top of page

Cyberspace Operations

 

The challenges of cyberspace cross sectors, industries, and United States government departments and agencies; they extend across national boundaries and through multiple components of the global economy. Given the dynamism of cyberspace, CSRS–Corp is committed to work collaboratively with other public, private, academic, and international partners and allies to secure cyberspace and America’s cyber assets and common interests.

Cyberspace is one of five interdependent domains, the others being air, land, maritime, and space. A man–made domain; all other warfighting domains depend on cyberspace to operate. As the cyberspace domain continues to morph, our services in support of cyberspace operations continue to integrate balanced technical and non-technical cyber capabilities to achieve offensive, defensive, operational preparation of the environment, and support operations objectives in and/or through cyberspace.

Cybersecurity Governance

 

Cybersecurity governance is a subset of corporate governance that provides the strategic direction for the achievement of cybersecurity objectives. It ensures that cybersecurity related risks are appropriately managed and enterprise information resources are used responsible. To achieve effective cybersecurity governance, CSRS-Corp will assist your organization in establishing and maintaining a comprehensive cybersecurity program that supports your business objectives. Our solutions will generally consist of:

  • Establishing a comprehensive cybersecurity strategy intrinsically linked to business objectives

  • Establishing governing cybersecurity policies that addresses each aspect of strategy, controls and regulations

  • Validating standards for each policy to ensure procedures and guidelines comply with cybersecurity policies

  • Developing an effective cybersecurity organizational structure void of conflicts of interest

  • Establishing monitoring processes to ensure compliance and provide feedback on effectiveness

Performance Metrics for Cybersecurity

 

CSRS-Corp guides your organization through the specific development, selection, and implementation of a comprehensive cybersecurity performance metrics program. Our cybersecurity metrics program services will increase accountability for cybersecurity performance; improve effectiveness of cybersecurity activities; demonstrate compliance with laws, rules and regulations; and provide quantifiable inputs for resource allocation decisions. Our approach identifies the adequacy of in-place cybersecurity controls, policies, and procedures and measures the effectiveness and efficiency of these controls to protect, monitor, detect, analyze and diagnose, and respond to cyber attacks. Our program will quantify your organizations' performance to integrate people, operations, and technologies to:

  • Monitor their information systems and networks

  • Detect computer network attacks and exploitation activities

  • Analyze and diagnose attacks to determine the source, associated risks, and course of action

  • Respond to computer network attacks and exploitation activities

  • Protect the system from similar attacks in the future

Our measures can realistically be obtained, and be useful for performance improvement. At the end, our results will facilitate decision making, improve performance, and increase accountability through the collection, analysis, and reporting of relevant performance related data—providing a way to tie the implementation, efficiency, and effectiveness of information system and cybersecurity to an agency's success in achieving its mission.

 

Cybersecurity Readiness Assessments

 

Focused Threat-Based Assessments

 

CSRS-Corps provides independent and focused threat-based assessments services. These assessments are designed to simulate an interdisciplinary adversary and their attacks tactics, tools, and techniques to expose and exploit vulnerabilities as a mean for improving the security posture of information systems and overall cybersecurity readiness. As an essential gauge of Computer Network Defense operational readiness, their components, and the networks that sustain their operations, our threat-based assessments activities are divided into two categories:

  • Network penetration testing activities (technology focused). CSRS-Corp threat-based assessment team provides security testing in which evaluators attempt to primarily circumvent the technology security features of a system based on an understanding of the system design and implementation.

  • Exercise related activities (people, operations, and technology focused). CSRS-Corp threat-based assessment team simulates an opposing force and focuses on improving readiness and assessing the performance of network defenders (people) executing operations supported by their technology.

 

Network Penetration Testing

 

Generally, the purpose of network penetration testing is not training but to evaluate an organization’s technology posture by identifying vulnerabilities within the organization information systems or networks to assist them in taking corrective action. Our penetration testing mimics real-world attacks to identify methods for circumventing the security features of an application, system, or network. It often involves launching real attacks on operational systems and data using common tools and techniques commonly used by attackers. Our penetration testing services involve indentifying combinations of vulnerabilities on one or more systems that can be used to gain more access than could be achieved through a single vulnerability. These assessments can be useful for determining:

  • How well the system tolerates real world-style attack patterns utilized by hackers

  • The likely level of sophistication an attacker needs to successfully compromise the system

  • Additional countermeasures that could mitigate threats against the system

  • The capabilities to detect attacks and respond appropriately

Note: This type of assessment is recommended after a technical and non-technical vulnerability assessment.

