GovTech – Adventures and Observations in IAM: Contextual Access Control Demo at DHS

Demonstrating ‘Contextual Access Control’ at the 2017 DHS S&T Urban Operational Experimentation Event by Daemon Price

It’s an interesting time to be in Government Technology. Join me here every few weeks where I’ll share my observations on the latest technology happenings within the Beltway and across Government. We’ll discuss the latest trends in Identity and Access Management, as well as some of the conferences and meetings I attend in my role as VP of Business Development and Sales at Resilient Network Systems.

Recently, I attended a fascinating demonstration of contextual access control technology for first responders in Brooklyn, New York.  On January 24-26, 2017, the Department of Homeland Security (DHS) Science and Technology Directorate (S&T) held the Urban Operations Experimentation (OpEx) technology demonstration event at the New York City Emergency Management Center (NYCEM).  The DHS S&T’s National Urban Security Technology Laboratory (NUSTL) ran the event.  NUSTL is a federal laboratory organized within the DHS S&T’s First Responders Group that provides products and services to help first responders prepare, protect and respond to homeland security threats.  The NUSTL OpEx event brought together a series of commercial technology vendors who had submitted proposals the previous year to have their technologies reviewed by first responders in New York.  The winning vendors represented various capabilities that met specific first responder challenge areas identified by DHS.

Resilient Network Systems (RNS) teamed with Haystax and Honeycomb Networks to demonstrate a real-time threat intelligence evaluation, prioritization and automated routing capability that included policy-driven contextual access control of the system users and data, and which could deliver new EDXL data feeds for use.  After Honeycomb reviewed EDXL protocol information, Haystax’s Constellation™ analytics platform walked through a mock scenario where the NYCEM had to manage a visiting dignitary in New York whose carefully scheduled agenda is interrupted by unplanned demonstrations, traffic problems, police/fire activities, and foul weather that culminates in a tornado event.

As the scenario progressed, additional resources were needed onsite in various areas to report and respond to the shifting situation.  Some of these resources were purpose-dispatched from the NYCEM and various first responder offices, while others were already in the field on other duties, and still others who were not on duty at all.  RNS’sResilient Access™ system demonstrated how all of these users could be quickly provisioned into Constellation™ via their mobile devices, with each going through a unique policy-directed authentication workflow that delivered specific individualized access rights to each user.  This enabled each user to receive the specific data, and access the specific systems they needed to perform the role assigned by the NYCEM, while still allowing the NYCEM to maintain the security and control critical for the success of their emergency management mission.

After presenting to the first responders at the OpEx event for the two planned hours, a Q&A session between the first responders and Resilient, Haystax and Honeycomb continued for another hour and a half.  To DHS’s satisfaction, the first responders walked away with a greater understanding of EDXL (Emergency Data Exchange Language) as a viable protocol for their use, of Constellation as a real-time threat intelligence core capability, and if the number/types of questions were any indication, with a new understanding and appreciation of just how powerful policy-driven contextual access control can be in support of their core missions.

About the author

Daemon Price is the VP of Business Development and Sales at Resilient Networks Systems. A Virginia Tech graduate, where he participated in the Corps of Cadets, Daemon held multiple postings within the Dept. of Agriculture and the Dept. of Commerce before taking his information security experience to the private sector where he worked for both small businesses like SoftMed Systems (creator of the original electronic health record) and Blackboard (education IT innovator) to prime contractors like CSC, SAIC and 3M. With government awards and billion dollar solicitation wins to his credit, Daemon continues as a passionate technology evangelist and can be seen often at events held by AFCEA, INSA, NDIA, AUSA, FCW and many others.

“By identity, we mean a specific set of attributes that, when paired with the right context, and policy evaluation engine, allows the user to connect and access only the company data and apps that they are supposed to have access to.”

Context is indeed everything.