The Daily Swig Web security digest

DHS invests $8.6m in mobile security

James Walker | 07 September 2017 at 12:00

Funds will be used to develop secure mobile apps for government use.

The US Department of Homeland Security (DHS) Science and Technology Directorate (S&T) has awarded funding to five research and development projects aimed at enhancing the secure use of mobile applications for federal government operatives.

The Mobile Application Security (MAS) projects – which have, unsurprisingly, been awarded to five US-based tech firms – have been unveiled as DHS prioritizes the need to integrate cutting-edge security throughout the mobile app lifecycle.

“Adversaries can use a compromised or vulnerable mobile app as an avenue to target and gain a foothold on a user’s device,” said DHS Acting Under Secretary for Science and Technology, William Bryan.

“The Mobile Application Security project will deliver innovative solutions that will ensure apps used by government personnel and the public are secure.”

Each of the five companies has been tasked with the development of solutions that will improve the enterprise security of mobile devices and apps connected to backend DHS systems.

Qualcomm Technologies of San Diego, California, has been awarded $1.8 million utilize and integrate its commercial technology to demonstrate a platform on which mobile app security can be anchored in the hardware of a device.

The effort will include the demonstration of a Mission-Critical-Grade Security Layer (MCGSL), which will continuously validate and secure third-party apps and services, helping to protect their integrity on the mobile device.

San Francisco-based cybersecurity firm, Lookout, will receive $1.8 million to add new app threat, risk, and vulnerability detection and protection capabilities to its cloud-based Mobile Endpoint Security platform.

According to DHS, these enhancements will strengthen the government’s ability to securely enable the use of mobile technologies for mission-critical activities.

On the east coast, United Technologies Researcher Center of Connecticut has been awarded $1.5 million to develop and implement a mobile app security system that will run on a hybrid mobile-cloud environment.

Virginia-based mobile risk specialist Apcerto has scooped $1.6 million to research and develop new solutions for normalizing and rating mobile apps based on predefined standards, as well as a framework for orchestrating the entire mobile app security process.

Finally, Red Hat of Raleigh, North Carolina, and Virginia-based Kryptowire have been jointly awarded $1.9 million to integrate security throughout the entire mobile app development lifecycle.

The firms will develop an extension of the Red Hat Mobile Application Platform that will enable security templates for developers and integrate automated mobile app security testing.

The goal is to automatically enforce checks to ensure developed app code and third-party libraries comply with security standards throughout the mobile app lifecycle development process.

“Each group has proposed and will develop innovative secure solutions that will greatly improve the enterprise security of mobile devices and apps connected to backend systems,” said DHS mobile security program manager Vincent Sritapan.

“Through these and future projects, the Mobile Application Security R&D project will ensure mobile apps are secure no matter whether they are developed by the enterprise or acquired from third-party app markets.”