Cybersecurity program providing vital services for National Guard, Defense Logistics Agency

Photo By William Farrow | Huntsville Center’s Cybersecurity program awarded contracts for logical and physical...... read more read more

Photo By William Farrow | Huntsville Center’s Cybersecurity program awarded contracts for logical and physical cybersecurity inventories for the Army National Guard Bureau for 414 sites i and for the Defense Logistics Agency (DLA) at six locations.  see less | View Image Page

REDSTONE ARSENAL, ALABAMA, UNITED STATES

01.14.2025

Story by William Farrow 

U.S. Army Corps of Engineers Engineering and Support Center, Huntsville

✔ ✗ Subscribe

5

REDSTONE ARSENAL, Ala. -- The U.S. government and military sectors report more than 1600 cyberattack per week. These stunning numbers underscore the critical need for robust cybersecurity measures across all sectors.

The U.S. Army Engineering and Support Center, Huntsville’s Cybersecurity Systems Program plays an integral part in security against cyberattacks by providing oversight and management of cybersecurity inventories of Facility Related Control Systems (FRCS) including medical equipment and systems, by assisting multiple Department of Defense (DOD) customers in achieving accreditation under the Risk Management Framework (RMF) requirements in support of the customer obtaining an Authority to Operate (ATO).

The program also provides Continuous Monitoring Support (CMS), Professional Technical Services, maintenance support services once the ATO is achieved.
Currently, the Center’s Cybersecurity program awarded contracts for logical and physical cybersecurity inventories for the Army National Guard Bureau (ARNG) for 414 sites in five states and for the Defense Logistics Agency (DLA) at six locations located in four States.

Ron Brook, Huntsville Center Operational Technology Branch chief, said the physical cyber inventories are important as organizations may not be aware of all their information technology (IT) or operational technology (OT) assets.

Brook said this introduces potential cyber vulnerabilities – and thereby potential cyber risks – to the organization, and by extension, the nation’s cyber posture.

“There is a cliché in the field of cybersecurity: ‘We don’t know what we don’t know…until we scan it,’ Brook said.

As an example, Brook said if an organization is not aware that it operates a certain OT component, it has no insight into how that component might be exploited by threat actors.

He said to securely operate, monitor, patch, and dispose of organizational assets, they must be known and inventoried.

“To protect it, you need to know you have it.”

Earl Freeman, Facility Technology Integration Division (FTI-Medical & Cybersecurity) Senior Project Manager, said the cybersecurity program team is busy providing a full range of cybersecurity technical expertise and programmatic services for its customers in accordance with the Risk Management Framework (RMF) requirements and inventories for Operational Technology (OT) Systems.

He said the program maintains state-of-the-art cybersecurity technical expertise and provides expert-level support to the U.S. Army Corps of Engineers’ Military Programs Enterprise on a cost-reimbursable basis.

“We are working closely with the Center’s Cybersecurity Center of Expertise to provide cradle to grave management of cybersecurity requirements using USACE Industrial Control Systems (ICS) inventory methodology to conduct physical and logical inventories of OT equipment and systems,” Freeman said.

“The cybersecurity inventory data is used by our customers to maintain physical security and continuous monitoring of equipment on the network for cybersecurity and Information Assurance (IA) compliance.”

In addition, Freeman said the cybersecurity inventory data is ultimately used for the future attainment of an Authority to Operate (ATO), for new or existing control systems.

In the past, cybersecurity automation and industrial control systems (ICS) – like HVAC, utility monitoring, fire, and natural gas control systems – have been physically isolated systems that only communicated locally, such as within a building.

Currently, those systems are more frequently being integrated into installation networks so data can be remotely monitored, aggregated, and analyzed at higher levels. This increases the vulnerability and cyber security risks of not only the individual systems, but also the entire network.

“These Cyber Inventory Projects are the first step in a phased approach to help these States and sites achieve cybersecurity compliance in according with current DoD Cybersecurity requirements,” Freeman said.

Additionally, Freeman said the cybersecurity program manages and implements Facility Related Control Systems (FRCS) inventories for facilities worldwide to assist customers in identifying and managing their current control systems and use the data in the RMF process and establish accreditation boundaries.

“Our project delivery team (PDT) manages all aspects of FRCS logical and physical cybersecurity inventories to include program and project management, contracting, legal, engineering, submittal reviews, technical evaluations, assessments, and safety compliance services support,” Freeman said.

He said reach-back support from Huntsville Center’s Cybersecurity, Electronic Security System (ESS), and the Utility Monitoring and Control System (UMCS) MCXs ensure cybersecurity changes won’t negatively affect the operability of existing or planned OT systems.

“The Cybersecurity MCX supports scope development and information security assessment, and the cyber PDT develops and delivers a high-quality project compliant with DoD cybersecurity instructions.”