Overview Edit

The Enhanced Secured Network (ESN) project is being undertaken by the Federal Communications Commission to improve its computer security by implementing enhanced security controls to defend against cyber attacks.

Background Edit

In September 2011, the FCC discovered that it had suffered a security breach on its agency network. FCC's actions to respond to the incident included, among other things, identifying and removing infected workstations and identifying significant factors that increased risk to its network. FCC initiated the ESN project in order to continue its response to the incident, mitigate the risk to its information resources from the malicious software, reduce the risk of a successful future attack, and address weaknesses in its security controls and network architecture.

The ESN project includes two major efforts: (1) implementing enhanced security controls, and (2) designing and implementing a sustainable cyber threat analysis and mitigation program.

Status of project Edit

The FCC entered the project's system development phase in April 2012, received final delivery of hardware in June 2012, and deployed the initial components of the project by the end of July 2012. This included making changes to the network architecture to enhance protection for an initial portion of the Commission's executives and their key staff. Officials stated that activities to deploy enhanced protections for all users at FCC headquarters were projected to be completed in February 2013, and that these protections would be expanded to the Commission's field offices at a later date.

To protect against and detect cyber attacks, the FCC also deployed a malware protection system for its network and a tool to monitor its workstations for signs of compromise.

Figure 1 depicts the project timeline from the discovery of the security incident through the projected date of completion for the ESN project.


The GAO criticized the project in a January 2013 report.