August 31, 2020

by Andy S.

Many of us working in the government space are aware of the massive data breach at the Office of Personnel Management (OPM) announced in 2015 that exposed the personal information of over 22 million government and contractor employees. In the Washington D.C. area at least, that made big news. If you don’t work in the cybersecurity world, however, some of the other massive data breaches that happen every day may go unnoticed. What’s even more concerning is that they go unnoticed because they are all too common. Huge data breaches exposing social security numbers, credit card information, email addresses, passwords, and more happen with increasing regularity. Equifax, Marriot, Linkedin, Adobe, eBay, Yahoo, and many others have been attacked and breached by hackers – resulting in the compromise of hundreds of millions of user accounts. Foreign adversaries are also illegally accessing technology companies to steal valuable Intellectual Property, thus irreparably damaging our economy and our ability to compete in the world market. They target military technology and information, threatening the safety and security of our warfighters and their missions. Increasingly, industrial capabilities are being targeted through vulnerabilities in operational technology, giving attackers the ability to disrupt critical infrastructure.

A computer screen with code and text reading "data breach," "cyber attack," system safety compromised," and similar contentCybersecurity has become increasingly critical following a number of high-profile data breaches

As ActioNet further builds our digital engineering offerings to our clients, securing their data and infrastructure becomes a paramount component of our mission. Threat actors continue to improve their capabilities and tactics, and our expert cyber personnel stand ready to assist our government clients both defensively and offensively. ActioNet has a strong history of cybersecurity support, and we are using that expertise to harden and monitor infrastructure against an expanding threat landscape, while assisting our defense and intelligence clients in their proactive cyber missions. We have provided cybersecurity support for DOD, Treasury, DOC, SEC, HHS, and many others. Our services have included SecDevOps, COOP design, security systems engineering, vulnerability and patch management, and information assurance. At the Department of Energy, we provided a full range of cybersecurity services, including Security Operations Center (SOC) design, build, and operation, penetration testing, and infrastructure hardening.

The Cybersecurity market has realized exponential growth and thus represents a massive opportunity for ActioNet. Globally, cybersecurity is a $112 billion market, projected to more than double over the next six years. The US Government alone will spend about $19 billion on cybersecurity this year, up over 40% from just three years ago.

Cybersecurity requires a workforce of highly skilled operators, and government contracts frequently require these resources to have one or more certifications in various areas of cyber practice. Skilled operators are scarce, and the number of open positions in the marketplace requiring certifications is much greater than the number of certificate holders. ActioNet’s Cyber Community of Interest and internal training support programs build these skill sets within our workforce, providing an expert organization to our client base.

ActioNet operates in five broad Cybersecurity areas:

CISO Advisory Services

Chief Information Security Officer (CISO) advisory services are delivered at the program level to provide C-level executives with vision, roadmaps, and decision support services. ActioNet assists executives with overall program design, development, and governance, providing the roadmap to build a mature and capable cybersecurity organization. We develop investment priorities to fill gaps in capability, and help executives identify areas of cost savings by decommissioning duplicative tools and processes. We also develop important decision support capabilities through meaningful metrics and targeted dashboarding. From program design to gap analyses and technology evaluation, ActioNet helps executives make the right investments and the right decisions.

Security Architecture and EngineeringAn image block reading, "What is Zero Trust? Previous security models operated under the “security and moat” model where everything inside a company’s firewall was trusted with the assumption that users have been validated and are therefore trustworthy. The problem is when an attacker gets inside the network, they have broad access to data. Yet with the blurring of traditional network boundaries, Zero Trust takes an entirely different approach of “Never trust; Always verify.” It assumes the entire network could be compromised and requires verification from every person and device to access network data and resources. Zero Trust incorporates principles like least-privilege access (aka need-to-know), multi-factor authentication (MFA), microsegmentation, and strict controls on both device and user access to protect today’s increasingly connected business environments from emerging digital threats."

From a foundational base in enterprise architecture, ActioNet provides architecture and engineering support for diverse infrastructure requirements, including cloud, hybrid cloud, multi-cloud, mobile, and operational technology environments. ActioNet system engineers adeptly work within defense-in-depth environments, and as personal devices and cloud capabilities blur the lines of enterprise boundaries, we mature those enterprises into Zero Trust environments, authenticating every transaction in an automated, seamless user experience. ActioNet uses a technology-agnostic process to objectively evaluate, select, tune, and configure tools to meet our clients’ needs, and decommission those tools that present opportunities for efficiency and savings.  A clear architectural and engineering roadmap is key to building an efficient, effective security infrastructure.

Cyber Operations

ActioNet cyber specialists perform the vital real-time operational roles necessary to advance our clients’ missions. We start with fundamental system hygiene – system operations and maintenance, configuration, vulnerability, and patch management. Taking advantage of our comprehensive threat intelligence capabilities, our monitoring teams customize SIEM content to prevent, discover, and respond to cyber adversaries. Speed to action is paramount, and our proactive hunt teams seek out attackers before they access sensitive information, leveraging Security Orchestration and Automated Response (SOAR) to dramatically improve response times. ActioNet also develops extensive insider threat programs, guarding against the malicious and the simply careless actions of insiders. When security incidents do happen, our security incident management teams quickly contain and mitigate data exposure.

Assessment and Testing

The process of obtaining Authorization to Operate (ATO) should be fast, automated, and must ensure the comprehensive security of the system being tested. ActioNet’s technical experts focus on the highest risk attack vectors, ensuring valuable time and resources are spent testing and validating critical controls. This results in true continuous monitoring of systems, constantly testing critical controls in an automated way, while de-prioritizing low-risk controls – limiting cost and increasing program efficiency. Our penetration testers look for ways to take advantage of planned system functionality in unforeseen ways, misusing systems in ways that scanners cannot. We develop mis-use cases to clearly explain to system stakeholders how attackers can take advantage of vulnerabilities. Most importantly, we advise the best and most efficient methods to mitigate cyber weaknesses and close the Plan of Action and Milestones (POA&Ms), enabling stakeholders to harden their systems against attack.

A human eye made of data looking at cybersecurity related words

It is essential that experts are able to spot security risks and suggest efficient plans of action to stakeholders

SecDevOps

ActioNet’s deep development experience combined with our cybersecurity expertise provides the most efficient, secure code development available. Along with disciplined requirements definition and release scheduling, we perform automated testing through multiple gates in containerized environments to provide secure, high-quality code that works. By integrating security into the development lifecycle from Day One, ActioNet supports rapid release cycles with security built in, supporting automated continuous ATO environments.

ActioNet’s expert capability in the cyber marketplace is a valuable and necessary part of the digital product we create for our clients. Cybersecurity ensures that services are available when they are needed, that information is correct when it is accessed, and that sensitive and personal information is protected. Our cybersecurity experts demonstrate every day how truly vital they are to protecting our clients’ missions, our government’s critical infrastructure, and the nation’s economy.  For more information on ActioNet’s Cyber capabilities, please contact [email protected]