Computer Network Defense (CND) and the Intelligence Community – A Higher Level of Security

By
Jon M. Stout
May 5, 2010

There are three sectors of the Federal Government that are vitally concerned with Computer Network Defense and the Intelligence Community adds an additional level of security because of the classified nature of community activities.
As a result, contractors that provide Computer Network Defense (CND) services are held to even higher standards than the usual high requirements of vendors for Cyber Security projects.
The concept of Computer Network Defense includes a broad menu of services that provide an infrastructure against cyber attacks from domestic and international sources. While each agency has specific Cyber Security needs and protection of classified data and information, a general roadmap can be developed and used as a template for individual users.
General Objectives:
In general, contractors that perform Computer Network Defense Services are tasked to meet four objectives.
• Recommending architectures, software and hardware
• Implementing the government approved solution
• Performing operations and maintenance of the CND program
• Insuring that security requirements for classified material are met ( a higher level of security requirement)
The contractor is also required to make regular formal reports and/or briefings detailing status and accomplishments in the various CND functional areas.
Specific CND duties include, but are not limited to:
Deployment:
Deployment requires the contractor to develop all hardware and software required to establish a state of the art Cyber Security Defensive network that will improve defenses, ensure that the systems operate properly and monitor activities on a day to day basis. It is important that the entire deployment effort coordinates with the agency security office to ensure that the protection of classified data is not compromised. Deployment usually includes:
• Deploy, maintaining, and monitor and harden agency’s perimeter defenses on all classified and unclassified networks
• Deploying, operating, maintain, monitor, and harden agency’s intrusion detection capability on all classified and unclassified networks
• Operating, maintain, monitor and harden agency’s Domain Name Servers(DNS) on all classified and unclassified networks
Manage Assist and Support:
Additional support is often required in the form of identification of new products/technology that enhance the security of the network. Since Cyber Security is in a rapid development phase, new products and technology are constantly emerging. Some of this technology is good and some is not useful. Qualified decisions are required to pick the best applicable technology.
A sample of additional support includes:
• Working closely with engineering and operations for the installation and configuration management of CND devices on agency’s networks
• Performing software and hardware vulnerability scans on all classified and unclassified networks and systems
• Managing, and monitoring the enterprise anti-virus program
• Providing assistance and guidance in the development of system and network security plans
• Managing and monitoring the system and network audit log reviews for all networks and systems
Testing and Reporting:
Continuous testing of the system is the best way to identify and preclude future cyber attacks on a regular basis. Based upon testing, decisions can be made to improve the performance of the Cyber Security network. Included in this process are the following steps:
• Identifying anomalous activity in an audit log immediately to the government manager
• Performing network and system security plan compliance testing
• Reporting noncompliance with system and network security plans immediately to the government manager
• Executing software, hardware, and configuration vulnerability scans on all agency systems and networks
• Working closely with agency’s security office in the development, implementation, and management of agency’s system security program
• Managing, and monitoring the removable media access control program on all agency systems and networks
Compliance and As Needed Support:
The critical nature of Computer Network Defense means that standards and regulation must be met and complied with to insure success of the program. This includes:
• Supporting the Information Assurance Vulnerability Alert (IAVA) and Information Condition programs; developing and maintaining agency’s information systems security officer professional development program
• Reviewing updated developments on all applicable standards and regulation to ensure that the network is in compliance
• Providing as needed incident response support for, hacker attacks, cyber-terrorist attacks, and virus, worm, Trojan horse, and other malicious code incidents
• Develop, install, manage, and maintain the PKI infrastructure on all agency networks and systems
Documentation and Technical Representation:
In order to establish a program that future users can comply with and benefit from, complete and accurate documentation is required. In addition compliance with Intelligence Community Standard Operating Requirements, particularly as regards security of classified information is mandatory. This process includes:
• Documentation of practices, policies, requirements, training, Standard Operating Procedures, and configuration management processes
• Representation at agency meetings, conferences, and seminars as directed by the Government
• Responding to agency, DoD, and Intelligence Community requirements as directed by the Government
• Providing additional technical support to the other branches/clients of Mission Assurance as required
Establishing a viable and compliant Computer Network Defense is a major undertaking and requires skill and effort. This is particularly true when dealing with the Intelligence Community agencies and dealing with classified information. This requires experience professional engineers with the required security clearances in addition to CND required certifications.

38.967115 -77.748279

Value Added Teaming for Winning Intelligence Community IT/Cyber Security Projects

by
Jon M. Stout
April 12,2010

Aspiration Software LLC

The trend in Federal Contracting is the award of large, multi vendor Indefinite Delivery, Indefinite Quantity (IDIQ) contracts that cover the acquisition of a wide range of Information Technology and Cyber Security technology.

