In support of the Universal Service Administrative Company, TDI provided a broad range of cybersecurity compliance and technical services.
TDI was responsible for revising and implementing the entire network architecture at USAC by supporting the USAC IT Division with high-end consulting services. TDI performed a successive series of tasks that, in concert, provided a thorough understanding of USAC’s security infrastructure. Initially, TDI performed policy, procedures, and process reviews. We coupled this with reviews of USAC architecture and system and network device implementations. TDI then performed an internal vulnerability assessment. Our internal assessment included multiple scans and probes, system configuration reviews, and interviews with USAC personnel. After the internal assessment, we performed an external assessment with the aim of gaining access to the internal USAC network. Additionally, this effort provided an external view of USAC’s publicly accessible devices. Using the results from these efforts, we compiled a list of findings that ultimately required remediation. Relying on National Institute of Standards and Technology (NIST) guidance, we then assigned a numerical risk metric and prioritized the risks. Finally, TDI entered the findings into a Remediation Plan that provided USAC with a roadmap for becoming compliant with government requirements and for taking remedial action to address said findings; this was ultimately translated into a Plan of Actions & Milestones.
TDI then developed USAC’s IT security policies and procedures while considering several essential elements: gap analysis findings, current and previous assessment/audit findings, departmental guidance, industry best practices, and legislative and executive mandates and guidance. Each element contributed key aspects to the overall policy development. The USAC Security Policy’s content was developed to be consistent with NIST SP 800-26. Along with this, TDI developed an Incident Response Plan for USAC that was fully compliant with U.S. Federal Communications Commission guidelines.
TDI also conducted a Business Continuity Plan, Disaster Recovery Plan, and Continuity of Operations Plan development effort. TDI determined how USAC conducted business as a crucial step in effectively providing a roadmap for business continuity. Using a combination of interviews, surveys, observations, and studying existing program documentation, we fully evaluated USAC’s backup infrastructure, off-site storage requirements, business unit processes, and business model.
To meet USAC’s need for compliance with federal regulations related to security of audit trails for improved accountability and forensic practices, TDI implemented a centralized logging solution. Our goal was to identify and implement an existing solution or develop the solution ourselves. TDI’s efforts included the design for logging/auditing, audit log management, determining auditable events, a log migration strategy, means for log storage, the type of normalized raw log format, and log data analysis. Once the solution for centralized logging was deployed, TDI ensured that production systems were properly transmitting log data to the central server.
TDI intensely researched commercial and freeware Security Information Event Management and other related products used to consolidate and analyze the logs of cyber solutions and other systems. TDI performed an asset inventory of all available USAC network assets, including servers, routers, firewalls, switches, etc. Our efforts ensured our solution requirements for the centralized collection, storage, and analysis of all USAC system logs was built such that future reconstruction and assessments are possible.
Management of vast amounts of log data was the essential problem that TDI overcame. Subsequently, we determined how log data should be handled such that it could be analyzed, migrated into log data from other systems, and stored correctly. TDI determined the appropriate combination of auditable components, including system events, system changes, keystrokes, system calls, and application level events. TDI also addressed the components for proper log data transmission: guaranteeing delivery, securing delivery, and assuring a balanced network load. We helped determine, rewrite and apply USAC’s requirements for log data storage to dictate how long data should be retained altogether, how long it should reside on a local device, and whether it should remain onsite. TDI then developed a solution that normalized log data from various USAC systems. Finally, to establish patterns of misuse and completely reconstruct user behavior at USAC, TDI’s collection and centralized storage of raw system logs allowed data mining and forensic and statistical analysis to be performed.
All told, TDI spent many years supporting USAC and advancing their cybersecurity risk posture.