 

Exercise Related Activities

 

Exercise-related activities provide Information Assurance and Computer Network Defense training to the overall organization (enterprise’s perspective), people, operations, and the technology used to operate and protect an organization’s information systems and networks. This training ensures Computer Network Defense mission processes, procedures, and vital organizational and/or component-wide coordination and actions are realistically implemented. Our training and exercises can be conducted at three levels:

  • Level 1: CND Awareness

  • Level 2: Exercise

  • Level 3: No Notice Exercise

 

Cybersecurity Framework Analysis

 

It is important to understand one’s cybersecurity framework and be aware of its capabilities and limitations. Through a methodical, repeatable and verifiable cybersecurity assessment framework and performance based metrics indicators, we will measure the effectiveness of your network defenders to protect and defend your information systems and network against cyber attacks. Through five basic steps ( identifying the business and mission requirements for security; performing a threat, vulnerability, and risk analysis; validating security policy; conducting a technical and non-technical evaluation of established cybersecurity practices; and providing technical and non-technical findings and recommendations to enhance overall cybersecurity framework), our cybersecurity framework analysis services will seek to improve your overall cybersecurity posture by providing a detailed review of your organizations’ abilities and capabilities to synergistically utilize a defense in depth construct to protect, monitor, detect, analyze and diagnose, and respond to cyber attacks.

Threat, Vulnerability, and Risk Analysis

 

One of the roadblocks to understanding the importance of cybersecurity is the lack of solid quantifiable information on the scope and scale of cyber vulnerabilities and the consequences of cyber attacks. At, CSRS-Corp, we apply risk management principles to provide a framework for analyzing alternatives to mitigate risks and implement countermeasures creating a sound foundation for effective cybersecurity whether the assets are information, operations, people, or facilities. Our process includes five basic steps aimed to determine responses to five essential questions:

  • What am I protecting? The first step identifies the assets that must be protected and the impact of their potential loss.

  • Who are my adversaries? The second step identifies and characterizes the threat to these assets. The intent and capability of an adversary are the principal criteria for establishing the degree of threat to the identified assets.

  • How am I vulnerable? The third step identifies and characterizes vulnerabilities that would allow identified threats to be realized. In other words, what weaknesses would allow a security breach?

  • What are my priorities? In the fourth step, risk is assessed and priorities determined for protecting assets. Our risk assessment examines the potential for the loss of or damage to an asset. Risk levels are based on the impact of loss or damage, threats to the asset, and vulnerabilities.

  • What can I do? Our final step identifies countermeasures to reduce or eliminate risks. The advantages and benefits of these countermeasures are weighed against their disadvantages and costs to create a balanced solution.

Cyber Incident Handling Capability Analysis

 

Our Incident handling capability analysis solutions provides your organization with a detailed examination of incident handling practices. We assess the ability and capability of network defenders to integrate operational procedures and technology to detect, analyze and diagnose, and respond to computer network attacks and exploitation activities for the purpose of mitigating any adverse operational or technical impact.; conduct horizontal and vertical deconfliction and coordination for information sharing, situational awareness, and ultimately synchronized response actions; and trace back, identify the source location of the attack; identify the individual, group, or organization originating the attack; and determine the actual nature of the attack.

Through our incident handling capability analysis framework, we will identify incident handling shortfalls and limitations to provide you with the necessary findings, lessons learned, trends, and recommendations to enhance your incident handling posture. Our Incident handling capability analysis outlines level of effectiveness and efficiency that will allow your organization:

  • Adhere to mandated organizational responsibilities for incident handling

  • Detect and properly characterize incidents and events

  • Analyze and diagnose the incident or event

  • Determine technical and operational impacts

  • Employ cyber forensics techniques

  • Validate the incident or event

  • Develop appropriate courses of action

  • Contain, eradicate, and recover from an incident or event

  • Adhere to establish reporting requirements (i.e., timelines for initial, follow-up, final reports, etc.)

  • Utilize approved and effective reporting vehicles to report incidents and events

  • Properly identify the critical paths taken by the threat actors

  • Properly categorize attack vectors used by the intruder

  • Properly identify the system configurations that should have been in place to prevent the incident from happening.

  • Meet vertical and horizontal reporting requirements

  • Employ incident handling tools

Attack Protection, Prevention, and Preemption

 

CSRS-Corp will provide your organization with a custom-tailored enterprise-wide protection, prevention, and preemption framework. We will accomplish this by integrating and balancing a proactive scheme to shield healthy network or system components and services to prevent contamination, corruption, or compromise, and develop a reactive scheme to temporarily isolate a compromised network, system component, or service to prevent compromise of healthy assets. Our aim is to better anticipate, preempt, detect and deter cyber attacks, thereby minimizing disruption, degradation, compromise, or misappropriation of networks, systems, or information. Our solutions incorporate best practices and technologies to improve resistance to attacks and prevent cyber attacks from disrupting communications, operations, or compromising or corrupting information. Our services use a composite approach that balances protection capabilities against cost, performance, operational impact, and changes to the operation itself considering both today and tomorrows’ operations and environments. We employ overlapping and heterogeneous cyber protection practices to counter anticipated events so that loss or failure of a single barrier does not compromise the overall information infrastructure and deploy protection mechanisms at multiple locations to resist all methods of attacks. Our solutions are flexible, adaptable, and will provide your organization a robust framework that helps mitigate threats and reduce the ability of adversaries to exploit vulnerabilities.

