Building DHS a Comprehensive Cyber Security Program

  • Case Study
  • Cyber Engineering
  • Health & Civilian

Background

The Department of Homeland Security’s (DHS) Office of Intelligence and Analysis (I&A) supports the DHS’s Intelligence Enterprise (DHS IE). DHS IE personnel enable intelligence sharing and analysis, counterterrorism planning, and crisis response across DHS and its homeland security partners.

DHS has transitioned many of its IT capabilities to cloud-based services that permit authorized government personnel and systems to securely query and access DHS data and non-DHS data sets in performing Government missions.

DHS I&A uses the Intelligence Information Assurance and Cybersecurity Services (I2ACS) project to establish, assess, monitor, and maintain the proper security posture of IT systems and users within the hybrid environment it has created; this includes Commercial Cloud Services (C2S) based on AWS, the Intelligence Community (IC) Government Cloud (GovCloud) as well as Microsoft’s Azure cloud and Office 365 cloud services, C-LAN, Cross-Domain Solutions (CDS), standalone systems, and I&A-owned systems at the Sensitive-But-Unclassified and Secret levels. The scope also includes dedicated information security support to the National Vetting Center and CISA.

Understanding the Need

Through the I2ACS effort, DHS I&A sought to apply and improve repeatable information assurance and cybersecurity practices that would advance the enterprise’s mission. This included:

  • Integrating IA and cybersecurity engineering practices using DevSecOps activities.
  • Driving innovation, automation, efficiencies, and continual improvement in IT security.
  • Enabling continuous monitoring of IT systems.
  • Providing Security Operations Center support.

As the I2ACS effort spans an enormous community of stakeholders and technologies in a hybrid environment, DHS I&A needed a collaborative partner who could protect its classified data, maintain availability across three LANs, support competing demands from multiple components and end-users, and keep up with the ever-increasing volume of cyber security threats, adversaries, and attack vectors.

50,000
Users protected by GovCIO security services.
100+
ATOs and POA&Ms successfully supported.
1000+
Systems in the Cloud environment for which GovCIO received an ATO.

Our Solution

GovCIO provides DHS I&A with a team of 20+ highly-skilled, TS/SCI cleared cyber experts who have the expertise and experience needed to properly secure networks, systems, and users across the entire DHS IE.

Cyber Policy and Governance

Operational Security

Risk Management

Security Assessment and Authorization

Vulnerability Management

Penetration Testing

Our Results

Our dedicated support has helped ensure all systems, software, and networks supported by DHS I&A, which include highly complex and classified systems and over 50, 000 users, are properly secured and operating within defined parameters. Some of our most notable successes include:

  • Developing best practices for STIG guidelines, as well as AWS Cloud that have been shared with other contractors and agencies and have received kudos from the Government for this work.
  • Creating a virtual training platform, which hosted the first successful virtual cybersecurity /DHS training and also allows COVID-related teleworkers or remote users to receive the same training in a more efficient and cost-effective manner.
  • Migrating DHS I&A from the legacy Vulnerability Management tool NEXPOSE to Tenable Security Center, which allows our team to utilize additional vulnerability management capabilities.
  • Implementing the RSA Archer Reporting Suite, which provides all DHS/ component Certified ISSOs/PM stakeholders with near real-time access to the status and results of risks and system and network vulnerabilities.
  • Integrating Tenable scans directly into RSA Archer, which moved the legacy process from a paper-based solution to a modernized automated solution.
  • Successfully supporting 100+ ATOs and POA&Ms.
    • Recently helped received an ATO for Development of Infrastructures in Cloud Environment(DICE), a large-scale, complex cloud environment that includes thousands of systems on a classified AWS.