Risk
10/18/2012
01:48 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

After Benghazi, State Dept. Seeks Diplomat Tracking Technologies

Following deadly attacks on diplomatic facilities in Libya, the Department of State wants new technology to track employees working in the field.

14 Amazing DARPA Technologies On Tap
14 Amazing DARPA Technologies On Tap
(click image for larger view and for slideshow)
As the Department of State continues to scramble to improve diplomatic security in the wake of the recent deadly attack on U.S. diplomatic missions in Benghazi, Libya, and other violent attacks elsewhere, the agency has started a search for a new system to track its diplomats outside American embassies.

In procurement documents released this week, the Department of State says that it is looking for a contractor to build a system to track diplomats via signals from their mobile devices, including satellite phones and traditional cellular phones.

The procurement is a bid to increase security for American diplomats. It comes at a time when the Department of State is under heavy scrutiny for its ability to keep diplomatic employees safe abroad after an attack September 11 on diplomatic compounds in Benghazi, Libya, killed four--including U.S. ambassador to Libya Christopher Stevens--and wounded nine others.

While the system may be used in the United States, its primary use will be to protect State Department employees when they are outside American embassies on diplomatic missions. "The protection of government personnel traveling from the protected mission facility to their foreign counterpart's office is of paramount importance in the execution of U.S. foreign policy," the agency said in its procurement documents.

[ Cyberespionage is a growing concern. See 7 MiniFlame Facts: How Much Espionage Malware Lurks? ]

The technology will be operated out of the Department of State's Office of Security Technology of the Bureau of Diplomatic Security, the security arm of the Department of State. According to the acquisition documents, the new system will replace an outdated, nine-year-old system. The agency has already implemented a similar system from Thermopylae Sciences and Technology for diplomatic staff in Pakistan, Iraq, Afghanistan, and Yemen, though that system relies on transmitters attached to vehicles and individuals.

The system will include a Web interface that will allow the State Department to view live and historical tracking data, and will also serve data to visual mapping applications like Google Earth, ESRI software, and FalconView. It will be able to create a virtual "geofence" that can alert an administrator and the diplomat him or herself as the device enters and exits certain predefined areas. For some devices, the system will also show the State Department how fast the diplomatic employee is traveling and in what direction.

In the event of an emergency, the personnel tracker will be able to accept emergency messages from diplomats, send them emails, and activate device microphones to communicate with State Department employees.

In terms of nuts and bolts, the system will rely partially on Oracle Database 11g and Oracle Advanced Security. It will include a production server, a test server, and a backup server, and the Department of State is looking for the contractor to provide a number of maintenance and management services on top of the tracking hardware and software.

Due to the sensitivity of the data, the agency is only looking for contractors with Top Secret clearances, and anyone who works on the system will be required to have such clearance. Since the system is critical, the agency is looking for 99.9% uptime and a system that is highly secure and will meet security certification and accreditation requirements.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
J. Nicholas Hoover
50%
50%
J. Nicholas Hoover,
User Rank: Apprentice
10/19/2012 | 1:21:46 PM
re: After Benghazi, State Dept. Seeks Diplomat Tracking Technologies
I agree that this has probably been in the works for months, if not years, and isn't a reaction to Benghazi. However, given that the release of the solicitation coincides with the problems with embassy security overseas, I believe it is important to mention those problems as part of the story.
jcasciano201
50%
50%
jcasciano201,
User Rank: Apprentice
10/19/2012 | 12:49:25 PM
re: After Benghazi, State Dept. Seeks Diplomat Tracking Technologies
Anyone familiar with government contracting has to know that this RFP has probably been in the works for months, if not years, and not a reaction to the Benghazi tragedy.
jries921
50%
50%
jries921,
User Rank: Apprentice
10/18/2012 | 10:21:38 PM
re: After Benghazi, State Dept. Seeks Diplomat Tracking Technologies
The main problem with this is... that if the State Department can track the location of their employees in real time, assassins and kidnappers can potentially do the same (ie. this may do more harm than good).
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-4793
Published: 2014-12-27
The update function in umbraco.webservices/templates/templateService.cs in the TemplateService component in Umbraco CMS before 6.0.4 does not require authentication, which allows remote attackers to execute arbitrary ASP.NET code via a crafted SOAP request.

CVE-2013-5958
Published: 2014-12-27
The Security component in Symfony 2.0.x before 2.0.25, 2.1.x before 2.1.13, 2.2.x before 2.2.9, and 2.3.x before 2.3.6 allows remote attackers to cause a denial of service (CPU consumption) via a long password that triggers an expensive hash computation, as demonstrated by a PBKDF2 computation, a si...

CVE-2013-6041
Published: 2014-12-27
index.php in Softaculous Webuzo before 2.1.4 allows remote attackers to execute arbitrary commands via shell metacharacters in a SOFTCookies sid cookie within a login action.

CVE-2013-6043
Published: 2014-12-27
The login function in Softaculous Webuzo before 2.1.4 provides different error messages for invalid authentication attempts depending on whether the user account exists, which allows remote attackers to enumerate usernames via a series of requests.

CVE-2013-6227
Published: 2014-12-27
Unrestricted file upload vulnerability in plugins/editor.zoho/agent/save_zoho.php in the Zoho plugin in Pydio (formerly AjaXplorer) before 5.0.4 allows remote attackers to execute arbitrary code by uploading an executable file, and then accessing this file at a location specified by the format param...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.