ManTech capabilities include threat definition and modeling, vulnerability identification, adversary characterization, lethal force defense analysis, security life-cycle planning and management, physical and cyber countermeasure optimization techniques and operations security assessments. We identify potential foreign and domestic threats, including terrorism, to quantify exposure to these threats and recommend prudent countermeasures. For example, to assist the Department of State in addressing the requirements of Presidential Decision Directive 63, which requires all government agencies to identify and safeguard critical infrastructures from all forms of threats, ManTech completed department-wide vulnerability assessments of the Department of State's critical infrastructure and resources. We also provide ongoing support to the State Department in critical infrastructure vulnerability assessments and perform worldwide network management and other integrated security programs for the Department of State.

Security life-cycle planning and management

ManTech specializes in integrated security support, which includes design, implementation and operation of intrusion detection system services for computer and network security architectures. ManTech understands how rapidly technology is evolving and the impact change has on such critical security technology as encryption and virtual private networks. To date, the security services we successfully employed in support of PDD-63 requirements include, but are not limited to:

• Mission essential processes and minimum essential infrastructure identification
• Threat analysis
• Vulnerability assessment
• Impact analysis
• Contingency operation and disaster recovery planning
• Intrusion pathway analysis
• Computer forensics
• Vulnerability mitigation strategy identification
• Security action planning
• Security training and awareness
• Intrusion detection system design
• Intrusion detection monitoring
• Intrusion incident handling

ManTech specializes in providing integrated, multi-disciplinary security services to government and commercial clients. ManTech is recognized as a leader in providing comprehensive protection programs that integrate physical technical, information, operations, personnel, computer, and communications security disciplines. Our programs are flexible, proven, and fully compliant with the provisions of PDD-63, OMB Circulars, FIPS Publications, Federal Directives, DSIDs, and agency policies (e.g., the Departments of: Defense, Justice, Energy, Treasury, and State as well as the intelligence community) for security program planning, implementation, audit, and evaluation. Our technical security plans are key PDD-63 elements that identify and characterize infrastructure compromise methods, and serve as vulnerability and attack signature identifiers.

ManTech's physical security experience is based on protection requirements for nuclear weapons, critical resources, and hazardous material useful for weapons of mass destruction at Los Alamos, Sandia, Lawrence Livermore, Oak Ridge, Rocky Flats, Savannah River, and other national laboratory and weapon facilities.

ManTech's cadre of cleared engineers, security experts, and certified information technology professionals provide a full spectrum of security services. We have provided security services to a variety of government clients operating in unclassified and classified processing arenas.

Cyber

ManTech supports special functions of the U.S. Department of State, Office of Information Technology Infrastructure. This effort entails providing life-cycle technical security for field operations at select overseas locations. Such services require absolute adherence to Department standards thereby protecting classified information processing equipment from compromise by foreign intelligence entities. Our charter also calls for supporting investigations of potential compromises to classified and sensitive but unclassified data.

ManTech's on-site support to the Office of Technical Operations encompasses:

• Deploying technical services to technology deprived regions
• Establishing controlled access areas
• Coordinating secure procurements and shipments
• Providing technical counterintelligence and maintenance services
• Advising overseas locations regarding their technical vulnerabilities
• Mitigating vulnerabilities prior to equipment deployment
• Conducting inspections and recertification of classified information processing equipment

In conjunction with our counterintelligence support, ManTech manages a certification and repair center in which information processing equipment is disassembled, assessed, reassembled, tagged, sealed, and readied for world wide deployment. The center also serves as a focal point for hardware security issues as well as a laboratory for resolving contentions among physical, technical, administrative, and procedural security policies.

ManTech's hard earned reputation for reliability, responsiveness, integrity, and technical competence within the Department's Office of Information Technology Infrastructure has led to other technology based opportunities within the intelligence community.

Foreign and domestic threats

To understand an operating environment, ManTech assesses threats to that environment from an evolutionary perspective commencing with current operations and culminating with system retirement. With respect to PDD-63, this process enables us to pinpoint system vulnerabilities, identify intrusion pathways, and formulate remediation plans.

