 He's overseeing the Infrastructure Protection 00:00:30.636 --> 00:00:33.136 Portfolio supporting the cybersecurity 00:00:33.136 --> 00:00:34.576 and infrastructure development. 00:00:35.186 --> 00:00:41.236 And he also manages our Mobile Security R&D program. 00:00:41.736 --> 00:00:45.866 So I will turn it over to Vincent. 00:00:45.866 --> 00:00:45.933 [ Applause ] 00:00:45.933 --> 00:00:48.216 Vincent Sritapan: So S&T's partnership with CISA. 00:00:48.216 --> 00:00:50.406 So I'm going to talk in two parts. 00:00:50.806 --> 00:00:53.096 And as, my name is Vincent Sritapan. 00:00:53.096 --> 00:00:55.026 I work for the Department of Homeland Security Science 00:00:55.026 --> 00:00:56.096 and Technology Directorate. 00:00:56.096 --> 00:00:59.666 We're going to talk specifically about the partnership with CISA, 00:00:59.816 --> 00:01:02.246 yber Security Infrastructure Security Agency. 00:01:02.526 --> 00:01:04.796 And also the Mobile Security R&D program. 00:01:05.166 --> 00:01:08.276 And last but not least, the Mobile Network Infrastructure. 00:01:08.436 --> 00:01:11.736 Essentially, we have an opportunity for research 00:01:11.736 --> 00:01:13.126 and development in this area. 00:01:13.426 --> 00:01:16.426 And I would say more than just listening to myself, 00:01:16.426 --> 00:01:18.956 you will hear folks like Kevin Briggs 00:01:18.956 --> 00:01:20.526 and Robert Dew speaking here. 00:01:20.766 --> 00:01:24.306 Those are very important folks as far as the customer, 00:01:24.366 --> 00:01:25.426 what their challenges are. 00:01:25.756 --> 00:01:28.456 So you'll hear that both from sort of a research side 00:01:28.456 --> 00:01:31.176 of the house, our philosophy and how we do business, 00:01:31.176 --> 00:01:34.266 but also what the real challenges are 00:01:34.316 --> 00:01:36.976 from a component DHS mission perspective. 00:01:38.066 --> 00:01:39.346 So next slide here. 00:01:39.566 --> 00:01:41.556 So first off, you know, what is CISA 00:01:41.556 --> 00:01:43.146 and this partnership that we have? 00:01:43.146 --> 00:01:46.296 And I know this is a cleared, older version, right? 00:01:46.296 --> 00:01:48.336 So there may be new versions 00:01:48.336 --> 00:01:51.246 of what CISA may look like going forward. 00:01:51.246 --> 00:01:54.886 But as you have seen and some of you are probably very familiar 00:01:54.886 --> 00:01:57.756 with how, what is it, you would think 00:01:57.756 --> 00:02:00.306 about US Cyber Command came out of StratComm 00:02:00.426 --> 00:02:02.636 and became its own combat and command, right? 00:02:02.636 --> 00:02:04.806 In this case, think of this 00:02:05.076 --> 00:02:08.896 as National Protection Program's Directorate coming out from 00:02:08.896 --> 00:02:12.046 under DHS and becoming its essentially equivalent 00:02:12.586 --> 00:02:13.736 in this case, CISA, right? 00:02:13.736 --> 00:02:15.576 Cyber Security Infrastructure Security Agency. 00:02:15.916 --> 00:02:17.626 This is essentially an equivalent, 00:02:17.626 --> 00:02:22.056 so Director Christopher Krebs is now you know, director for CISA. 00:02:22.376 --> 00:02:24.456 And this is essentially equivalent 00:02:24.616 --> 00:02:27.656 to like a FEMA, CVP, TSA equivalent. 00:02:27.656 --> 00:02:30.166 So there's a lot of maturity and growing pains 00:02:30.166 --> 00:02:30.916 with that, definitely. 00:02:30.916 --> 00:02:32.076 I don't envy anybody. 00:02:32.416 --> 00:02:35.126 But at the same time, what it means for us is 00:02:35.126 --> 00:02:38.866 that their mission, you know, not only is it important, 00:02:38.866 --> 00:02:40.736 it's been elevated, right? 00:02:40.736 --> 00:02:44.406 What, where we work, and who we support is primarily, 00:02:44.406 --> 00:02:45.976 you saw the org chart before. 00:02:46.366 --> 00:02:52.026 Myself and another colleague of mine, Chase Garwood covers CISA 00:02:52.196 --> 00:02:54.276 in all of their R&D requirements 00:02:54.276 --> 00:02:56.416 and what we actually do going forward. 00:02:56.416 --> 00:02:59.586 So when you look at CISA, you look at everything 00:02:59.586 --> 00:03:02.636 from all the Emergency Comms Division, right? 00:03:02.686 --> 00:03:03.346 That's there. 00:03:03.346 --> 00:03:05.316 You think of things like SafeComm, you know, 00:03:05.396 --> 00:03:07.016 you think of working with public safety, 00:03:07.246 --> 00:03:10.196 wireless priority services that CISA's a board member for. 00:03:10.596 --> 00:03:12.006 FirstNet as an example. 00:03:12.006 --> 00:03:14.006 So just when you think about mission-wise. 00:03:14.356 --> 00:03:16.696 You have others, like the National Risk Management Center. 00:03:17.306 --> 00:03:19.196 Think of this as your, you know, 00:03:19.316 --> 00:03:21.186 risk analysis in what that means. 