The size of U.S. Government networks has made it a relatively easier target for a growing number of cyber–attacks and exploitation activities which are becoming more frequent, sophisticated, aggressive and dynamic. Over the years, U.S. cyber defenders have struggled to protect an attack–surface that continues to grow rapidly and significantly. Running on what appears to be an endless hamster wheel, we are now, as a cyber nation, are coming to the realization that we are simply unable to defend every information system and network against every intrusion as our portion of the cyberspace domain has simply become too large and vast to close vulnerabilities that surface daily.
In that context, CSIOS’ blueprint for next generation cybersecurity services integrates a forward–looking cyber workforce, DCO Framework, and cyber technologies in custom–made–to–measure solutions. These solutions are designed to not only protect and defend an organization’s most important networks, systems, data and information so that they can carry out our missions effectively and efficiently, even in a degraded state, but also to maintain high level objectives of protection, monitoring, detection, analysis, diagnosis, and response–shifting in accordance with the differing attack–surfaces, operational threat environments, and classification levels they support.
The Next Generation Blueprint
Without question, our most important cyber resource is our workforce; moreover, as we look to build a world–class cyber workforce of the future, maintaining the quality of our cyber workforce is becoming not only our highest priority but also our greatest challenge. To achieve and maintain cyberspace superiority in today’s operational threat environment, CSIOS has developed a new kind of cyber defender who is educated and trained to understand the importance of command, control, computers, communications, and cyber (C5); intelligence; and operations collaboration. Over the past decade and across the nation, standard DCO operator training has been focused primarily on a structurally strong C5 but fragile intelligence and operations foundation. Given the size and complexity of our U.S. Government information systems and networks combined with disparate operational, mission and organizational priorities and functions, achieving effective and efficient DCO of U.S. networks depends on farming a new generation of DCO operators trained to understand the value of C5, intelligence, and operations collaboration and decision making integration.
At CSIOS, we maximize the full range of implemented DCO active cyberspace defense capabilities and investments available to the organization and ensure cybersecurity practices are adopted or reinstated from the outset. Our DCO Framework works with, supports, and improves other methodologies, standards, or models such as Capability Maturity Model Integration (CMMI), International Organization for Standardization (ISO), Information Technology Infrastructure Library (ITIL), Control Objectives for Information Technology (COBIT), Agile, DevOps, and DevSecOps; it also integrates IT industry and U.S. Government specific risk management strategies and best practices such as National Institute of Standards and Technology (NIST) and Risk management Framework (RMF).
In essence, we fuse the abovementioned methods with proven cybersecurity approaches and principles (e.g., defense–in–depth, layered defenses, mission relevant cyber terrain prioritization, attack surface target reduction, domain separation, process isolation, abstraction, resource encapsulation, least privilege, data hiding, modularity, simplicity, adaptation and operational resiliency) and apply our own proven signature for operationalization (i.e., know–what–how–where–why) to achieve the ideal made–to–measure solution recipe and service size for each customer. What’s important to emphasize at this juncture is that larger (at scale), faster, and cheaper is not always better. As an art, cybersecurity quality (over quantity) through the balanced integration of people, technology, and operations is always an unbeaten blend.
For example, due to the criticality and sensitivity of the organizational missions we support, CSIOS saw the need to formalize a process to continuously assess and improve the cybersecurity services we provision. We are doing this by leveraging our quadruple ISO certification standards for ISO 9001:2015 (Quality Management System), ISO/IEC 20000–1: 2011 (Information Technology Service Management System), ISO 22301: 2012 (Business Continuity Management System) and ISO/IEC 27001: 2013 (Information Security Management System). Integrating ISO standards has added clear and concise requirements, specifications, and guidelines to consistently and accurately ensure our clients’ cybersecurity services are perfectly aligned to meet their customers’ mission and operational priorities. By implementing a “plan, do, check, act” best practice approach, we have established a proven and globally recognized integrated management system framework for continual assessment and improvement process to ensure and sustain the availability, integrity, authentication, confidentiality, and non–repudiation of the information, information systems, and networks of the U.S. Government customers it supports. Through this unique construct, CSIOS has been able to identify more efficient, effective, and time–saving management processes; improve incident response times; and minimize disruptions to cyberspace operations, all while reducing operating costs and continuing to maintain compliance with the customers’ legislative and regulatory requirements.
We also leverage CMMI–DEV and CMMI–SVC Maturity Level 3 processes to deliver best–in–class Agile, DevOps, and DevSecOps development methods for our clients. We use CMMI–DEV to improve engineering and development processes in all products we develop and CMMI–SVC to improve management and service delivery processes to develop, manage, and deliver services. Additionally, we utilize Agile, DevOps, and DevSecOps methods selectively and methodically (not universally). For instance, we use Agile methods to improve the process of delivery; encouraging changes in the functions and practices of the mission/business and development teams to better produce the project and product envisioned by the end–user, or customer. We employ DevOps methods to improve the integration of software development and software operations, along with the tools and culture that support rapid prototyping and deployment, early engagement with the end user, automation and monitoring of software, and psychological safety (e.g., blameless reviews). We also leverage DevSecOps methods to improve the lead–time and frequency of delivery outcomes through enhanced engineering practices; promoting a more cohesive collaboration between development, security and operations teams as they work towards continuous integration and delivery.
To further satisfy our U.S. Government customers, we have complemented our DCO Framework with another award winning plug and play component: CSIOS’ Information Technology Service Management (ITSM) system. CSIOS ITSM uses the ITIL framework as its foundation and complements it with other standards, frameworks, and concepts contributing to the overall ITSM discipline such as CMMI, ISO, and PMI. When applicable, based on the ITSM services provisioned, we also integrate complementing and handpicked principles and practices from ISO/IEC 15288 for System Lifecycle Processes and ISO/IEC 12207 for Software Lifecycle Processes to maximize the standardization of our services.
To build a safer future in the cyberspace domain, CSIOS management has committed to ongoing research and development, adoption of innovation, and evolution through modernization. Our immediate future requires harnessing technologies that integrate meaningful and relevant intelligence, operations, and C5 through machine learning, artificial intelligence, and data science. Equally important, we strategically, operationally, and tactically overlay the abovementioned ingredients on two very important elements. First, the organizational mission essential functions, including the implications of the unclassified and classified environments (e.g., cloud environment, weapon systems, space systems, Industrial Control Systems, IoT) they support, as well as the operational threat environment they confront. Second, the differing and unique high volume, variety, veracity, and velocity (4Vs) data environments they operate. These 4V’s of big data are of no relevance if unable to be transformed into meaningful data visualization and data value (2vs). The 2vs ought to focus on a joint common operational picture and shared situational awareness environment for command decision support.
Written by Cesar Pie, President and CEO of CSIOS Corporation;