Computer Network Defense (CND) and the Intelligence Community – A Higher Level of Security

By
Jon M. Stout
May 5, 2010

There are three sectors of the Federal Government that are vitally concerned with Computer Network Defense and the Intelligence Community adds an additional level of security because of the classified nature of community activities.
As a result, contractors that provide Computer Network Defense (CND) services are held to even higher standards than the usual high requirements of vendors for Cyber Security projects.
The concept of Computer Network Defense includes a broad menu of services that provide an infrastructure against cyber attacks from domestic and international sources. While each agency has specific Cyber Security needs and protection of classified data and information, a general roadmap can be developed and used as a template for individual users.
General Objectives:
In general, contractors that perform Computer Network Defense Services are tasked to meet four objectives.
• Recommending architectures, software and hardware
• Implementing the government approved solution
• Performing operations and maintenance of the CND program
• Insuring that security requirements for classified material are met ( a higher level of security requirement)
The contractor is also required to make regular formal reports and/or briefings detailing status and accomplishments in the various CND functional areas.
Specific CND duties include, but are not limited to:
Deployment:
Deployment requires the contractor to develop all hardware and software required to establish a state of the art Cyber Security Defensive network that will improve defenses, ensure that the systems operate properly and monitor activities on a day to day basis. It is important that the entire deployment effort coordinates with the agency security office to ensure that the protection of classified data is not compromised. Deployment usually includes:
• Deploy, maintaining, and monitor and harden agency’s perimeter defenses on all classified and unclassified networks
• Deploying, operating, maintain, monitor, and harden agency’s intrusion detection capability on all classified and unclassified networks
• Operating, maintain, monitor and harden agency’s Domain Name Servers(DNS) on all classified and unclassified networks
Manage Assist and Support:
Additional support is often required in the form of identification of new products/technology that enhance the security of the network. Since Cyber Security is in a rapid development phase, new products and technology are constantly emerging. Some of this technology is good and some is not useful. Qualified decisions are required to pick the best applicable technology.
A sample of additional support includes:
• Working closely with engineering and operations for the installation and configuration management of CND devices on agency’s networks
• Performing software and hardware vulnerability scans on all classified and unclassified networks and systems
• Managing, and monitoring the enterprise anti-virus program
• Providing assistance and guidance in the development of system and network security plans
• Managing and monitoring the system and network audit log reviews for all networks and systems
Testing and Reporting:
Continuous testing of the system is the best way to identify and preclude future cyber attacks on a regular basis. Based upon testing, decisions can be made to improve the performance of the Cyber Security network. Included in this process are the following steps:
• Identifying anomalous activity in an audit log immediately to the government manager
• Performing network and system security plan compliance testing
• Reporting noncompliance with system and network security plans immediately to the government manager
• Executing software, hardware, and configuration vulnerability scans on all agency systems and networks
• Working closely with agency’s security office in the development, implementation, and management of agency’s system security program
• Managing, and monitoring the removable media access control program on all agency systems and networks
Compliance and As Needed Support:
The critical nature of Computer Network Defense means that standards and regulation must be met and complied with to insure success of the program. This includes:
• Supporting the Information Assurance Vulnerability Alert (IAVA) and Information Condition programs; developing and maintaining agency’s information systems security officer professional development program
• Reviewing updated developments on all applicable standards and regulation to ensure that the network is in compliance
• Providing as needed incident response support for, hacker attacks, cyber-terrorist attacks, and virus, worm, Trojan horse, and other malicious code incidents
• Develop, install, manage, and maintain the PKI infrastructure on all agency networks and systems
Documentation and Technical Representation:
In order to establish a program that future users can comply with and benefit from, complete and accurate documentation is required. In addition compliance with Intelligence Community Standard Operating Requirements, particularly as regards security of classified information is mandatory. This process includes:
• Documentation of practices, policies, requirements, training, Standard Operating Procedures, and configuration management processes
• Representation at agency meetings, conferences, and seminars as directed by the Government
• Responding to agency, DoD, and Intelligence Community requirements as directed by the Government
• Providing additional technical support to the other branches/clients of Mission Assurance as required
Establishing a viable and compliant Computer Network Defense is a major undertaking and requires skill and effort. This is particularly true when dealing with the Intelligence Community agencies and dealing with classified information. This requires experience professional engineers with the required security clearances in addition to CND required certifications.