Cyber Incident Handling and Response

 

CSRS-Corp provides proactive and reactive on-site and off-site cyber incident handling and response solutions.

 

Proactive Services

 

Our proactive services provide assistance and information to help prepare, protect, and secure constituent systems in anticipation of attacks, problems, or events. Performance of these services will directly reduce the number of incidents to your organization in the future. Our proactive services include:

  • Cybersecurity announcements and information dissemination programs

  • Cybersecurity and technology watch

  • Security audits or assessments

  • Configuration and maintenance of security tools, applications, and infrastructures

  • Development of security tools

  • Intrusion detection services

  • Intrusion prevention services

 

Reactive Services

 

Our reactive services are triggered by an incident and/or event or request, such as a report of a compromised host, wide-spreading malicious code, software vulnerability, or an intrusion detected by a logging system. Our reactive services include:

  • Cybersecurity alerts and warnings

  • Incident and Event Handling

    • Incident detection

    • Incident analysis

    • Incident response

  • Vulnerability Handling

    • Vulnerability detection

    • Vulnerability analysis

    • Vulnerability response

  • Ongoing cyber incident handling capability analysis

Cyber Forensics

 

At CSRS-Corp, we employ proven forensics methods to preserve, identify, extract, document, and interpret computer media for evidentiary and/or root cause analysis. Our overall forensics framework is designed to investigate cyber anomalies, violations, computer network exploitations, and attacks; correlate, interpret, understand, and predict adversarial actions and their impact on system, network, and Information Technology infrastructure operations; and provide evidence for a criminal investigation. Our methodology is based on three basic elements comprised of: acquiring the evidence without altering or damaging the original; authenticating that the recovered evidence is the same as the original seized data; and analyzing the data without modifying it.

Cybersecurity Situational Awareness

 

CSRS-Corp understands situational awareness is a key element to an effective cybersecurity program. Our situational awareness services will assist your organization integrate people, operations, and technology to promote a shared situational awareness capability that leverages common data, views, and mechanisms for improved information sharing, collaboration, and overall common operational picture to provide the CND analyst community the capability to execute selected courses of action to mitigate and respond to attacks, resulting in more timely decision making and ultimately in increased mission effectiveness. We will assist you in:

  • Developing a timely and relevant situational awareness strategy with superior understanding of external cyber attacks

  • Establishing effective indicators and warnings of potential or ongoing cyber attacks and insider misuse

  • Integrating sophisticated situational awareness capabilities that help network defenders deconflict, correlate, and understand large volumes of data to support informed decision-making

  • Maintaining increased awareness of external cyber attacks and insider misuse of computing and communications resources, services, and information

  • Taking advantage of an integrated and broader operational picture. Such a picture provides a graphical, statistical, and analytical view of the status of computer networks and their defensive posture.

 

 

Our cybersecurity situational awareness solutions will help your network defenders and decision makers:

  • Visualize and understand the current state of the information technology infrastructure, as well as the defensive posture of the environment

  • Identify what infrastructure components are important to complete key functions

  • Understand the possible actions an adversary could undertake to damage critical information technology infrastructure components

  • Determine where to look for key indicators of malicious activity

Cybersecurity Technology Solutions

 

These are some of the cybersecurity technologies managed, supported, and/or administered by CSRS-Corp cybersecurity engineers:

 

Protection

 

  • Protect Technologies- Firewalls- Filters/Guards- Anti-Virus, Anti-SPAM- Disk and File Encryption

  • Deception Technologies- Honeypot- Honeynet

 

Monitor

 

  • Situational Awareness- Network Operations (NETOPS)

  • Network Mapping- Vulnerability Scanning

 

Detection

 

  • Intrusion Detection Systems (IDS)- Host-Based IDS, Network-Based IDS- Misuse Detection, Anomaly Detection

  • Intrusion Prevention Systems (IPS)- Host-Based IPS, Network-Based IPS

  • User Activity Profiling 

 

Analyze

 

  • Cyber Attack Attribution- Traceback

  • Correlation Technologies 

 

Response

 

  • CND Response Actions- Courses of Action (COAs)

  • Automated Information Assurance Vulnerability Management

bottom of page