Joint Service Provider (JSP) Defensive Cyber Operations (DCO) Internal Defense Measures (IDM)

James Icenogle    August 23, 2021

Project Summary:

Gray Tier’s work on the DCO IDM enables JSP to perform a wide variety of cybersecurity services and functions required to assure the operational, physical, and information security posture for Department of Defense (DOD) Services within CONUS and OCONUS. DCO IDM tasks are functionally grouped by End Point Security, Network Security, and Incident Handling; and include centrally managed technical subject matter expertise in the following security related areas of responsibility: project management, malware protection, continuous monitoring, cyber incident handling, insider threat detection and monitoring, and warning intelligence and attack, sensing, and warning (AS&W).

Incident Response and Intrusion Detection:

Gray Tier supports JSP with Tier 1, Tier 2, and Tier 3 SOC incident response and forensic personnel trained on the knowledge, skills, and abilities of the National Cyber Security Workforce Framework on a 24x7x365 basis at the Pentagon. We prepare and publish Situational Awareness Reports (SAR) for new and emerging threats, develop monthly targeted (i.e., spear phishing) activity reports on specific customers targeted by the adversary, prepare quarterly threat reports and Daily Cyber Intelligence and threat reports for senior leadership awareness, and developed a standard process for and support the correlation of incident activity to assess and direct operation and defense of Pentagon information systems and computer networks across strategic, operational, and tactical boundaries. Gray Tier responds to incidents for the unclassified and classified networks. Gray Tier manages triage, reporting, and escalation for an Incident Case Management. volume averaging 35 cases per day at the Pentagon. We enter incidents as cases in the Computer Network Defense Division incident management system as soon as they are identified and develop Incident Handling Case Reports on significant incidents. Gray Tier also performs reverse engineering for malware analysis, forensics analysis and reporting, and established and maintains an insider threat program.

Gray Tier also delivers intrusion detection support services, including monitoring all Intrusion Detection Systems (IDS). We monitor the Pentagon backbone networks for network and computer intrusions or attacks and applies configurations to the detection systems to allow detection of signature based and anomalous activity. Gray Tier provides 24x7x365 support to the JSP Active Detection and Prevention (ADP) team to manage and perform active defense and prevention network security monitoring functions for the Attack Sensing &Warning (AS&W) of JSP tenants and customers throughout the National Capital Region. The JSP sensor grid includes the IDS, Wireless IDS (WIDS), Intrusion Prevention Systems (IPS), Wireless Intrusion Prevention System (WIPS), web content filtering, enterprise proxy, Secure Sockets Layer (SSL) decryption, firewall, Packet Capture (PCAP), net flow, session and system log data which is fed and correlated in the enterprise Security Information and Event Management (SIEM) System.

Share to: