Risk
10/18/2012
01:48 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

After Benghazi, State Dept. Seeks Diplomat Tracking Technologies

Following deadly attacks on diplomatic facilities in Libya, the Department of State wants new technology to track employees working in the field.

14 Amazing DARPA Technologies On Tap
14 Amazing DARPA Technologies On Tap
(click image for larger view and for slideshow)
As the Department of State continues to scramble to improve diplomatic security in the wake of the recent deadly attack on U.S. diplomatic missions in Benghazi, Libya, and other violent attacks elsewhere, the agency has started a search for a new system to track its diplomats outside American embassies.

In procurement documents released this week, the Department of State says that it is looking for a contractor to build a system to track diplomats via signals from their mobile devices, including satellite phones and traditional cellular phones.

The procurement is a bid to increase security for American diplomats. It comes at a time when the Department of State is under heavy scrutiny for its ability to keep diplomatic employees safe abroad after an attack September 11 on diplomatic compounds in Benghazi, Libya, killed four--including U.S. ambassador to Libya Christopher Stevens--and wounded nine others.

While the system may be used in the United States, its primary use will be to protect State Department employees when they are outside American embassies on diplomatic missions. "The protection of government personnel traveling from the protected mission facility to their foreign counterpart's office is of paramount importance in the execution of U.S. foreign policy," the agency said in its procurement documents.

[ Cyberespionage is a growing concern. See 7 MiniFlame Facts: How Much Espionage Malware Lurks? ]

The technology will be operated out of the Department of State's Office of Security Technology of the Bureau of Diplomatic Security, the security arm of the Department of State. According to the acquisition documents, the new system will replace an outdated, nine-year-old system. The agency has already implemented a similar system from Thermopylae Sciences and Technology for diplomatic staff in Pakistan, Iraq, Afghanistan, and Yemen, though that system relies on transmitters attached to vehicles and individuals.

The system will include a Web interface that will allow the State Department to view live and historical tracking data, and will also serve data to visual mapping applications like Google Earth, ESRI software, and FalconView. It will be able to create a virtual "geofence" that can alert an administrator and the diplomat him or herself as the device enters and exits certain predefined areas. For some devices, the system will also show the State Department how fast the diplomatic employee is traveling and in what direction.

In the event of an emergency, the personnel tracker will be able to accept emergency messages from diplomats, send them emails, and activate device microphones to communicate with State Department employees.

In terms of nuts and bolts, the system will rely partially on Oracle Database 11g and Oracle Advanced Security. It will include a production server, a test server, and a backup server, and the Department of State is looking for the contractor to provide a number of maintenance and management services on top of the tracking hardware and software.

Due to the sensitivity of the data, the agency is only looking for contractors with Top Secret clearances, and anyone who works on the system will be required to have such clearance. Since the system is critical, the agency is looking for 99.9% uptime and a system that is highly secure and will meet security certification and accreditation requirements.

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
jries921
50%
50%
jries921,
User Rank: Apprentice
10/18/2012 | 10:21:38 PM
re: After Benghazi, State Dept. Seeks Diplomat Tracking Technologies
The main problem with this is... that if the State Department can track the location of their employees in real time, assassins and kidnappers can potentially do the same (ie. this may do more harm than good).
jcasciano201
50%
50%
jcasciano201,
User Rank: Apprentice
10/19/2012 | 12:49:25 PM
re: After Benghazi, State Dept. Seeks Diplomat Tracking Technologies
Anyone familiar with government contracting has to know that this RFP has probably been in the works for months, if not years, and not a reaction to the Benghazi tragedy.
J. Nicholas Hoover
50%
50%
J. Nicholas Hoover,
User Rank: Apprentice
10/19/2012 | 1:21:46 PM
re: After Benghazi, State Dept. Seeks Diplomat Tracking Technologies
I agree that this has probably been in the works for months, if not years, and isn't a reaction to Benghazi. However, given that the release of the solicitation coincides with the problems with embassy security overseas, I believe it is important to mention those problems as part of the story.
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Must Reads - September 25, 2014
Dark Reading's new Must Reads is a compendium of our best recent coverage of identity and access management. Learn about access control in the age of HTML5, how to improve authentication, why Active Directory is dead, and more.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-6278
Published: 2014-09-30
GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and m...

CVE-2014-6805
Published: 2014-09-30
The weibo (aka magic.weibo) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVE-2014-6806
Published: 2014-09-30
The Thanodi - Setswana Translator (aka com.thanodi.thanodi) application 1.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVE-2014-6807
Published: 2014-09-30
The OLA School (aka com.conduit.app_00f9890a4f0145f2aae9d714e20b273a.app) application 1.2.7.132 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVE-2014-6808
Published: 2014-09-30
The Active 24 (aka com.zentity.app.active24) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
In our next Dark Reading Radio broadcast, we’ll take a close look at some of the latest research and practices in application security.