Request for Info from the Veterans Affairs Asks for Dark Net Help
Tor was one of the main focuses at the Inside Dark Web conference and in case you didn’t attend, TMC CEO Rich Tehrani wrote a blog about it.
Tehrani pointed out that in the face of IT security at enterprises and governments have questions the dark net and its ability to make its users anonymous.
The US Department of Veterans Affairs entered a request for information on May 12, 2016.
D—Dark Web – Request for Information
Solicitation Number: VA11816Q1211
Agency: Department of Veterans Affairs
Office: VA Technology Acquisition Center
Location: VA Technology Acquisition Center
Just like all the other federal departments of the government, the VA is on the hacking list of targets. The VA has admitted that it is under millions of cyberattacks every month. The VA contains millions of veteran information that if compromised and sold of used by nation hackers or terrorists.
Submissions are due before May 26th, at 12pm eastern time. Instructions on completing this process in order to submit are in the RFI.
“As part of your consideration as to whether you are interested in the RFI below is what the VA is interested in. It involves a software product that provides all the capabilities:
- The Software shall be capable of taking VA data and creating a one-way encrypted hash or pattern matching capability from that data ensuring that neither the vendor nor any other party not affiliated or working with the VA can ascertain and/or use the data for any purposes other than this exercise.
- The software shall be capable of searching the “Dark Web” for exploited VA data improperly outside of VA control.
- The software shall be capable of using VA’s encrypted data hash or pattern matching to search the “Dark Web” and report back to the VA what was found.
- The software shall be capable of distinguishing VA sourced data on the “Dark Web” from data from any other source.
- The software shall be capable of integrating with the VA’s network and existing software platforms
- The software shall conform to all the VA information technology security policies, as outlined in the VA Handbook 6500, in particular;
- The software shall not put any VA Personally Identifiable Information or Protected Health Information at risk of breach.
- If the software processes VA PII and/or PHI data, the data shall be encrypted using FIPS 140-2 compliant methods.
- The software shall not expose the VA network to any type of malware or cyber-attack.
- Include commercial Bailment agreement.” The RFI reads.
The VA goes on by stating “Parties should address how software meets all the capabilities listed above. Parties are invited to provide information concerning any such products, as well as limited licenses that will permit VA evaluation of existing products. Please note that this RFI is strictly for the purposes of market research, will be at no cost to the government, and does not imply any commitment or intention by the VA to invest in any future project and/or award any future contract.”
One of the biggest battles in government right now is that fight between the governments right to know in order to protect its people, and individuals right to privacy. Many IT professionals know the Dark Net is a major source for good as well as evil, and in fact many of the same IT security personnel are regular users of the Dark Web.