ASSOCIATE Magazine FBINAA Q2-2026

unaware of the unauthorized changes to the code. This vulner ability can remain undetected for years as most cyber-protection tools are not designed to interrogate the programing code for these unauthorized changes. Firmware integrity solutions help mitigate risk by detecting unauthorized changes below the OS - enabling IT professionals to intervene as soon as possible. Panasonic’s Smart Compliance solution was designed to approach firmware security from four phases: inventory, scanning, monitoring, and updating. Automated discovery and inventory establish continuous visibility into the firmware, hardware configuration, and com ponents within all endpoint devices. Vulnerability and exposure management continuously scan for firmware vulnerabilities and misconfigurations that endpoint detection and response solutions and traditional scanners miss. Integrity monitoring and threat detection uncover compromised firmware, rootkits, bootkits, and backdoors that persist below the operating sys tem. Automated firmware updates reduce the exposure window by remotely patching firmware across your endpoint fleet. The ability to schedule firmware updates ensures criminal justice information systems stay up-to-date and provides agencies the flexibility to coordinate updates around officers’ schedules, minimizing downtime. In both instances of supply chain and firmware vulnerabil ity, once a bad actor has access to the device, the consequences may be devastating to the criminal justice system and an agency’s ability to perform their mission critical responsibilities. ACHIEVING COMPREHENSIVE PROTECTION WITH A LAYERED APPROACH When considering the different attack vectors on a mobile device, there are four key layers needing focused attention: hard ware (TOUGHBOOK Guard), firmware (Smart Compliance), the OS, and the physical endpoints. While protecting hardware and firmware is certainly critical, true end-to-end protection must account for the additional layers. From an end-user perspective, a robust AI-powered end point detection, protection, response, and remediation solution can stop ransomware and zero-day threats even when devices are offline. Using an AI solution which monitors anomalous device behavior is critical in identifying a previously undefined threat, AKA zero-day. This is critical to ensure devices stay secure even when officers travel to remote areas where the con nectivity is congested or poor. Panasonic partners with Senti nelOne to deliver a vigorous AI-driven endpoint detection and response solution. Adding a final layer of BIOS level-embedded endpoint vis ibility with self-healing controls to safeguard endpoints, ensures devices stay secure even when off-network. Additionally, the ability to geofence, geolocate, remotely freeze, and remotely wipe a device provides agencies with another CJIS-compliant se curity tool. Panasonic partners with Absolute Security to deliver this dynamic BIOS level solution. A LAYERED SECURITY STRATEGY IN ACTION Law enforcement is a dynamic profession requiring officers to move and act within a moment’s time. Accordingly, it isn’t a stretch to consider a scenario where an officer loses direct

FBINAA.ORG | Q2 2026

T he attack surface is widening well beyond the operating system (OS) as malicious threats are growing in severity and complexity. Agencies can no longer rely on anti-virus software and employee anti-phishing training to protect criminal justice networks and sensitive data. The FBI Criminal Justice Informa tion Service Division (CJIS)’s Security Policy modernization effort seeks to arm criminal justice agencies with the minimum standards necessary to safeguard criminal justice information systems against ever-evolving cyber risks. Within the 461-page CJIS Security Policy Version 6.0 publi cation, agencies will find numerous requirements which include the implementation of supply chain risk management and to provide firmware integrity by protecting against unauthorized changes. While both requirements are critical to enhancing se curity, true end-to-end protection ultimately requires a compre hensive layered approach beginning with the BIOS and extend ing to the edge. PRIORITIZING SUPPLY CHAIN RISK MANAGEMENT Protecting devices at the supply chain stage and firmware levels is critical for device security and the safeguarding of sensi tive data. From a supply chain perspective, the intensifying cyber threat landscape now poses the risk of bad actors targeting devices immediately following manufacturing. Consider a device may pass through numerous uncontrolled entities prior to ar riving in an agency’s inventory. From the factory, a device most likely passes through a shipping company to a distributor, then on to a reseller and deployment center. All of which are outside of an agency’s control. Rogue or counterfeit components can be inserted into a device anytime following manufacturing. These foreign additions could provide malicious actors with full access to a department’s data once officers begin using the devices. Panasonic’s supply chain risk management solution, TOUGHBOOK Guard, operates below the OS to detect any hard ware changes that do not match the device’s BIOS or manufac turing specifications ordered or deployed by an agency. With this level of protection, criminal justice agencies can rest assured that devices haven’t been compromised at any time during their lifecycle. TOUGHBOOK Guard continues to protect against hard ware level tampering once devices are in service. For instance, an actor may attempt to gain access to sensitive data through a corrupted drive that compromises the entire system once it is inserted into the device. A security tool like TOUGHBOOK Guard that provides continuous monitoring can detect these hardware threats before they compromise the criminal justice information system. PROVIDING FOR FIRMWARE INTEGRITY Firmware integrity risks pose a similar level of concern. Malicious actors have developed the ability to compromise firmware by changing the underling code, without changing how the firmware version number is displayed. So, an agency may be lieve they are using the correct firmware version while remaining

13 continued on page 14