Computer Network Defense (CND) and the Intelligence Community-A Higher Level of Security

Jon Stout

There are three sectors of the federal government that are vitally concerned with computer network defense, and the intelligence community adds an additional level of security because of the classified nature of community activities. As a result, contractors that provide computer network defense (CND) services are held to even higher standards than the usual high requirements of vendors for cyber security projects. The concept of computer network defense includes a broad menu of services that provide an infrastructure against cyber attacks from domestic and international sources. While each agency has specific cyber security needs and protection of classified data and information, a general roadmap can be developed and used as a template for individual users.

 

General Objectives: In general, contractors that perform computer network defense services are tasked to meet four objectives.

 

  1. Recommending architectures, software and hardware
  2. Implementing the government-approved solution
  3. Performing operations and maintenance of the CND program
  4. Insuring that security requirements for classified material are met (a higher level of security requirement)

 

The contractor is also required to make regular formal reports and/or briefings detailing status and accomplishments in the various CND functional areas. Specific CND duties include, but are not limited to:

 

Deployment: Deployment requires the contractor to develop all hardware and software required to establish a state of the art cyber security defensive network that will improve defenses, ensure that the systems operate properly and monitor activities on a day to day basis. It is important that the entire deployment effort coordinates with the agency security office to ensure that the protection of classified data is not compromised.

 


Deployment usually includes:

Deploy, maintain, and monitor and harden agency's perimeter defenses on all classified and unclassified networks

Deploy, operate, maintain, monitor, and harden agency's intrusion detection capability on all classified and unclassified networks

Operate, maintain, monitor and harden agency's Domain Name Servers(DNS) on all classified and unclassified networks

 

Manage Assist and Support: Additional support is often required in the form of identification of new products/technology that enhance the security of the network. Since cyber security is in a rapid development phase, new products and technology are constantly emerging. Some of this technology is good and some is not useful. Qualified decisions are required to pick the best applicable technology.

 

A sample of additional support includes:

Working closely with engineering and operations for the installation and configuration management of CND devices on agency's networks

Performing software and hardware vulnerability scans on all classified and unclassified networks and systems

Managing, and monitoring the enterprise anti-virus program

Providing assistance and guidance in the development of system and network security plans

Managing and monitoring the system and network audit log reviews for all networks and systems

 

Testing and Reporting: Continuous testing of the system is the best way to identify and preclude future cyber attacks on a regular basis. Based upon testing, decisions can be made to improve the performance of the cyber security network.

 

Included in this process are the following steps:

Identifying anomalous activity in an audit log immediately to the government manager

Performing network and system security plan compliance testing

Reporting noncompliance with system and network security plans immediately to the government manager

Executing software, hardware, and configuration vulnerability scans on all agency systems and networks

Working closely with agency's security office in the development, implementation, and management of agency's system security program

Managing and monitoring the removable media access control program on all agency systems and networks

 

Compliance and As Needed Support: The critical nature of computer network defense means that standards and regulation must be met and complied with to insure success of the program.

 

This includes:

Supporting the Information Assurance Vulnerability Alert (IAVA) and Information Condition programs; developing and maintaining agency's information systems security officer professional development program

Reviewing updated developments on all applicable standards and regulation to ensure that the network is in compliance

Providing as needed incident response support for hacker attacks, cyber-terrorist attacks and virus, worm, Trojan horse, and other malicious code incidents

Develop, install, manage, and maintain the PKI infrastructure on all agency networks and systems

 

Documentation and Technical Representation: In order to establish a program that future users can comply with and benefit from, complete and accurate documentation is required. In addition, compliance with intelligence community standard operating requirements, particularly as regards security of classified information, is mandatory.

 

This process includes:

Documentation of practices, policies, requirements, training, standard operating procedures, and configuration management processes

Representation at agency meetings, conferences, and seminars as directed by the government

Responding to agency, DoD, and intelligence community requirements as directed by the government

Providing additional technical support to the other branches/clients of mission assurance as required

 

Establishing a viable and compliant computer network defense is a major undertaking and requires skill and effort. This is particularly true when dealing with the intelligence community agencies and dealing with classified information. This requires experience professional engineers with the required security clearances in addition to CND required certifications.



Add Comment      Leave a comment on this blog post

Post a comment

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

 

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.


 

Resource centers

Business Intelligence

Business performance information for strategic and operational decision-making

SOA

SOA uses interoperable services grouped around business processes to ease data integration

Data Warehousing

Data warehousing helps companies make sense of their operational data