For years, the Marine Corps has remained behind the power curve for monitoring buildings in regard to utilities, or Industrial Control Systems (ICS). The problem? Cyber security. Installations around the Marine Corps have struggled to maintain the increasingly stringent security requirements for the operational technology (OT) needed for metering and monitoring their facilities.
Personnel at Marine Corps Base Camp Lejeune’s ICS Program Office were no strangers to this hardship, having worked tirelessly for eight years to secure an Authority to Operate (ATO) in order to put buildings online for better, more modern facilities monitoring. On March 22, the team received news that their ATO had been granted.
“The Authority to Operate is essentially approval to put something on the Marine Corps network,” explained Jeff Watts, Information Systems Security Engineer, ICS Program Office. “It is sort of like a building inspector, making sure everything is up to code before actually installing it.”
The ATO will be used to install devices that cryptographically separate the OT from the Marine Corps Network. This particular ATO is significant, as it solves the problem for more than just Camp Lejeune. The vendor and network agnostic approach allows the solution to be used Marine Corps-wide.
“It’s not just Camp Lejeune, it’s the entire Marine Corps that benefits,” said Watts. “This is the first ever type of accreditation which provides one architecture that works anywhere in the Marine Corps, for all of the industrial control systems.”
It is a Marine Corps requirement to monitor ICSs, such as energy and water usage. This is essential for energy resilience and having the ability to adjust or repair facility- related issues before they become costly or even catastrophic.
“We have to continue to monitor water and waste water, but their systems currently reside on the network in an insecure manner,” explained James Mahoney, Camp Lejeune Operations Director. “We are using antiquated operating systems that are no longer able to be patched and made secure, because they are no longer supported. In getting this architecture in place, we are improving our cyber security and energy resilience posture.”
The secret to the ICS Program Office’s success was working hand in hand with Marine Corps cyber security experts from the very beginning, architecting a solution that would meet both cyber security and facilities management requirements.
“We built [this architecture] from scratch…” said Watts. “(We) tested it in our lab and really just began bridging the gap between information technology and operational technology.”