Even the largest prime contractor has difficulty in preparing a winning proposal that addresses all of the specific requirements outlined in the Request for Proposal (RFP) and, as a result, teaming arrangements are usually formed to bid and win the contract for the project.

These IDIQ procurements, although offering multi-year streams of business, are very competitive and winning requires a team with high value added and a competitive edge. This is particularly true regarding procurements and solicitation from the Intelligence Community.

Creating a winning team

Teams are usually formed by the prime contractor who generally has experience with the type of work and the agency issuing the contract. Teaming generally starts as soon as the project is and the type of work identified.

The solicitation process involves an initial market survey or Request for Information (RFI) followed by a Draft RFP that gives basic details about the services or products required. This is a signal for the start of team formation and the team is then ready to create a winning proposal when the final RFP is issued.

When the technical information from potential teammates is developed, the prime contractor can then make decisions about their own capabilities and those capabilities that need to be added by one or more teammates.

At this point the prime contractor usually arranges capabilities briefings from subcontractors known to have niche capabilities or experience with the customer agency that will increase chances of winning.

Timing is Important

Joining a team early in the process is important because there is usually competition on the better projects. It is very difficult to join a team after a contract has been awarded. In order for a company to be successful in joining winning teams, it must identify procurements early, develop presentations that sell its unique capabilities, and aggressively pursue prime contractor teammates.

Value Added Teammates

Subcontractor teammates are required to add value to the team or else they won’t be added. Value can come in the form of unique technical capability, domain experience, recruiting expertise, technical proposal experience or other skills that will increase the chance of the team of winning.

For example, in the present environment in the Intelligence Community, subcontractors with Cyber Security and agency domain experience are considered very valuable teammates and can easily join winning teams.

From a subcontractor standpoint, it is best to join a team that is led by a prime contractor that has experience with the acquiring agency and has a good chance of winning; In addition, a prime contractor that has a reputation for equitable work share among subcontractors is a real plus. It is very frustrating to work hard on a winning proposal team and then receive no income generating work share.

The Question of Exclusivity

Many prime contractors demand that subcontractor teammates only participate on their proposal under an exclusive arrangement. Most of the time exclusivity is a practical arrangement that encourages the subcontractor to focus on the success of the proposal.

But exclusivity does not allow the subcontractor to increase its win percentage by participation on multiple teams. It is a matter of value added – if the subcontractor adds true unique value it has a stronger negotiating position for multiple teaming.

Proposal Support

Knowledge of the proposal support and dynamics of agency selection process is also considered a valuable addition to the proposal effort. Large IDIQ proposals require significant planning, writing and production efforts and a subcontractor teammate that has proposal skills and experience adds a great deal to the proposal process. Domain knowledge is especially valuable in the Intelligence Community and gives the team a winning edge.

38.967115 -77.748279

The World of Information Security Types and Definitions

by
Jon M. Stout
April6, 2010

The world of information security attacks and threats in growing in power and sophistication with nation backed Cyber attacks emerging. Although constituting isolated attacks so far the new wave of Cyber attacks are more prevalent and dangerous. And, with the advent of (often hostile) national involvement in Cyber offensives, the risk to our nation’s National Security is real and potentially devastating.

And we, as a nation, are not ready to defend against a coordinated, powerful Cyber attack from within and well from beyond our shores. Although substantial dollars are budgeted for Information and Cyber security, the management and planning for an effective long term defense against Cyber terrorists. Greater effort on planning and organizing defenses and offensive scenarios of Cyber Security is required and one of the first steps is the definition of Cyber/Information Terms and concepts.

The world of Information Assurance/Cyber Security is very broad and many of the terms are often used interchangeably and many times wrong when defining a particular Information Assurance problem. What is needed to help reduce the high level of confusion is a list of standard terms that are universally accepted. A sample (but not exclusive listing ) of terms can be found at Information Security Types. This guide brings precision to the term usage of Cyber world terminoloby and provides a starting point or framework of understanding.

38.967115 -77.748279

The Comprehensive National Cybersecurity Initiative

National Security Council

President Obama has identified cybersecurity as one of the most serious economic and national security challenges we face as a nation, but one that we as a government or as a country are not adequately prepared to counter. Shortly after taking office, the President therefore ordered a thorough review of federal efforts to defend the U.S. information and communications infrastructure and the development of a comprehensive approach to securing America’s digital infrastructure.

