The US State Department is asking for input from information security industry experts on putting together a set of cyber security guides for a playbook to support its information security programme.
The move comes less than a year after the department’s unclassified email system was reportedly breached by state-backed hackers.
The department said the aim of the request for information (RFI) is to determine the capabilities of commercial industry to provide and maintain a cyber security playbook.

Contributions have been invited from cyber security experts, including AT&T, CenturyLink, Planet Technology, Booz Allen Hamilton and Deloitte.
“This RFI is issued solely for information and planning purposes and does not constitute a solicitation,” the department said, but added that there will eventually be a paid 1-year contract for a set of detailed playbooks.
A key element of the responses to the RFI will be information about the respondent’s capabilities that will assist the department with making a decision about how best to contract for the required products and services.
The cyber threat to critical infrastructure continues to grow and represents one of the most serious national security challenges, the RFI said.
It said the national and economic security of the US depends on the reliable functioning of the critical infrastructure in the face of such threats.
The RFI said the department is seeking to work closely with specialised cyber security experts to put in place robust policy frameworks and doctrines to clearly guide both offensive cyber operations and responses to cyber attacks.
The how-to guides are required to provide clear direction and guidance for actionable information security operation activities and will eventually be made available for use by private companies.
Deliverables must include a set of standards, methodologies, procedures and processes that align policy, business and technological approaches and “industry best practices” to address cyber risks.

The department said the topics for the cyber security playbooks should include, but are not limited to the following:
Physical and logical network segmentation
Two-factor authentication
Network configuration and monitoring
Zero client architecture
Cloud computing security
Security operations centre
Mobile device security
Dynamic system defences
Data encryption
Data-centric security
Micro hypervisor technology
Application whitelisting
The closing data for submissions in response to the RFI is 11 September 2015.

Enjoy the benefits of CW+ membership, learn more and join.

Leave a Reply