There are three sectors of the federal government that are vitally concerned with computer network defense, and the intelligence community adds an additional level of security because of the classified nature of community activities. As a result, contractors that provide computer network defense (CND) services are held to even higher standards than the usual high requirements of vendors for cyber security projects. The concept of computer network defense includes a broad menu of services that provide an infrastructure against cyber attacks from domestic and international sources. While each agency has specific cyber security needs and protection of classified data and information, a general roadmap can be developed and used as a template for individual users.
General Objectives: In general, contractors that perform computer network defense services are tasked to meet four objectives.
The contractor is also required to make regular formal reports and/or briefings detailing status and accomplishments in the various CND functional areas. Specific CND duties include, but are not limited to:
Deployment: Deployment requires the contractor to develop all hardware and software required to establish a state of the art cyber security defensive network that will improve defenses, ensure that the systems operate properly and monitor activities on a day to day basis. It is important that the entire deployment effort coordinates with the agency security office to ensure that the protection of classified data is not compromised.
Deployment usually includes:
Deploy, maintain, and monitor and harden agency's perimeter defenses on all classified and unclassified networks
Deploy, operate, maintain, monitor, and harden agency's intrusion detection capability on all classified and unclassified networks
Operate, maintain, monitor and harden agency's Domain Name Servers(DNS) on all classified and unclassified networks
Manage Assist and Support: Additional support is often required in the form of identification of new products/technology that enhance the security of the network. Since cyber security is in a rapid development phase, new products and technology are constantly emerging. Some of this technology is good and some is not useful. Qualified decisions are required to pick the best applicable technology.
A sample of additional support includes:
Working closely with engineering and operations for the installation and configuration management of CND devices on agency's networks
Performing software and hardware vulnerability scans on all classified and unclassified networks and systems
Managing, and monitoring the enterprise anti-virus program
Providing assistance and guidance in the development of system and network security plans
Managing and monitoring the system and network audit log reviews for all networks and systems
Testing and Reporting: Continuous testing of the system is the best way to identify and preclude future cyber attacks on a regular basis. Based upon testing, decisions can be made to improve the performance of the cyber security network.
Included in this process are the following steps:
Identifying anomalous activity in an audit log immediately to the government manager
Performing network and system security plan compliance testing
Reporting noncompliance with system and network security plans immediately to the government manager
Executing software, hardware, and configuration vulnerability scans on all agency systems and networks
Working closely with agency's security office in the development, implementation, and management of agency's system security program
Managing and monitoring the removable media access control program on all agency systems and networks
Compliance and As Needed Support: The critical nature of computer network defense means that standards and regulation must be met and complied with to insure success of the program.
Supporting the Information Assurance Vulnerability Alert (IAVA) and Information Condition programs; developing and maintaining agency's information systems security officer professional development program
Reviewing updated developments on all applicable standards and regulation to ensure that the network is in compliance
Providing as needed incident response support for hacker attacks, cyber-terrorist attacks and virus, worm, Trojan horse, and other malicious code incidents
Develop, install, manage, and maintain the PKI infrastructure on all agency networks and systems
Documentation and Technical Representation: In order to establish a program that future users can comply with and benefit from, complete and accurate documentation is required. In addition, compliance with intelligence community standard operating requirements, particularly as regards security of classified information, is mandatory.
This process includes:
Documentation of practices, policies, requirements, training, standard operating procedures, and configuration management processes
Representation at agency meetings, conferences, and seminars as directed by the government
Responding to agency, DoD, and intelligence community requirements as directed by the government
Providing additional technical support to the other branches/clients of mission assurance as required
Establishing a viable and compliant computer network defense is a major undertaking and requires skill and effort. This is particularly true when dealing with the intelligence community agencies and dealing with classified information. This requires experience professional engineers with the required security clearances in addition to CND required certifications.