ManTech conducts its threat analyses under the following assumption:

Physical and cyber threats are evolving due to rapid proliferation of technologies, therefore, operating environments will become increasingly hostile and the capabilities of our adversaries will become increasingly sophisticated.

One of the most problematic biases skewing a vulnerability analysis is failure to consider a full range of threats from a variety of sources. ManTech precludes this occurrence by employing an analytic methodology that assigns credible and realistic definitions to threats and characterizes the motivation, capabilities, and intent of adversarial groups over a predetermined period of time. We have found this methodology enables development of a full range of attack scenarios - from sophisticated cyber masquerades to simple but lethal fertilizer bombs.

ManTech does not use attack scenarios that assume a specific adversarial group may exist or is preparing to actually mount an attack. Instead threat statements apply generic definitions to baseline adversary characteristics that must be effectively mitigated by protection programs. Thus, our threat statements ensure consistent and meaningful:

• Assessments about what is or is not an exploitable vulnerability
• Estimates about derivative impact on mission essential processes

Critical infrastructure vulnerability assessments

In May 1998, President Clinton issued Presidential Decision Directive (PDD-63) addressing protection of critical infrastructures in public and private arenas. Among the host of critical infrastructures specifically identified in PDD-63 were automated information systems and networks.

In response to PDD-63 requirements, the General Services Administration initiated the Safeguard Program. This program provides a blanket purchase agreement contract vehicle to federal agencies for the purpose of safeguarding critical federal infrastructures. ManTech, a member of the KPMG Safeguard Team, is very pleased to make available its hands-on PDD-63 expertise to organizations throughout the federal government.

ManTech currently provides comprehensive PDD-63 services in support of the U.S. Department of State, Bureau of Diplomatic Security, chair of the Overseas Security Policy Board. This board, consisting of representatives from all federal agencies with overseas interests, formulates and promulgates foreign affairs cyber-protection policy on behalf of the federal government. ManTech's PDD-63 services are based upon a vulnerability assessment methodology approved by the Critical Infrastructure Protection Plan Governance Board to produce:

• Threat analysis
• Vulnerability assessments
• Pathway analysis & remediation plans
• Mission essential processes definition
• Minimum essential infrastructure assessment
• Mitigation strategies to deter successful infrastructure attacks
• Response and reconstruction plans in the event of a successful infrastructure attack

Information Assurance

ManTech provides comprehensive information assurance programs that assess and implement integrated physical, technical, operations, personnel, computer and communication security requirements, including disaster recovery assessment. Our services include systems security architecture development, test and evaluation, certification and accreditation support, and compliance audits and inspections. For example, for the Department of State, ManTech designs and implements network and host-based intrusion detection programs that are compatible with their evolving virtual private network architecture.

Physical

ManTech's physical security experience is based upon protection requirements for nuclear weapons, critical resources, and hazardous materials useful for creation of weapons of mass destruction at Los Alamos, Sandia, Lawrence Livermore, Oak Ridge, Rocky Flats, Savannah River, and other national laboratory and weapon facilities. ManTech's capabilities include use of protective forces, lethal force doctrine, force-on-force evaluation, physical barrier technologies, access control, intrusion detection systems, vulnerability assessment, and performance tests. Our complementary technical security capabilities include operation of a government facility that inspects information technology assets and other equipment for technical vulnerabilities and implementation of a safeguards program to ensure life-cycle protection of information technology assets in potentially hostile environments.

ManTech is conducting the PDD-63 vulnerability assessment for the U.S. Department of State. This effort includes defining the threat environment, identifying vulnerabilities and pathways, defining mission essential processes and minimum essential infrastructures, and assessing the impact of an attack on essential infrastructure resources. This project demands full integration of physical and cyber security disciplines. The integration of these multidisciplinary capabilities is the culmination of 30 years of experience in support of major programs across the national security and intelligence communities. We have built on prior success in physical and cyber security including worldwide network management and intrusion detection; security and vulnerability audits and evaluations; physical and technical security protection requirements; threat modeling and development of security architectures.

