department of defense – Bredemarket

Biscuit-based Identity Authentication and Authorization

Some of us authenticate ourselves to unlock our smartphones. Others authenticate to access confidential corporate information. A few authenticate to wield the power to annihilate the world.

The football and the biscuit

In the United States, the President (Commander-in-Chief) has a “biscuit.”

“The nuclear biscuit is a card with authentication codes that acts as the President’s personal key to unlocking America’s nuclear arsenal.

“The biscuit acts a lot like a two-factor authentication device or app. Its codes are updated regularly, and it works in connection with the nuclear football to verify the President’s identity. Without the biscuit, the President can’t order a nuclear strike, even if they have the football itself.”

Factors of authentication

Here are the three authentication factors that the biscuit reportedly uses.

“Something you have is quite an obvious one, you needed to have the actual Biscuit and the codes within.

“Something you know is when you opened the Biscuit. It had many codes printed on the cards and all were false apart from one. The President would have been told the position of the real code when he first took office. He would also be told each time the Biscuit was changed.

“For something you are, the phone line the President would need to contact has no number. It can only be contacted via a secure military phone. This phone would be handed to the President by one of his security team who would obviously not hand this phone to anyone but the President.”

Now you can argue that the phone line is not a TRUE something you are factor. A devious security team member could hand the phone to someone who SOUNDS like the President.

And there’s another complication.

Passing the football

Let’s say that a President is away from Washington. Say, at a school in Florida.

And all of a sudden attacks are launched in multiple U.S. cities.

What if an attack were launched in Florida, incapacitating the President, either temporarily of permanently?

In such an attack, the country and the world cannot afford to wait for hours for the football to be flown to wherever Richard Cheney is.

The solution? Two footballs (at least).

“Believing that the vice president should be a partner in national security policymaking, President Jimmy Carter assigned a football to Vice President Walter Mondale and this became the practice for future U.S. administrations.”

Outside the U.S. Russia has a similar system called the “Cheget,” and other nuclear countries presumably have similar procedures to authenticate the persons or persons authorized to launch nuclear weapons.

Your football and biscuit

If you are an identity vendor or customer, you may have your own authentication and authorization procedures. While a breach of your procedures won’t result in the annihilation of civilization, it could create its own damage.

Do you need help describing the security of your identity solution?

Talk to Bredemarket.

Stop losing prospects! Use Bredemarket content for tech marketers

Business Concerns Always Override Technology Concerns

The Institute for Defense and Government Advancement (IDGA) recently released some survey results. Now I don’t want to simply reproduce the results; go here to download your own copy of the report.

But I do want to say this.

“A large number” of IDGA survey respondents expressed concern about “Interagency information sharing.”

This is NOT a technology concern. The technologies exist to enable information sharing. For example, one of Bredemarket’s clients recently made the technological changes necessary to allow an application, designed to interface to agency A, to instead interface to agency B.
No, this is a business concern—or in this case a governmental concern. A matter of setting up the processes to allow Bob from agency A to exchange data with Judy from agency B. Even though Bob thinks that Judy is a bozo, and vice versa.

And while we’re on the topic…

If you’re worried about Big Government (the FBI and the CIA and the BBC, BB King, and Doris Day) (or INTERPOL and Deutsche Bank, FBI and Scotland Yard) combining all their information to entrap you, your fears may be difficult to realize. Yes, there are cases in which the agencies share data. But there are also cases where they don’t, because it’s in an agency’s interest to keep its data to itself.

Agencies usually ask the question “How can I GET the data from the Bureau of Stuff?” They normally don’t ask the question “How can I GIVE my data to the Bureau of Stuff?”

And that’s why agencies run into problems sharing data.

Dig It.

Computer World.

The Department of War Brand…Guides

I’ve never written a formal brand guide for Bredemarket, but I probably should. Not that outside agencies are citing the Bredemarket brand or the proper use of a wildebeest, but I probably should provide helpful consistency hints. (No “Brede Market,” people.)

But larger organizations obviously have brand guides and enforce them.

Including the United States Department of War.

Note that I said Department of War, not the Department of Defense. There is an official “DOW Brand Guide” posted on the Department of War website. And as we’ll see in a minute, it’s important to note that this is on the Department’s website.

