Automating Information Assurance and Cyber Testing
Government departments and agencies use Mu Dynamics throughout the information assurance and software development life cycles to address weaknesses and reliability issues and gain actionable metrics.
Author: Mu Dynamics
Summary
The mission critical applications and networks of government departments and agencies everywhere must uphold an extremely high standard of performance, reliability and security. As the highly interconnected networks that make government run are built on increasingly open standards, it could be easier than ever for the rapidly evolving global threats to inflict widespread damage. A successful exploit could be devastating – national security is literally on the line.
Challenges
Government agencies face several key challenges today, including the:
- Escalating threat of cyber-warfare – sophisticated, well organized operations conducted for political, military and economic purposes are becoming a part of many nations’ military doctrines.
- Migration to IPv6 – mandatory protocol for many government departments that has significant implications for security.
- Adoption of commercial-off-the-shelf (COTS) technology – the opportunity for IT modernization and lower costs also creates the need for greater risk management.
- Pressure to invest in new technology – the rush to take advantage of unprecedented new funding for innovative IT and smart grid technologies may result in software weaknesses and reliability issues being overlooked.
- Movement of critical infrastructure towards IP – the migration from closed, proprietary architectures to open, IP-based systems delivers richer capabilities and efficiencies, as well as greater risks.
Benefits
With Mu Dynamics, agencies benefited from:
- Broad test coverage, including the ability to automate the creation and application of complex, custom and proprietary test case scenarios.
- Better ROI when compared with the costly, labor-intensive legacy testing approaches:
- Once network traffic is captured, it can be tested, immediately – regardless of how complex or unique the implementation.
- More than a 10x savings has been seen for early adoption of methodologies that reduce the number of service weaknesses.
- Simplified testing and actionable information to speed issue identification and resolution.
- Sophisticated, customizable reports, including data and configuration templates, to help meet C&A requirements.
Use Cases
- Federal, state and local agencies fine-tuning their information assurance plans and trying to effectively implement an enterprise-wide trusted infrastructure.
- Validate IPv6 readiness
- Operational-ize risk management under ICD-503 requirements
