ICF is trusted by government and private sector clients to provide cybersecurity solutions that support the full range of cybersecurity missions and protect evolving IT infrastructures in the face of relentless threats.

The importance of cybersecurity to our nation’s defense, security, and economy cannot be overstated. It takes vigilance at every level of an enterprise and starts with a thorough understanding of your network and its vulnerabilities. For more than 25 years, ICF’s cyber and infrastructure security professionals have been implementing solutions that keep our clients ahead of the curve. Our team is led by some of the nation’s most respected and experienced cybersecurity and resilience leaders.

Sitting at the nexus of cybersecurity and physical infrastructures, we provide enterprise solutions for resilience, whether securing an energy grid, transportation system, defense network, or private healthcare information system. ICF helps each client mount a sophisticated, effective defense, and in return, we have an almost 100% client retention rate.

Our team of cybersecurity specialists helps homeland security, intelligence, and military clients to build and successfully defend the most aggressively attacked infrastructures on the planet, and we bring this same level of mil-spec expertise to our commercial clients. As the stakes get higher, ICF has doubled down on research, driving conversations about the state-of-the-art security at its annual CyberSci conference and patenting technology developed in its own cyber lab.

From building the system that served as the model for network defense services within the U.S. Department of Defense to improving machine-to-machine learning for better cyber defense to patenting a new way to visualize cyber threats using virtual reality technology, we innovate to stay one step ahead. As a top priority for our nation and successful organizations, cybersecurity deserves no less.

ICF is trusted by government and private sector clients to provide cybersecurity solutions that support the full range of cybersecurity missions and protect evolving IT infrastructures in the face of relentless threats.

Whether securing an energy grid, power utility, transportation system, U.S. Department of Defense (DOD) network, or private healthcare information, ICF combines specialized market expertise with proven technical skills to bolster cybersecurity. Our professionals are at the forefront of intrusion detection and response, identity management, and credentialing technology.

ICF delivers complete cybersecurity solutions that include:

  • Network monitoring, threat detection, and incident response utilizing a large team of subject matter experts (SME) with many years of technical experience
  • Developing cybersecurity risk management frameworks fluid enough to identify and isolate intruders while keeping all other nodes active
  • Supporting continuous data monitoring efforts and preparing clients for successful system certification and accreditation
  • Providing training and addressing behaviors that affect cybersecurity

ICF is also an industry leader in developing solutions that authenticate an individual's identity and keep electronic transactions secure. We have supported numerous U.S. federal civilian agencies in creating and launching national authentication programs using smart cards with embedded digital certificates. Our work draws from extensive knowledge of public key infrastructure, physical access control systems, and U.S. federal standards for identity management.

ICF blends the best of cutting-edge science with real-world knowledge of cybersecurity to position clients years ahead of current technologies.

ICF scientists and engineers work with organizations in the U.S. Department of Defense (DOD) and in leading commercial research and development enterprises to continuously apply technological and scientific insights to new innovations. For example, ICF's applied research team uses front-line theoretical research in areas such as statistics and machine learning to develop new approaches to network security and the detection of intrusion and misuse—areas in which we have extensive hands-on experience.

ICF is also skilled in handling large datasets of sensitive information and in developing customized, high-performance tools that automate and streamline essential processes.

ICF's areas of focus for cyber research and future solutions include:

  • Machine learning
  • Computational intelligence
  • Neuromorphic computing 
  • Persistent threat detection
  • Neural networks
  • Automated scenario generation
  • Malware analysis and detection
  • Memristor-based architectures
  • Trust, resiliency, reliability, and size/weight/power for wireless tactical networks
  • Dataset generation for defensive and offensive research and development
  • Dynamic reconfigurable systems
  • Human machine interaction
  • Cognition augmentation

Full Merger Between Logical & Physical Controls

ICF helps to improve security and simplify access control with an automated application.

