Worldwide Offices
Saving Our Customers
Time & Money
The Challenge:
A federal agency in the mission support arena collects, analyzes, and disseminates independent and impartial energy information to promote sound policymaking, efficient markets, and public understanding of energy and its interaction with the economy and the environment. The data and analyses are widely used by federal and state agencies, business & industry, media, researchers, financial markets, and educators. The information is disseminated in different ways, including reports, web products, press releases, data browsers, API’s, and map on a regular basis. As such is it paramount that the confidentiality, integrity, and availability of this information be maintained to support the Agency’s mission and its stakeholders. During the course of carrying out its research, collection, analysis, and reporting missions, users collect and process many different types of information, including financial, proprietary, academic, medical, human resources, and other personally identifiable information. These information assets are highly valued resources and all persons who use these information assets have a responsibility to protect this resource. Federal Law, regulatory requirements, industry standards, and best practices also impose obligations on the Administration to protect information relating to its employees, contractors, and stakeholders.
The security program at the agency needed a major overhaul to ensure the protection of the information assets.
The Solution:
TELESIS recommended the implementation of the Enterprise Cyber Modernization Program to support the effort. TELESIS kickstarted the implementation of the program with the establishment of the Enterprise Cybersecurity Modernization Program (ECMP) that outlined the scope, authority, enforcement, and the roles and responsibilities of the ECMP.
The TELESIS Team worked with NAL Research to develop a new firmware for the SHOUT TS device that can natively send and receive limited Command and Control (C2) and Situational Awareness (SA) messages with JBC-P FoS. This firmware uses the Variable Message Format (VMF) 6017A+ message standard that is already in use by JBC-P platforms.
TELESIS as part of the modernization effort aligned the program with the Administration’s business units and introduced cybersecurity policies and standards that compliment institution policy, federal, state and local laws, maintaining the necessary balance between risk mitigation and related costs.
The Telesis Team detected threats and worked with all the OIT Support staff and applied security patches on affected systems to mitigate issues. The team re-architected the data log server for the SPLUNK SEIM integration, redesigned VMware clusters and added a new Unity 500 SAN storage.
The team has been foremost in leading the Administration down the Cybersecurity path.
Step 1 TELESIS Approach
- TELESIS engineered an organizational change at SBA
- Team participants were trained in Agile fundamentals
- User stories, iterations, and sprints incorporated into open discussions
- Governance framework to support Agile practices
- Self-managed teams, transparency in problem-solving, and rapid releases
Step 2 Agile Transformation
- Implemented a major system overhaul and new technology – movement to Cloud.
- An all-Agile team of certified Agilists (CSM, CSPO, CSP)
- Implemented Scrum, daily stand-ups and iteration planning sessions
- Backlog grooming, reviews and retrospectives
- Adopting aspects of Lean, DevOps and SAFe to maximize team performance.
Step 3 Innovative Steps to Accelerate Development and Delivery
- All-cloud infrastructure on Amazon Web Services (AWS)
- Leveraged Chef for rapid deployment and consistency
- Continuous integration and delivery pipeline using Jenkins, Code Deploy, and scripting
- Automated unit and functional testing
- RSPEC and Selenium to increase product quality; 90%+ automated test
Step 4 Product Launch
- TELESIS developed and delivered a working prototype in six weeks
- Launched the first certification, Woman-Owned Small Business (WOSB) to production in 7 months.
- Applications to the WOSB program increased by 600% during the first month, and US Small Business Administration praised TELESIS for rapid delivery, awarding an “Excellent” rating to the effort.
The Challenge:
TELESIS was tasked with assessing security compliance on CISCO switches and routers prior to the Command Cyber Readiness Inspection (CCRI).
The Solution:
TELESIS provided an automated method of auditing compliance of Cisco switches and routers which resulted in an extremely efficient way of assessing the security posture with a quick review of a dashboard. Telesis offered this new method for scanning and reporting compliance audits on Cisco IOS routers and switches using Tenable SecurityCenter custom audit files and Nessus scanners. The audit files make use of DISA Security Technical Implementation Guides (STIGs) and are built for the specific site with custom modifications made to meet the unique implementation in place.
