A Look Under the Hood of the USDA’s Security Operations Center

Published: May 20, 2015

USDABig DataCybersecurity

Security Operations Centers are becoming common at agencies all over the federal government. This post examines spending, vendors supporting, and software solutions in use at the U.S. Department of Agriculture’s SOC.

A developing trend in the federal government that has generally been lost amidst talk of cyber threats and legislative efforts to address them is the centralization of agency cyber security administration. Since roughly fiscal year 2013, most federal agencies have either stood up a so-called Security Operations Center, or they are in the process of doing so. These SOCs, as they are often referred to, can be thought of as a type of security gate through which all network traffic passes. SOC personnel monitor network activity using various software programs and, increasingly, big data analytics, to identify data flow, access, and usage trends across the agency. In effect, the SOC strives to get a handle on what’s happening where and when so that an appropriate response can be implemented.

One of the departments that stood up a SOC in FY 2014 is Agriculture. The USDA Security Operations Center was constituted under the direction of the USDA’s Chief Information Security Officer to provide an “enterprise-level operating picture of security” and to take on authorization responsibilities for systems and software in use across the department. Among the security capabilities deployed at the ASOC are: Enterprise Messaging, Endpoint Protection Security Monitoring, Intrusion Detection, Identity Credential and Access Management, and Network Modeling and Performance. These capabilities are supported by a number of vendors who provide both expertise and software to the USDA. Table 1 below lists the vendors and currently active contracts that are in place to support the ASOC.

Translating this data into spending during the two fiscal years the ASOC has been in existence, we see that obligations are highest for services and software, while practically nothing has been spent on hardware.

This data illustrates that securing networks is primarily a software-based exercise that uses automated solutions to monitor network traffic and secure endpoints. Of these solutions, the following are the most used, based on an analysis of contract spending.

As for the services being provided, these tend to cluster around program management support, IT systems support, and security systems analysis. The following table shows vendors supporting the SOC as arranged by FY 2014-2015 obligations.

What’s Next for FY 2016?

In the coming fiscal year, the ASOC intends to augment its defensive posture by completing the integration of Continuous Diagnostic Monitoring capabilities provided by the Department of Homeland Security.  In addition, the agency will implement requirements related to next generation Security Sensor Array technologies, continue the evolution of USDA’s cyber security threat dashboard, and focus on the completion of department-wide cyber policies and procedures. Also look for the competition of IT Security Administration and Operations and Security Support Services contracts.