Every year there are scores of cyber security attacks and alerts, and technology evolutions are always one-upping themselves. One solution begets a counter-solution. One attack prompts a counter-attack. It’s a never-ending cycle, and it’s imperative to remain agile and vigilant. Because of this, we engage in and engineer proactive cyber security solutions that can adapt to an ever-changing landscape. See why a resilient cyber security strategy and technology are so important for our nation’s defense, critical infrastructure, and key data networks.
NIST Cybersecurity Framework & FISMA Compliance
Risk management is a significant consideration for any organization, whether private or public. But for governments, military defense, and infrastructures that are integrally tied to the economic security of nations, it is of paramount importance.
Two US institutions focus on communications, information networks, and cyber security risk management: The Cybersecurity & Infrastructure Security Agency (CISA) and the National Institute of Standards & Technology (NIST). Both set guidelines based on FISMA legislation, the Federal Information Security Modernization Act, with CISA implementing protections for federal agencies and NIST working with public and private industries on cyber security standards, among other security interests.
FISMA authorized the Department of Homeland Security to establish cyber security operations and policies in coordination with OMB that would protect information networks across the federal government.
NIST’s Risk Management Framework helps organizations, agencies, and contractors meet FISMA requirements by guiding them on the preparation, selection, and implementation of security controls and how to monitor and assess their information systems.
NIST’s Cybersecurity Framework is a response to the Executive Order for Improving Critical Infrastructure Cybersecurity that “directed NIST to work with stakeholders” to reduce “cyber risks.” Its best practices framework covers identifying, protecting, detecting, responding, and recovering from cyber security threats. NIST’s cyber security agenda includes addressing cryptographic methods, emerging technologies, and trustworthy platforms and networks.
While federal agencies are required to maintain FISMA compliance and adhere to information security guidelines and standards, government contractors and private industry would do well to take proactive action, address vulnerabilities, and protect themselves from both current and future cyber security risks. MAG delivers solutions for all.
Current Cyber Security Threats
Here is a brief review of what experts currently consider the top threats to cyber security:
- Network Disruption – Premeditated internet outages that have the potential to severely impact governments and businesses.
- Information Integrity – The intentional spread of disinformation including by bots and other automated sources
- New technologies in the wrong hands – “Rapid advances in intelligent technologies” plus the possibility of conflicting regulatory demands can make an organization’s cyber security stance much more vulnerable.
- Cyber-physical attacks – Where hackers (state-sponsored or otherwise) target critical infrastructures like electrical grids, water supply/treatment systems, transportation, or military systems – as well as private enterprises.
- Cryptocurrency-related threats – Ransomware threats are emboldened by the prospect of anonymous payments via Bitcoin. In addition, cryptojacking is a new crime wave where hackers steal cryptocurrency from personal or work computers.
- IoT Risks – Connected devices are convenient, but pose a significant security threat to businesses and individuals. More connections mean more avenues for hackers to launch “cyber invasions and infection.”
- EMRs & Medical Devices – Most medical offices and organizations are moving or have moved to electronic medical records, which improve patient care but also increase security risks to patients’ information. In addition, smart medical devices are vulnerable to cyber attacks.
- Smart Cars – In the same way, automobiles’ computer systems and autonomous or semi-autonomous vehicles are susceptible to hackers who might discover network insecurities.
MAG’s Proactive Cyber Security Solutions
Our response and attitude toward current and evolving cyber security threats is constant vigilance and resilient, adaptable technology and strategies. Here’s how we do that:
Joint All-Domain Command & Control (JADC2)
We enable the connection and interoperability of sensors in a unified network across services and domains. We can take data from various environments, process it using AI algorithms, and identify items of interest. This helps commanders make better decisions by making action recommendations and speeding up the decision-making process.
Near-Peer/Contested Environments
We also utilize dual-use technology. We take technology that is available in the commercial environment and enable it to support the contested domain.
We develop and implement sensors and systems designed for the new environments that support distributed operations and provide seamless coordination and operations across the battle theater. Our data and software processing is distributed so as to mitigate the impact of any particular site or hardware failure further enabling agile combat use.
Resilient Communications
Our communications engineering comprises multiple security disciplines, including:
- Security architecture engineering
- Security assessment and authorization (A&A) support
- System vulnerability identification and remediation
- Security artifact and supporting document production
- Information Assurance Vulnerability Management (IAVM)
- Penetration testing and ethical hacking
- Federal Information System Management Act (FISMA) compliance
DEVSEC OPS
We collaborate with development and operations teams and integrate security teams in the software delivery cycle. We look for security vulnerabilities, conduct early threat modeling, security design reviews, static code analysis, and code reviews as we work through the development process. We automate the security gates and select the right tools to continuously integrate security.
Cross Domain Solutions
Our security engineers support Cross Domain Solutions (CDS) and have assisted various US government clients including Army sites and the Army Cross Domain Solutions Office (CDSO). We’ve helped ensure policies and procedures are followed and that requirements for fielding Defense Information Infrastructure (DII) Guards are met.
Information Assurance Engineering
This cyber security capability encompasses multiple security disciplines, including:
- Security architecture engineering
- Security assessment and authorization (A&A) support
- System vulnerability identification and remediation
- Security artifact and supporting document production
- Information Assurance Vulnerability Management (IAVM)
- Penetration testing and ethical hacking
- Federal Information System Management Act (FISMA) compliance
NIST RMF Support
We help our clients meet NIST’s Risk Management Framework guidelines with:
- Proactive expertise in the advancement of DoD cybersecurity risk management
- System categorization support to determine the adverse impact to losses or the compromise of confidentiality, integrity, or availability to a system or its information
- Analysis, identification, and assignment of NIST Special Publications 800-53 security controls, applicable overlays, and federal security standards
- Development of RMF artifacts and supporting documentation in support of authorization
- Systems and Network Vulnerability Assessment (NVA) scanning
- Vulnerability identification, documentation, and remediation tracking in accordance with the IAVM process
- Formal Security Control Assessment (SCA) test support
FISMA & IAVM Compliance
We make sure that our customer’s information systems maintain a post-deployed security posture and maintain FISMA compliance. We participate in the preparation and execution of the FISMA Security Controls Review to ensure DoD and Federal information systems comply with FISMA requirements.
Part of this process includes evaluating the validity and effectiveness of key security controls, analyzing disaster recovery and continuity of operations, and reviewing policy and process incident response planning as well as production code changes to determine IA impacts, current IAVM policies and management, and periodic integrity testing.
Security Assessments & Remediation
We run automated scan tools against networks, operating systems, and compatible applications. We also conduct additional manual assessments as necessary, using approved DoD and Army solutions:
- Assured Compliance Assessment Solution (ACAS), using the Nessus vulnerability scanner
- Security Content Application Protocol (SCAP) Compliance Checker (SCC) with STIG benchmark content
When it comes to cyber security systems, strategies, quality control, and operational excellence, you need a partner who understands all the regulations, standards, technology, and evolving threat landscape. From development to implementation to maintenance, MAG will engineer full-perspective, proactive cyber security solutions that will strengthen and protect.
Learn more or connect with us today.