00:03:21.186 --> 00:03:23.216 So if you have a disaster somewhere, what are the, 00:03:23.516 --> 00:03:25.906 you know, first order, second order, effects 00:03:25.906 --> 00:03:27.956 and what that means for us. 00:03:27.956 --> 00:03:29.566 Think about National Critical Functions, 00:03:29.566 --> 00:03:30.306 this comes out of there. 00:03:30.636 --> 00:03:33.006 If you've heard things in the news related to you know, 00:03:33.216 --> 00:03:36.646 5G information communication, telecommunications, 00:03:36.646 --> 00:03:38.686 supply chain, that's the group, right? 00:03:39.206 --> 00:03:41.926 As you just, understanding who is our customer, 00:03:41.926 --> 00:03:43.146 who are we looking to support? 00:03:43.666 --> 00:03:46.306 Additionally you have others like the Cybersecurity Division. 00:03:46.356 --> 00:03:49.116 So think of this as, you know, all the cyber 00:03:49.116 --> 00:03:51.126 that we might have, they're responsible 00:03:51.266 --> 00:03:52.876 for protecting the .gov. 00:03:52.926 --> 00:03:56.336 If you guys are familiar with Einstein or CDM at all, 00:03:56.416 --> 00:03:59.706 Continuous Diagnostic Mitigation, yes, no, maybe? 00:04:00.626 --> 00:04:01.356 Maybe? Okay. 00:04:01.356 --> 00:04:04.256 So think of it as, if you did DOD work before, you're familiar 00:04:04.256 --> 00:04:06.226 with this continuous monitoring, right? 00:04:06.466 --> 00:04:08.106 They just also added mitigation. 00:04:08.436 --> 00:04:10.896 But there, you know, very large budget, 00:04:11.006 --> 00:04:13.406 very large responsibility of working 00:04:13.406 --> 00:04:16.796 across federal departments and agencies to secure, you know, 00:04:16.796 --> 00:04:20.066 the .gov space and different, think of security compliance 00:04:20.066 --> 00:04:21.816 in that case, but they pay for it. 00:04:22.216 --> 00:04:24.496 So that's a real nice plus. 00:04:25.306 --> 00:04:28.556 Additionally there is the Infrastructure 00:04:28.556 --> 00:04:29.516 Security Division. 00:04:30.086 --> 00:04:33.076 So think of this as you know, areas where you talk 00:04:33.076 --> 00:04:36.156 about school safety, you know, public school safety, 00:04:36.216 --> 00:04:40.196 think of different types of counter UAS, UAS concerns, 00:04:40.196 --> 00:04:43.346 when you talk about stadiums and any public places. 00:04:44.116 --> 00:04:46.566 Industrial control systems, but you're going to see a lot 00:04:46.566 --> 00:04:50.586 of these soft targets concerns in these areas that we support. 00:04:51.166 --> 00:04:54.636 So today we are very much partnered with these, 00:04:54.636 --> 00:04:56.726 many of these groups, for CISA. 00:04:56.726 --> 00:04:59.876 But it's primarily around mobile network infrastructure. 00:05:00.486 --> 00:05:04.056 So I'm dual-hatted for both the portfolio but also the program. 00:05:04.176 --> 00:05:06.936 Right? So whatever we do, and you're going 00:05:06.936 --> 00:05:09.986 to see this new philosophy of you know, our approach is 00:05:10.066 --> 00:05:13.316 to ensure whatever research we're asking for you to do, 00:05:13.316 --> 00:05:14.606 is going to come with a customer. 00:05:14.726 --> 00:05:17.576 Right? It's their need that we're trying to fulfill. 00:05:17.576 --> 00:05:20.236 It's not necessarily just because 5G's a big buzzword 00:05:20.536 --> 00:05:24.176 that we're trying to do that, that's definitely not the case. 00:05:24.356 --> 00:05:26.486 So definitely we want to talk 00:05:26.486 --> 00:05:28.346 about the mobile security R&D program. 00:05:28.516 --> 00:05:29.906 And I'll hit it at a high level. 00:05:29.986 --> 00:05:32.346 There are some brochures in the back which I'll talk 00:05:32.346 --> 00:05:34.276 about at a high level. 00:05:34.726 --> 00:05:37.736 But do a video, right? 00:05:37.736 --> 00:05:37.803 [ Music ] 00:05:37.803 --> 00:05:42.686 It seems every one of us has a phone in our pocket, 00:05:42.846 --> 00:05:45.986 a tablet on the table, or both. 00:05:45.986 --> 00:05:47.466 But let's be honest. 00:05:47.466 --> 00:05:50.456 How many of us actually know what's inside those devices 00:05:50.556 --> 00:05:51.466 and applications? 00:05:51.916 --> 00:05:54.226 Or how secure our networks are? 00:05:54.646 --> 00:05:56.916 Mobile means access to information anytime 00:05:57.576 --> 00:05:59.426 from anywhere from any device. 00:05:59.766 --> 00:06:04.256 But who's thinking about mobile security? 00:06:04.256 --> 00:06:07.906 DHS S&T. 00:06:07.906 --> 00:06:10.576 Vincent Sritapan: DHS S&T's Mobile Security R&D Program's 00:06:10.576 --> 00:06:13.346 mission is really around accelerating the adoption 00:06:13.346 --> 00:06:14.916 of secure mobile technologies 00:06:14.976 --> 00:06:16.346 for the homeland security mission. 