Sep 04 2019

DHS May Change How It Manages All Its Security Operations Centers

DHS wants to streamline the management and staffing of its cybersecurity fusion centers for its components.

The Department of Homeland Security is considering shifting how it manages staffing for its 17 Security Operations Centers. The agency wants to move to a single, multiple-award contract vehicle for its SOCs.

SOCs are the facilities where agency websites, applications, databases, data centers and servers, networks, desktops, and other endpoints are monitored, assessed and defended from cybersecurity threats.

Currently, as FedScoop reports, DHS SOCs “in Arizona, Mississippi, Georgia, the National Capital Region, and Northern Virginia contract independently of each other to meet their diverse staffing needs.”

Essentially, DHS wants to streamline the management of its SOCs to enhance their cybersecurity capabilities. As Nextgov notes, the contract vehicle being contemplated in the RFI “would centralize the pool of vendors and create a single set of core functions available to all SOCs.”

Those core services will include “network monitoring and security event analysis, email security monitoring and analysis, computer security incident response and management, vulnerability assessment, security engineering, cyber intelligence support, intrusion analysis and continuity of operations for SOC services,” according to the RFI, Nextgov reports.

MORE FROM FEDTECH: Discover how forensic IT tools lead agencies to better answers after breaches.

DHS Seeks to Simplify Its Cybersecurity Environment

In addition to managing the SOCs, DHS has an Enterprise Security Operations Center, which monitors, detects, analyzes, mitigates and responds to cyberthreats and adversarial activity on the DHS enterprise. The DHS ESOC is responsible for monitoring and responding to security events and incidents detected at the DHS-managed Trusted Internet Connections and Policy Enforcement Points and directs and coordinates detection and response activities performed by each component SOC. 

DHS, according to a draft statement of work, “has insufficient numbers of qualified cybersecurity professionals among its Federal Government workforce to staff its SOCs and requires contract personnel to staff its cybersecurity operations and operate its SOCs. As a result, DHS turns to a variety of contractors to staff cybersecurity operations.”

The contractor is expected to provide staff and management for the operation of SOCs and the performance of traditional SOC activities on behalf of DHS around the clock, 365 days per year.

DHS envisions a multiple award contract vehicle under which each awardee is capable of delivering the full scope of services the agency needs. 

According to MeriTalk, DHS CIO John Zangardi explains in a recent audio interview with GovernmentCIO that the agency “is focusing intently on network security and improving operations of its SOCs.”

DHS has taken a bottom-up approach, with CISOs from DHS component agencies managing the operations of the SOCs

“Instead of my [CISO] or CISO shop running it, we assigned CISOs from the different components to do this,” Zangardi tells GovernmentCIO. For example, he said the CISO from U.S. Customs and Border Protection is “in charge of the approach we’re going to take on tools,” explaining how the work is being divided. 

DHS plans to inspects its SOCs in December, with the goal of SOCs receiving “authority to process,” he tells GovernmentCIO.

gorodenkoff/Getty Images

aaa 1