The DOW Brand Guide and Mission Statement

A government agency needs to brand just like private agencies. Here are the opening overview of the DOW Brand Guide:

The Department of War Brand Guide was developed to ensure a shared visual experience that reinforces DOW’s identity and core priorities.

The foundation of the department’s brand is the DOW Mission Statement:

The Department of War provides the military forces needed to deter war and ensure our nation’s security.

Without getting into the politics and showmanship of the whole thing, let’s note that the Department has a critical need to communicate its mission. And that’s what it has done here.

Use of Name

I’m not going to cover the entire DOW Brand Guide, which is like any other brand guide with logos and colors and stuff. The picture illustrating this post is the “dark stacked” logo.

But considering the background of the Deparrtment renaming, I do want to concentrate on the name itself, from the “Use of Name” section of the DOW Brand Guide.

In Executive Order 14347, issued Sept. 5, 2025, President Donald J. Trump directed the U.S. Department of Defense “be known as the Department of War,” a secondary title for this cabinet-level department. The order permits the use of this secondary title for official correspondence, public communications and ceremonial contexts within the executive branch.

How many of you caught a particular word that was repeated in that paragraph? The word that caught my eye is “secondary.” So for all this ballyhoo, apparently we can still use the D-word “Defense.” In fact, if you look at the tags to this post, I continue to use the tag “department of defense.” I may have to change it later. The people in the Department have guns and can be very persuasive. More persuasive than the cartographers who don’t want us to use the M-word “Mexico” when referring to a body of water south of Texas and west of Florida.

The “Use of Name” section continues.

Use “War Department” in most cases on first reference, reserving “Department of War” for quoted matter, or situations that require that level of formality.

But that isn’t the part that interested me. When you talk about government agencies, no one cares about the name. They care about…the ACRONYM.

The correct acronym for “War Department” as used on the War.gov flagship website, which uses the AP Style as standard, is “DOW” with an uppercase “O” in the center; use on second reference after “War Department” or when the standalone acronym suffices depending upon use. Do NOT use “DoW.”

Which goes to show you that even military officials cower before style guide enforcers.

Except…

Use of Name, Part Two

The “Use of Name” section continues with one more paragraph.

The correct acronym for “War Department” in official written department communications, including but not limited to news releases, speeches, transcripts etc., including those published on War.gov, is “DoW” with a lowercase “o”, Do NOT use “DOW” in these types of products.

Talented editors can parse this, but the rest of us need to think through this a bit.

A style guide on War.gov is referred to as a “DOW” style guide.
But a news release that’s published on War.gov refers to “DoW.”

But what if the Associated Press (which presumably follows the AP Style) refers to a news release that is posted on War.gov? Does the writer use “DOW” or “DoW”?

Not Unbreakable: Oracle’s Chief Security Officer Mary Ann Davidson Steps Down

A Greek oracle with a red glow remains unbreakable in the surrounding devastation.

According to the Economic Times, Oracle’s Chief Security Officer Mary Ann Davidson is no longer with the company.

This may mean nothing. On the one hand, Davidson had been with the company a long time, having joined Oracle in 1988 AFTER a career in the US Navy as a civil engineer. So perhaps she just retired.

Then again, Larry Ellison is 81 years old, so people don’t HAVE to retire.

And it appears that Davidson’s departure wasn’t announced in a press release, but was buried in a June filing.

The one word associated with Davidson is the word “unbreakable.”

“[D]uring a 2002 interview with Businessweek, she described the challenges of making sure the firm’s products lived up to a marketing campaign envisioned by Ellison that touted the company’s products as ‘unbreakable’….She explained at that time, saying, ‘‘Unbreakable’ gives us something to live up to,’ adding, ‘It really does concentrate the mind wonderfully. The general thought is don’t embarrass the company. Nobody wants to be the group that makes us violate it.'”

(And yes, the red glow in the unbreakable oracle in the picture is intentional. If you have ever attended a San Francisco Oracle OpenWorld with hundreds of red and white banners, you’ll understand…)

FBI, DoD, DHS, and Other Biometric Standards

(Imagen 4)

When I started in biometrics 30 years ago, the most important operational biometric standard to me was what was then called the Electronic Fingerprint Transmission Specification or EFTS, published by the Department of Justice’s Federal Bureau of Investigation (FBI).

Record types from the 1993 ANSI/NIST standard.