00:06:16.846 --> 00:06:20.606 We lead the federal mobile strategy across the government 00:06:20.606 --> 00:06:21.836 and Department of Defense. 00:06:23.116 --> 00:06:24.266 That's a pretty tall order. 00:06:24.776 --> 00:06:26.876 Because there are millions of devices used 00:06:26.906 --> 00:06:27.856 by government agencies. 00:06:28.056 --> 00:06:30.376 And if their information is compromised, 00:06:30.876 --> 00:06:32.366 we all have a problem. 00:06:32.366 --> 00:06:36.456 In the mobile space, there are many parts to the puzzle. 00:06:36.966 --> 00:06:40.256 There is infrastructure, where we're working with providers 00:06:40.256 --> 00:06:41.686 to try to help them improve that. 00:06:42.086 --> 00:06:43.436 There is the device itself. 00:06:43.476 --> 00:06:45.876 And then the applications night software 00:06:45.876 --> 00:06:47.536 that runs on your phone. 00:06:47.766 --> 00:06:49.716 Fortunately S&T gets it. 00:06:50.266 --> 00:06:52.666 They literally wrote the book on improving mobile security 00:06:52.666 --> 00:06:53.816 for our entire government. 00:06:53.946 --> 00:06:58.406 And also provide the expertise to make a difference now. 00:07:00.056 --> 00:07:05.816 The mission of FEMA is to help people before, during, 00:07:05.916 --> 00:07:07.246 and after the disaster. 00:07:08.136 --> 00:07:10.296 Mobility and the relationship between FEMA 00:07:10.296 --> 00:07:11.756 and S&T is vitally important. 00:07:12.516 --> 00:07:14.466 They have been a valued partner from a perspective 00:07:14.556 --> 00:07:17.326 of bringing us tools and technologies that are relevant 00:07:17.326 --> 00:07:19.776 and important to the way that we deliver our mission. 00:07:20.436 --> 00:07:23.926 The DHS study on mobile device security is the bible 00:07:23.926 --> 00:07:24.616 on the subject. 00:07:25.096 --> 00:07:26.206 We reference it constantly. 00:07:27.046 --> 00:07:28.256 One of the real world successes 00:07:28.326 --> 00:07:31.466 that DHS S&T has helped us with is in the area 00:07:31.466 --> 00:07:32.586 of application vetting. 00:07:33.086 --> 00:07:37.026 That work has yielded 300% increase 00:07:37.416 --> 00:07:39.126 in our ability to vet apps. 00:07:40.936 --> 00:07:44.326 By the way, S&T means science and technology. 00:07:44.326 --> 00:07:48.466 That's the only new acronym I'm going to throw at you, 00:07:48.466 --> 00:07:50.346 which is party impressive, 00:07:50.346 --> 00:07:52.596 because we're talking government here. 00:07:52.596 --> 00:07:55.346 But even if you forget that, remember this. 00:07:55.346 --> 00:07:57.356 Transition to operations. 00:07:57.356 --> 00:07:59.766 S&T's mission is to have the research they fund end 00:07:59.766 --> 00:08:01.966 up in available technologies 00:08:01.966 --> 00:08:04.696 that enable the homeland security mission. 00:08:04.806 --> 00:08:07.066 The transition for us is very important. 00:08:07.066 --> 00:08:10.296 One of the examples we have is mobile security technology 00:08:10.296 --> 00:08:11.236 with crypto wire. 00:08:12.086 --> 00:08:15.876 DHS S&T was the first recognized move to mobility 00:08:15.876 --> 00:08:17.776 that was important for the federal government 00:08:17.776 --> 00:08:18.466 commercial sector. 00:08:19.066 --> 00:08:21.756 With the help of DHS S&T, [inaudible] was able 00:08:21.756 --> 00:08:25.136 to analyze more than 10 million applications and use the results 00:08:25.346 --> 00:08:29.266 to inform agencies and even individuals. 00:08:29.266 --> 00:08:32.706 They really are the champion for ensuring 00:08:32.746 --> 00:08:34.536 that we have better understanding 00:08:34.536 --> 00:08:37.376 of the vulnerabilities around mobile security, 00:08:37.376 --> 00:08:40.296 mobile architectures, the applications, 00:08:40.296 --> 00:08:43.556 as well as the right techniques to follow to ensure 00:08:43.556 --> 00:08:45.536 that the whole mobile environment is 00:08:45.536 --> 00:08:46.836 as secure as possible. 00:08:47.146 --> 00:08:49.446 We are developing real world solutions 00:08:49.506 --> 00:08:50.856 that people see every day. 00:08:50.856 --> 00:08:54.536 It impacts their lives from a security standpoint, 00:08:54.866 --> 00:08:56.946 and we're pretty excited about the fact that we do that 00:08:57.276 --> 00:09:00.426 and it's important for our nation and our world. 00:09:00.426 --> 00:09:03.166 Real world solutions at work right here 00:09:03.166 --> 00:09:06.226 to protect all of us out there. 00:09:06.276 --> 00:09:10.496 DHS S&T, securing your cyber future. 