Risk

10/18/2012
01:48 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

After Benghazi, State Dept. Seeks Diplomat Tracking Technologies

Following deadly attacks on diplomatic facilities in Libya, the Department of State wants new technology to track employees working in the field.

14 Amazing DARPA Technologies On Tap
14 Amazing DARPA Technologies On Tap
(click image for larger view and for slideshow)
As the Department of State continues to scramble to improve diplomatic security in the wake of the recent deadly attack on U.S. diplomatic missions in Benghazi, Libya, and other violent attacks elsewhere, the agency has started a search for a new system to track its diplomats outside American embassies.

In procurement documents released this week, the Department of State says that it is looking for a contractor to build a system to track diplomats via signals from their mobile devices, including satellite phones and traditional cellular phones.

The procurement is a bid to increase security for American diplomats. It comes at a time when the Department of State is under heavy scrutiny for its ability to keep diplomatic employees safe abroad after an attack September 11 on diplomatic compounds in Benghazi, Libya, killed four--including U.S. ambassador to Libya Christopher Stevens--and wounded nine others.

While the system may be used in the United States, its primary use will be to protect State Department employees when they are outside American embassies on diplomatic missions. "The protection of government personnel traveling from the protected mission facility to their foreign counterpart's office is of paramount importance in the execution of U.S. foreign policy," the agency said in its procurement documents.

[ Cyberespionage is a growing concern. See 7 MiniFlame Facts: How Much Espionage Malware Lurks? ]

The technology will be operated out of the Department of State's Office of Security Technology of the Bureau of Diplomatic Security, the security arm of the Department of State. According to the acquisition documents, the new system will replace an outdated, nine-year-old system. The agency has already implemented a similar system from Thermopylae Sciences and Technology for diplomatic staff in Pakistan, Iraq, Afghanistan, and Yemen, though that system relies on transmitters attached to vehicles and individuals.

The system will include a Web interface that will allow the State Department to view live and historical tracking data, and will also serve data to visual mapping applications like Google Earth, ESRI software, and FalconView. It will be able to create a virtual "geofence" that can alert an administrator and the diplomat him or herself as the device enters and exits certain predefined areas. For some devices, the system will also show the State Department how fast the diplomatic employee is traveling and in what direction.

In the event of an emergency, the personnel tracker will be able to accept emergency messages from diplomats, send them emails, and activate device microphones to communicate with State Department employees.

In terms of nuts and bolts, the system will rely partially on Oracle Database 11g and Oracle Advanced Security. It will include a production server, a test server, and a backup server, and the Department of State is looking for the contractor to provide a number of maintenance and management services on top of the tracking hardware and software.

Due to the sensitivity of the data, the agency is only looking for contractors with Top Secret clearances, and anyone who works on the system will be required to have such clearance. Since the system is critical, the agency is looking for 99.9% uptime and a system that is highly secure and will meet security certification and accreditation requirements.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
J. Nicholas Hoover
50%
50%
J. Nicholas Hoover,
User Rank: Apprentice
10/19/2012 | 1:21:46 PM
re: After Benghazi, State Dept. Seeks Diplomat Tracking Technologies
I agree that this has probably been in the works for months, if not years, and isn't a reaction to Benghazi. However, given that the release of the solicitation coincides with the problems with embassy security overseas, I believe it is important to mention those problems as part of the story.
jcasciano201
50%
50%
jcasciano201,
User Rank: Apprentice
10/19/2012 | 12:49:25 PM
re: After Benghazi, State Dept. Seeks Diplomat Tracking Technologies
Anyone familiar with government contracting has to know that this RFP has probably been in the works for months, if not years, and not a reaction to the Benghazi tragedy.
jries921
50%
50%
jries921,
User Rank: Ninja
10/18/2012 | 10:21:38 PM
re: After Benghazi, State Dept. Seeks Diplomat Tracking Technologies
The main problem with this is... that if the State Department can track the location of their employees in real time, assassins and kidnappers can potentially do the same (ie. this may do more harm than good).
Register for Dark Reading Newsletters
Dark Reading Live EVENTS
INsecurity - For the Defenders of Enterprise Security
A Dark Reading Conference
While red team conferences focus primarily on new vulnerabilities and security researchers, INsecurity puts security execution, protection, and operations center stage. The primary speakers will be CISOs and leaders in security defense; the blue team will be the focus.
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: No, no, no! Have a Unix CRON do the pop-up reminders!
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
Enterprises are spending more of their IT budgets on cybersecurity technology. How do your organization's security plans and strategies compare to what others are doing? Here's an in-depth look.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.