Unlike the ANSI/NIST biometric data interchange standard, the EFTS can actually be used out of the box to transmit data. The ANSI/NIST standard doesn’t define any “Type 2” fields, nor does it define any “types of transactions” (TOTs). EFTS did.

Other standards

But the EFTS, now the FBI’s Electronic Biometric Transmission Specification or EBTS (downloadable here), isn’t the only biometric transmission standard derived from ANSI/NIST.

State police agencies have their own law enforcement transmission standards. Here’s New York’s version (PDF).
Other U.S. federal agencies such as the U.S. Departments of Defense and Homeland Security have transmission standards.
Other countries have their own transmission standards.
Multinational agencies such as INTERPOL have their own transmission standards.

Luckily all the different standards have some basic similarities, but if you have a mobile biometric device that must submit to DOJ and DoD and DHS, you need to switch to the proper profile for each submission.

Last week I downloaded two different standards so I could understand the TOTs. I would have downloaded a third, but the agency restricts its distribution.

Word up

But I will tell you the biggest frustration I have with the standards.

In the EBTS and some other standards, there is a type of transaction referred to as “Criminal Ten-Print Submission (No Answer Necessary).” The abbreviation for this TOT is CNA.

Microsoft Word in default mode auto-corrects this from CNA to CAN.

CMOs, I can help you

But I’ve overcome this frustration over 30 years of immersing myself in all things biometric-translation related. This experience is benefiting a Bredemarket client that communicates with end customers regarding many of these standards.

Can my experience benefit you as your organization produces content, proposal, and analysis materials on a deadline? If Bredemarket can help you catch up or get ahead, let’s talk.

Stop losing prospects! Use Bredemarket content for tech marketers

Tech marketers, are you afraid?

The Nomad Returns

My nomadic journey has ended.

The relative’s outpatient surgery was a success, and recovery is progressing.

Meanwhile, I met with one client and advanced several client product marketing projects, including a requirements document (done those for years), some product talking points (done those for years), a price/cost/supplier exercise (done those for years), and a project status report (done those for years).

I also published four Bredemarket posts (including this one) and the usual assortment of social media content on various channels (with the exception of one).

U.S. persons should pay special attention to my coverage of IDGA’s DoD/DHS border security report (blog, Substack, elsewhere).

I think I need a vacation.

Tracking 2025 Changes to U.S. Border Security Policy

Among the available downloads for the Institute for Defense and Government Advancement’s (IDGA’s) upcoming Border Technology Summit is one entitled “Tracking 2025 Changes to U.S. Border Security Policy.”

“In conjunction with a new administration in the White House, operations on U.S. borders have shifted drastically in 2025. Figures from Customs & Border Patrol (CBP) show apprehensions at U.S. borders are higher than they were at this time a year ago, and a recent travel ban has restricted entrance into the U.S. for citizens from 12 countries.

“In its first six months, the Trump administration has moved quickly to mitigate what the White House is calling an “invasion” taking place on the southern border. On Inauguration Day, January 20th, the new administration moved quickly to sign a handful of new policies directed towards American borders. This report will highlight how executive orders, CBP mission areas, and DoD actions on the southern border have established a new normal for American border security. The first section will look at the instructions explicitly laid out in the executive orders signed by President Trump.

“If you are interested in learning more about the future of border security, register for IDGA’s Border Technology Summit taking place September 23-24 in San Diego, California. The two-day summit provides a forum to explore the latest advancements in border security technology. This year, we are focusing on engaging our audience with high-level discussions surrounding advancements in biometrics, non-intrusive inspection, smart walls, current and future operations of border security, and much more.”

This download and others are available via this page: https://www.idga.org/events-border-tech-summit/downloads

Words Matter

The sequel to my original post on “memorial” and “Memorial Day” is a reel.

“In Flanders Fields” played by Ian Wong.

Riverside National Cemetery picture Sigris Lopez, CC BY-SA 4.0. Source.

Riverside National Cemetery.

The Word “Memorial” and the Phrase “Memorial Day”

Words matter.

Since Bredemarket works in words, let’s examine the word “memorial.”

The Merriam-Webster definitions of the adjective or noun primarily emphasize remembrance or commemoration. In the general sense, a memorial doesn’t necessarily require some type of life or death struggle.