38.967115 -77.748279

The Inevitability of International Cyber Attacks- Are We Ready?

The problem of International Cyber Attacks

General Keith Alexander, Director of the National Security Agency (NSA) and the man in charge of Cybercom, the U.S.’s new cyber security command, issued a warning recently of massive increases in the number of attempts by hackers and foreign countries to breach the nation’s internet security.

What had originally started as virus and malware attacks by amateur hackers and disgruntled employees against computers and networks have now morphed into worldwide penetration by criminal enterprises and state sponsored terrorists.

The world of information security attacks and threats are growing in power and sophistication with nation backed Cyber attacks emerging. Although constituting isolated attacks so far, the new wave of Cyber attacks are more prevalent and dangerous. And, with the advent of (often hostile) national involvement in Cyber offensives, the risk to our nation’s National Security is real and potentially devastating.

At risk are our tremendous advantages in military power, intellectual capital and industrial wealth.

Assets the United States has spent tremendous human and intellectual capital on to develop are now at risk of being stolen by clever cyber thieves that exploit weaknesses in our cyber security. The fact that cyber thieves can now operate across international borders and in safe have third countries with impunity only increases the threat. The threat affects government and industry alike.

Although most experts have predicted that this day would arrive, online infiltration could cause huge damage to the U.S. military and the nation’s infrastructure, and the government and industry is not presently prepared to secure itself against such attacks.

The Obama administration is promising to spend billions to upgrade cyber defenses, and has already hired hundreds of specialists with doctorates in computer technology to work at the Cybercom and start building better security measures.

But the problem is one of huge proportions complicated by the rapid advance of technology, lack of clear concept definition, failure of adequate international cooperation and distrust between government and the private sector.

The 21st century battlefield is comprised of many components that include the Internet and all things that connect from a computer to the Internet.

The terrain also encompasses information systems like the electrical grids, telecommunication systems, and various corporate and military systems.
In addition, although both defensive and offensive measures are required to fight the war on cyber terrorism, the cyber protective world is clearly operating in a reactive manner.

Compounding this is the fact that the international networks of data are growing at a technological pace that outstrips cyber security development.
Although new technologies and processes are emerging to fight hackers and cyber terrorist, there is little uniformity in their use and adoption. In addition, international standards and cyber threat protection laws are not yet in place.

Is the Threat Real?

Although there is not yet a universal outcry against International Cyber Terrorism, recent events like the hacking of strategic Pentagon databases and the withdrawal of Google from internet operations in China are symptomatic of the magnitude of the problem.

Many experts equate the complacent attitude toward International Cyber Attacks as that seen before the Japanese attack on Pearl Harbor that started World War II for the United States or the attacks on September 11, 2001 that started the War on Terror.

Cyber attacks are often classified as low probability, high damage events similar to major natural disasters or fatal airplane crashes. When they happen, the level of public concern is high. And the number of occurrences, the frequency and magnitude of attacks are increasing rapidly.

Developments in Cyber Security solutions

There is a growing awareness of the problem of International Cyber Attacks although the pace of development is slow and irregular. The Federal Government has tasked two agencies (National Security Agency – NSA for international cyber terrorism and the Department of Homeland Security- DHS for domestic cyber attacks) but there are problems with coordination and funding. More attention, a clear vision, definition of terms and significant increases in funding are required in order to develop effective solutions.

In addition, infrastructure assets are required in the form of the development and use of critical information and other databases. Each infrastructure development needs to be marketed to and adopted by the entire cyber defense community in order to enhance and leverage all available development in technology, law and standards. Universal evaluation of research and use of centralized data is an important first step in the war against International Cyber Attacks.

Until government and industry recognize the problem and cooperate in search of a solution International Cyber Attacks will grow and increase the threat to our Cyber Security.

38.967115 -77.748279

NRO Chief Aims to Restore Technology Development Funding

By Turner Brinton

04/14/10 09:02 PM ET

SpaceNews

COLORADO SPRINGS, Colo. — The budget for science and technology development programs at the U.S. National Reconnaissance Office (NRO) has been drastically reduced in recent years, and the spy satellite agency’s top official will push to reverse that trend starting with the 2012 federal budget request.