The method was employed at numerous United States Marine Corps sites. Regional assessments were performed using this new method prior to the site’s Command Cyber Readiness Inspection (CCRI). This resulted in a dramatic reduction in the time required to assess Cisco devices as a majority of the required checks were automated and identified vulnerabilities were remediated rapidly. This allowed the site, at a glance, to gauge the status of their compliance across all Cisco network devices at their installation or region.
The Challenge:
Executive Memorandum 13800 was released in May 2017 requiring all federal departments and agencies to perform an annual analysis of the current implementation of their Cybersecurity Framework (CSF). This reporting requires that agencies first determine the desired Implementation Tier Level (Partial, Risk Informed, Risk Informed and Repeatable, or Adaptive), and then report annually on their current status. Unfortunately, there is no guidance other than subjective definitions of these four tier levels, and no guidance on metrics and measurements to determine the current tier level. TELESIS started supporting a Federal civilian agency in 2017 to determine and improve their Tier level. The agency was at CSF Implementation Tier Level 1, and FISMA grade of C-. This agency wanted to improvement its CSF implementation Tier level and grade rapidly.
The Solution:
TELESIS took on the challenge. We performed automated regional assessments for the agency to gauge the status of their compliance across all network devices in a fraction of the time. Each site adopted the TELESIS method of auditing networking devices to rapidly remediate identified vulnerabilities.
As part of this program TELESIS also developed the Cybersecurity Dashboard tool for the customer. We developed extensive metrics available from several sources, including the Cybersecurity Assessment Management (CSAM) tool, to analyze and determine the current implementation tier. TELESIS also determined ranges for each metric to represent the four implementation tier levels. The combination of the dashboard and these extensive metrics allows for the instantaneous assessment of the current implementation tier level. Without this tool and metrics, this assessment would take the agency several months to complete.
The result was a successful centralized and standardized enterprise cybersecurity program aligned with the organization’s strategic goals that fully implements the CSF and RMF and integrates and synchronizes with daily IT operations providing the ability to quantify and communicate risk to support senior leadership decision making.
After one year of TELESIS working with this customer, their CSF Implementation Tier Level is now at Level 2, and they achieved a FISMA grade of B, both significant improvements. Our goal is for our customer to get a FISMA grade of A+.
The Challenge:
The Iridium network is comprised of Low Earth Orbit (LEO) satellites that form a global mesh network. Iridium Short-Burst Data (SBD) devices that operate on this network currently have no interoperability with the Joint Battle Command-Platform (JBC-P) Family of Systems (FoS) systems. These JBC-P systems are the primary means of communication for units throughout the world using the Blue Force Tracker (BFT) network. The BFT network is managed through the Network Operations Center (NOC) located at the Mission Command Support Center (MCSC). The JBC-P FoS systems cannot currently communicate with the Iridium devices presenting a limit in communications between dismounted soldiers equipped with Iridium devices and JBC-P FoS (Vehicle and Command Post).
The Solution:
TELESIS developed a plan to design and implement a solution to resolve this interoperability limitation. This plan was brought to TELESIS and approved for implementation. This plan had two steps. The first was new firmware for the SHOUT TS Iridium devices, and the second was the development of the MIG server located at the MCSC.
The TELESIS Team worked with NAL Research to develop a new firmware for the SHOUT TS device that can natively send and receive limited Command and Control (C2) and Situational Awareness (SA) messages with JBC-P FoS. This firmware uses the Variable Message Format (VMF) 6017A+ message standard that is already in use by JBC-P platforms.
The MIG server was then developed to interface with the Department of Defense (DoD) Iridium Gateway to send and receive messages to/from the JBC-P NOC and talk directly with Iridium SBD devices that use this new firmware.
The MIG also uses leverages the existing architecture within the JBC-P NOC Software to process the message flow between Iridium devices and JBC-P devices. The MIG was developed to allow for future Iridium SBD devices that can send (or act as a modem for a system that sends) VMF 6017A+ message standard to utilize the limited C2/SA capabilities that the MIG provides.
The Challenge:
USSOCOM required the ability to test new and improvements to existing technologies in an unrestricted environment on a simulated SOCOM Information Enterprise (SIE). They had limited facilities to test and evaluate not only new technologies but also any improvements to existing technologies in a non-restricted or locked down enterprise environment. Most of the technologies required development of new procedures that are non-existent in the commercial and military arena. This made it difficult to evaluate against any established standards. They were of the opinion that new technology can be selected for evaluation based on the ability to fill gaps in existing programs of record or adding more capabilities to existing technologies. Other challenges were the development of network configurations that would both satisfy operational and security requirements.
