Research Pact for Mobile App Security

Friday, July 24, 2015 @ 04:07 PM gHale

A $2.9 million cyber security mobile app security (MAS) research and development (R&D) award will help identify mobile app vulnerabilities.

The Northern Virginia-based small business, Kryptowire won the 30-month contract through the Department of Homeland Security (DHS) Science and Technology Directorate’s (S&T) Long Range Broad Agency Announcement (LRBAA).

Mobile Malware Targets Android
Email, Mobile Security Building Blocks
NIST Revises Random Number Generation
NIST Updates ICS Security Guide

“Ensuring that our mobile applications are secure across the federal government is a priority for S&T,” said DHS Under Secretary for Science and Technology Dr. Reginald Brothers. “This project will help to enable the secure use of mobile apps across the Department’s many missions.”

The MAS R&D project aims to establish continuous automated assurance of mobile apps for the federal government.

By combining mobile app archiving and app vetting technologies as well as incorporating government and industry security standards, the project will capture app changes made over the app’s lifespan and will test against known vulnerabilities and emerging threats. The results captured will go into a report continuously maintained and will follow the Federal Chief Information Officer Council’s Mobile Technology Tiger Team initiative for app reciprocity reporting that would be shareable to other federal departments and agencies.

S&T’s Cyber Security Division and First Responders Group are leading this effort with partnerships from the Department’s Office of the Chief Information Officer, Federal Emergency Management Agency, U.S. Customs and Border Protection, U.S. Computer Emergency Readiness Team, as well as the Department of Justice, U.S. General Services Administration and other federal agencies.

“The MAS R&D project is trying to solve mobile app security for the federal government,” said S&T Cyber Security Division Mobile Security Program Manager Vincent Sritapan. “We want the project to adhere to government requirements and best practices, but still be cost effective for the federal IT community.”

In addition, S&T will be looking to extend the mobile app security capabilities to the first responder community in order to help support their mission.

“First responders continuously rely on mobile apps for logistics and collaboration,” said First Responders Group Office for Interoperability and Compatibility Director John Merrill. “S&T wants to help make sure each first responder has access to secure mobile apps in the future.”