DHS goes hunting for network security vulnerabilities
DHS is taking the lead on ensuring reliable threat protection across key federal networks.
The Department of Homeland Security (DHS) has been taking significant steps in recent weeks toward evolving the federal network security framework. After unveiling a new initiative set to bring continuous monitoring capabilities to more agencies, DHS officials have announced a two-pronged cybersecurity assessment strategy that will track policy compliance and test defensive capabilities within key government offices.
Adapting FISMA for modern threats
The Federal Information Security Management Act (FISMA) serves as the cornerstone of the U.S. government's cybersecurity stance, but several important developments have changed the threat landscape since the legislation was passed a decade ago. Security experts are particularly concerned by the fact that the law only calls for agencies to conduct comprehensive reviews of their systems, on average, once every three years.
To bridge the gap between FISMA's baseline intentions and today's cybersecurity realities, the DHS has taken the lead on expanding continuous monitoring capabilities across the public sector. According to GovInfoSecurity, project coordinators will distribute advanced sensors to "civilian, non-intelligence agencies in the federal government" to help generate between 60 billion and 80 billion automated vulnerability and configuration integrity checks every one to three days.
Coming off a year in which government officials responded to more than 106,000 separate cybersecurity attacks, this move is expected to significantly narrow the exploitation window available to hackers. This kind of situational awareness will also be a key component of expectations outlined in the Trusted Internet Connection (TIC) initiative intended to optimize and standardize external network connections used by federal agencies.
Alongside two-factor authentication, continuous monitoring has been tapped as a way to evolve Homeland Security Presidential Directive 12. Initially authored in August 2004, this mandate calls for the establishment of a common identification standard for all federal employees and contractors.
Assessing agency progress
Now that the task of outlining expectations has been completed, DHS officials will shift focus to ensuring policy translates into practice. In a recent interview with FederalNewsRadio, DHS cybersecurity assurance program manager Don Benack suggested he will be following a two-pronged strategy. Agency assessments will begin with the deployment of a "blue team," a four-person group of compliance experts observing if and how TIC cybersecurity requirements are being satisfied.
"We started with the blue teams assessing controls established by DHS and [the Office of Management and Budget], and there was also some cross agency participation in working groups to refine the capability statement," Benack explained. "Our teams go into the field and look to validate those controls are in place. It's pretty straightforward. We look to see that technically the capability is in place, but we also look for [what] policies and standard operation policies are in place and we talk to the staff."
Approximately 30 of these assessments will be conducted annually, according to Benack, with a primary focus on the 18 core agencies that serve as TIC Access Providers. Upon completion, agencies will receive a comprehensive report detailing what capabilities they are meeting and missing. DHS officials will outline possible risk factors, but how they are addressed – and in what order – is up to the agency.
The second prong of the DHS strategy is the deployment of "red teams" intent on proactively testing functional capabilities by hunting for network and data protection vulnerabilities. Agencies can invite red teams to conduct everything from network scanning and database testing to homegrown social engineering attacks meant to test employee awareness.
The red team's role is crucial, according to Benack, considering he has observed an approximate 33 percent margin of error between self-reported risks and the vulnerabilities that are ultimately uncovered.
Security News from SimplySecurity.com by Trend Micro
Spotlight
Cloud Computing
- Wall Street has data security concerns over Bloomberg reporting
- Security in backups means more than just encryption
- Employees must buy into the company policy for better cloud security
- Desktop virtualization can enhance security performance
Virtualization
- Virtualization-specific challenges could threaten data security
- Evolving threats put security skills in high demand
- Virtualization security requires education, access control management
- Tips for launching effective virtual security tools
Internet Safety
- Virtualization-specific challenges could threaten data security
- Evolving threats put security skills in high demand
- Virtualization security requires education, access control management
- Tips for launching effective virtual security tools
Vulnerabilities & Exploits
CTO Insights
First Line of Defense
Newsletter
Stay up to date with the latest news and information on online threats.
Recent News
- US makes large investment in cyber weaponry
- SEC may ask for more information after cyberattacks
- FBI trying to train financial execs on cyber threats
- Wall Street has data security concerns over Bloomberg reporting
Tag Cloud
cloud cloud computing cloud computing security Cloud Security Compliance & Regulations Consumerization Current News cybercrime Data Privacy data security Encryption Government Policy Internet Protection Internet Safety Internet Safety - DO NOT USE Internet Security Malware Mobile Security Mobility Policy Policy - DO NOT USE Privacy Privacy & Policy Private Cloud Public Cloud Reports Research Spotlight threat intelligence threat research Trend Labs Underground Economy virtualization Vulnerabilities Vulnerabilities - DO NOT USE web security web threats
Comments
No comments yet