Before hackers do some unwanted things, some federal civilian companies finally have huge access to centralized groups of cybersecurity professionals as they are prepared to spot network accountabilities. The Department of Homeland Security is lending money to propose to the civilian companies the penetration testing services that for a long time supported by the National Security Agency to the intelligence community and the Defense Department.
In an interview, the cybersecurity assurance program manager for DHD’s FNS or Federal Network Security branch, Don Benack said that earlier in their entry in February, the National Security Agency or NSA red teams has no federal civilian equivalent. Vanee Vines, the spokeswoman of NSA stated that the NSA everyday manages penetration testing for civilian agencies. Benack added that FNS is managing the same skills and tool sets but in a distinct way, in contrary to the usual penetration testing that includes hacking into a system to see that there are imperfections.
Companies can now select any information technology, application or network solution that they want to evaluate and FNS will conclude if the system can fight the attack and most of the fatal issues, aside from that it will regulate if the security measures require adjustment. Their goal is to gather data that would be useful to create annual reports on the status of the federal network security and not just to enhance the federal cyber defenses. The unwanted data would be used to give information to sharpen related national security enthusiasm and the data would be cleansed with the data that could distinguish an agency.
Previously, some companies’ selections for penetration testing have limits and very costly. Rob Karas, the risk evaluation program manager for the FNS branch said that agencies can do the penetration tests within themselves, purchase the testing tools and can depend on in-house professionals to manage them or either used contractors. Benack added that if the IT budget of a company was just a small amount the tool may not be a good help, however, if the agency buy the $100,000 tool and use it with different agencies, it seems that it was a good investment.
Karas stated that the red team penetration tests are complimentary to agencies and it began upon request. Some companies can request testing for a particular system peculiar to hazard they are worried about. Most of the agencies now are requesting for security checks of their Web applications wherein the board is logging in and use to connect with the agency data through the Internet. FNS will organize a cloud security test next month to check if the agency’s cloud solution can be used only within the network.
Benack and Karas assume business will also uplift in other field like as mobile security as they allow personal devices to access in their network. For the red team activities this fiscal year FNS got about $7 million and $8 million. FNS has 18 federal staff and contractor support employees for its blue and red team. FNS still depend on the employees of the Air Force, the Defense Information Systems Agency, NSA and other agency to allocate training procedures and tactics.
REFERENCES:
http://www.federaltimes.com/article/20120823/IT03/308230004/Red-teams-put-cybersecurity-test?odyssey=mod_sectionstories
http://www.silobreaker.com/red-teams-put-cybersecurity-to-the-test-5_2265925699128787053
http://www.thornstrom.net/2012/08/24/red-teams-put-cybersecurity-to-the-test/