In May 2009, the President accepted the recommendations of the resulting Cyberspace Policy Review, including the selection of an Executive Branch Cybersecurity Coordinator who will have regular access to the President. The Executive Branch was also directed to work closely with all key players in U.S. cybersecurity, including state and local governments and the private sector, to ensure an organized and unified response to future cyber incidents; strengthen public/private partnerships to find technology solutions that ensure U.S. security and prosperity; invest in the cutting-edge research and development necessary for the innovation and discovery to meet the digital challenges of our time; and begin a campaign to promote cybersecurity awareness and digital literacy from our boardrooms to our classrooms and begin to build the digital workforce of the 21st century. Finally, the President directed that these activities be conducted in a way that is consistent with ensuring the privacy rights and civil liberties guaranteed in the Constitution and cherished by all Americans.

More….

38.967115 -77.748279

Gov. O’Malley positions Maryland to capitalize on cyber security efforts

Baltimore Business Journal – by Daniel J. Sernovitz Staff

Gov. Martin O’Malley announced an ambitious plan Monday to establish Maryland as the “epicenter” for the federal government’s cyber security initiative.

It’s a push that could bring as many as 28,000 jobs to Maryland as the Pentagon and its array of government agencies seeks to insulate the nation from hackers and other computerized threats.

O’Malley, speaking at a cyber security summit in Montgomery County, outlined plans to create a national cyber security center and boost marketing to lure defense contractors here, especially those in the fast-growing field of informatics. The Democratic governor said his administration will do everything it can to partner with the federal government and those agencies already charged with improving the nation’s cyber security defenses. The steps are in line with efforts already under way in the federal government, including the proposed creation of a U.S. Cyber Command to be led by the head of the National Security Agency at Fort George G. Meade in Anne Arundel County. More….

38.967115 -77.748279

4 Out-of-the-Norm Cybersecurity Challenges

December 24, 2009 – Eric Chabrow

Eric Chabrow
Navy CIO Robert Carey was a last-minute replacement on a panel at a Federal CIO Council conference earlier this month that asked participants to identify three IT security challenges.

“I don’t have three; I have 23 that keep me up at night,” Carey told the gathering of federal cybersecurity professionals and managers.

In my world, people like to go really slow, but the Internet won’t allow that.

His challenges aren’t the typical ones, but they wouldn’t surprise those who know Carey, one of the first federal chief information officers to blog and a big advocate of government agencies employing Web 2.0 technologies if they can be secured.

Challenge 1: Culture

Getting non-tech decision-makers to live and breathe cybersecurity. The least cybersecurity smart are the military’s top brass who can be found in the offices in the Pentagon’s “E” ring, the outer perimeter of the Defense Department’s headquarters with a view of the outside world. “They’re the decision makers,” Carey said “The higher they go, the less they know (knowing laughter). … You have to convince them to get behind (cybersecurity) so all the others who don’t do this for living get it.”

Another cultural challenge: the Millennials. True, they’re tech savvy, and they want to bring their portable devices to work. But many in this under 30 crowd are just too trusting when it comes to technology. “Cyber(security) is not something they jump at right away,” Carey said.

Challenge 2: Pace of Change

“Social networking, Web 2.0, Web 3.0 are here to stay,” Carey said. “In my world, people like to go really slow, but the Internet won’t allow that. The Internet moves at the pace of the Internet, and not the pace that you want to. The young kids you hire are doing things you don’t like. … (But) you’ll need to harness that.

“We do podcasts, wikis … and that makes certain folks nervous. But cybersecurity has to evolve with that pace of change. … Don’t be the guy to slow things down. Rather, partner with them to deliver the proper levels of security.”

Challenge 3: Identity Management

“The heart of cybersecurity is who I am,” Carey said. “What is Rob allowed to do? Ultimately, how I validate who I am. I can access things and not certain other things. It’s the lynchpin.”

Identity management is crucial in organizations such as the Navy that has 900,000 folks, each with specific responsibilities that need to be recognized by various systems and applications in order to defend the nation.

Though the panelist were asked to provide three challenges, Carey offered another one.

Challenge 4: Wireless

A few years back, as an experiment, the Navy distributed Blackberries to officials, including flag officers. When the experiment was over, Carey recalled, nobody gave them back.

“A web-enabled world at your fingertips makes the wireless component of cybersecurity huge,” Carey said. “If my boss is a big fan of a certain vendor’s device, I’ve got to figure out how he can use it. At the end of the day, people don’t want to be tethered to their desks. They want to be able to get information they’re authorized to.

“That realm is on the table today. We have to understand the network is connected to wireless as well as the ivory-tower building. We need to be mindful of that.”