DHS Open to Deploying Multiple Shared Cybersecurity Capabilities

For agencies looking to beef up their cybersecurity capabilities, the Department of Homeland Security could soon become a one-stop shop for shared IT security services.

DHS is exploring standing up a Security Operations Center (SOC) as a Service capability as a shared service to other agencies, but it’s also open to other shared service efforts, according to a DHS official. SOCs are the facilities where agency websites, applications, databases, data centers and servers, networks, desktops and other endpoints are monitored, assessed and defended.

The efforts signal that DHS wants to ramp up its ability to provide cybersecurity solutions for a wider array of agencies. The work also comes as the White House released a report this week which found serious deficiencies in the government’s risk management abilities.

In the “Federal Cybersecurity Risk Determination Report and Action Plan,” the Office of Management and Budget and DHS determined that 71 of 96 agencies (74 percent) participating in the risk assessment process “have cybersecurity programs that are either at risk or high risk.” OMB and DHS also found that agencies are “not equipped to determine how threat actors seek to gain access to their information.”

SIGN UP: Get more news from the FedTech newsletter in your inbox every two weeks!

DHS Plans for More Shared Cybersecurity Services

DHS is currently working with smaller, non-CFO Act agencies to deploy a shared service that will provide them with a Continuous Diagnostics and Mitigation program dashboard. The shared service received authorization at the end of March, Kevin Cox, CDM program manager at DHS, said last month at the Summit GITEC 2018. DHS is working with the first four smaller agencies, which Cox declined to name, to deploy sensors so that data can be fed into the multitenant dashboard. By the end of June, DHS expects that to begin feeding into the federal dashboard.

However, DHS expects to expand beyond that effort. “There is an interest in expanding out our shared services offerings beyond that shared service for the non-[Chief Financial Officers] Act agency population to look at other shared services that could benefit all of the agencies, large or small,” Cox told FedScoop earlier this month. 

The White House’s December 2017 IT modernization report calls for DHS and the General Services Administration to explore a SOC as a Service offering. The report notes that many agencies lack the resources or expertise to establish their own agency-level SOCs.

A SOC as a Service capability "would allow agencies currently lacking such capabilities to purchase them from those agencies with sufficient capacity to offer such a service."

Over time, the report says, “agencies offering SOCaaS could provide a full suite of capabilities to agencies that do not want or need to manage their own operations. This would align with the consolidation of existing networks. A more consolidated SOC would have broader visibility, easier communications, and the ability to add tools not available in a more distributed model.”

By June 11, OMB, DHS and GSA are supposed to “identify potential offerings to provide SOC as a Service capabilities to other agencies” across the government. And GSA, in coordination with OMB and DHS, “will lead contracting efforts to also offer commercially available SOC as a Service capabilities” to agencies.

Cox told FedScoop that the CDM program team wants to explore how to deploy SOC as a Service through its shared services platform while the administration decides how such a service would fit into a larger IT policy.

“What we are looking to do, to the extent that it makes sense, is be able to support SOC-as-a-service in the future if [the Office of Management and Budget] comes to us and says, ‘CDM, we’d like you to work with different agencies to get a SOC-as-a-service capability in place,’” he said. “So depending what comes out of that action, through IT modernization, will then determine what role CDM plays in that regard.”

However, Cox said, DHS might be able to support other shared cybersecurity services. “It’s a wide-range of possibilities, but there’s nothing that has been defined today as what those other shared services might be,” he said.