00:09:10.496 --> 00:09:11.576 [ Music ] 00:09:11.576 --> 00:09:13.806 Vincent Sritapan: Okay. 00:09:14.226 --> 00:09:19.126 Alright. So I'll be quick 00:09:19.126 --> 00:09:20.446 because I was just checking time. 00:09:20.586 --> 00:09:22.136 So in the back of the room, 00:09:22.576 --> 00:09:25.436 you do have the Mobile Security R&D guide, Volume 2. 00:09:25.726 --> 00:09:28.806 So if you're interested into, you know, what is our strategy, 00:09:29.116 --> 00:09:33.066 what are we working on, you can also get it online, but they are 00:09:33.176 --> 00:09:34.476 in the back of the room. 00:09:34.476 --> 00:09:36.926 And it covers what we're currently funding today 00:09:36.926 --> 00:09:38.676 and also new funding opportunities. 00:09:38.676 --> 00:09:40.726 So when you talk about the mobile network infrastructure, 00:09:40.726 --> 00:09:43.586 I'll be talking next, and it's also in the guide, right? 00:09:43.586 --> 00:09:48.266 So just to note, we do cover mobile device security, right? 00:09:48.496 --> 00:09:50.296 Application and network infrastructure. 00:09:50.456 --> 00:09:53.066 So those are the three ticket items that we've been working 00:09:53.066 --> 00:09:55.636 on for some time and will continue to. 00:09:55.756 --> 00:09:57.576 So just for the sake of time, 00:09:57.886 --> 00:09:59.726 you can read it or look it up online. 00:09:59.726 --> 00:10:00.916 Take a picture if you need to. 00:10:01.456 --> 00:10:03.626 But that's that. 00:10:03.816 --> 00:10:07.006 So, our approach, and this is one of the things I'll stomp, 00:10:07.006 --> 00:10:10.216 foot stomp on really for everyone, especially folks 00:10:10.216 --> 00:10:12.206 that are interested to do, you know, how do we do, 00:10:12.206 --> 00:10:13.926 how do you do business with us, what does that mean? 00:10:14.466 --> 00:10:16.566 So keep in mind we're not funding research 00:10:16.566 --> 00:10:17.566 for research's sake, right? 00:10:17.606 --> 00:10:18.876 There is a mission in mind. 00:10:19.226 --> 00:10:23.306 Our philosophy, and I'd say more towards my philosophy, 00:10:23.736 --> 00:10:27.166 is very much about not just doing R&D 00:10:27.166 --> 00:10:28.446 and being a program manager. 00:10:28.446 --> 00:10:31.426 As a program manager, right, we start, first off, 00:10:31.426 --> 00:10:33.376 working with understanding what are the needs. 00:10:33.376 --> 00:10:34.406 What are those requirements? 00:10:34.406 --> 00:10:36.186 So, we work with industry. 00:10:36.186 --> 00:10:38.816 We work with government figuring out, you know, 00:10:38.816 --> 00:10:39.826 does this already exist? 00:10:39.826 --> 00:10:42.426 Is it something that you, a gap that really needs to be filled? 00:10:42.426 --> 00:10:45.326 And once that's defined, you can start at the bottom and move 00:10:45.326 --> 00:10:47.506 up to figure out, well, now we solicit 00:10:47.556 --> 00:10:48.816 for research and development. 00:10:48.816 --> 00:10:51.236 We look to industry, the research community, 00:10:51.386 --> 00:10:54.186 universities, big business, small business to tell us. 00:10:54.296 --> 00:10:56.706 What are those ideas that you can talk about? 00:10:57.036 --> 00:10:58.776 How can you fill this solution? 00:10:59.076 --> 00:11:00.046 And at the same time, 00:11:00.086 --> 00:11:02.466 you're gonna see it's not just tech, right? 00:11:02.836 --> 00:11:05.776 It's also you have to be a leader in the space 00:11:05.776 --> 00:11:07.916 where you're working on policy. 00:11:08.216 --> 00:11:10.926 You're working on different communities of practice. 00:11:11.026 --> 00:11:12.936 To help move the needle forward. 00:11:12.936 --> 00:11:15.306 So you may find, well, I can make this really great widget. 00:11:15.306 --> 00:11:18.336 But what if the policy prohibits you from adoption, right? 00:11:18.576 --> 00:11:21.416 What if security complains for that solution isn't there? 00:11:21.786 --> 00:11:24.316 This is where you're going to see us involved, 00:11:24.576 --> 00:11:27.746 impacting policy, leading, if you're familiar 00:11:27.746 --> 00:11:30.336 with Federal Mobility Group under FedCIO council, 00:11:30.756 --> 00:11:33.266 you're going to see we're engaged with the community 00:11:33.266 --> 00:11:34.656 to understand what's going on 00:11:34.966 --> 00:11:36.516 and include them all the way across. 00:11:36.516 --> 00:11:39.586 So we'll take these R&D investments that we do with you, 00:11:39.586 --> 00:11:42.786 but we'll include our partners to help do piloting, 00:11:42.786 --> 00:11:44.236 help get adoption, right? 00:11:44.236 --> 00:11:47.406 So it's a cyclical thing, just one of our approaches. 00:11:47.506 --> 00:11:49.386 It's the key thing I hate about the program 00:11:49.386 --> 00:11:50.596 and I've got to go really fast. 00:11:51.126 --> 00:11:55.776 Okay. So the actual BAA and the last slide is most important 00:11:55.776 --> 00:11:58.146 before we get to the more VIP speakers. 