Case Studies

USMC Cybersecurity Engineering Support

“I appreciate the honesty and fairness provided in the data. This data drives home the issues.” — USMC Client

Fast Facts

  • The United States Marine Corps (USMC, Semper Fi!) is often the first line of defense against hostile forces and the tip of the spear in offensive actions. Its command-and-control systems must be secure from cyber warfare and must work under extreme conditions.
  • 2020 saw a dramatic increase in cybersecurity incidents, more than doubling those experienced in 2019 – growing from nearly 220 million cyberattacks in 2019 to more than 445 million cyberattacks in 2020.
  • TechFlow efficiently and expeditiously designed, executed, and delivered “decision quality” RMF documents and artifacts which met the USMC’s need for enhanced security and effectiveness in its command-and-control processes.

The Problem

The United States Marine Corps (USMC) sought to develop and improve manager-level information assurance guidance and cybersecurity processes for its tactical aviation command-and-control system. These processes needed to effectively integrate USMC’s security requirements with its system engineering and delivery; in other words, it had to be secure and effective.

The processes would need to address tactical systems which would align cybersecurity, programmatic, development, and user community security responsibilities across system operations and maintenance. The processes would need to support the systemwide transition from the outdated Department of Defense (DoD) Information Assurance Certification and Accreditation Process (DIACAP) to the DoD’s newer Risk Management Framework (RMF). Oh, and it had to be done within a twelve-month period.

The Solution

TechFlow’s team first established benchmark approaches for tactical system cybersecurity programs and delivered “decision-quality” RMF documents and artifacts which informed the USMC’s true system concerns. TechFlow conducted intensive assessments and analysis through the various lenses of system operation, use case, and operational threat, before delivering detailed assessment and authorization artifacts and operationally relevant findings which lead to the removal of the system’s Denied Authority to Operate (ATO).

At the same time, TechFlow’s experts enabled the USMC to prioritize its programmatic and engineering efforts based on solid risk analysis. TechFlow’s integrated methodology enabled the system’s ATO and ongoing authorizations to support the rapid deployment of system technology, rather than treating the process as a “bolt-on” service which would have meant system deployment delays and wasted effort.

Impacts

  • TechFlow executed all six required RMF steps within a 12-month period to support the USMC’s DIACAP-to-RMF transition, while conducting assessment and authorization actions and delivering operationally relevant system security posture, risk awareness and decision-quality security analysis.
  • TechFlow did all this on time and under budget. Just think what we can do for you!