mobile btn
Tuesday, May 28th, 2024

Vulnerability Disclosure Program at DoD Cyber Crime Center sees major growth through partnership with George Mason University

© Shutterstock

Thanks to a partnership with George Mason University (GMU), the U.S. Department of Defense’s (DoD) Crime Center Vulnerability Disclosure Program has grown significantly and successfully on the heels of an award-winning pilot.

Utilizing the National Security Innovation Network Capstone program, VDP Director Melissa Vice teamed up with Brian Ngac, Dean’s Teaching Fellow at GMU Information Systems and Operations Management, and a team of four GMU students. Together, they developed an analysis of top lessons learned from a 2022 Defense Industrial Base-VDP Pilot, as a way to address scalability for the size and needs of the identified Defense Industrial Base.

“The Capstone project is a win-win for federal agencies and university students alike. Students gain valuable insight by working with professional organizations on real-world problem sets, and organizations like VDP are able to leverage motivated minds primed by the academic environment to take on the rigorous research necessary to answer challenging questions,” Vice said.

Last year’s pilot earned a Cyber and IT Excellence Teams Award from the Office of the Department of Defense Chief Information Officer, but was burdened by its own success. Increased demand led to new workforce requirements. Scalability proved a challenge and identifying publicly accessible assets for process automation turned out to be problematic in terms of both time and labor needed.

Enter Ngac and his team. Together, they compiled recommendations for creation of an onboarding, cloud-based portal Defense Industrial Base companies could navigate with the help of a chat-bot assistant. In eight weeks, their recommendations improved scalability from 50 companies to 1,000, cut labor hours from 50 to 89 percent and lowered processing time-per-company onboarded from eight hours to one, with no budgetary increases needed.

Cybersecurity triad methodology, Fed-RAMP-approved products and more played a role in recommendations.