00:11:58.616 --> 00:11:59.246 Is what I'd say. 00:11:59.836 --> 00:12:02.276 The first thing I'd note is what's the challenge, right? 00:12:02.276 --> 00:12:04.076 So if you think about telecommunications, 00:12:04.076 --> 00:12:06.586 your phone calls that you make today, we have them 00:12:06.586 --> 00:12:08.006 for various mission purposes. 00:12:08.006 --> 00:12:09.116 You pick, right? 00:12:09.326 --> 00:12:10.756 First responder, you name it. 00:12:11.046 --> 00:12:14.436 The three areas that I'd like to harp on and this is just over 00:12:14.436 --> 00:12:17.576 and over on the slide deck, is first off, you know, current 00:12:17.576 --> 00:12:20.306 and legacy protocol vulnerabilities challenges, 00:12:20.306 --> 00:12:21.606 whatever you want to call them, right? 00:12:21.606 --> 00:12:24.076 So think of things like signaling system 7, 00:12:24.076 --> 00:12:25.326 think of things like diameter, 00:12:25.596 --> 00:12:27.786 you can go read the Cisarek report that's out there. 00:12:28.116 --> 00:12:30.466 Understand what the challenges within there today 00:12:30.776 --> 00:12:32.326 from the core or the RAM. 00:12:32.456 --> 00:12:36.116 Look at certain pieces if you've seen supply chain in the news, 00:12:36.116 --> 00:12:37.046 that's a challenge, right? 00:12:37.046 --> 00:12:38.916 We're looking to tackle parts of that. 00:12:38.916 --> 00:12:39.546 And I'll explain. 00:12:40.066 --> 00:12:43.196 The other one is the new opportunities in 5G, right? 00:12:43.196 --> 00:12:44.696 It's really, in this case, 00:12:44.696 --> 00:12:47.956 I can tell you it's an evolution of telecommunication. 00:12:47.956 --> 00:12:49.176 It is not a revolution. 00:12:49.256 --> 00:12:51.486 It is not going to, it is going to change our world 00:12:51.766 --> 00:12:54.636 but it's built off of the same core infrastructure 00:12:54.636 --> 00:12:55.576 that exists today. 00:12:55.576 --> 00:12:57.616 It's not like we just swap it out, right? 00:12:57.646 --> 00:12:58.926 So keep that in mind. 00:12:59.226 --> 00:13:01.706 But there's opportunities in virtualization, 00:13:01.926 --> 00:13:05.486 there's opportunities in network slicing, there's a lot there 00:13:05.486 --> 00:13:06.456 that we can talk about. 00:13:06.766 --> 00:13:10.196 And then the last one is network, what do you call it, 00:13:10.196 --> 00:13:12.056 mobile network traffic visibility 00:13:12.056 --> 00:13:13.436 and management for the enterprise. 00:13:13.436 --> 00:13:14.756 Which I'll go into more detail. 00:13:14.756 --> 00:13:16.696 This is more on things that we can control, 00:13:16.696 --> 00:13:18.396 not necessarily carrier based. 00:13:18.446 --> 00:13:21.766 But that is a challenge today if you ask any large enterprise. 00:13:22.196 --> 00:13:24.396 You know, you have mobile devices that are issued 00:13:24.396 --> 00:13:26.126 to your employees, whether government, 00:13:26.126 --> 00:13:27.686 state, or private industry. 00:13:28.056 --> 00:13:29.226 They ask a simple question. 00:13:29.266 --> 00:13:31.246 Do you monitor and see all the traffic 00:13:31.286 --> 00:13:32.266 that goes through that phone? 00:13:32.856 --> 00:13:33.656 Chances are no. 00:13:33.776 --> 00:13:35.526 In government, do we have requirements 00:13:35.526 --> 00:13:36.536 that make that in place? 00:13:36.636 --> 00:13:37.436 The answer's yes. 00:13:37.516 --> 00:13:39.256 But do we do that? 00:13:39.256 --> 00:13:40.426 Maybe. Right? 00:13:40.426 --> 00:13:42.596 And so let's keep talking. 00:13:43.146 --> 00:13:45.166 Some of the security challenges you can see in the press. 00:13:45.166 --> 00:13:46.826 This is old, we've been working on this 00:13:47.006 --> 00:13:50.156 to provide you this new topic area probably for close 00:13:50.156 --> 00:13:51.466 to two years, to be honest. 00:13:51.466 --> 00:13:54.526 Right? Pace of government, things take time, 00:13:54.806 --> 00:13:57.396 but luckily we are here today to tell you about it. 00:13:57.966 --> 00:14:01.546 Additionally the enterprise challenge and the problem, 00:14:01.546 --> 00:14:03.356 and I can give you an easy example, right? 00:14:04.126 --> 00:14:07.146 If you think of this today, everybody has, you know, 00:14:07.146 --> 00:14:08.916 a laptop that you have. 00:14:08.916 --> 00:14:09.766 In the federal government, 00:14:09.766 --> 00:14:11.886 we have what's called the trusted internet connection. 00:14:12.016 --> 00:14:13.886 It's a requirement that we have to follow. 