As the premier DOD center of industrial and technical excellence, LEAD’s mission is to develop and deliver best-in-class technologies and business practices for air defense tactical missile ground support equipment, mobile electric power generation equipment, patriot missile recertification, and route guidance vehicles for both the U.S. and its international partners. The mission of LEAD’s Directorate of Information Management (DOIM) is to provide the highest level of reliable IT and expand IT services so information flows seamlessly within the LEAD community.

The Industrial Control System (ICS) test equipment located at LEAD presented numerous cybersecurity challenges at every level of the organization, including widely varying security postures with little to no consistency, expired and limited maintenance contracts with no onsite infrastructure, and inconsistent cybersecurity plans across the entire infrastructure.

TIAG created a high-level, four-phase strategy to identify and mitigate vulnerabilities and improve the overall cybersecurity posture of ICS. This strategic approach was then turned into tactical objectives leveraging processes developed to satisfy the three core tracks of the ICS system’s lifecycle. We employed this track-focused, tactical approach to ensure that every ICS test asset within the purview of LEAD, whether new or legacy, would be addressed from a cybersecurity perspective.

LEAD now has a repeatable, standardized protocol to address common vulnerabilities. LEAD is also now able to establish and maintain an acceptable cybersecurity posture and resiliency across the entire lifecycle of ICS and similar test systems.

CyberLog is the functional owner for the DHA’s Cybersecurity Risk Management Framework for medical devices and equipment across the Military Health System.

To support the transition away from service-specific processes to one functional capability, the DHA required a center of excellence (CyberLog) to unify cybersecurity efforts for medical devices and equipment across the entire Military Health System enterprise. This included coordinating the transition of DHA medical logistics and the medical device Risk Management Framework (RMF) program.

TIAG was brought in to plan, implement, and sustain medical device and equipment security across the Military Health System enterprise with a goal of standardizing decision-making across the enterprise. We helped the DHA create large-impact solutions, gain natural efficiencies, increase visibility and enterprise management, and align to the data by establishing functional virtual authorization boundaries and assessing and incorporating enterprise authorizations. TIAG worked collaboratively with DHA to develop a rigorous “cradle to grave” Risk Management Framework (RMF)-based assessment process that provided full lifecycle cybersecurity services for medical devices across the DHA enterprise. We advised on the efficiency, effectiveness, and performance of security controls for medical devices and assisted the DHA’s medical device vendors to produce evidentiary materials that met or exceeded DoD IT auditing standards.

Our innovative solutions successfully stood up the DHA CyberLOG and were some of the first of their kind in the DoD. The interoperability provided through CyberLOG allows health care providers across the military health system to treat patients and improve outcomes while also mitigating the risk of cybersecurity threats.