DISA seeks Defensive Cyber Ops support

On October 6, the Defense Information Systems Agency (DISA) posted a sources sought notice for Defensive Cyber Operations. Responses are due by 4:00 p.m. Eastern on October 13.

The Army Program Executive Office, Enterprise Information Systems (PEO EIS), PM DCO is seeking information for potential sources for experienced cyber-related advisory and assistance support services to augment PM DCO’s core Government personnel to support the missions of the PM DCO and its customers.  PM DCO mission is to equip the United States (US) Army cyber defender and warfighter with advanced, agile, and flexible cyberspace infrastructure, platforms, and tools in order to quickly deliver effects. The PM DCO mission dictates a unique set of cyber requirements, both operationally and tactically.

Defensive cyberspace operations is defined as missions to preserve the ability to utilize blue cyberspace capabilities and protect data, networks, cyberspace-enabled devices, and other designated systems by defeating on-going or imminent malicious cyberspace activity. Defensive cyberspace operations includes passive and active cyberspace operations intended to preserve the ability to protect data, networks, net-centric capabilities, and other Department of Defense (DoD) designated systems. Active cyberspace defense includes hunting for advanced internal threats, along with internal responses to those threats.

Recognizing cyberspace as an operational domain, Army cyber defenders must be able to:

  • Leverage intelligence/cyber intelligence, surveillance, and reconnaissance (ISR) and analytics to actively predict and conduct counter-reconnaissance (search and discover) against advanced cyber threats (to include insider threats) and vulnerabilities that do not trigger or generate warnings using routine detection measures
  • Outmaneuver adversaries by performing pre-approved, automated, agile, internal countermeasures that stop or mitigate cyberspace attacks; and when authorized, conduct response actions external to friendly networks in order to create effects that render the adversary’s offensive cyberspace operations capabilities ineffective
  • Conduct cyberspace defense mission planning and protection that identifies and assures the availability of tasked critical assets and infrastructure supporting Army, DoD, host nation, and civil authority actions or missions
  • Achieve survivability of networks, information technology platforms, and data through counter-mobility actions, dynamic movement of tasked critical assets, and security enhancement measures
  • Conduct mission assurance actions that dynamically re-establish, re-secure, re-route, reconstitute, or isolate degraded or compromised key terrain in cyberspace (KT-C)
  • Conduct site exploitation and forensic analysis to determine technical and operational impacts of intrusions
  • Evaluate the defensive posture of tasked critical assets and KT-C using vulnerability assessment methods and threat emulation in order to recommend or direct changes to ensure operational readiness

Full information is available here.

Source: SAM