ICF International understands the importance of having secure information systems that power critical infrastructure cyber assets and collect, analyze, and share mission-critical, business, and personal information.
We are passionate about cybersecurity and privacy, and our team of experienced and certified professionals combine cybersecurity, privacy, and technical expertise with thorough domain understanding. We develop and implement end-to-end enterprise-level solutions in the areas of:
-
Cybersecurity
-
NERC Critical Infrastructure Protection (CIP)
-
-
-
|
 |
The ICF Cybersecurity Team is at the forefront of key U.S. Department of Homeland Security (DHS) and private industry Critical Infrastructure/Key Resources (CI/KR) Protection and Cybersecurity initiatives that include:
We deliver expert solutions to our clients ranging from Computer Incident Response Team Management (CIRT), Security Program Management, secure enterprise architecture frameworks, public-private security models, cybersecurity, and privacy services.
Additionally, ICF has provided a broad-range of NERC CIP assessment, compliance, and implementation services to vertically integrated utilities, independent power producers, generation and transmission owner/operators, regional transmission organizations, and control system solution providers.
Our Clients
Our clients range from federal agencies to commercial clients, including:
- U.S. Department of Homeland Security
- Transportation Security Administration
- Independent power producers
- Generation owners and operators
- Transmission owners and operators
- Regional transmission organizations (RTO)/independent system operators (ISO)
- Control system solution providers
- Utilities
Selected Projects
Public-Private Partnership Security Model. ICF developed, implemented, and managed an innovative public-private security model solution, leveraging best practice elements from the NIST Risk Management Framework, Fair Information Practice Principles, Department of Defense, Department of Homeland Security, American Institute of Certified Public Accountants, and the DHS Transportation Security Administration (TSA) Registered Traveler(RT) Program that won the 2009 Intergovernmental Solution Award in the Federal and Department of Defense category. This public-private security model governed personnel, system, physical, and compliance measures and operations for TSA, private industry identity management vendors, 21 U.S. airports, Law Enforcement background investigators, and Independent Public Accounting firms.
Privacy Assessment. ICF led a comprehensive privacy and security discovery engagement for one of the Social Security Administration's (SSA) on-line services tool. ICF engaged leading privacy and security advocates and experts from the Center for Democracy and Technology, Electronic Privacy Information Center, the University of Virginia, and the Department of the Navy to garner leading privacy and security best practices and recommendations for launching the on-line application.
NERC CIP Program Development. ICF developed an enterprise-wide NERC CIP program, policy, and implementation plan for a Northeastern independent power producer based on a comprehensive physical, cyber, and personnel threat, vulnerability, and consequence impact assessment. The resulting framework for governing routine and emergency cyber management processes covered generation and transmission cyber assets in New Hampshire, Massachusetts, Maryland, and New Jersey, producing 1,700 megawatts of power. The ICF Plan included Incident Response, Backup and Recovery, Personnel Security, Critical Cyber Asset Inventory and Categorization, Critical Asset Identification, Systems Security Management, Training, and Physical Security components.
NERC CIP Readiness Assessment. ICF evaluated and assessed the physical, personnel, legal, acquisition, and technical security controls for a Southern California Utility NERC CIP Program that included energy management systems, distributed control systems, communication, and cyber assets that manages and delivers power distribution to a population of 1.4 million business and residential accounts in a 4,100 square-mile service area.
Computer Incident Response Team Management. ICF provided a 24-hour incident response capability for a federal agency, ensuring that all cyber security incidents were effectively investigated and remediated to include satisfying the strict federal agency requirements for reporting incidents to the United States Computer Emergency Readiness Team (US-CERT), a component of the Department of Homeland Security. The ICF team also performed critical vulnerability scanning on the network to identify configuration, software, and Web application vulnerabilities. Additionally, ICF provided expert analyses of government network security policies, processes, procedures, and vendor security products in the form of white paper development, informal written summaries, and verbal consultation. ICF is currently providing incident response capabilities for more than 12,000 users across this agency network.
|
