With the dangers of cyberthreats becoming increasingly clear to government administrators, national security and defense agencies have been looking to the private sector for solutions, opening up opportunities for specialists in biometrics and related identity technologies.
A number of developments in recent weeks have sent the same signal. Toward the end of last month, for example, the General Services Administration published an RFI on behalf of the Cybersecurity and Infrastructure Security Agency (CISA) concerning the development of ‘Threat Intelligence Enterprise Services’ that would enhance CISA’s Cyber Threat Intelligence capabilities. The ultimate aim, the RFI indicated, is to enable CISA to offer these capabilities ““as a compendium of enterprise services to federal, intelligence community, state and law enforcement customers.”
The sharing of cyber intelligence is at the heart of this effort. As Nextgov reported at the time, the RFI went on to explain that the platform envisioned will act as a “one stop integration point for analysts and infrastructure to receive, share and collaborate on relevant and timely CTI [‘Cyber Threat Intelligence’], enabling teams to protect their environments and others.”
Last week, it became clear that this kind of intelligence sharing will likely become mandatory in the near-term, and will span the government and private sectors. The National Defense Authorization Act (NDAA) is a piece of legislation that is expected to see a speedy approval through the House this week, and through the Senate next week. And one of its components is a provision requiring the National Security Agency (NSA) and CISA to conduct a study and draft a brief concerning the development of a “cyber threat information collaboration environment program” that would let both government and private sector stakeholders share cybersecurity information through a single platform. The study will have a deadline of April 30, 2023, and the NSA and CISA will need to brief relevant Armed Services Committees.
Together with the GSA’s earlier request for information about a potential ‘Threat Intelligence Enterprise Services’ platform for CISA, the NDAA provision further points to a larger role for private sector entities in national cyber-defense, which could include everything from passwordless authentication to behavioral biometrics solutions that would monitor internal assets.
Meanwhile, the Department of Defense kicked off December with its announcement of a new Office of Strategic Capital that is specifically designed to “connect companies developing critical technologies vital to national security with capital,” as the DoD explained in a statement announcing the office. This is more of a moonshot accelerator, with the DoD highlighting futuristic tech like “next-generation biotechnology” and “quantum science” solutions as examples of cutting-edge innovations that “require long-term financing to bridge the gap between the laboratory and full-scale production”.
That could further open the door to biometrics and identity technology companies pursuing the more extreme end of innovation – and soon.
“OSC is part of a broader administration-wide effort to ‘crowd-in’ private capital in areas where our efforts can boost our future security and prosperity,” explained Under Secretary of Defense for Research and Engineering Heidi Shyu. “Our hope is that OSC will be able to strike its first deals by early next year.”
Whether or not biometrics and related identity technologies end up playing a role in that initial cohort of OSC beneficiaries, the establishment of the Office itself shows once again just how intent America’s national security apparatus has become on procuring the help of the private sector as it pursues next-generation cyberdefense capabilities.
December 12, 2022 – by Alex Perala