Automated Biometric Information System helps secure data and borders
The Leidos team's work with the Department of Defense (DOD) on its Automated Biometric Information System (ABIS) program has resulted in a secure, functional system for the government. ABIS allows military branches to flag individuals of interest, putting them on a "Biometrically Enabled Watch List" (BEWL). Once flagged, these individuals are identified through surveillance systems on battlefields, near borders worldwide, and on military bases. Leidos' work secures the data and applications from this system against breaches and attacks in a world of ever-increasing cyber risk.
The ABIS program's biggest challenge was ensuring the cloud environment met the DOD's stringent security standards, and Amazon Web Services (AWS) was selected to deliver the solution. While AWS had previously been used as a backup operational environment, there were lingering concerns about security compliance once the entire ABIS system moved to the cloud. Internal assessments in the past had revealed a series of vulnerabilities. Although mitigated and patched, they remained a source of continuing anxiety to the customer. Notably, the DOD was concerned about the ability to send secure messages to and from the system across the department's secure network, the Secret Internet Protocol Router Network, or SIPRNet. A directive from senior leadership to move the system to the cloud required a secure solution.
The Leidos AWS Approach
The Leidos team drew on its extensive experience with AWS to address the customer's security concerns. Infrastructure-as-code deployments in the cloud allow secure environments to be recreated on-demand – effectively eliminating the risk of misconfiguration due to human error. Services such as Virtual Private Networks (VPNs) in specific configurations, least-privilege Identity and Access Management (IAM) permissions, and secrets managers no longer needed to be painstakingly configured and tested by hand – with the inherent risk of mistakes. Leidos rigorously tests all infrastructure-as-code templates before they are added to our deployment repository. Production environments are created exclusively through these templates to ensure the process is repeatable and conforms to the approved baseline configuration.
AWS' monitoring solutions, including CloudWatch, CloudTrail, and other DOD-mandated tools, immediately inform the Leidos Operations Team of any security-related events. Metrics and logs from these systems are correlated with other system data to provide a holistic view allowing us to effectively respond to the detected event by containing, investigating, and providing remediation guidance using the Leidos PACKIT™ cyber response framework. The Team has automated security compliance assessments to ensure that configurations do not drift out of compliance with DOD security requirements or AWS security best practices. Regular scans of the ABIS environment also notify the Team of any emergent security vulnerabilities that require patching. Finally, automated procedures ensure that in the event of an outage or disaster, the system will failover smoothly and keep ABIS operational.
Our security approach largely relies on eliminating the opportunity for user error in the ABIS system. Through advanced monitoring systems and infrastructure-as-code, we harness cloud tools to ensure vulnerabilities are identified and mitigated. This Leidos approach has addressed and alleviated the customer's concerns regarding the security of the cloud.
Related Information on ABIS: