The 2020 SolarWinds incident represented one of the most sophisticated and far-reaching cyber attacks ever perpetrated against the United States government. 

During the attack, persistent threat actors gained access to federal systems through a compromised supply chain, affecting numerous agencies and remaining undetected for months. The breach exposed critical vulnerabilities in the government's cybersecurity posture, particularly in visibility and coordinated response capabilities.

Exposing vulnerabilities 

In the wake of the attack, federal agencies realized they faced several substantial challenges:

  • Limited visibility: Agencies struggled to identify which systems were compromised and to what extent.
  • Siloed data: Critical endpoint detection and response (EDR) data existed across the government but remained trapped in organizational silos.
  • Coordination hurdles: The federal government lacked mechanisms for rapid, whole-of-government coordination during cybersecurity incidents.
  • Response delays: Bureaucratic and technical obstacles hindered access to timely data, slowing incident response efforts.

The SolarWinds experience brought these challenges into sharp relief, but at the time, there wasn’t a clearly defined government strategy nor a technical architecture established to enable collaboration between Federal agencies to combat critical vulnerabilities.  

Empowering CISA to combat the threat 

In the wake of SolarWinds, the Department of Homeland Security (DHS) and the Cybersecurity and Infrastructure Security Agency (CISA) received a new mandate via Executive Order 14028: Improving the Nation’s Cybersecurity. This strengthens the authority of the federal government to detect, analyze and respond to cyber threats across FCEB agencies. This executive order emphasized two key capabilities:

  1. Proactive threat hunting: CISA would need to move beyond reactive security measures to actively search for indicators of compromise across federal networks.
  2. Coordinated and collaborative response: When incidents occur, CISA would lead a cohesive, whole-of-government response effort.

The vision was clear, but implementation presented significant challenges. CISA needed a partner who could rapidly develop a solution that would:

  • Maximize existing tooling, and therefore existing investments, to effectively steward government budgets.     
  • Integrate with multiple EDR vendors to optimize whole-of-government visibility
  • Provide secure, real-time visibility across federal endpoints
  • Enable sophisticated threat hunting capabilities
  • Facilitate coordinated incident response
  • Meet stringent federal security and compliance requirements
  • Partner with FCEB agencies to seamlessly integrate with their unique environments
a room full of servers
 56   
  1M
Federal agencies enrolled across four EDR platforms
Total real-time endpoint visibility expected by FY26

“One of the biggest challenges in threat hunting across security boundaries (and federal agencies) is speed of response. When vulnerabilities are discovered, timeliness of action is paramount.  The CISA PAC solution provides us the necessary access to take action for remediation with partnering agencies. We can do in minutes what used to take days, weeks, or even months. Partnering with CGI Federal not only allowed us to quickly meet mission critical requirements outlined in the Executive Order but also minimize the burden on agencies.” Jon McBride, CISA Chief of Adversarial Pursuit

CGI Federal: The expert and partner of choice

CISA ultimately selected CGI to be its partner in tackling this critical national security challenge—a decision that has proven transformative for federal cybersecurity operations.

CGI brought its characteristic collaborative approach to the mission. The task was formidable: Create a unified platform that could securely leverage EDR data from multiple vendors across numerous agencies, meeting strict security requirements and an aggressive timeline.

Our team worked intensively with each major EDR vendor to enable a parent solution that gives CISA instantaneous visibility into EDR data from subscribing agencies. This required deep technical collaboration with each vendor to:

  • Enable their solutions to integrate with a managed services model.
  • Understand each EDR platform's unique capabilities at a deep level.
  • Ensure that activities performed through the platform are strictly controlled and monitored.
  • Implement robust security controls ensuring only trusted users on trusted devices from trusted networks can perform approved activities.

What makes this achievement particularly remarkable is the speed of implementation. Despite the technical complexity and security requirements, CGI delivered the solution more quickly than expected. CISA described the implementation as its top achievement for 2024. It continues to be its number one priority for 2025.

“With Persistent Access Capability (PAC) being a high priority for CISA this fiscal year and the need for government-wide cross collaboration, it was critical that we developed and delivered a quality solution to facilitate adoption. Partnering with CGI Federal not only allowed us to quickly meet mission critical requirements outlined in the Executive Order but also advanced our Agency partnerships by minimizing their burden and, in most cases, our PAC solution was completely transparent to existing Agency operations allowing them to immediately realize the benefits of the program.” Matt House, CISA CDM Program Manager

 

Partner with CGI for complex security challenges

The success of this initiative demonstrates CGI’s position as the partner and expert of choice for the most challenging federal cybersecurity implementations. Our approach combines technical expertise, collaborative partnerships and unwavering commitment to mission success.

When you need to establish secure, compliant, efficient, and high-performing solutions for complex environments, CGI delivers results that matter. Our proven track record with CISA's groundbreaking visibility platform exemplifies our ability to tackle the most pressing national security challenges.

“One of the biggest challenges with implementing a new cross-agency solution,was avoiding the need to develop a brand-new Government Off-The-Shelf solution that would work across so many different operating environments. Credit to each of the EDR vendors and CGI for closely partnering with CISA, understanding our goals, and integrating existing capabilities that were previously funded and well established within each customer organization. This solution ushers in a modern era of operational partnership across the FCEB, enabling CISA to deliver unprecedented security enhancements, when needed most; seamlessly protecting federal resources across the government.” Richard Grabowski – CDM Deputy Program Manager and Chief Architect

Contact CGI today to learn how we can help your agency strengthen its security posture through innovative, rapidly deployable solutions that meet the highest standards of security and compliance.

professional looking at a computer screen that has been locked

Expanding CISA’s vision

Today, the solution is operational across four EDR platforms with a total of 56 federal agencies enrolled. CISA is projecting total endpoint (real-time) visibility of one million by FY 26. This has empowered CISA to take advantage of:

  • Enhanced threat detection: The ability to identify potential compromises across agencies before they escalate.
  • Sophisticated threat hunting: Proactive searching for indicators of compromise based on the latest threat intelligence.
  • Rapid response coordination: When threats are detected, CISA can now coordinate a whole-of-government response instantly.