The Solution:
The Telesis IDF team, along with their government leadership, reached out to programs of records for their requirements and shortfalls. Once the need was identified the team researched and contacted various venders, to see what they had to offer to fill these gaps. If their product(s) were a viable option the team recommended bringing in the technology, creating test procedures and configurations to assess the requirements. If one stood out as a worthwhile product or software it would be sent up to the SOCOM Integration Facility (SIF) for further testing and secured under Security Technical Implementation Guide (STIG) protocols. Testing was not limited to just fill shortfalls but also included possible new ways of doing business. The results were stored or forwarded to the section that would most likely benefit from the new technology.
The TELESIS Team worked with NAL Research to develop a new firmware for the SHOUT TS device that can natively send and receive limited Command and Control (C2) and Situational Awareness (SA) messages with JBC-P FoS. This firmware uses the Variable Message Format (VMF) 6017A+ message standard that is already in use by JBC-P platforms.
During the testing procedure the Telesis IDF team, when directed, produced manuals, quick reference guides and training curriculums for future implementation into the SIE. The documents were sent with the evaluation reports to the program of record to provide them with a base line for official technical material. The team also provided helpdesk support and training to site personnel either CONUS or deployed locations as required.
Results:
- Supported 25 commands/units worldwide with Wide Area Voice Environment (WAVE) Radio over Internet protocol (RoIP) configuration, training and troubleshooting
- Produced accurate evaluations and documentation so that SOCOM acquired the best products to support the war fighter
- Established the baseline “Best Practices” for implementation of equipment into the SIE
- Designed (with Solidworks) and produced 3D printed products for access point circuit boards, MANET radios vehicular mounts, microcomputers and various other projects.
The Challenge:
TELESIS was tasked with providing secure access to the On-Premise Vulcan Backend Servers in the C4 IDF Lab. Vulcan is a web-based application that provides portal presence for vendors looking to advertise and generate interest in new/developing technologies and capabilities to the SOF Community. The Portal also allows SOF users to discuss these technologies with vendors and other users. The application has been running for three years and boasts over 3000 users and is a regular fixture at the annual SOFIC event in Tampa FL. The purpose of this initiative was to design and secure access of the Vulcan cloud-based front-end reverse proxy servers to the on-premise web and database servers located in the C4IDF Lab at USSOCOM HQ. Users were accessing the Vulcan application through one of two Cloud sites provisioned by a third party located in New York, NY and in San Francisco, CA. The reverse proxy servers would receive the user traffic and then route the traffic to the servers located at USSOCOM. However, only light-weight encryption was being used to secure the traffic, which became an issue as Non-Disclosure Agreements and other sensitive information was becoming more and more prevalent. A more secure method was needed to protect the traffic, while at the same time minimizing disruption to the functioning of the current reverse proxy servers.
The Solution:
The Telesis C4IDF Team designed a Site to Site IPSec VPN topology utilizing 256-bit encryption. Working with the Vulcan Development team at Cylitix, the Telesis C4 IDF staff implemented and configured Ubuntu Linux virtual servers to act as network gateways, running StrongSwan VPN clients at both the New York and San Francisco sites where the Vulcan reverse proxy servers were located. The VPN tunnels were then setup to terminate at the C4 IDF Perimeter Firewall, providing full encryption of all of the user traffic down to the network. For additional security, a third network gateway was stood up at a third cloud site in New York to allow a secure and separate management path for the Cylitix Developers to access the Vulcan back end servers remotely for ongoing maintenance and development without disturbing user traffic in the other tunnels
Results:
- Highly encrypted IPSec VPN tunnels provided a much more secure method for protecting sensitive user traffic flowing between the reverse proxy servers in the cloud and the on-premise Vulcan web/database servers
- A third dedicated highly encrypted IPSec VPN tunnel for remote management provided a secure method of remote management of the on-premise Vulcan servers and data by Cylitix Developers
- Vendor NDA and sensitive data ultimately is better secured
The Challenge:
The purpose of this initiative was to develop and meet the requirements of the Congressionally Mandated Warrior Care Policy Report. The report requires metrics from all facets of the Warrior Care Program (WCP) which are to be aggregated and presented in a predefined format. Metrics that were currently not being maintained by the WCP were to be reviewed to see if they could be extracted indirectly from existing data or if they have to be created from the ground up and retroactively populated.