ICF developed the Physical Access Control System (PACS) Central module as an application that ties a client's PACS to a Homeland Security Presidential Directive-12 (HSPD-12) card management system and Windows domain for the simple automation of access control.

Using an interface that mirrors the look and feel of their organization, managers can control access to one or more specific secure areas without having to learn the complexities of PACS administration. They can also delegate control to others.

Employees who require access to secure areas simply fill out a web form, and managers are notified instantly via email. Managers can grant or deny access with just a few clicks and sign access approvals at their desk using their HSPD-12 credential.

Similarly, PACS Central will automatically block access to secure areas for any employee whose personal identification verification (PIV) card expires or is revoked.

Since PACS Central is built on the GroupAssure® core, it uses GroupAssure roles, permissions, and operations to control access to the application. When a PIV card is terminated, the PACS Central revocation web service is notified and access for that card is automatically removed from every PACS system tied to PACS Central.

For nonagency PIV cards, enrollment into PACS Central ensures that the cards are continuously checked against a revocation list. All actions in PACS Central are logged and auditable.

Identity, Credentialing, & Access Management (ICAM)

ICF helps clients manage cybersecurity threats with highly customizable solutions and identity management that ensures the safety of confidential data and valuable intellectual property.

Securing critical data is an integral part of a successful program management office. Rather than retrofit solutions based on new legislation or security threats, ICF helps clients integrate sustainable, seamless solutions that fit within new or existing infrastructure.

ICF offers cybersecurity services to help clients proactively protect information, stay informed about the latest online security threats, comply with government regulations, and quickly respond to compromised data, including:

  • Information assurance and privacy solutions
  • Critical infrastructure protection (CIP)
  • IT governance and risk management
  • Identity, credentialing, and access management (ICAM)
  • Network management and intrusion detection
  • Systems administration, implementation, and integration

ICF helps clients navigate U.S. regulations and organizations that affect cybersecurity requirements:

In addition, identity management is a key component of any comprehensive cybersecurity program. ICF helps clients develop cutting-edge credentialing systems that ensure only essential personnel have access to critical data. Extensive knowledge of public key infrastructure, physical access control systems, and U.S. government standards for identity management helps ICF create secure authentication systems for federal agencies and other clients.

Improved Auditing & Monitoring

ICF helps clients manage cybersecurity threats with highly customizable solutions and identity management that ensures the safety of confidential data and valuable intellectual property.

To help clients stay ahead of today's complex, changing cybersecurity challenges – including U.S. federal and industry regulations – ICF's experts provide external security audit/assessment services using a proven four-phased approach:

  1. Assess the current security posture
    During the initial phase of the process, our team conducts a preliminary review of the organization's information technology infrastructure through interviews with installation personnel, observations of installation activities, and reviews of installation documentation.
  2. Identify unique security requirements
    The objective of phase two is to obtain the information necessary to identify any governing security regulations that the organization is subject to as well as the security controls that have been implemented within the environment.
  3. Perform compliance testing
    In the third phase, we use automated auditing tools, interviews, and observation of the production operating environment to determine if the implemented controls comply with mandated regulations and operate as expected.
  4. Provide a comprehensive assessment report
    Upon completion of the audit/assessment process, our team prepares a comprehensive audit report giving detailed results of each phase, including any identified deficiencies along with recommendations for action.

Information Assurance, Privacy & Compliance

ICF helps U.S. federal government agencies protect their data, ensure its availability as needed, and keep it under the control of authorized users.

Through the development, management, and support of accreditation and certification programs, ICF's information assurance teams help U.S. federal clients certify and accredit all categories of systems, networks, applications, and sites. We also deliver lifecycle support for all phases of information assurance certification and compliance.

