"Unfortunately, this announcement lacks the required technical detail," comments Fausto Oliveira, principal security architect at continuous behavioral authentication firm Acceptto. "It is understandable that DHS might not want to reveal all the mechanisms that this software is using, however, without further information, we have to address two potential risks."
Oliveira's concerns are firstly over the strength of the user authentication, and secondly, how does the approach address the insider threat. "It is not possible," he said, "to ascertain how effective the authentication mechanisms are in this application. I am also concerned with the effectiveness of this software when it comes to address insider threats."