The Solution:
The WCP Team engaged the government to determine what deliverables were required. The team developed a comprehensive plan to modify the existing database to meet the requirements. The changes included data enhancements and migrations as well as altogether new attributes. Once the new architecture was in place, an intensive data migration was initiated with careful filtering of existing data. Front-end form modifications were then published so that the customer could begin entering data. Once in place, the WCP Team developed the SQL and SSRS necessary to create a dynamic automated report which could be accessed at will by the customer.
The strict timeline imposed by the client required that the WCP Team work closely with the customer providing continuous updates on project deliverables. Any issues identified were properly logged and prioritized and were discussed periodically for resolution.
Results:
The Warrior Care Policy Report was developed and automated for customer use with redesigned architecture and forms which catered to customer needs.
TELESIS developed and delivered a working prototype in six weeks and launched its first certification, Woman-Owned Small Business (WOSB) to production in just seven months. Applications to the WOSB program increased by 600% during the first month, and US Small Business Administration praised TELESIS for rapid delivery, awarding an “Excellent” rating to the effort.
Being Agile is more than hiring an Agile Contractor.
If you’re a government agency implementing Agile software development, the good news is that you’re likely making the right choice for your organization. The bad news is that it’s not enough to just hire an Agile contracting team and let them do their thing. To successfully implement Agile, it requires organizational change on the agency’s part, as well as skilled Agile professionals from organization’s like TELESIS Corporation.
Agile Transformation
TELESIS implemented an Agile transformation and a major system overhaul and new technology. TELESIS staffed an all-Agile team of certified Agilists (CSM, CSPO, CSP) and implemented Scrum, from daily stand-ups and iteration planning sessions, to backlog grooming, reviews and retrospectives, while adopting aspects of Lean, DevOps and SAFe to maximize team performance.
TELESIS Approach
TELESIS engineered an organizational change at SBA, ensuring team participants were trained in Agile fundamentals. User stories, iterations, sprints and story points were incorporated into open discussions with the SBA. TELESIS’ governance framework supports Agile practices like self-managed teams, transparency in problem-solving, and rapid release to production.
Innovative Steps to Accelerate Development and Delivery
- Built a highly scalable all-cloud infrastructure on Amazon Web Services (AWS)
- Leveraged Chef for rapid deployment and consistency
- Continuous integration and continuous delivery pipeline
- Jenkins, Code Deploy, and scripting
- Deliver code on a nightly basis
Innovative Steps to Accelerate Development and Delivery
- Automated unit and functional testing
- RSPEC and Selenium to increase product quality
Short turnaround times between releases - Maintain 75%+ automated unit test coverage
- 90%+ automated functional test coverage.
The Challenge:
The on-premise server reliability and uptime was very volatile impacting the availability, performance, and security of the systems that were critical for operations at customer site.
The Solution:
TELESIS professionals were tasked to improve the performance and availability within a very short period of time and without any downtime or data loss. The team stood up to the challenge and stabilized the volatility of the systems.
- The first step undertaken was to quickly perform infrastructure discovery of the On Premise datacenter, to include physical standalone servers, physical VMware Hosts, and Virtual Machines.
- Diagnosed and rebuilt Storage Area Network topology for ideal use in a VMware environment, transferring multiple terabytes of customer data in the process, without downtime or data loss.
- Upgraded VMware environment to latest supported versions, improving performance and site security in the process.
- Re-architected VMware hosts to run in clusters, with high availability and distributed resource management features making best use of available hardware. This allows future work on the servers to be done without any downtime or customer interruption.
- Performed host upgrades (with 100% uptime) with additional memory to support organization’s growing Virtual Machine needs. (400% increase)
The Result:
Significantly improved reliability and performance, without any customer downtime or data loss. The team transformed On Premise server reliability and uptime from very volatile to stable within a month, further improving availability, performance, and security.
