Public Sector Cybersecurity

Cybersecurity is more than an IT challenge—it’s a mission imperative. New technologies, well-funded and determined adversaries, and interconnected mission ecosystems have combined to increase your exposure to cyberattacks. Your critical digital assets are being targeted at an unprecedented rate and the potential impact to your mission has never been greater.

Addressing this complex issue requires the commitment and consideration from the highest executive levels of your organization. When you successfully adapt, you do more than protect your mission, you have the potential to reap bottom line benefits.
Organizations that are adapting are:

  • Reconsidering the scope of the challenge to include your mission ecosystems
  • Re-evaluating ownership and accountability for cybersecurity and transforming security programs and workforce to be more proactive
  • Developing security dashboards based on sophisticated metrics, and maturing the capability to prioritize and improve investments and build business cases
  • Understanding the motive, means and methods of your adversaries
  • Prioritizing and protecting the information that really matters most to your mission
  • Collaborating and sharing information in order to have the appropriate available knowledge about the ever changing threats

PwC helps clients through the entire lifecycle of cybersecurity programs and projects, enabling clients to effectively manage a portfolio of projects and secure their intended benefits.

PwC is well positioned to support transformational development at the scale of Federal agencies for two reasons. First, we continuously scan and innovate our own human resources functions.  We recently transformed many of our talent practices, including our approach to performance management, and our learning and development platform to make these processes more responsive to feedback from employees.  Second, we also have deployed flexible talent models. We know first-hand what’s involved in delivering innovative and sustainable results.  PwC has provided industry leading benchmarking, workforce measurement and diagnostics, and employee surveys to help organizations evaluate their talent capabilities and improve these capabilities for the organization’s mission.

PwC can provide professional services in connection with implementation of Governance, Risk Management and Compliance (GRC) that is aligned with NIST 800-37 SDLC/RMF to meet security compliance for federal agencies. Taken separately, governance, risk management and compliance are not totally new concepts. In one form or another, dealing with transparency and accountability, mitigating risk and complying with regulations have always been issues with which federal agencies have had to cope.  However, when these concepts are broadly defined, integrated and linked to an organization’s strategic objectives, its holistic application can add significant value and provide competitive advantage.

PwC helps agencies assess and secure their infrastructure and technology environment. PwC assists federal agencies in assessing, documenting, automating compliance and securing information systems to make certain that they comply with required federal standards and guidelines.  PwC offers a variety of services to help federal agency managers prepare for the implementation of Continuous Diagnostics and Mitigation (CDM) and meet CDM lifecycle objectives.

PwC has developed an information sharing framework that can help Federal clients better manage their information sharing programs.  Damage caused by recent cyber attacks has elevated information sharing to a cornerstone of national priorities. It is imperative that the federal government effectively exchange information to improve unity of effort, reduce decision making time, increase adaptability in resources and improve situational awareness.

PwC supports Identity and Access Management components that include the identification and sharing of identity and access data, access control (authentication and authorization), access management (user registration, provisioning, and administration), and access analysis and recertification. Recognizing and responding to security breaches, effectively managing hacker activity and integrating security capability with mission needs and objectives.  

SAFETY ACT Certification. Through certification by DHS’ Safety Act Office, DHS recognizes that PwC’s Risk Management Mitigation and Planning Service processes and methodologies align with the DHS National Infrastructure Protection Plan framework.  PwC’s solution is both SAFETY Act Certified and designated for the 18 Critical Infrastructure/Key Resources.

Given our experience working with Federal clients, including agencies within the intelligence community and national security, PwC understands the Federal operating environment and the required compliance mandates around IT security. PwC has gained in-depth knowledge of the policies and procedures within Federal agencies and understands the complexities of large, enterprise-wide systems. Additionally, our Public Sector team is able to leverage the experience and knowledge of our global, commercial practice and industry leading practices and past lessons learned to manage through the multitude of changing variables, priorities, requirements and actions that today’s CISO must meet.

Case study: cybersecurity program management support

A large cabinet department of the United States government required cybersecurity program management support to meet FISMA reporting obligations.  PwC provided senior advisory and analytic support to the front office, developed core mission processes, polices, and procedures to help leadership manage security deliverables. This resulted in the improved effectiveness of the program through assessment of capabilities, identification of vulnerabilities, evaluation of risks, and providing prioritized guidance on remediation.

Case study: development of a thorough cybersecurity program

A large company required the development of a cybersecurity program.  PwC provided expertise that performed a cyber-risk and threat assessment across multiple lines of business and support functions and benchmarked the existing cybersecurity functions against leading industry frameworks. As a result of the assessment, a key finding was that an organizational culture in which the business and IT jointly support and deploy a security program had not been established.  A multi-phase security strategy and roadmap was created to deploy a risk-based cybersecurity program.

Contacts

John Hunt
PwC Public Sector LLP, Principal
Tel: +1 (703) 918 3767
Email
Bruce Brody
Director
Tel: +1 (571) 766 9353
Email
Daryl Eckard
Manager
Tel: +1 (703) 918 3793
Email