The Homeland Security Department is laying the foundation for a next-generation security operations center, one with more sophisticated technologies for thwarting cyberattacks.
The Next Generation Enterprise Security Operations Center, or NextGen ESOC for short, would revamp DHS’ current security operations center, which today provides 24/7 continuous monitoring, analysis and reporting of DHS security events as well as other services, according to a request for information to industry.
DHS’ chief information and security offices are coordinating to migrate the department’s security operations center from the purview of the U.S. Customs and Border Patrol to an enterprise model under the chief information security officer. The move will lay the foundation for providing “significantly enhanced capabilities” under a new enterprise system.
A key part of the modernization will include use of the intrusion defense chain, or the kill-chain method, developed by researchers at Lockheed Martin, according to Nextgov, which first reported the story. This method is designed to help organizations predict the phases of a successful attack and develop strategies for preventing it.
DHS wants industry feedback on how it might go forward with acquiring a next-generation system and how a company would integrate intrusion detection analytics into security operations procedures. Other questions to industry focus on appropriate staffing for an operations center, the needed tools and continuity-of-operations capabilities.
The department also raises the issue of the appropriate balance between government and contractor responsibility. “Assuming government ownership of hardware and software licenses, what level of direct responsibility should the ESOC retain over host-based and network-based infrastructure?” DHS asks in the RFI. “What responsibilities should be delegated to an IT department?”
Industry responses are due April 19.