Project Background and Client Challenge
Our CISO, Jesse Miller, identified a business opportunity through a contact with an engineering and consulting firm. This firm was tasked with performing a reliability analysis on a device for a proprietary U.S. Army project, under regulation of the Department of Defense. In addition, the contract included a cybersecurity risk evaluation of the device and a physical security assessment of the facility where this device was being constructed.
The engineering and consulting firm partnered with Converged Communication Systems (CCS), a.k.a. Stratosphere Networks, as their preferred vendor to carry out the cybersecurity portion of the project.
Converged Communication Systems (a.k.a. Stratosphere Networks) Solution
When CCS/Stratosphere became involved, we learned that the project's schedule was already in jeopardy. Several requirements needed to be met immediately before our team began work on the project, including the following:
- Our completion of the DDTC/ITAR (International Traffic in Arms Regulations) registration process with the Department of Defense.
- Since the project was proprietary, CCS/Stratosphere had to ensure that all FOUO (For Official Use Only) information that was used or handled on the project had to follow a strict chain of custody, encryption, and classification protocols.
- All CCS/Stratosphere personnel involved attended training for awareness and avoidance protocols to prevent compromise by foreign intelligence or other espionage.
- CCS/Stratosphere built a framework for a DoD-compliant cyber risk analysis from scratch, prior to being provided a full understanding of the project or device, since most of the technical schematics were not revealed until the onsite visit due to security concerns.
All of this had to be completed in less than a week, since the on-site trip to the secure facility was imminent. Our team worked extremely hard to meet all of these prerequisites and was prepared to deliver the excellent service that sets the CCS/Stratosphere brand apart from the rest.
Once on site, our CISO performed the cyber risk analysis and attended meetings with all of the managers, scientists, and engineers involved in the project to keep them updated on his progress and the results. Shortly thereafter, CCS/Stratosphere delivered inputs to the Program Protection Implementation Plan, as part of a cybersecurity risk management assessment on the proposed system implementation. As the device design effort continues, CCS/Stratosphere will provide cybersecurity inputs to the following project-required documentation:
- Threat/Vulnerability/Criticality Risk Analysis Report
- Security Countermeasures/Procedures: Risk-Reduction Recommendations Report
Our cybersecurity risk management assessment in the preliminary design phase of the device provided key insights to improve the safety and security of the device, as well as personnel working on the project. The client was extremely happy with the initial results and plans to expand CCS/Stratosphere's scope, especially during the latter parts of the design process, such as manufacturing, when they will need input on evaluating the output of the computer tool that will be used to assess the system software.
The vendor that brought us in as a subcontractor was particularly pleased with our CISO and his understanding of the project requirements, ability to constrain the scope to the essential elements, and how he communicated and defended his more focused scope, which saved them time and effort.