A second group within the Pentagon is experimenting with technology that can track the way employees type, determining within seconds whether a user accessing a network is who they say they are.
The Defense Department office responsible for seeking out cutting-edge commercial technology recently awarded Canadian company Plurilock a contract for its Biotracker product, which can gather enough data within three seconds and 12 keystrokes to distinguish one user's typing behavior from any other's within an organization.
That system, intended to establish when unauthorized users might have stolen an authorized employee's' credentials, is currently being piloted by an unnamed combat support agency. This week, the Army Network Enterprise Technology Command also signed on, signaling that behavioral biometrics might become a larger part of the department's strategy to prevent insider cyber threats.
» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.
Since Biotracker continuously analyzes a user's typing behavior, it can constantly reassess whether the user logged in to an account is actually that user. It can create a preliminary profile within seconds, but in about 20 minutes it can collect enough information regarding keystroke cadence, speed and mouse use to paint a detailed portrait of an individual's behavior.
The NETCOM contract intends to install Biotracker on networks used by everyday employees, some of whom are warfighters or supporting warfighters, to prevent insider threats. The combat support agency is evaluating Plurilock specifically as a potential replacement to the Common Access Card, Plurilock Chief Executive Officer Ian Paterson told Nextgov. In the past, former Pentagon Chief Information Officer Terry Halvorsen stated biometrics would likely be involved in any CAC replacement.
The two contracts have led to an uptick in inbound requests from other federal agencies interested in investing in behavioral biometrics, Paterson said.