00:14:14.206 --> 00:14:18.176 It means that in our laptop we have a virtual private network, 00:14:18.176 --> 00:14:20.766 a VPN, that encrypts everything and tunnels it back 00:14:20.766 --> 00:14:23.326 and on the back end we have some kind of intrusion detection, 00:14:23.326 --> 00:14:26.026 intrusion prevention system to filter that traffic. 00:14:26.406 --> 00:14:28.036 In mobile, we don't do that today. 00:14:28.416 --> 00:14:30.116 When we looked into this problem, 00:14:30.226 --> 00:14:32.806 some of you say well there are certain technologies 00:14:32.806 --> 00:14:33.316 out there today. 00:14:33.626 --> 00:14:35.626 Alright? Well we looked at this and said well hey, 00:14:35.626 --> 00:14:37.676 let's just turn on a VPN on the phone. 00:14:37.796 --> 00:14:39.516 It's not a new technology, let's do it. 00:14:39.936 --> 00:14:43.356 Well, the truth was when we did that and we looked at this 00:14:43.356 --> 00:14:45.406 and we try to send everything back to our data center, 00:14:45.536 --> 00:14:46.866 the data center would die. 00:14:46.866 --> 00:14:49.046 It can't handle the sheer bandwidth, right? 00:14:49.236 --> 00:14:50.096 That's the first problem. 00:14:50.456 --> 00:14:53.256 The second problem is we have this other thing called MTips. 00:14:53.256 --> 00:14:55.686 It's a, think of it as a managed service provider. 00:14:55.986 --> 00:14:58.396 So if you've ever had a denial of service happen 00:14:58.396 --> 00:15:01.196 at your enterprise and you pay by the bandwidth, what happens 00:15:01.196 --> 00:15:02.816 after a DDOS that you survived? 00:15:03.266 --> 00:15:04.866 Usually you get a really big check. 00:15:04.866 --> 00:15:07.856 Like a bill that you have to pay, you know, in one night. 00:15:07.906 --> 00:15:10.196 Which would usually be six, nine months' worth of bills. 00:15:10.486 --> 00:15:12.606 So mobile would blow up, you know, 00:15:12.686 --> 00:15:14.106 what we actually can do, right? 00:15:14.106 --> 00:15:15.316 We're not used to it. 00:15:15.456 --> 00:15:19.396 So just the scalability, the reliability, 00:15:19.396 --> 00:15:21.596 those type of things, are things we need to work on. 00:15:21.596 --> 00:15:23.656 It's more of a near-term one to two year problem 00:15:23.756 --> 00:15:26.226 that we think we can tackle. 00:15:26.426 --> 00:15:28.046 So network based risk. 00:15:28.116 --> 00:15:31.446 So everything where you see a star, just for the sake of time, 00:15:31.446 --> 00:15:34.166 is where we're looking to apply research and development. 00:15:34.466 --> 00:15:36.416 I can tell you, if you're not familiar, 00:15:36.416 --> 00:15:39.466 and at the last slide we'll include the broad agency 00:15:39.466 --> 00:15:42.016 announcement where all the slides are posted. 00:15:42.016 --> 00:15:44.456 So if you missed a slide, you're like hey I wanted to go back 00:15:44.456 --> 00:15:47.166 and see what was posted, it's going to be on there, okay? 00:15:47.626 --> 00:15:49.326 Just for timing purposes. 00:15:49.926 --> 00:15:51.366 Okay. I got really fast. 00:15:51.366 --> 00:15:53.266 Alright, so let me just get to, 00:15:53.266 --> 00:15:56.486 these are the three areas we're going to focus on. 00:15:56.486 --> 00:15:59.116 Right here as I talked about and the slides, again, 00:15:59.216 --> 00:16:00.496 will be made available. 00:16:00.836 --> 00:16:04.546 I want to give time for Q&A but the last slide, 00:16:04.546 --> 00:16:07.406 which is right here, alright, I was worried about slides. 00:16:07.826 --> 00:16:10.586 But okay. So the last slide is the broad agency 00:16:10.586 --> 00:16:11.316 announcement call. 00:16:11.386 --> 00:16:14.726 So if you go to FedBizOpps and you go search for this, 00:16:14.806 --> 00:16:17.096 that's the number underlined in bold that you need 00:16:17.096 --> 00:16:18.676 to go put into search for it. 00:16:18.806 --> 00:16:21.586 You're going to see everything from slides that we've presented 00:16:21.586 --> 00:16:24.626 in our industry day in the past to, you know, 00:16:24.626 --> 00:16:25.966 the topic itself, right? 00:16:25.966 --> 00:16:28.646 And so I would read very, very carefully. 00:16:28.646 --> 00:16:30.936 Right? So everything from compliance things 00:16:30.936 --> 00:16:32.376 like page number, right? 00:16:32.646 --> 00:16:34.096 Don't go over the page count. 00:16:34.276 --> 00:16:35.506 Because you'll get disqualified. 00:16:35.866 --> 00:16:38.566 To you know, what is needed for you to apply? 00:16:38.566 --> 00:16:41.476 You have to actually, you know, apply in the system. 00:16:41.926 --> 00:16:44.456 And the thing that I would announce to the group 00:16:44.456 --> 00:16:46.096 and everyone else is that, sorry. 00:16:46.456 --> 00:16:53.796 This, so this is actually extended until the end of July. 00:16:54.036 --> 00:16:56.296 So if you're looking for, one thing I'll note is 00:16:56.296 --> 00:16:57.986 that this is a full proposal. 