San Diego, Calif. – November 1, 2018 – ObjectSecurity, a leader in solving complex, evolving defense and industrial cybersecurity and supply chain risk challenges, today announced that it has successfully completed a Small Business Innovation Research (SBIR) contract from the US Air Force (USAF).

The project titled “Military/Government Feasibility Study of OpenPMF™ Security Policy Automation” [1] was in response to Small Business Innovation Research (SBIR) [1] AF182-005 “Open Call for Innovative Defense-Related Dual-Purpose Technologies/Solutions”. The objective of this topic is to explore Innovative Defense-Related Dual-Purpose Technologies that may not be covered by any other specific SBIR topic and thus to explore options for solutions that may fall outside the Air Force’s current fields of focus but that may be useful to the US Air Force. This topic will reach companies that can complete a feasibility study and prototype validated concepts in accelerated Phase I and II schedules. [2]

The project focused on validating the feasibility of ObjectSecurity’s OpenPMF product [3] in military/government environments: “DoD needs smarter technical security policy implementation, esp. for access control. However, technical security policies are increasingly unmanageable (esp. access control) because there are too many rules & configurations, too many changes to manage manually, across too many security features, devices, applications, layers etc. ObjectSecurity OpenPMF is a security policy automation “umbrella” that lets security professionals author security policies in generic/intuitive/consistent terms. From these, it calculates the matching technical rules and configurations, by filling in imported technical details. It is not yet used by the military/government but has strong potential and is highly innovative. We therefore propose a military/government feasibility study of OpenPMF security policy automation (with special focus on Air Force needs). OpenPMF has been developed for 10+ years, is patented (since 2007), award-winning, and has been deployed in other industries. It is an ideal candidate for rapid transitioning into military/government use. The proposed effort will research the viability and benefits of OpenPMF Security Policy Automation for Air Force and the wider military/government. The effort will address the 7 questions stated in the solicitation and additional technical objectives outlined in the accompanying slide deck. The effort will include the development of a functional prototype for a mock-up military/government environment.”

The operational usefulness of the OpenPMF [3] product was validated as a key enabler: a consistent, generic policy “umbrella” to centrally manage technical security policies in human-intuitive terms and concepts. It is a flexible, customizable platform that is highly adaptable. From a technical perspective we could not identify any particularly differing barriers to adoption for the Government vs. elsewhere. Customization is usually part of an OpenPMF deployment, incl. specific importers, exporters, documents, default policies etc. In 2018, the main obstacles for adoption of OpenPMF are less technical, but more organizational and psychological [4]. The real cost benefit of OpenPMF is during maintenance, evolution and policy changes. OpenPMF not only greatly reduces the costs of system and policy evolution, but also reduces the need for skilled personnel, which is in practice often an even bigger challenge than costs.

ObjectSecurity securely brings together data & analytics to create intelligence and automation. We are leading experts in technologies & services to drive the information age in your organization.

“This project enabled us to do critical market analysis at the necessary scale to validate and fine-tune OpenPMF for the military/government”, says Dr. Ulrich Lang, CEO/founder of ObjectSecurity. “The current access control approach is inadequate due to its lack of fine-grained precision, allowing legitimate but also illegitimate access. OpenPMF’s adoption is hindered by less technical but organizational obstacles such as inter-organizational collaboration and psychological barriers. However, the US government can apply OpenPMF in various scenarios, including IoT, cloud infrastructure, enterprise applications, identity/access management, and data-centric security, with varying deployment flavors. OpenPMF’s modular design enables adaptability to technological changes, making it a flexible platform that can address evolving military/government use cases over time with anticipated significantly lower costs subsequent to the initial deployment.”

About ObjectSecurity

ObjectSecurity LLC is a leader in solving complex, evolving defense and industrial cybersecurity and supply chain risk challenges that threaten national security and production downtime. Our novel research and development are applied to commercial solutions proactively addressing the core source of cyber vulnerabilities and risk – software code and data. Our holistic, proactive approach prevents cyber attacks and disruptive production downtime across industries that support global citizen communities, including military defense, municipal smart cities, public and private transportation, energy, wastewater treatment, power utilities, manufacturing, and the life sciences. For more than 20 years, ObjectSecurity has been delivering cybersecurity and supply chain risk management solutions, including to U.S. defense and federal government agencies. These advanced technologies are now commercially available for government and private sector use. ObjectSecurity is privately-held with headquarters in San Diego, CA, with global representation. [5]

More Information

1. Award Information: https://legacy.www.sbir.gov/sbirsearch/detail/1947319
2. Solicitation Information: https://www.highergov.com/sbir-opportunity/open-call-for-innovative-defense-related-af182-005-sbir-2018-1fdd8dd0/
3. OpenPMF Website: https://objectsecurity.com/openpmf
4. UPDATE 2024: Today’s the cybersecurity tools/approaches landscape has changed and OpenPMF falls squarely under Zero Trust Architecture (ZTA): ZTA is a security model used by military and government agencies to safeguard sensitive resources by assuming no implicit trust within or outside their networks. ZTA enforces strict verification for every access request, leveraging continuous authentication, least privilege access, and micro-segmentation to minimize risks from both internal and external threats. By treating each interaction as potentially compromised, ZTA ensures that only verified, authorized users and devices can interact with critical systems, enhancing overall security resilience in high-stakes environments.
5. ObjectSecurity https://www.objectsecurity.com.

Media Contact

• Dan Mathews
• 1 650 515 3391
• Contact https://objectsecurity.com/contact