The Enhanced Secured Network (ESN) project is being undertaken by the Federal Communications Commission to improve its computer security by implementing enhanced security controls to defend against cyber attacks.
In September 2011, the FCC discovered that it had suffered a security breach on its agency network. FCC's actions to respond to the incident included, among other things, identifying and removing infected workstations and identifying significant factors that increased risk to its network. FCC initiated the ESN project in order to continue its response to the incident, mitigate the risk to its information resources from the malicious software, reduce the risk of a successful future attack, and address weaknesses in its security controls and network architecture.
- Enhanced security controls. The project is intended to enhance and augment FCC's existing security controls through changes to the network architecture and by implementing, among other things, additional intrusion detection tools, network firewalls, and audit and monitoring tools.
- Cyber threat analysis and mitigation. In addition to enhancing security controls, the ESN project aims to develop a sustainable cyber threat analysis and mitigation program that is to include risk management guidelines for assessing security threats and subsequent mitigation strategies. This effort is intended to provide the FCC with mechanisms to analyze the criticality of Commission assets, assess the likelihood that threats will endanger assets, and identify actions to reduce those risks and mitigate the consequences of an attack.
Status of project Edit
The FCC entered the project's system development phase in April 2012, received final delivery of hardware in June 2012, and deployed the initial components of the project by the end of July 2012. This included making changes to the network architecture to enhance protection for an initial portion of the Commission's executives and their key staff. Officials stated that activities to deploy enhanced protections for all users at FCC headquarters were projected to be completed in February 2013, and that these protections would be expanded to the Commission's field offices at a later date.
Figure 1 depicts the project timeline from the discovery of the security incident through the projected date of completion for the ESN project.