by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
GCN : October and November 2016
40 GCN OCTOBER/NOVEMBER 2016 • GCN.COM with the gun that fired it is a critical tool for law enforce- ment, and such forensics have traditionally relied on careful case-by-case com- parisons by an experienced examiner. Hands-on examination by highly trained special- ists does not scale, however, so the National Institute of Standards and Technology has developed a high-tech, open-access and crowd- sourced solution called the Ballistics Toolmark Research Database to help modernize that process. Drawing on ballistics data from the FBI’s refer- ence firearms collection and other participating law enforcement agencies, NIST is building a vast collection of high-resolution virtual models of fired bullets. Test- fired bullets and cartridge cases, along with information on the guns that fired them, are sent to NIST, where lab technicians scan the samples using a microscope that produces a high-resolution, 3-D topographic surface map. The result is a virtual model of the physical object. The surface maps produce more detailed comparison data than the 2-D images traditionally used to match bullets. They also remove many of the ambiguities that can cloud traditional matches, helping law en- forcement agencies speed their investigations. In addition, the growing library gives researchers the data to develop new identifi- cation methods and advance the forensics even further. The way NIST set about developing the ballistics database is also noteworthy. The Laboratory Information Systems Team created a busi- ness plan to use existing IT resources to provide full sys- tems development capabili- ties in-house. Officials used LIST’s fixed budget to fund a multiyear, flexible contract for software development support. That approach allowed NIST to obtain project man- agement, business analysis, hosting, software develop- ment, product deployment and maintenance — as well as support for Federal Infor- mation Security Management Act requirements — at lower fixed hourly rates than any contract vendor could offer. — Troy K. Schneider Cybersecurity Defending collaboration across DOD The Fortify for Forge program gives the Defense Department’s Forge.mil users secure, rapid and cost-effective access to up- to-date software security assessment tools It’s not easy to fend off the cybercriminals, hacktivists and powerful nation-states that would see breaching the Defense Department’s cyber defenses as a major coup. Those hackers have learned to take advantage of vulnerabilities in software to exploit IT systems and access mission-critical data. But through its recent software assurance initia- tive, the Defense Information Systems Agency has found a better way to contend with potential vulnerabilities that can allow bad actors to break into DOD networks. Working with Hewlett Pack- ard Enterprise’s Fortify on De- mand group, DISA’s Forge.mil Fortify for Forge (F3) program gives DOD users secure, rapid and cost-effective access to up-to-date software security assessment tools. Forge.mil F3 is the first DOD program to deliver “software assurance as a service” without requiring software licenses or training to use the tools to manage the process. Instead, F3 is a pay-as-you- go model where users can have their code scanned for vulnerabilities and then dis- cuss the findings and recom- mendations with a software assurance expert so they can quickly make the required changes to the code. The program was based on feedback from DISA’s survey of its users. “Almost unanimously, users told [DISA] that they needed better security assessment tools and capabilities,” said John Farrell, Fortify special- ist for advanced programs at Hewlett Packard Enterprise Security. 1116gcn_032-055.indd 40 10/6/16 12:53 PM
August and September 2016
January and February 2017