ManTech's security professionals are familiar with and have used applicable OMB Circulars, FIPS Publications, Federal Directives, DSIDs, and agency policies (including Department of Defense, Justice, Energy, Treasury, and State as well as the intelligence community) for security program planning, implementation, audit, and evaluation. We have provided physical security support services for a variety of host environments - from unclassified to Top Secret/Sensitive Compartmented Information facilities.

Technical

For 15 years ManTech has been a leading provider of technical security and information assurance programs to the intelligence and national security communities and agencies managing sensitive information. We are responsible for developing the cyber intrusion detection system program for the U.S. Department of State and the foreign affairs community. In accomplishing this, ManTech designed and implemented a network and host-based intrusion detection program compatible with the evolving virtual private network architecture serving the foreign affairs community. In addition, ManTech provided a wide range of information security and assurance support, including design of security architectures, security tests and evaluations, certifications and accreditation support, and audits and inspections for the intelligence and national security communities.

ManTech also provides incident handling support for the foreign affairs community. This is accomplished through use of response protocols for managing different types of incidents, including system misuse and penetrations from the outside, and developing procedures for coordinating espionage investigations.

ManTech's wealth of technical security experience for federal government clients has required:

• Developing, implementing, and operating intrusion detection systems
• Formulating incident handling and response protocols
• Accrediting and approving sensitive, classified, and multilevel systems in complex wide area network environments
• Developing security architectures
• Providing national technical security program support
• Supporting national intelligence programs
• Assessing technical and physical computer and communication infrastructures
• Auditing and evaluating intrusion detection systems and in multilevel security environments
• Developing independent solutions to meet nationally mandated system architecture changes
• Developing department-level policy for implementation of national security policies
• Conducting national program-level audits, inspections, and evaluations
• Conducting physical and technical security inspections of highly sensitive national facilities
• Developing threat models

Disaster recovery

Case study reviews by ManTech show that organizations successfully surviving a disaster planned for it, and therefore, were prepared to recover through implementation of preplanned strategies by personnel trained and rehearsed in specific recovery roles. Those organizations without disaster planning usually dissolved into chaos, then either failed or struggled for marginal survival (e.g., August 1999 earthquake in Turkey, hurricane Andrew traversing south Florida in 1992).

Disaster recovery plans provide logistical support for recovery that would otherwise be difficult to assemble on-the-fly in the wake of disaster. Such support may include prearranged alternative data processing sites, on-demand data communications traffic rerouting, power for alternative work areas, and database recovery from offsite backups. Training and testing plans forces implementers to confront disturbing possibilities and better prepare rational responses to irrational consequences that usually follow a crisis.

ManTech defines a disaster as an interruption of information services for an unacceptable period of time. This definition reflects the nature of disaster regardless of location or context. The phrase "unacceptable period of time" is relative to an infrastructure's criticality and relationship to other interfacing infrastructures and the organization's mission essential processes.

ManTech initiates all contingency planning and disaster recovery operation projects based upon an initial high-level mode that evolves into a detailed plan containing enough granularity to support an organization in disaster situations. Regardless of plan granularity, each addresses, at minimum:

• Plan development
• Overall project initiation
• Structure of plan document
• Plan preliminaries
• Decision-making flowchart
• Disaster response teams
• Risk analysis
• Plan activation procedures
• Risk reduction
• Disaster recovery training
• Recurring disaster recovery testing
• Presentation of findings

Certification and accreditation

ManTech provides broad security-related technical and documentation assistance to our customers involved in:

• Design, testing, and implementation of replacement systems and applications
• Development and documentation of a security concept of operations (CONOPS) for the new operating environment
• Deactivation of the legacy system and application being replaced
• Support for the certification and accreditation of replacement systems and applications

Our support is provided through appropriate customer organizations, consistent with oversight functions for the customer Information Systems Security Officer (ISSO) staff. This support is coordinated closely with the customer, to ensure that security requirements and documentation activities are performed in full compliance with customer guidelines and standards.

