Case Studies

• IT Operations for U.S. Department of Energy
• eXCITE II (Common Desktop Services) for U.S. Department of Energy
• Cyber Security Support for U.S. Department of Energy

Cyber Security Support for U.S. Department of Energy

Challenges

We needed to form an integrated project team that would work with DOE to provide total cyber security support to a complex nationwide operation. This support included activities related to the secure transmission and storage of electronic information, drafting cyber security policy and procedures, providing user awareness training, risk management, internal or external auditing, and support for certifications and accreditations.

The time frame to put together a highly qualified project team and to respond to a high-priority customer was within 60 days.

Solutions

Network Security Operations

• Provide network security operations and engineering to design, implement, monitor, and maintain firewalls, intrusion detection systems, two-factor authentication capabilities, and additional security appliances deemed necessary in the ever-changing DOE cyber security environment
• Design, implement, monitor, and maintain all DOE Headquarters firewalls and intrusion detection systems and perform regular network vulnerability scanning
• Perform network and wireless vulnerability scanning and reporting and track corrective actions, providing 24x7 support to respond to security threats and ensure continuity of operations
• Manage the DOE virus protection program to analyze, implement, and monitor anti-virus protection policies, procedures, software, and hardware to prevent infection of DOE IT systems

Cyber Policy Support

• Support the nationwide DOE Continuous Asset Management
  • Provide technical, management, operations, and administrative support to the Office of the Chief Information Officer (OCIO) to meet its statutory obligation for 100% inventory of all IT networks and assets
  • Monitor all IT assets for compliance with policy
  • Automate patch and vulnerability management for DOE networks and assets
• Support program policy and governance processes to assist the OCIO in developing, maintaining, overseeing, and measuring the effectiveness of the implementation of policies and procedures to ensure the security of DOE's Common Operating Environment (COE) information and information systems
• Support compliance review and technology review processes
• Support Cyber Performance Measurement to ensure that OMB policy and NIST standards and guidance are cost-effectively implemented; weaknesses are defined; corrective action plans are tracked; and feedback is provided to DOE officials and OMB
• Maintain the Cyber Security Action Plan to reflect current Cyber Security program planning and to provide and maintain a schedule for budget planning and execution
• Provide Security Training and Outreach Support for various cyber security training, awareness, and outreach activities, such as the Annual Cyber Security Conference
• Support Office of Cyber Security budget execution
• Support Office of Cyber Security enterprise architecture (EA) by establishing an EA that is aligned with the DOE's strategic goals, thereby promoting standard architectural practices

Federal Information Security Management Act (FISMA) Support

• Support Office of Cyber Security asset and configuration management to comply with FISMA and the President's Management Agenda (PMA) to ensure adequate security for DOE IT assets
• Assist DOE in updating the FISMA Plan Of Action and Milestones to consolidate data for use by OCIO and DOE program officials in managing corrections and addressing underlying causes of security weaknesses
• Develop a centralized asset inventory database as the foundation for Continuous Asset Monitoring (CAM) to collect and contain this critical asset data on architecture, system design, specifications, component selection, and security configurations. This database serves as the information repository for FISMA, Enterprise Architecture, financial planning, and management reports and queries.

Homeland Security Presidential Directive 12 (HSPD-12) Support

• Prepare a project plan for program management, requirements and configuration management, and documentation
• Use Information Technology Infrastructure Library (ITIL) and Capability Maturity Model Integration (CMMI) to provide management expertise and evaluate options and alternatives as GSA and OMB define and acquire these services
• Assess criticality of DOE Cyber Infrastructure assets using a three-phase method to identify and prioritize critical DOE national-level assets, functionally analyze DOE HSPD-12 relevant assets, and analyze dependency of these assets on critical national infrastructure systems

Risk and Vulnerabiity Assessments

• Provide DOE support nationwide to plan, develop, and implement all aspects of the DOE Communications Security (COMSEC), DOE Emissions Security (TEMPEST), and DOE Telecommunications Security programs

Certification and Accreditation (C&A)

• Support C&A and self-assessment activities for all DOE HQ IT assets, networks, systems, and applications. These assessments ensure the reliability and accessibility of systems and defend against unauthorized access to the systems and data our customers use
• Provide senior Departmental managers with an assessment of each program office within DOE against established DOE Headquarters policies and procedures that ensure the reliability and accessibility of the Department's information systems and that prevent and defend against unauthorized access to the systems, networks, and data utilized by DOE Headquarters and its customers

Continuity of Operations Planning (COOP) and Testing

• Develop disaster recovery and continuity of operations plans
• Support these plans by implementing back up data center capabilities, by participating in COOP exercises and lessons learned, and by implementing recommendations from the COOP exercises to mitigate risks

Public Key Infrastructure (PKI)

• Provide day-to-day operational administration of all Certificate Authority (CA) and directory software, backups, archives, and PKI directories in accordance with the CONOPS, Certificate Policy (CP), Certificate Practice Statement (CPS), and other DOE-approved operational documents
• Provide configuration support of all PKI and PKI-related (directory, archive, Hardware Security Modules (HSM), etc.) hardware platforms for all CA's and all Registration Authorities (RAs) belong to the Headquarters CA
• Establish a technical solution in compliance with HSPD-12 and Federal Information Processing Standards Publication 201 (FIPS 201) that requires the deployment of standards-based identification (ID) cards for all federal employees and designated contractors. This solution requires the new ID card to be a smart card form factor containing PKI based digital certificates. In support of this program, we established an integrated project team to perform the following services:
  • Smart card engineering
  • PKI and directory services engineering
  • Identity management system engineering
  • Production deployment of the smart card system and PKI
  • Training material development

Virtual Private Networks

• Implementation of a two-factor authentication system within 60 days to provide additional security protection for DOE corporate systems accessed remotely

Results

• Our Cyber Security team supports all aspects of the DOE HQ's cyber security operations to manage and implement security technologies, practices, and procedures to protect DOE HQ's IT assets.
• We completely transformed the help desk supporters' response metrics and created an efficient database of all pertinent information about incidents and solutions.