Our experts lead, establish, and maintain compliance programs using standardized methods and procedures that ensure security controls are implemented in accordance with U.S. Department of Defense (DOD), Office of Management and Budget (OMB), and Federal Information Security Management Act (FISMA) requirements. These methods include:

  • Periodic assessments
  • Annual reviews
  • Security control tests and evaluation
  • Risk assessments
  • Plan of action and milestones management

ICF also assists with business continuity preparation. Our business impact analyses facilitate the process of identifying and prioritizing critical information, components of information systems, and associated threats and risks. We help clients develop, conduct, and maintain business continuity, continuity of operations, and disaster recovery plans—and train and test these plans to ensure organizational readiness.

Our clients benefit from the experience we've gained serving a variety of information-sensitive fields. And our professionals stay current on the latest security developments and maintain industry-leading certifications.

NERC CIP Consulting and Compliance Services

ICF partners with North American Electric Reliability Corporation (NERC) Registered Entities in building and maturing NERC Critical Infrastructure Protection (CIP) programs that improve their cybersecurity postures and reduce compliance risk within operational, budgetary, and resource constraints.

ICF provides NERC CIP consulting and compliance services to electric utilities and Registered Entities with the ultimate objective of strengthening enterprise resilience through robust security practices and controls aligned with CIP Standards and Requirements. ICF recognizes that organizations face complex internal and external challenges in implementing and maintaining effective NERC CIP programs. Registered Entities must proactively manage NERC CIP programs and execute supporting cybersecurity practices to achieve compliance with the NERC CIP Standards.

Effective NERC CIP programs require management's support with the proper “tone at the top” that promotes a culture of compliance emphasizing adherence to the CIP Standards. ICF understands that Registered Entities face various internal challenges that increase compliance risk, such as legacy IT infrastructure, budgetary constraints, and a lack of skilled resources. To help overcome their internal challenges, ICF supports Registered Entities in developing standardized processes embedded with auditable security controls that minimize performance issues and program inefficiencies, and ultimately mitigate compliance risks.

Registered Entities face increasing external cyber risks from a more persistent threat environment, and increased compliance risk due to evolving NERC Reliability and CIP Standards. Registered Entities’ Supervisory Control and Data Acquisition (SCADA) and Industrial Control Systems (ICS) employ a network architecture that increases reliance on computer-based controls, potentially creating new vulnerabilities and elevating Registered Entities’ needs for cyber risk mitigation.

Meanwhile, the ongoing maturation of NERC Reliability and CIP Standards increases the compliance scope for Registered Entities’ operations and imposes more demanding cyber security requirements on existing IT infrastructure and resources. Without a strong NERC CIP program, Registered Entities weaken their ability to effectively respond to regulatory changes and resultantly increase the risk of:

  • Fines and penalties resulting from self-reports and regulatory settlements for noncompliance, system outages, and operations loss
  • Extrinsic risks such as the impairment of the organization’s public reputation and ability to uphold the reliability of critical infrastructure

To combat these external regulatory and cyber challenges, ICF supports Registered Entities in establishing and maturing self-sustaining NERC CIP programs that remediate cyber vulnerabilities, mitigate cyber threats, and enable efficient response to changes in regulatory requirements.

ICF consultants are equipped with the resources and expertise to confront the organizational and regulatory challenges facing Registered Entities. ICF’s NERC CIP advisory services draw upon industry experience, professional benchmarks, and cybersecurity best practices (e.g., COBIT, COSO, ISO, ITIL, NIST, SANS) to deliver prudent solutions that mitigate cyber risk while reducing compliance risk. Our consultants are certified professionals (e.g., CISA, CISSP, CRISC, PMP) with significant audit and advisory experience and possess deep knowledge of the electric utility industry’s regulatory environment.

Jobs in Cybersecurity 106 Job Openings

Aug 14, 2019
Multiple locations
Aug 13, 2019
Martinsville, Virginia, United States of America
Aug 12, 2019
Madison, Wisconsin, United States of America
Aug 8, 2019
Hampton, Virginia, United States of America
Aug 8, 2019
Adelphi, Maryland, United States of America