CYBER & PROGRAM MANAGEMENT
• Provided Risk Management Framework (RMF) expertise supporting the issuance of two three-year Authority to Operate (ATO)
• Reviewed 3,500 security controls, developed 5,200 plan of action & project milestones, and developed ISSE Handbook
• Participated in Europe based RMF 3-step assessment of power generator system
• Developed policy development capability utilizing SharePoint Online reducing time to develop policies by 75%
• Completed detailed site surveys identifying FRCS and supporting infrastructure for Far East based installations
• Supported stand-up of Cyber Planning and Response Center (CPRC) team with Threat Hunting, Penetration Testing, and Malware analysis
• Executed cyber top table exercise and response plans, including SOP’s
Supported CYBERSAFE grading and critical analysis trainings
• Managed CCB framework and accountability planning
KC SUPPORTED SYSTEMS
• 4 Echelon III CIO orgs
• 9 Facility Engineering Commands (FECs)
• 35 FRCS across the globe
• 150 RMF milestone events
The Naval Facilities Engineering Systems Command (NAVFAC) bears the significant responsibility of delivering facilities engineering solutions for the entire U.S. Navy and Marine Corp. NAVFAC has more than 17,000 employees across the globe. As the facilities manager for the Navy, NAVFAC is responsible for Facilities Related Control Systems (FRCS), including supervisory control and data acquisition (SCADA) systems – which are often used in industrial operations to monitor and control field devices – as well as its cybersecurity policies. NAVFAC is also the Department of the Navy’s Technical Authority and overall lead agency for Cyber Security for Facilities/Industrial Control Systems (ICSs).
In the U.S. Navy, SCADA systems can be found in ashore facilities ranging from Command Centers to warehouses that store chemicals and ammunition. Given the critical nature of the Navy’s mission, the security of these technologies – regardless of their location across the globe – is essential.
The organization required an enterprise-level process and methodology for authorization when new FRCSs came online. In addition, the Information Systems Security Manager (ISSM) and Information Systems Security Officer (ISSO) needed assistance in mission critical support regarding risk management and analysis. NAVFAC also required support of numerous cyber systems, including ICS, FRCS, and operational technology.
KC provided risk analysis and systems/cyber engineering support to NAVFAC Information Technology and Operational Technology (IT/OT) systems to help bolster and protect the Navy’s global infrastructure against threats. KC also supported the Command Information Office (CIO) and the Command Information Security Officer (CISO)/Director of Cybersecurity through project management, planning, analysis, and more.
Take a look at what KC is doing to contribute to global cyber security, agile software development and cloud services.
Felix Martin, 571 435 7632 fmartin@karthikconsulting.com
CAGE: 56GH3
DUNS: 828199880 UEI: FGNNM7KNUPF6
GSA MAS
GSA OASIS Pool 1 and 3
NIH CIO-SP3 8(a) & SB
GSA STARS III 8(a)
Air Force SBEAS
Army RS3
Navy Seaport-NexGen
FAA eFAST