00:16:58.376 --> 00:17:00.796 So if you have technologies in different areas, you're going 00:17:00.796 --> 00:17:03.396 to hear the different speakers talk about their challenges. 00:17:03.396 --> 00:17:05.756 It's their challenges that we're looking to solve. 00:17:06.056 --> 00:17:10.186 And so that it's not about what Vincent wants or you know, 00:17:10.186 --> 00:17:11.496 my boss wants necessarily. 00:17:11.496 --> 00:17:13.436 It's about what CISA's mission is, right? 00:17:13.726 --> 00:17:16.776 So in the three technical topic areas, whether you're looking 00:17:16.776 --> 00:17:19.136 at current and legacy protocol vulnerabilities 00:17:19.136 --> 00:17:21.566 or you're looking at new opportunities in 5G, 00:17:21.796 --> 00:17:24.096 or you're looking at enterprise mobile network traffic 00:17:24.096 --> 00:17:27.036 inspection management, those are the three areas 00:17:27.036 --> 00:17:29.806 in which we're looking for applied research 00:17:29.806 --> 00:17:32.036 and development, you know, in this area. 00:17:32.036 --> 00:17:33.706 So the three technical topic areas, 00:17:33.706 --> 00:17:37.146 you can see the dollar limit ceilings that we recommend. 00:17:37.426 --> 00:17:39.956 They're not hard, just to be clear, 00:17:39.956 --> 00:17:41.906 they're not necessarily hard and fast. 00:17:42.086 --> 00:17:43.536 This is the, all you have. 00:17:43.966 --> 00:17:47.206 But keep in mind this is what we recommend, right? 00:17:47.206 --> 00:17:49.856 So a 1 to 3 year project is what we're looking at. 00:17:49.856 --> 00:17:54.416 And you know, it's how are you solving CISA's challenge is what 00:17:54.416 --> 00:17:54.776 I'd say. 00:17:55.146 --> 00:17:57.876 So I'm getting told to do Q&A. 00:17:58.016 --> 00:18:00.846 And maybe I'll get more Q&A. 00:18:00.846 --> 00:18:01.606 But we'll see. 00:18:01.606 --> 00:18:02.816 Maybe not. 00:18:02.816 --> 00:18:03.926 Any questions? 00:18:06.576 --> 00:18:09.106 Yes, go ahead. 00:18:09.106 --> 00:18:11.066 [ Inaudible ] 00:18:11.066 --> 00:18:17.776 I was wondering if you could maybe clarify some 00:18:17.776 --> 00:18:20.356 of your current and anticipated level of engagement 00:18:20.426 --> 00:18:23.846 with mobile network operators, existing operators today. 00:18:24.036 --> 00:18:27.346 Obviously network security requires, you know, maybe some, 00:18:27.576 --> 00:18:29.306 you know, level of integration with those networks. 00:18:29.306 --> 00:18:32.296 Vincent Sritapan: Yeah, so we do highly encourage teaming. 00:18:32.736 --> 00:18:34.396 We don't recommend hey, I have a, 00:18:34.396 --> 00:18:35.956 I mean small businesses are great. 00:18:35.956 --> 00:18:37.436 I definitely agree with that. 00:18:37.706 --> 00:18:41.796 But we recommend teaming with either an OEM carrier 00:18:41.796 --> 00:18:44.196 or each other to figure out where that fits 00:18:44.196 --> 00:18:47.356 because it's very important to not just pitch a great idea 00:18:47.356 --> 00:18:49.786 but figure out a transition pathway for it. 00:18:49.786 --> 00:18:51.216 Our engagement with CISA 00:18:51.216 --> 00:18:53.436 and other include the ICT task force. 00:18:53.436 --> 00:18:55.856 So they have a direct line to things 00:18:55.856 --> 00:18:59.676 like CTIA wireless association with all the carriers' OEMs. 00:18:59.796 --> 00:19:02.076 We also have in the Federal Mobility Group, 00:19:02.296 --> 00:19:07.476 one of the four sub pillars that includes 5G 00:19:07.476 --> 00:19:08.726 and mobile network infrastructure, 00:19:08.726 --> 00:19:11.766 where we're looking to see where the various test beds 00:19:11.766 --> 00:19:14.516 that you're seeing, you know, Verizon, X company, you know, 00:19:14.516 --> 00:19:15.766 I don't want to say a carrier, 00:19:15.996 --> 00:19:18.316 but certain carriers invest in certain areas. 00:19:18.546 --> 00:19:20.016 In which where does it make sense 00:19:20.016 --> 00:19:21.176 for the government to partner? 00:19:21.426 --> 00:19:24.506 We have various use cases and I can tell you, although, 00:19:24.506 --> 00:19:27.916 you know, we're putting in X, you know, millions of dollars 00:19:27.916 --> 00:19:29.786 into it, DoD's putting even more. 00:19:30.066 --> 00:19:31.776 So we have collaboration throughout. 00:19:32.466 --> 00:19:34.176 So that helps a little bit. 00:19:35.586 --> 00:19:36.296 Other questions? 00:19:37.126 --> 00:19:40.886 Go ahead. 