fbpx

Building DHS a Comprehensive Cyber Security Program

  • Customer Story
  • Cyber Engineering
  • Health & Civilian

Background

The Department of Homeland Security’s (DHS) Office of Intelligence and Analysis (I&A) supports the DHS’s Intelligence Enterprise (DHS IE). DHS IE personnel enable intelligence sharing and analysis, counterterrorism planning, and crisis response across DHS and its homeland security partners.

DHS has transitioned many of its IT capabilities to cloud-based services that permit authorized government personnel and systems to securely query and access DHS data and non-DHS data sets in performing Government missions.

DHS I&A uses the Intelligence Information Assurance and Cybersecurity Services (I2ACS) project to establish, assess, monitor, and maintain the proper security posture of IT systems and users within the hybrid environment it has created; this includes Commercial Cloud Services (C2S) based on AWS, the Intelligence Community (IC) Government Cloud (GovCloud) as well as Microsoft’s Azure cloud and Office 365 cloud services, C-LAN, Cross-Domain Solutions (CDS), standalone systems, and I&A-owned systems at the Sensitive-But-Unclassified and Secret levels. The scope also includes dedicated information security support to the National Vetting Center and CISA.

Understanding the Need

Through the I2ACS effort, DHS I&A sought to apply and improve repeatable information assurance and cybersecurity practices that would advance the enterprise’s mission. This included:

  • Integrating IA and cybersecurity engineering practices using DevSecOps activities.
  • Driving innovation, automation, efficiencies, and continual improvement in IT security.
  • Enabling continuous monitoring of IT systems.
  • Providing Security Operations Center support.

As the I2ACS effort spans an enormous community of stakeholders and technologies in a hybrid environment, DHS I&A needed a collaborative partner who could protect its classified data, maintain availability across three LANs, support competing demands from multiple components and end-users, and keep up with the ever-increasing volume of cyber security threats, adversaries, and attack vectors.

50,000
Users protected by GovCIO security services.
100+
ATOs and POA&Ms successfully supported.
1000+
Systems in the Cloud environment for which GovCIO received an ATO.

Our Solution

GovCIO provides DHS I&A with a team of 20+ highly-skilled, TS/SCI cleared cyber experts who have the expertise and experience needed to properly secure networks, systems, and users across the entire DHS IE.

Cyber Policy and Governance

GovCIO develops policies for the entire DHS IE, including the Cybersecurity Framework and modifications to the 4300C (information security publications that serve as the foundation upon which DHS Components develop and implement information security programs). Our team engages in inter-agency working groups with organizations such as NSA and DIA to share insights relating to new techniques and business practices. We work closely with all levels of government leadership to strategize, streamline processes, and create new synergies, developing guidance and best practices to drive mission success. We are working on SOPs for securing systems as we move them to the cloud.

Operational Security

We incorporate security into their SDLC to secure assets within the infrastructure. By leveraging offensive cyber tactics to find and fix weaknesses and embracing the evolution of continuous monitoring, we can automatically identify and mitigate attacks, even preventing data exfiltration and/or system damage caused by malicious activity of exploits.

Risk Management

Our team performs risk management including risk identification, categorization, and verification activities. We work with our government counterparts to put risk mitigation plans in place and re-scan the system to ensure risks have been properly mitigated.

Security Assessment and Authorization

Our approach follows the NIST 800-53 RMF to assess a system’s FISMA compliance. When a DHS component wants to develop/deploy a new system, we start early in the SDLC process, ensuring security is included during planning, design, and implementation. We ensure quality ATO package assessments through a well-trained team, peer reviews, and primary and alternative SCAs, allowing us to have continuity of SCAs, with the alternative SCA able to pick up from the primary SCA if needed. We assess the systems hosted within the DHS I&A properly by following the procedures/guidance we have developed and continually modify to include new best practices.

Vulnerability Management

Using a combination of Archer, Tenable, and SonarQube tools, our team provides near real-time statuses of vulnerabilities to DHS and its Components. Pulling information into these tools, we use the data to create a network map, expose where vulnerabilities exist, and present the status of mitigation. We also create and maintain SOPs for vulnerability management.

Penetration Testing

We combine industry-standard penetration testing, red team methodologies, and automated offensive testing using adversary attack emulation tools to conduct penetration testing.

Our Results

Our dedicated support has helped ensure all systems, software, and networks supported by DHS I&A, which include highly complex and classified systems and over 50, 000 users, are properly secured and operating within defined parameters. Some of our most notable successes include:

  • Developing best practices for STIG guidelines, as well as AWS Cloud that have been shared with other contractors and agencies and have received kudos from the Government for this work.
  • Creating a virtual training platform, which hosted the first successful virtual cybersecurity /DHS training and also allows COVID-related teleworkers or remote users to receive the same training in a more efficient and cost-effective manner.
  • Migrating DHS I&A from the legacy Vulnerability Management tool NEXPOSE to Tenable Security Center, which allows our team to utilize additional vulnerability management capabilities.
  • Implementing the RSA Archer Reporting Suite, which provides all DHS/ component Certified ISSOs/PM stakeholders with near real-time access to the status and results of risks and system and network vulnerabilities.
  • Integrating Tenable scans directly into RSA Archer, which moved the legacy process from a paper-based solution to a modernized automated solution.
  • Successfully supporting 100+ ATOs and POA&Ms.
    • Recently helped received an ATO for Development of Infrastructures in Cloud Environment(DICE), a large-scale, complex cloud environment that includes thousands of systems on a classified AWS.