DHSDHS repairing internal security operations
Last week DHS announced plans to overhaul its security operations center (SOC), the organization which protects DHS’ internal networks, and deploy a Next Generation Enterprise Security Operations Center (NextGen ESOC) which will incorporate state-of-the-art SOC technologies, concepts, and capabilities to address future security needs.
Last week DHS announced plans to overhaul its security operations center (SOC), the organization which protects DHS’ internal networks, and deploy a Next Generation Enterprise Security Operations Center (NextGen ESOC) which will incorporate state-of-the-art SOC technologies, concepts, and capabilities to address future security needs.
“For the NextGen ESOC, DHS is seeking new and significantly enhanced capabilities to effectively counter current and emerging cyber threats in a cost-effective operational environment,” a DHS officials said.
NextGov reports that in 2008, Verizon was awarded a $678.5 million, 10-year contract to run the current Enterprise SOC (ESOC), providing security oversight and coordination for DHS’s wide area network (WAN), its data centers, and local area networks (LANs). According to DHS, “the ESOC provides 24x7x365 continuous monitoring, analysis and reporting of security event information on Network Intrusion Detection Systems (NIDS), firewalls, routers, and gateway protection devices as part of its basic services.”
A counter-hack mechanism called the intrusion defense chain, or “kill chain,” developed by Lockheed Martin, is expected to drive the overhaul. Kill chain predicts a hacker’s plan then maps it out, giving cybersecurity operators a chance to counterattack each action planned by the hacker. Lockheed Martin used kill chain in 2011 to prevent an intruder who hacked the firm’s security provider RSA.
NextGovnotes that DHS chief information security officer Jeff Eisensmith has asked vendors how they would measure the effectiveness of the center if awarded the management contract, and has requested SOC operation ideas, “including most notably the employment of an Intrusion Defense Chain methodology to align enterprise defensive capabilities to the specific processes an adversary undertakes to target that enterprise.”
DHS officials have yet to decide on how much authority should be delegated to the department’s many agencies. “What level of direct responsibility should the ESOC retain over host-based and network-based infrastructure? What responsibilities should be delegated to an IT department?” officials ask. Officials are currently transitioning stewardship of the SOC from management within the Customs and Border Protection (CBP) to Eisensmith’s office. “Once transitioned, this ESOC will serve as a baseline for creation of the new NextGen ESOC capability,” officials said.