President of Derry Software, Jim Derry, attended the National Cyber Summit 2019 conference in Huntsville, Alabama. This cybersecurity event is known for connecting Government, Industry, and Cyber Professionals together in an environment to educate, collaborate, and create opportunities with one another.
Informational Interview with Jim Derry: National Cyber Summit
Interviewer: “Why did you decide to attend the National Cyber Summit?”
Jim: “There is always something new to learn about. This year I learned about a new product that integrates a VPN, with internet security abilities, at a reasonable price. We are going to look more into implementing this on our network. Also, events like this are a great opportunity to make and develop relationships with other people and companies.”
Interviewer: “Considering your law enforcement background, what are your thoughts and concerns in relation to cybercrime and data integrity currently?”
Jim: “The cybersecurity threat is generally known by everyone who uses technology. The biggest challenge is being able to do your job and not get compromised. In law enforcement, we use so many devices for communicating, as the internet of things (IoT) continues to grow. This results in an ever-increasing number of opportunities for cyber-attacks.
However, there isn’t a simple process to use to protect information. There are many sets of standards and regulations designed to help with cybersecurity, but which one is the right one? Federal law enforcement agencies use criminal justice information system (CJIS) standards for securing law enforcement information. States have their own sets of rules and requirements. There are many differences among other sectors of government as well, who may need to share information with law enforcement.
Local law enforcement has neither the time or money to meet every information security standard that could help them gain access to information now and in the future. The many cybersecurity regulations restrict everyone’s ability to successfully share information and to be able to meet requirements for any sector of government.”
Interviewer: “What is there being done to solve some of these cybersecurity and data sharing issues?”
Jim: “There are many efforts to help solve cybersecurity issues. It’s one of the hottest topics in IT. These efforts include adequate training, development of new products and services, and more regulations. There seem to be many standards to meet, and almost as many options to meet them.
Georgia Tech Research Institute (GTRI) and the National Identity Exchange Federation (NIEF) are developing a solution for identity management that may be applicable to cybersecurity requirements. GTRI and NIEF have been leaders in identity management for decades. They help law enforcement share information by helping them share users of their information systems. Their most recent development is in the area of what they call Trustmarks.
A Trustmark can be described as a process where a complex requirement is broken down into smaller, easily defined requirements. These requirements may be as common as “Use multi-factor authentication to log in”, or as unique as “must be a sworn law enforcement officer.” Definitions for Trustmarks are agreed upon by everyone who uses them.
Member agencies in NIEF can request to be issued a set of Trustmarks. Their ability to meet the Trustmark is evaluated and the ones that can be certified by NIEF are granted. Then other member agencies can trust the identity information being used by the agency granted the Trustmark. What I like most about Trustmarks is the same Trustmark can be used by a local, state, or federal agency. This eliminates barriers created by the multiple sets of standards.”
Interviewer: “What if the Trustmark principles were applied to cyber security regulations?”
Jim: “Applying the Trustmark concept to information systems and cybersecurity requirements, within a wide range of government users, has the potential to make cybersecurity easier to understand, implement, and maintain. The incredibly large, multiple sets of requirements for access to the different information systems in government could be broken down into a single set of standards that could be shared by all. A single Trustmark could be granted to an organization for a security measure that could be applied for meeting the same cybersecurity requirement universally.
Law enforcement agencies could achieve access to more information using Trustmarks now. I believe if they were adopted universally in governments, they could not only gain more access to information, but they would also improve their understanding and ability to sustain their network security.”
Interviewer: “What has Derry Software done in relation to software security and data integrity with your new product, MSAT?”
Jim: “We use the standard security measure of starting with people. I know that’s cliché, but people can make the best systems fail and they can keep the worst systems secure. We look for people of great character who will enact, enforce, and enable us to establish and maintain a safe cybersecurity environment for Derry software.
We have built on the same principles that we use for network security into our new product MSAT. We deny access to unauthorized users and we validate users. Sensitive information always stays on law enforcement networks. We also use multiple layers of encryption and other measures designed to secure information used by MSAT. Cybersecurity is a constant and ever-changing concern and another great reason to attend the National Cyber Summit.”