NDAA and Simulation Technology Security in 2019

This past April, a Chinese national was caught trying to enter the Mar-A-Lago resort with multiple cellphones, a hard drive, a laptop, and a thumb drive that were infected with malware. Although the woman in question was removed by the Secret Service without further incident, the security breach coincided with President Trump’s stay at the resort. While the incident draws attention to the Executive office’s security practices as they pertain to China and others, it also serves as a stark reminder that data privacy and information security are a national concern with vast political and economic implications. In recent years, Federal law makers have continually sought to address the ongoing cyber-threat that is posed to both public and private entities by hostile foreign governments like China, North Korea, and Russia.

The most recent example of this legislative action is the federal government procurement rules that went into effect this year as part of the John S. McCain National Defense Authorization Act for Fiscal Year 2019 (NDAA). A provision of the NDAA effectively bans federal agencies from purchasing and using video surveillance and telecommunications products made by Chinese technology firms Hytera Communications Corporation, Hangzhou Hikvision Digital Technology Company, Dahua Technology Company, and “any subsidiary or affiliate of such entities.” While industry-discovered security vulnerabilities (which Hikvision says have been patched) resulted in the initial scrutiny of Hikvision cameras and others, the threat that the Chinese Government may, whether forcefully or cooperatively, encourage the manipulation of products that have access to information and data networks in the United States remains a central focus of our Government’s cyber-defense policies.

KbPort™ Protecting your Future

Institutions that conduct high-stakes testing or utilize recording in real-life clinical settings should be cognizant of exposure to HIPPA or FERPA violations caused by vulnerable system components that could impact a program’s funding, accreditation, or even, reputation. As a proactive, security-minded vendor, KbPort™ takes our customer’s privacy and security responsibilities seriously. Over the last decade, a primary objective of KbPort™ has been to source the best hardware available to ensure the highest capture and real-time streaming quality with next to zero delay. KbPort™ also continually evaluates its offerings and works directly with manufacturers and suppliers to provide its customers with the most secure and up-to-date equipment available.

In addition to utilizing vetted, industry-leading brands for hardware components, proprietary KbPort™ technology provides secured access controls, industry-standard 256-bit AES data encryption, and end-user safeguards that help you to both simplify and effectively maintain the information security of your simulation program’s technology environment. Designed to function like an appliance in your house, KbPort™ solutions are engineered to be used exclusively for the purposes for which they are sold.

As a self-contained solution, most-common computing tasks that are unrelated to running, capturing, or evaluating simulations (e.g. browsing the internet, playing games, installing apps, downloading and opening files external to the system) are blocked and not accessible when working from a KbPort™ system. While this doesn’t preclude users from doing such tasks on client PCs (which may be used to access and control a KbPort™ system), our locked-down system design prevents malicious programs from being installed or critical data (e.g. captured videos, student data, and performance evaluations) from being corrupted. Finally, KbPort™ solutions are powered by a custom Linux® kernel. Linux® is generally recognized by industry experts to be a very secure operating system and is backed by an extensive worldwide developer base. KbPort™ also offers Professional Services and consults directly with IT departments to develop the best possible deployment configuration that meets or exceeds your institution’s unique security situation.

Linux® is the registered trademark of Linus Torvalds in the U.S. and other countries.

Simulation Hardware and Software Security

KbPort™ offers the following advice with regards to security:

  • Be familiar with and follow your institution’s information technology policies.

  • Participate in awareness trainings and in-services.

  • Keep passwords safe and secure and follow best practices.

  • Seek out expert advice and consider Professional Services offerings when exploring procurement of enterprise technologies. Having project management, solution design, and IT consultation services as part of your design and implementation process can set your program up for a successful adoption of new technology and provide a path for long term success.

  • Opt for solution designs that maximize your capabilities while still falling within your institution’s security capabilities and technical requirements. Some designs and workflows may not always be possible when your operations environment is dictated by strict HIPPA or other privacy policy compliance.

  • Identify both organizational and individual responsibilities for technology maintenance.

  • Practice good technology management in your simulation space and develop a schedule or process for ensuring that systems and hardware are kept up-to-date.

  • Make sure that your technology and equipment vendors provide resources, including training and support, to update hardware and software.

  • Make sure that your technology and equipment vendors provide resources, including training and support, to update hardware and software.

  • Prepare for faculty and staff turn-over before it happens: have documentation, hand-off procedures, and training options determined and available before they occur. Successful center and lab management plans, like KbPort™ Technology Management Plan™ (TMP™) include additional training and on-site service visits for just this purpose.

  • Maintain a collaborative working relationship with your IT department. Successful technology outcomes depend on cooperation and teamwork. You need IT and IT needs you. When lines of communication are open and everyone is on the same page, it is for the benefit of all involved.

  • Be vigilant. If you notice something suspicious or if equipment is not behaving as expected, don’t hesitate to contact a vendor’s support line or your institution’s IT department. It is better to have a concern reviewed than to let it go and allow it to cause a critical impact to data and information systems.

  • Always back up your data. Redundancy is the best safeguard when it comes to preventing data loss. Consider implementing additional backup solutions and avoid relying on just one backup-type, such as a single piece of hardware, for your long-term storage and preservation needs. Have a data backup and recovery plan in place well before an unexpected issue impacts critical information. Your IT department can work with both you and your vendor to implement a strategy that best meets the needs of both your individual program and your institution as a whole.

John S. McCain National Defense Authorization Act for Fiscal Year 2019. (2018, Aug 18). 115th Congress. Retrieved from:
https://www.congress.gov/bill/115th-congress/house-bill/5515/text
Lawmakers target Chinese security companies over spy fears. (2018, June 1o). The Hill. Retrieved from:
https://thehill.com/policy/national-security/396212-lawmakers-target-chinese-security-companies-over-spy-fears
Woman from China carrying malware arrested after entering Mar-a-Lago. (2019, April 2). The New York Times. Retrieved from:
https://www.nytimes.com/2019/04/02/us/mar-a-lago-zhang-chinese-secret-service.html
Password security doesn’t have to be hard, see these 15 best practices. (2019, Jan 3). Small Business Trends. Retrieved from:
https://smallbiztrends.com/2019/01/password-best-practices.html
How to not waste a trillion dollars on cybersecurity. (2018, Nov 9). Forbes. Retrieved from:
https://www.forbes.com/sites/forbestechcouncil/2018/11/09/how-not-to-waste-a-trillion-dollars-on-cybersecurity/#4a2e3043df9a