Counter Cyberattackers Where They Live
As cyberattacks grow more sophisticated, government agencies must continuously improve their cybersecurity efforts and techniques. It’s an uphill battle, given the ever-changing threat landscape and agencies’ limited resources. Yet agencies have no choice but to endure.
Federal agencies must comply with the 2017 Executive Order “Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure.” There are myriad other cybersecurity regulations as well, such as the NIST Framework for Improving Critical Infrastructure Cybersecurity, FISMA, DISA, and STIGS.
State and local governments have their own cybersecurity requirements, including data security laws. To help agencies comply with mandates and improve cybersecurity, the General Services Administration (GSA) offers pre-vetted cybersecurity products and services. The Highly Adaptive Cybersecurity Services (HACS) (132-45A-D), simplifies the process of procuring cybersecurity technology and services for federal, state and local agencies.
The first HACS Special Item Number (SIN) service is for penetration testing. This process typically uses trained ethical hackers to attempt to penetrate an organization’s cyberdefenses, giving a good assessment of what needs improvement.
The most effective penetration testing services use tools, such as Nmap network discovery and attack surface mapping, NIKSUN PhoneSweep, and the Nessus vulnerability scanner. They’ll also use proprietary tools and information from contacts within the hacker community. The Penetration Testing SIN also includes network defense policy and configuration analysis, regulation and directive compliance evaluation, and help for agencies choosing cost-effective security controls to mitigate risk.
The second area under HACS is incident response services, which helps agencies understand why a compromise has happened, along with how to fix the problem and restore the system to a safe state. This includes collecting intrusion artifacts like source code, malware, and Trojans. Then the service uses discovered data to stop cyber-incidents; performs incident response command and control functions, correlates incident data to identify vulnerabilities, and recommends remediation methods.
The next HACS SIN, called Cyber Hunt, is an organized approach to searching for both immediate and potential threats in an effort to detect, isolate, and remediate them before they cause harm. A Cyber Hunt typically analyzes all activity at a given time. It then identifies anomalies that may be caused by malicious actions. While Cyber Hunting has been around for several years, it has become much more effective by incorporating big data, advanced analytics, and machine learning.
The final service available is the Risk and Vulnerability Assessment. With this service, agencies receive a full threat and vulnerability assessment, along with any deviations from acceptable configurations, policies, and recommended countermeasures. Specific services under this SIN include network mapping, vulnerability scanning, penetration testing, and assessments for phishing, wireless, web applications, databases, and operating systems.
These services are only available through IT Schedule 70, General Purpose Commercial Information Technology Equipment, Software, and Services Solicitation. Engaging a pre-approved vendor to perform any or all of these cybersecurity services is an invaluable way to improve the cybersecurity posture throughout the agency, meet all required mandates, and save money and time.
Because of these developments and the ever-increasing awareness and need for improvements around cybersecurity, GSA will almost certainly continue to be the front runner for the foreseeable future. CDW-G is positioned to support with testing and assessments.
Learn how our security solutions and services can protect your agency from cyber threats by visiting https://www.cdwg.com/content/cdwg/en/solutions/cybersecurity/security-assessments.html