NRO Director Bruce Carlson, a retired Air Force general, now has nine months under his belt leading the development and operation of the nation’s classified spy satellites. In that time, he has focused on some of the agency’s toughest problems, including a relatively young and inexperienced work force and bottlenecks at the U.S. satellite launching ranges.

Though the NRO’s budget is classified, Carlson has said funding for science and technology development programs was cut in half over the last five years. The NRO’s 2012 budget request will begin down a path to fully restoring that funding, Carlson said April 14 at the National Space Symposium here. He did not say whether that correlates to requesting a top-line budget increase for the NRO.

“Over that half a decade, through a number of reductions and taxes and other things, that investment has slackened, and that’s the seed corn of the future,” Carlson said. “We just simply cannot allow that continued erosion in our science and technology base. So when I submit my 2012 budget, it will have a road map to get us up to the level we have historically been at the National Reconnaissance Office.”

Like other U.S. defense and space agencies, the NRO has struggled with cost growth on its satellite programs in recent years, which has exacerbated the budget pressures it faces.

Meanwhile, the NRO over the next 18 months will pursue its most aggressive launch campaign of the last 25 years, Carlson said. This will be a challenge because the nation’s space launch capability has been scaled back in many ways, he said.

“There are a number of very large and very critical reconnaissance satellites going to orbit in the next year, year-and-a-half,” Carlson said. “We simply have to get these off and get them off on time.

“Now we will do that at a time when the launch infrastructure is not what it used to be. Through a series of conscious decisions, this country has downsized the industrial base in the launch business. We’ve downsized the number of locations from which we can launch. We’ve downsized the number of crews to take care of and operate that equipment. We have literally no or very little backup capability in the launch business.”

Moreover, he said, the U.S. government has “made national decisions to spend very little money on the development of new facilities and the recapitalization of the ones that we have. We’re not building new engines. We’re not building new rocket cores. In fact, we’re not even spending money to upgrade the ones that we have.”

Carlson said the NRO is working with Air Force Space Command to stabilize or potentially expand U.S. launch infrastructure, but he provided no specifics.

The NRO is also making changes to how it is staffed. Established as a hybrid Defense Department-intelligence community organization, the NRO is staffed by military and intelligence personnel on loan from their respective organizations. This is sometimes troublesome for program continuity, so Director of National Intelligence Dennis Blair recently approved a program that will allow for a limited number of personnel to be directly employed by the NRO, Carlson said.

In addition, the NRO has initiated a scholarship program in which it pays for university graduates with general science and engineering degrees to go back to school for space-specific degrees. In exchange, each student will owe six years of service to the NRO after graduation. The office recently selected its first class of four scholars, to be followed by six next year and eight in the years after that, Carlson said

38.967115 -77.748279

Value Added Teaming for Winning Intelligence Community IT/Cyber Security Projects

by
Jon M. Stout
April 12,2010

Aspiration Software LLC

The trend in Federal Contracting is the award of large, multi vendor Indefinite Delivery, Indefinite Quantity (IDIQ) contracts that cover the acquisition of a wide range of Information Technology and Cyber Security technology.

Even the largest prime contractor has difficulty in preparing a winning proposal that addresses all of the specific requirements outlined in the Request for Proposal (RFP) and, as a result, teaming arrangements are usually formed to bid and win the contract for the project.

These IDIQ procurements, although offering multi-year streams of business, are very competitive and winning requires a team with high value added and a competitive edge. This is particularly true regarding procurements and solicitation from the Intelligence Community.

Creating a winning team

Teams are usually formed by the prime contractor who generally has experience with the type of work and the agency issuing the contract. Teaming generally starts as soon as the project is and the type of work identified.

The solicitation process involves an initial market survey or Request for Information (RFI) followed by a Draft RFP that gives basic details about the services or products required. This is a signal for the start of team formation and the team is then ready to create a winning proposal when the final RFP is issued.

When the technical information from potential teammates is developed, the prime contractor can then make decisions about their own capabilities and those capabilities that need to be added by one or more teammates.

At this point the prime contractor usually arranges capabilities briefings from subcontractors known to have niche capabilities or experience with the customer agency that will increase chances of winning.

Timing is Important

Joining a team early in the process is important because there is usually competition on the better projects. It is very difficult to join a team after a contract has been awarded. In order for a company to be successful in joining winning teams, it must identify procurements early, develop presentations that sell its unique capabilities, and aggressively pursue prime contractor teammates.

