Digital Defensive Workflow

About

The Defense Logistics Agency (DLA) is one of many agencies that are susceptible to foreign adversaries and potential hackers.  According to the DLA, cybersecurity analysts spend too much time, approximately 100-180 days, remediating and patching vulnerabilities on IT systems. This time could be spent addressing other cyber threats on other networks, defensively managing the network, and other high-risk national security tasks.  Sponsored by a Systems Security Manager in the DLA, we aim to increase efficiency and speed on the vulnerability remediating/patching process. Over the course of the semester, our team will interview various individuals, both in and out of the DLA, to determine the best possible solution that will allow cybersecurity analysts to spend less time on vulnerability management.

How our team has defined the problem:

  1. The DLA does not have strong partnerships with other government agencies and private industry partners
  2. The DLA primarily utilizes signature-based detection which only alerts Vulnerability technicians and the Cyber Security OPs team about known vulnerabilities
  3. The current detection system does not incorporate anomaly-based detection which could alert the system of unknown vulnerabilities before they are exploited
  4. The DLA does not implement security measures at the beginning of their patch management process

Our Three-Pronged Minimal Viable Product

Community-based Approach

Cyber Operations

Operations that includes a host and network intrusion detection system designed to vigorously monitor the behavior on the network and identify threats in real-time. This cyber operation will also encompass an anomaly-based detection system that will prevent the exploitation of vulnerabilities on the network.

Patch Management

The implementation of security and tactical teams at the beginning of the patching process will allow the DLA to utilize written exploit codes that prioritze vulnerabilities, and be more prepared for cyber attacks.

This will allow the DLA to collaborate with government agencies and private industry partners on similar cyber problems