BRTRC, a leading mid-sized firm focused on providing integrated technical solutions to the government, today announced its acquisition of SecureForce.

SecureForce, LLC is a leading provider of cybersecurity, risk and compliance and information assurance services to government agencies based in the DC area. The company’s customers include the Department of Veterans Affairs (VA), Transportation Security Administration (TSA), NASA, and Freddie Mac, among others.

"We are excited about bringing SecureForce into the BRTRC portfolio – not only does it expand our capabilities in the area of cyber, big data and analytics, it also gives us access to new markets like the VA, TSA and the intelligence community,” said Larry McDonald, chief operating officer and one of the four owners of BRTRC. “These new capabilities really round out our information technology solutions, allowinig us to offer more under our current IDIQs like DHS EAGLE II as well as allowing us to bid on additional federal IT work. Looking forward, we see more targeted acquisition as part of our strategy to round out our offerings.”


-- Homeland Security Department personnel and contractor support staff who perform cybersecurity functions would not be furloughed during a government shutdown, DHS officials said.

As the prospects dim for Republicans, Democrats and the White House to broker a deal for funding agency services, federal departments are racing to determine which employees will have to stay at home when the current stopgap spending bill expires Friday midnight. Federal law states the government must stop all activities except those "necessary for the safety of human life or protection of property."

Given the uncertainty surrounding which staff are essential, it is possible that adversaries, believing employees' guards are down, might view this period of confusion as an opportune time to infiltrate government systems, some observers said.

When asked if Homeland Security is contracting out for additional incident-response personnel to monitor for potential intrusions, department officials said operational plans still are being finalized, but their present understanding is DHS' cybersecurity employees would continue working during a shutdown, since their duties fall under the statutory exemption.

Though malicious outsiders always pose a threat, the experts from Symantec, Agiliance and SecureForce who spoke at today's GovWin Virtual Executive Roundtable agreed that the majority of security breaches are caused by well-meaning insiders.

"Most data breaches are caused by well-meaning insiders such as employees losing laptops, sending out inadvertent communications or e-mails, not thinking about the right processes or steps for how to transmit encrypted or secure data," said Tiffany Jones, Director of Public Sector Strategy and Programs at Symantec.

As the recent Wikileaks data breach demonstrates, IT professionals must be prepared to prevent and deal with situations caused by individuals who have proper access and abuse it. Webinar attendees agreed that inside threats are a serious issue: Over 70 percent of respondents to an in-webinar poll said that inside threats are more serious than external threats.

Malicious insiders -- usually disgruntled or compromised employees -- and outside attackers are also constant threats to both private-sector and government networks.

A range of vital components is needed to combat cybersecurity threats, including continuous monitoring, controls, improved user behavior, baseline scanning and intelligent security policies. "You can't secure what you can't manage," said Jones.

Just as importantly, controls must be repeatable and able to be automated at agencies and in vendor solutions.

According to Mike Saintcross, Director of Federal and Mid-Atlantic Sales at Agiliance, continuous monitoring, which consists of technology that gives constant awareness of risks and security on networks, is "finally maturing across most agencies."

Continuous monitoring is essential for detecting threats that come from both outside and inside the network, since most well-intentioned users who cause security breaches do so by violating policies (e.g., losing laptops, writing down passwords).

Watch live streaming video from govwin at

Other factors that play a large role in appropriate security are context and prioritization. "If you're getting lots of notifications about a vulnerability that turns out to be in a component that's five firewalls deep, it may not actually be that big a risk," said Stefen Smith, Chief Security Officer at SecureForce.

By John Casciano 12/17/10

New guidelines requiring continuous monitoring of federal networks are based on a wealth of real-world experience and highlight the necessity of using new tools to push agencies' cyber defenses to the next level. As envisioned in guidance released by the National Institute of Standards and Technology in June 2010, continuous monitoring enables organizations to proactively identify security issues that can be mitigated or plugged in advance of cyber intrusions or attacks.

In the dynamic and ever-changing networks in which agencies operate, continuous monitoring simply can't be performed manually; it must be supported by software that provides powerful new weapons for defending against and thwarting attacks.

To give real meaning to continuous monitoring and to implement effective enterprise defenses, chief information officers and chief security officers need to be cognizant of the promises and pitfalls their agencies face. One risk is that enterprises will embrace a reactive, narrow view of continuous monitoring that emphasizes only the tactical angle, giving short shrift to the proactive, and more important, meaning of the term. The result could be the illusion of 24-7 proactive protection, but not the reality.

Two emerging technologies, each employing continuous monitoring, address this challenge. To bolster security, organizations must differentiate between the two and employ both.

Heartland Payment Systems, Inc. paid $5 million to Discover Financial Services Company earlier this month in a settlement over a data security breach, a situation that a better initial response might have minimized.

The settlement resulted from a 2008 incident. Hackers installed spyware on Heartland's network, disclosing critical data such as account numbers and customer names for Visa, MasterCard, American Express, and Discover Card accounts.

Too often, companies that experience a data security breach only make the situation worse by not responding correctly. With more than 30 years of experience in the computer industry, Mike Theriault, president and CEO of B2B Computer Products in Addison, Ill., knows what businesses need to do as soon as they realize there's a data security problem.

"First of all, don't panic," he said. "People make the mistake of reacting before they know exactly what the problem is. Don't take any unnecessary action until you can accurately define the problem and know the scope."

Theriault has boiled the best response down to six steps. He says that although they're generally sequential, the order will depend on how regulated your industry is and the types of security risks your company faces.

Avoiding Social Engineering and Phishing Attacks

Do not give sensitive information to anyone unless you are sure that they are indeed who they claim to be and that they should have access to the information.

What is a social engineering attack?

In a social engineering attack, an attacker uses human interaction (social skills) to obtain or compromise information about an organization or its computer systems. An attacker may seem unassuming and respectable, possibly claiming to be a new employee, repair person, or researcher and even offering credentials to support that identity. However, by asking questions, he or she may be able to piece together enough information to infiltrate an organization's network. If an attacker is not able to gather enough information from one source, he or she may contact another source within the same organization and rely on the information from the first source to add to his or her credibility.

What is a phishing attack?

Phishing is a form of social engineering. Phishing attacks use email or malicious websites to solicit personal information by posing as a trustworthy organization. For example, an attacker may send email seemingly from a reputable credit card company or financial institution that requests account information, often suggesting that there is a problem. When users respond with the requested information, attackers can use it to gain access to the accounts.

Phishing attacks may also appear to come from other types of organizations, such as charities. Attackers often take advantage of current events and certain times of the year, such as

  • natural disasters (e.g., Hurricane Katrina, Indonesian tsunami)
  • epidemics and health scares (e.g., H1N1)
  • economic concerns (e.g., IRS scams)
  • major political elections
  • holidays

How do you avoid being a victim?

Scans of a key system utilized by the Homeland Security Department's cybersecurity operations arm revealed 202 unique high-risk vulnerabilities, according to the DHS inspector general.

The operational arm, known as US-CERT, is the federal entity responsible for gathering information about cybersecurity incidents within the .gov domain; it also provides technical assistance to other federal agencies. The organization's role is likely to increase in importance as DHS exercises newfound oversight authority over other federal agencies.

Exploiting Software Vulnerabilities

08 September 2010
Published in Blog

Maura A. Van der Linden

Once you understand the identity, goals, and motivations of potential attackers, you need to understand the various ways for software exploits to be delivered as an attack and some of the issues that surround those delivery mechanisms. The most clever and talented of attackers with an innovative exploit still have to find a way to get that exploit to the systems they wish to attack. Because these are only the delivery mechanisms, the actual content delivered varies greatly.


A Trojan in software security means a seemingly attractive or innocuous program that hides malicious software inside. Trojans aren't typically capable of spreading themselves, but instead they require a separate method of distribution, and that usually consists of the file containing the Trojan being transmitted to potential victims using methods like e-mail, instant messaging, IRC, ICQ, etc. When the potential victim opens the file, the Trojan is installed. Trojans can also be staged on download sites and disguised as utility programs, games, etc., and the victim is tricked into downloading them because they look like a useful program the victim might want to use.

Trojan Horse Virus
This is a hybrid between a Trojan and a virus. Most Trojan horse viruses infect like a Trojan in that they need to be run or executed by the victim (still typically by opening a file), and then the virus behavior takes over and the Trojan horse virus automatically spreads itself to other systems. So, it spreads like a biological virus. Sometimes it sends itself to your address book or your IM contact list, etc.


A computer virus is a program, typically malicious, that reproduces by adding itself to other programs, including those belonging to the operating system. It cannot run independently but needs a "host" program to be run in order to activate it. The source of the name is a reference to biological viruses that are not considered alive in the usual sense and can't reproduce independently, but rather invades host cells and corrupts them into producing more viruses.

Page 1 of 2

Get in touch