Value Added Teammates

Subcontractor teammates are required to add value to the team or else they won’t be added. Value can come in the form of unique technical capability, domain experience, recruiting expertise, technical proposal experience or other skills that will increase the chance of the team of winning.

For example, in the present environment in the Intelligence Community, subcontractors with Cyber Security and agency domain experience are considered very valuable teammates and can easily join winning teams.

From a subcontractor standpoint, it is best to join a team that is led by a prime contractor that has experience with the acquiring agency and has a good chance of winning; In addition, a prime contractor that has a reputation for equitable work share among subcontractors is a real plus. It is very frustrating to work hard on a winning proposal team and then receive no income generating work share.

The Question of Exclusivity

Many prime contractors demand that subcontractor teammates only participate on their proposal under an exclusive arrangement. Most of the time exclusivity is a practical arrangement that encourages the subcontractor to focus on the success of the proposal.

But exclusivity does not allow the subcontractor to increase its win percentage by participation on multiple teams. It is a matter of value added – if the subcontractor adds true unique value it has a stronger negotiating position for multiple teaming.

Proposal Support

Knowledge of the proposal support and dynamics of agency selection process is also considered a valuable addition to the proposal effort. Large IDIQ proposals require significant planning, writing and production efforts and a subcontractor teammate that has proposal skills and experience adds a great deal to the proposal process. Domain knowledge is especially valuable in the Intelligence Community and gives the team a winning edge.

38.967115 -77.748279

The World of Information Security Types and Definitions

by
Jon M. Stout
April6, 2010

The world of information security attacks and threats in growing in power and sophistication with nation backed Cyber attacks emerging. Although constituting isolated attacks so far the new wave of Cyber attacks are more prevalent and dangerous. And, with the advent of (often hostile) national involvement in Cyber offensives, the risk to our nation’s National Security is real and potentially devastating.

And we, as a nation, are not ready to defend against a coordinated, powerful Cyber attack from within and well from beyond our shores. Although substantial dollars are budgeted for Information and Cyber security, the management and planning for an effective long term defense against Cyber terrorists. Greater effort on planning and organizing defenses and offensive scenarios of Cyber Security is required and one of the first steps is the definition of Cyber/Information Terms and concepts.

The world of Information Assurance/Cyber Security is very broad and many of the terms are often used interchangeably and many times wrong when defining a particular Information Assurance problem. What is needed to help reduce the high level of confusion is a list of standard terms that are universally accepted. A sample (but not exclusive listing ) of terms can be found at Information Security Types. This guide brings precision to the term usage of Cyber world terminoloby and provides a starting point or framework of understanding.

38.967115 -77.748279

Obama’s Budget Calls for Billions in New Spending for Drones

Tuesday 02 February 2010
by: Jason Leopold, t r u t h o u t | Report

This is how major US defense contractors reacted to the unveiling of President Barack Obama’s fiscal year 2011 spending plan for the Pentagon, part of the president’s overall $3.8 trillion budget proposal.

Shares of General Dynamics, a maker of military aircraft, submarines and munitions, rose 3.9 percent and closed at $69.43 in trading on the New York Stock Exchange, the uptick due in large part to additional spending on the war in Afghanistan, according to Sanford Bernstein, a financial research firm.

Northrop Grumman Corp., which builds unmanned spy planes and ships, rose 2.3 percent to close at $57.92. Boeing Co., a manufacturer of aircraft carriers, shares increased by 1.8 and closed at $61.70. Lockheed Martin’s shares rose 37 cents to close at $74.89. Raytheon Co., a missile supplier, was up by a percentage point to close at $52.96, while shares of L-3 Communications Holdings, a firm that supplies intelligence gathering and monitoring equipment, was up 1.6 percent to close at $84.64. And shares of Harris Corp soared 4.2 percent to close at $44.74. Harris manufactures tactical radios utilizes encryption technology.

All in all, it was a good day for the military-industrial complex. More….

38.967115 -77.748279

Declining Defense: Obama’s budget does cut one federal department.

Wall Street Journal
* REVIEW & OUTLOOK
* MARCH 2, 2009

For all of his lavish new spending plans, President Obama is making one major exception: defense. His fiscal 2010 budget telegraphs that Pentagon spending is going to be under pressure in the years going forward.