Heck, the final episode of the TV show M*A*S*H can, and has, been memorialized. After all, the episode title incorporates the sacred word “Amen” into its title (“Goodbye, Farewell, and Amen”). And when you say Amen, you always explore Deep Meaning.

Forever and Ever, Amen anyone?

OK, in truth a memorial can be rather pedestrian. (Although I like Randy Travis.)

But when people in the United States encounter Memorial Day, the importance may escalate.

Or it may not, if you merely think of Memorial Day as Pool Opening Day or Get Propane for the Grill Day.

But this is the time that Americans who have fought in wars and police actions remind the rest of us that Memorial Day is not Veterans Day. Here is what American Legion Post 304 says, in part, about Memorial Day.

“Memorial Day, observed on the last Monday of May, is a day to honor members of the military who were killed in service, both during deployments overseas or in training and service in the U.S. Across the country, Americans spend the day visiting cemeteries, attending Memorial Day events and otherwise honoring those who lost their lives in service to the country.”

To be blunt about it, Memorial Day is a day about death, and if you can’t handle this truth, go back to the pool.

For example, the National World War II Museum notes that 407,316 U.S. military personnel were killed in World War II. This does not denigrate the civilian losses in Hawaii and elsewhere, nor does it denigrate the sacrifices outside of this country (24 million in the USSR alone), nor does it denigrate the losses in other wars.

But, as American Legion Post 304 reminds us, words matter.

“Because Memorial Day is a somber day to honor those who died in service to the country, saying “Happy Memorial Day” is considered to be in bad taste. For those who have lost family or friends through military service, the day is far from happy.”

And while John McCrae’s poem “In Flanders Fields” is primarily associated throughout the world with Remembrance Day (Veterans Day in the U.S.), in this country the subject matter of the poem naturally lends itself to Memorial Day observances.

“In Flanders fields the poppies blow

Between the crosses, row on row,

That mark our place; and in the sky

The larks, still bravely singing, fly

Scarce heard amid the guns below.

“We are the Dead. Short days ago

We lived, felt dawn, saw sunset glow,

Loved and were loved, and now we lie,

In Flanders fields.

“Take up our quarrel with the foe:

To you from failing hands we throw

The torch; be yours to hold it high.

If ye break faith with us who die

We shall not sleep, though poppies grow

In Flanders fields.”

(Riverside National Cemetery picture Sigris Lopez, CC BY-SA 4.0. Source.)

The Military, Cyberattacks, and Maturity

Everyone knows that cyberattacks don’t just target private organizations. They also target governments, particularly aiming for agencies that either deal with a lot of money (unemployment agencies) or contribute to defending a country (military, homeland security).

The Chief Information Officer of the U.S. Department of Defense has a vested interest in preventing cyberattacks, not only against DoD, but against its third-party suppliers, which are the subject of today’s acronym, DIB (defense industrial base).

And if you’ve followed along in the Bredemarket blog lately, you know that a key component of preventing cyberattacks is raising your organization’s process maturity in the cybersecurity realm.

And yes, there’s a maturity model and a certification for that, the Cybersecurity Maturity Model Certification, or CMMC.

Cybersecurity is a top priority for the Department of Defense (DoD). The defense industrial base (DIB) faces increasingly frequent, and complex cyberattacks. To strengthen DIB cybersecurity and better safeguard DoD information, the DoD developed the Cybersecurity Maturity Model Certification (CMMC) Program to assess existing DoD cybersecurity requirements.

It’s no surprise that the CMMC incorporates multiple levels, in this case three of them.

Level 1: Basic Safeguarding of FCI (Federal Contract Information)
Level 2: Broad Protection of CUI (Controlled Unclassified Information)
Level 3: Higher-Level Protection of CUI Against Advanced Persistent Threats

And not only is there a maturity model certification for the defense industrial base, but there’s a conference to help everyone out. After all the geeks celebrate May the Fourth Be With You day, some of the geeks will continue to celebrate on May 5, the date of the fifth annual CMMC Day. Party on.

Also see Biometric Update’s article, as well as NIST SP 800-171 Rev. 3, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations.

And if you need product marketing assistance with your cybersecurity product, Bredemarket has an opening for a cybersecurity client and can help with compelling content creation, winning proposal development, and actionable analysis. Book a call: https://bredemarket.com/cpa/

(Military wildebeest image from Imagen 3)