ManTech provides recommendations and support in security architectures and designs for the target client-server or web-based environments. This includes a review of applicable security disciplines and controls to identify systems surety requirements, which generally include system and data availability and integrity, in addition to confidentiality. We provide assistance in assessing physical and technical security issues, including protection of the infrastructure. ManTech also provides support on the conduct of a review of access authorizations, and physical, architectural, and software controls appropriate to enforcing access policies. ManTech developed an operational security management plan for the migration. ManTech coordinates with system developers, owners, and the Department in designing and implementing procedures to ensure audit trails, accountability, and control of data throughout the migration process. As required, ManTech assists ISSO and operational staff in developing security plans and documentation.

Intrusion detection

ManTech continually conducts analysis of commercial off-the-shelf cyber intrusion detection products to meet client requirements. We do not produce intrusion detection system products, but we are fully capable of providing independent evaluation and validation of commercial products and products created under federal research and development programs. ManTech orders intrusion detection hardware products based on client configuration specifications. These products are then tested with client-selected intrusion detection software in ManTech's secure laboratory prior to distribution. ManTech installation technicians "lock down" each hardware unit to ensure non-essential operating system services are not installed, thereby increasing the strength of system components against attack.

ManTech purchases intrusion detection system components and configures them to meet client requirements. The ManTech staff coordinates with the client to track all equipment using proven asset management processes. Our installation procedures include a pre-installation burn-in process. Specifically, ManTech configures each hardware unit using client-approved configurations and intrusion detection system software. Each component is placed in an operational condition for 24 hours prior to shipping and subsequent installation. This process ensures common hardware and software faults are identified prior to installation, thus reducing maintenance and service costs. Further, our installation technicians perform turnkey installation of intrusion detection systems. They have the experience and capability to install cable (fiber or twisted pair) in secure and open environments.

ManTech engineers work with our clients to identify network points of concentration and define locations best suited for packet monitoring. In those cases where network designs are not clearly defined or adequately documented, ManTech's network engineers are well versed in conducting on-site engineering surveys.

ManTech ensures that within 24 hours of a documented intrusion detection component failure, a qualified technician is deployed on-site to provide board level repair or component replacement. This service is provided at domestic locations only. In overseas environments, visa issuance procedures and requirements determine response times. In either domestic or overseas environments, it is ManTech's goal is to ensure intrusion detection system monitoring nodes are quickly restored in the event of failure.

ManTech provides cleared personnel to conduct on-site monitoring of system generated intrusion detection reports on a seven-day-a-week, 24-hour basis. Our monitoring staff establishes and maintains electronic logs that record activities of note. These logs are automatically forwarded to clients as directed. We use secure communications to report incidents to other federal entities if so directed. Protocols and services are used for both network and malicious activity monitoring and analysis. Because ManTech is fully capable of providing monitoring service across different operating systems, we are comfortable using any client-selected operating systems.

Monitoring is conducted at a central location with a contingency site to allow activation within two hours in the case of failure of the primary monitoring facility. Our monitoring practices are designed to ensure:

• Attacks are detected and responded to automatically
• Vulnerability conditions are analyzed and corrected prior to exploitation
• Network and system misuses are reduced or eliminated
• Espionage and criminal activity are responded to after identification
• Security awareness is increased at all levels
• Firewalls are properly installed and configured

ManTech offers suite testing to demonstrate the impact of network monitoring on network operations. In most cases, the negative impact is insignificant if the network is properly configured. However, host-based monitoring at the client level can adversely impact agency applications. ManTech is fully prepared to provide hardware and software testing to minimize negative impact. In all cases, ManTech supports out-of-band reporting if the client determines such reporting is required.

ManTech personnel are fully conversant with federal regulations regarding protection of classified and sensitive but unclassified computer networks and data. Monitoring activities are only part of the intrusion detection system solution; analysis of events and trend data is also required. ManTech is capable of analyzing data, firewalls, operating system security logs, and reports, which maybe directed toward the monitoring entity. Our analysts offer a variety of evaluation, presentation, and reporting tools. ManTech analysts will coordinate with other federal agencies per the requirements of each client.

Contact ManTech to obtain our solutions, services or products