Asking DHS to hack your systems
The Department of Homeland Security is home to a broad range of cybersecurity missions -- including, apparently, network assessments and penetration testing for certain private-sector companies.
Brian Krebs, author of the popular Krebs on Security blog, reported on Dec. 1 that DHS' National Cybersecurity Assessment and Technical Services (NCATS) have been "quietly launching stealthy cyberattacks against a range of private U.S. companies — mostly banks and energy firms. These digital intrusion attempts, commissioned in advance by the private sector targets themselves, are ... designed to help 'critical infrastructure' companies shore up their computer and network defenses against real-world adversaries."
According to Krebs, "DHS said that in Fiscal Year 2015 NCATS provided support to 53 private sector partners."
Penetration testing, "red team" attacks and other vulnerability scans are a common, though often expensive, tool for organizations seeking to better secure their networks. And while Krebs wrote that the option of NCATS services, which DHS provides free of charge, is largely unknown to the private sector, their availability to government agencies is hopefully better known. The NCATS Cyber Hygeine program is mandatory for federal civilian agencies -- and the full suite of assessments are available to any state, local, tribal or territorial government stakeholder that requests them.
According to information posted on the U.S. Computer Emergency Readiness Team website, "NCATS leverages existing 'best in breed' cybersecurity assessment methodologies, commercial best practices and integration of threat intelligence that enable cybersecurity stakeholders with decision making/risk management guidance and recommendations." An assessment "can range from one day to two weeks depending on the security services required."
For the private sector, Krebs noted, there are questions about the degree to which DHS should compete with commercial penetration testing firms. For government agencies, however, there are no such caveats. Interested parties can contact firstname.lastname@example.org for details and view the acceptance letter for NCATS services here.
Troy K. Schneider is editor-in-chief of FCW and GCN.
Prior to joining 1105 Media in 2012, Schneider was the New America Foundation’s Director of Media & Technology, and before that was Managing Director for Electronic Publishing at the Atlantic Media Company. The founding editor of NationalJournal.com, Schneider also helped launch the political site PoliticsNow.com in the mid-1990s, and worked on the earliest online efforts of the Los Angeles Times and Newsday. He began his career in print journalism, and has written for a wide range of publications, including The New York Times, WashingtonPost.com, Slate, Politico, National Journal, Governing, and many of the other titles listed above.
Schneider is a graduate of Indiana University, where his emphases were journalism, business and religious studies.
Click here for previous articles by Schneider, or connect with him on Twitter: @troyschneider.