The White House proposes to spend $533.7 billion on the Pentagon, a 4% increase over 2009. Include spending on Iraq and Afghanistan, which would be another $130 billion (or a total of $664 billion), and overall defense spending would be around 4.2% of GDP, the same as 2007.

However, that 4% funding increase for the Pentagon trails the 6.7% overall rise in the 2010 budget — and defense received almost nothing extra in the recent stimulus bill. The Joint Chiefs requested $584 billion for 2010 and have suggested a spending floor of 4% of GDP. Both pleas fell on deaf ears. The White House budget puts baseline defense spending at 3.7% of GDP, not including Iraq and Afghanistan. The budget summary pleads “scarce resources” for the defense shortfall, which is preposterous given the domestic spending blowout. Continue reading ‘Declining Defense: Obama’s budget does cut one federal department.’

38.967115 -77.748279

The Comprehensive National Cybersecurity Initiative

National Security Council

President Obama has identified cybersecurity as one of the most serious economic and national security challenges we face as a nation, but one that we as a government or as a country are not adequately prepared to counter. Shortly after taking office, the President therefore ordered a thorough review of federal efforts to defend the U.S. information and communications infrastructure and the development of a comprehensive approach to securing America’s digital infrastructure.

In May 2009, the President accepted the recommendations of the resulting Cyberspace Policy Review, including the selection of an Executive Branch Cybersecurity Coordinator who will have regular access to the President. The Executive Branch was also directed to work closely with all key players in U.S. cybersecurity, including state and local governments and the private sector, to ensure an organized and unified response to future cyber incidents; strengthen public/private partnerships to find technology solutions that ensure U.S. security and prosperity; invest in the cutting-edge research and development necessary for the innovation and discovery to meet the digital challenges of our time; and begin a campaign to promote cybersecurity awareness and digital literacy from our boardrooms to our classrooms and begin to build the digital workforce of the 21st century. Finally, the President directed that these activities be conducted in a way that is consistent with ensuring the privacy rights and civil liberties guaranteed in the Constitution and cherished by all Americans.

More….

38.967115 -77.748279

An Integrated Strategy For Marketing and Creating Intelligence Community Jobs

By: Jon M. Stout

Successful marketing to the Intelligence Community requires more than a professional looking capabilities statement and a handful of occasional meetings. While the Intelligence Community shares common marketing elements with other federal agencies, the IC is different in the way one should direct marketing efforts.

In order to win contracts and create Intelligence Community Jobs, an integrated approach is required that addresses three major segments of the business:

· Core Competencies

· Business Development

· Recruiting

Each of these segments is critical and interrelated and requires major efforts to ensure success. Together they are parts of an integrated plan. However efforts in one area certainly affect the other two key elements.

Core Competencies

Winning business in the IC is all about a strong value added proposition that is relevant to the needs of the community. It is not enough to have a product or service offering that works in the commercial world or in other federal agencies. The Intelligence Community, like all customers purchases on the basis of value added to meet their own very specific mission requirements, and perceived value is the basis of the purchase decision.

Core competencies are the heart of the company’s value added proposition and must be real based upon past performance and experience. Further, the list of core competencies must be presented in a way that is clearly perceived as valuable by the IC.

A clear explanation of the value proposition is required. Most companies prepare a bulleted listing of Core Competencies that addresses those services it provides best, and then post this list to their web site and go no further. Sometimes a separate capabilities statement in power point form is developed but often this is no more than a bulleted list without further clarification.

As a result only a portion of the true value proposition is established. More detail is required that will support aggressive, effective promotion in order to support a business development effort. For example, it is not enough to merely list that your company is a “software developer”. This competency needs to be described in further detail including languages used, techniques and processes applied and standards complied with. Often, detailed past performance examples aid in the perception of added value.

A suggested first step is the addition of rich content to the corporate website that expands the technical details of the core competencies. This content, in the form of white papers and other technical discussions like technical briefings can be easily included on the website and will show to the customer that the company is serious. The more explanatory data the better.

Next, marketing collateral in the form of professional looking capability statements, tri-fold brochures and other explanatory handouts and summary of past performance on relevant projects is also an effective way of communicating core capabilities.

Expanding the core competencies and preparing presentations in a form that can reach out to the business prospects definitely aids the business development effort.

Business Development

Business development is a total process and includes a great deal more than merely making contacts and handing out business cards. In order to succeed the business developer needs to target and understand the needs of potential customers. This requires extra effort in the IC because of the security needs of the community.

There are literally thousands of business developers addressing the Intelligence Community but only a small portion are truly successful. It takes more than a general knowledge of proposal preparation or superficial contacts to succeed.

The first step is to gain a complete knowledge of the needs of the customer and this takes research and homework particularly for the Intelligence Community. Research takes time and commitment because the IC restricts access to the inner working of agencies in the community. But, with a rigorous program of research and networking, business opportunities will develop. It is not, however, a process that produces quick results.

The Intelligence Community has specific needs and missions. In all there are 16 agencies that make up the Intelligence community but the lion’s share of the business comes from four agencies that collect, interpret and disseminate intelligence. These are the National Security Agency (NSA- SIGINT and Cyber), the Central Intelligence Agency (CIA – HUMINT), the National Reconnaissance Office (NRO- IMINT) and the National Geospatial-Intelligence Agency (NGA – GEOSPATIAL). There are other agencies as well but the big four are industries by themselves.

Each agency has specifically defines missions with different requirements in order to meet those missions. In addition buying patterns are different from agency to agency. As a result, research is required to identify the specific needs of each agency that is targeted and the corporate core competencies must address these needs.

In addition, domain experience in the form of prior work in the agency is important. This can be achieved by joining a bidding team that has domain experience and presenting core competencies that add value to the team.

Expectations must be set realistically. It takes effort and persistence to penetrate an agency but once you achieve that goal the rewards are large. The Intelligence Community is critical to the nation’s security and will be around for years to come.

Recruiting and Intelligence Community Jobs

For service suppliers and system integrators, supplying highly qualified candidates with the proper security clearances is the goal of a well run business development effort. But many companies, even large companies, overlook the importance of recruiting.

In the Intelligence Community, recruiting is as important as winning contracts and many contractors have failed because they have been unable to supply the FTE’s (Jobs or Full Time Equivalents)required by the contract. It is often said of many service providers and systems integrators that their business assets go home every night. The inability to maintain a viable employee bases is a matter of survival for these companies. Revenue is based upon billable hours created by employees.

Many factors must be considered when creating an effective recruiting process. The first is the application of best recruiting practices to the effort. This requires rigorous standards for qualification and an effective qualification process. Sources of resumes must be evaluated and used and a management database is required to manage large amounts of data in the form of resumes of new applicant.

Recruiting is a constant process because existing employees leave or change jobs as customer requirements change. The qualifications of potential new hires is also a constantly changing process as core competencies change and customer missions are modified.

As a result, marketing to the Intelligence Community and the creation of Intelligence Community jobs is a demanding effort. Each step in the process is interrelated to the other area of effort and in order to be successful, care must be taken to have a successful integrated approach.

Jon M. Stout is Chief Executive Officer of Aspiration Software LLC. Aspiration Software LLC is an Information Technology/Cyber Security services provider focused on the Intelligence Community (IC). For more information about Employment Opportunities and Cyber Security and Information Technology in the Intelligence Community go to http://aspirationsoftware.com

38.967115 -77.748279

NGA Awards $1B TASER Total Application Services for Enterprise Requirements Contract

February 19, 2010

The National Geospatial-Intelligence Agency has awarded the Total Application Services for Enterprise Requirements contract to:

Accenture National Security Services; BAE Systems Information Technology; Boeing Autometric; Booz Allen Hamilton; Computer Services Corporation Enforcement, Security & Intelligence Group; Environmental Systems Research Institute; General Dynamics One Source; Lockheed Martin Information Systems & Global Services; NJVC; Northrop Grumman; OG Systems; QVine Corporation; Raytheon Intelligence and Information Systems; and Science Application International Corporation.

The TASER contract is an Indefinite Delivery/Indefinite Quantity task order contract where NGA will obtain engineering services across multiple functional categories including: engineering and trade studies; pilots and prototypes; integration and deployment; and application sustainment. This announcement concerns awards made within the engineering and trade studies, pilots and prototypes and the application sustainment areas. Awards in the integration and deployment area are scheduled to be made by the middle of March 2010. More….

38.967115 -77.748279