The government agency has been given the task to manage the retirement savings of the employees of the federal government to protect their savings from outside cyber threats, including threats from outside networks, the latest technology, and people interacting with the government’s systems. As of now, the government agency has little control over it. In this article, we will talk about four different categories of the task assigned to the agency.
The Federal Retirement Thrift Investment Board (FRTIB) responsible for managing the Thrift Savings Plan recently issued an informational request urging Industry to provide feedback on an active analysis of a contract dealing in cyber threat.
According to reports, the Thrift Savings Plan—the federal worker’s 401k—had more than 6 million active participants and some $611 billion assets. Further reports from sources state that the Federal government board has managed to do well and secure its internal IT enterprise to secure these investments. However, its internal systems are touched by many other networks outside FRTIB’s networks.
From the sources, it can be said that this notice has been issued to do some market research to find out if contractors can perform one or more external cyber reconnaissance analyses of only a few or all aspects of the FRTIB’s information technology footprint.
This time, the federal government agency is looking for qualified vendors who can discover, analyze, and visualize hidden relationships between networks that are outside FRTIB’s IT network.
This task will include four categories taking into consideration the sensitivity of the data due to the latest technologies touching the outside network, high-risk associated with personnel, and internal and external network analyses.
The first one is network analysis to:
- Look for any suspicious activity in the network.
- Look for entry points that are easily accessible.
- Look for any security misconfigurations in the FRTIB security.
- Externally look for critical IT assets.
The second one being vulnerable technology identification and exposure analysis to:
- Gather data and develop and start queries, develop observations, cross-check with the current state, and notify the government immediately.
- Create a layout of the vulnerabilities remedies and recommend
- Look for already known vulnerabilities and available exploits against any technology.
- Explain potential attack vectors for initial entry into the network.
The third one is Personnel identification and exposure analysis to:
- Look for and geographically locate potentially high-risk persons connected to FRTIB and the person who is at high-risk from a cyber-adversarial perspective.
The fourth category is Target affiliation analysis to:
- Look for potentially high-priority risk affiliations and outside network relationships.
- Explain the visible and non-visible link between FRTIB and affiliates.
According to RFI, Once this cyber analysis contract is in place, FRTIB officials will issue a series of task orders. The agency hopes to improve its cyber preparedness and act upon. Recommendations to mitigate vulnerabilities to FRTIB’s infrastructure,” with each step.
