Bastille and the SECDEF Memo

Summary

Excerpt From SECDEF Memo – Impacts on SCIF/SAPF Security Webinar
Learn More Below About the Bastille SECDEF Memo
The significance of this memo, which mandates that all DoD components install electronic device detection systems and mitigation mechanisms in SCIFs and SAPFs by September 30th, 2024, is explained by CTO Dr. Brett Walkenhorst in the video below. Bastille is a passive system that only listens and does not transmit information. Its key capabilities are the ability to construct allow lists for approved devices, constant and complete detection and location of wireless protocols, and this ability. Bastille is the only NIAP common criteria certified solution, so it is well-positioned to handle these issues.

Video Transcript

This pertains to the provision in the memo that says that all DOD components are required to program for appropriate electronic device detection systems and mitigation measures in all DOD SCIFs and SAPFs by September thirty twenty twenty four. So hopefully, what I've done is motivated the reason that that kind of a provision exists.

This isn't really new news. DOD and DOE, state department, many federal agencies have been aware for decades of the problem associated with wireless because they've been targeted. And and of course, we know how to target others using the same technology. So this is a threat. And and the reason the DOD is interested in mitigating that is all of what I've built up so far.

These devices are everywhere. They can be compromised. They can be leveraged as surveillance devices. And, of course, by someone who knows what they're doing and intentionally trying to do it could potentially connect to a network and exfiltrate data maliciously. So that's where Bastille comes in. We're the only NIAP common criteria certified solution that can help with this problem.

And then a couple of key key key capabilities that I wanna harp on, and then I'll I'll turn it over to Jeremy. Some key issues here, we do continuous comprehensive detection and localization of all these terrestrial wireless protocols. By continuous, I mean it's operating twenty four seven. By comprehensive, I mean it's operating throughout the facility, not just at the doorway, for example.

So you can you can see the devices wherever they are, localize them wherever they are, any time of day. The Bastille system also allows you to create allow lists, which I think is very pertinent for this kind of environment. We have certain exceptions where someone has been authorized to take a certain device into those facilities.

Maybe it's a medical device. Maybe maybe it's a specific behavior that would be precluded within that authorization, such as you're allowed to take your your hearing aids in, but they shouldn't connect to your phone while it's in your car. That would present a data exfiltration threat. And Bastille can accommodate those kinds of nuances and policies.

The bottom line is the allow list is is available to you. Bastille, I mentioned this before, is a hundred percent passive. Many of our competitors are not. So that's really important that we don't we don't send out information. We're just listening. And then a couple more that I'll I'll talk about in more detail, cell phone detection and localization and Bluetooth device detection, including paired devices.