00:19:40.886 --> 00:19:41.906 [ Inaudible ] 00:19:41.906 --> 00:19:47.576 Okay, so just to repeat the question 00:19:47.576 --> 00:19:50.346 in case you didn't hear, it was easy. 00:19:50.636 --> 00:19:54.616 What are the health implications for 5G and where do we see that? 00:19:55.126 --> 00:19:57.646 So, I would say and defer to the FCC, 00:19:57.646 --> 00:20:00.486 I know they have certain reports and there's certain things 00:20:00.486 --> 00:20:02.186 that have to be tested and proven 00:20:02.186 --> 00:20:05.476 out by the carriers before they can actually go to production. 00:20:05.476 --> 00:20:08.426 This is something we've looked at as far 00:20:08.426 --> 00:20:10.976 as just an interest in inquiry. 00:20:11.156 --> 00:20:13.716 This is not something I've seen any investment 00:20:13.766 --> 00:20:16.656 in across us or DOD to be honest. 00:20:16.656 --> 00:20:20.276 What we literally meet every week almost. 00:20:20.336 --> 00:20:22.576 So I would say from a health perspective, 00:20:22.576 --> 00:20:25.426 there has been concerns, you know, we talk about different, 00:20:25.496 --> 00:20:26.986 it's being forming right now, right? 00:20:27.166 --> 00:20:30.436 Is my head going to go real hot and explode kind of deal 00:20:30.436 --> 00:20:32.296 or am I going to have any defects? 00:20:32.366 --> 00:20:34.186 This is a concern, right? 00:20:34.186 --> 00:20:37.306 But at the same time, we do follow in line with FCC. 00:20:37.306 --> 00:20:40.346 There are studies that have been published and are being done 00:20:40.346 --> 00:20:42.176 in order to determine that. 00:20:42.176 --> 00:20:44.706 I know the last study was in specifically for 3G. 00:20:45.256 --> 00:20:46.436 So that's older. 00:20:46.786 --> 00:20:49.896 But as you look at 5G, in order for it to come online, 00:20:49.896 --> 00:20:52.196 it does have to abide by those guidelines. 00:20:53.146 --> 00:20:57.836 Okay. And Kevin's smarter than me on this one, so he will, 00:20:57.836 --> 00:21:01.076 in general, so he can talk about all that, right? 00:21:01.556 --> 00:21:02.456 Other questions? 00:21:03.416 --> 00:21:06.766 Go ahead. Two, yeah, go for it. 00:21:06.766 --> 00:21:09.166 So do you have any ongoing projects that you can talk 00:21:09.166 --> 00:21:13.296 about detecting cell-site simulators or MC catchers 00:21:13.436 --> 00:21:15.226 around sensitive like government locations? 00:21:15.596 --> 00:21:17.616 Vincent Sritapan: Not that I can talk about. 00:21:17.666 --> 00:21:21.306 Yeah, no. Unfortunately not. 00:21:21.806 --> 00:21:22.516 Other questions? 00:21:22.756 --> 00:21:26.896 So we're going to submit a proposal and, but we're going 00:21:26.976 --> 00:21:28.466 to do it by ourselves. 00:21:28.896 --> 00:21:32.526 But would you, are you planning on potentially teaming 00:21:32.996 --> 00:21:36.336 up companies like us after we win a proposal 00:21:36.366 --> 00:21:39.156 with a larger operation? 00:21:39.706 --> 00:21:42.406 Vincent Sritapan: Yeah, so that depends, it really depends 00:21:42.406 --> 00:21:43.646 on what's being proposed. 00:21:43.646 --> 00:21:47.646 So keep in mind, so if you're applying to TTA 1 or 2, 00:21:47.746 --> 00:21:49.146 it's more carrier based, right? 00:21:49.406 --> 00:21:51.116 Versus you're applying to TTA 3. 00:21:51.426 --> 00:21:54.356 The teaming is going to be way different, right? 00:21:54.846 --> 00:21:57.926 When I think about career versus you know, 00:21:58.256 --> 00:22:01.336 more enterprise networks, that's a different type of teaming, 00:22:01.336 --> 00:22:03.016 you may not need carriers and OEMs. 00:22:03.016 --> 00:22:05.106 So depending on your TTA, 00:22:05.316 --> 00:22:08.776 I would definitely say we will engage with the customer 00:22:08.776 --> 00:22:10.686 or customers, various stakeholders, 00:22:11.406 --> 00:22:15.706 that will you know, it just depends is the easy answer. 00:22:17.076 --> 00:22:19.166 Okay. Other questions? 00:22:21.726 --> 00:22:24.626 Save all the hard ones for the other two speakers, 00:22:24.686 --> 00:22:25.886 that's the way to go. 00:22:26.016 --> 00:22:28.816 Alright. So I think that's it. 00:22:28.816 --> 00:22:31.456 So please, if you do have other questions, for those of you 00:22:31.456 --> 00:22:33.996 who try to email me directly about the BAA and others, 00:22:34.246 --> 00:22:35.926 I can tell you we won't be able to answer. 00:22:36.516 --> 00:22:39.136 Per, you know, procurement office. 00:22:39.296 --> 00:22:40.936 You have the bottom email address there 00:22:40.936 --> 00:22:43.746 that you can answer any questions, anything Q&A 00:22:43.746 --> 00:22:46.146 that was asked before does go on the website, 00:22:46.146 --> 00:22:49.526 it's all recorded for, you know, compliance and fairness. 00:22:50.466 --> 00:23:10.596 Okay. So I'll give it back to Megan and we'll go from there. 00:23:10.596 --> 00:23:11.128 [ Applause ] 00:23:11.128 --> 00:23:11.660 [ Music ]