Booz Allen Commercial delivers advanced cyber defenses to the Fortune 500 and Global 2000. We are technical practitioners and cyber-focused management consultants with unparalleled experience – we know how cyber-attacks happen and how to defend against them.
Our strategy and technology consultants have empowered our international clients with the knowledge and experience they need to build their own local resources and capabilities.
In facing challenges of modernization, our Middle East and North Africa clients have complex requirements that benefit from our proven experience in guiding major programs and projects for governments and private-sector organizations. The services we offer in UAE, Qatar, Egypt, Turkey, Kuwait, Morocco, Jordan, and other regional countries build on our consulting legacy.
Our clients call upon us to work on their hardest problems—delivering effective health care, protecting warfighters and their families, keeping our national infrastructure secure, bringing into focus the traditional boundaries between consumer products and manufacturing as those boundaries blur.
Booz Allen was founded on the notion that we could help companies succeed by bringing them expert, candid advice and an outside perspective on their business. The analysis and perspective generated by that talent can be found in the case studies and thought leadership produced by our people.
Explore our featured teams and missions. Search openings and find out how you can support our meaningful missions.
Continue your mission with us. Get advice from our recruiting team, and browse our FAQs.
Seeking an internship or entry-level position? Learn about the impact you can make on our team.
Find out more about our application process, explore our benefits, and review our FAQs.
Learn more about Booz Allen's diverse culture and environment of inclusion that fosters respect and opportunity for all employees.
Our 22,600 engineers, scientists, software developers, technologists, and consultants live to solve problems that matter. We’re proud of the diversity throughout our organization, from our most junior ranks to our board of directors and leadership team.
Booz Allen takes pride in a culture that encourages and rewards the many dimensions of leadership—innovative thinking, active collaboration, and personal service. We’re particularly proud of the diversity of our Leadership Team and Board of Directors, among the most diverse in corporate America today.
Gone are the days of stand-alone manufacturing equipment. Today, plant managers can track equipment function, productivity, and maintenance requirements through the connected power of automation and the industrial Internet of Things (IoT). This convergence of information technology (IT) and operational technology (OT) is critical to reducing costs and enhancing performance gains, but when everything is networked, it opens new opportunities for attack. Threat actors seek the weakest links across connected ecosystems, rendering traditional cybersecurity measures insufficient and creating a “new normal” where cyber attacks move across converged IT and OT environments.
Eighty-two percent of security practitioners in a 2017 survey predicted that unsecured IoT devices would likely cause a data breach in their organization, and incidents like the 2017 NotPetya malware attack demonstrate that complex, interconnected IT and OT systems can be weaponized for rapid, widespread devastation, disrupting everything from product development to fulfillment and shipment.
IT/OT convergence is a critical business enabler, but it must be accompanied by integrated cybersecurity across the enterprise. Here are five recommended actions to help address the challenges of a connected manufacturing environment.
No. 1: Assess your security capabilities and risk landscape
First, document and understand the operational environment. That includes the network, data flows, and details of connected devices, as well as physical access points that could be exploited, such as sensors or switches. Segment your critical systems by looking at the various data and underlying operational flows across not only OT applications, but from underlying operating systems and protocols, too. NotPetya showed that organizations can be breached within moments despite meeting compliance standards and implementing precautions like firewalls.
No. 2: Identify your greatest vulnerabilities, characterize threats, and prioritize risks
Prepare to prioritize protections by tallying up critical assets and processes that would have the largest impact, if compromised. Start with hardware and software vulnerability analysis, along with documenting and mapping of critical processes and embedded systems.
No. 3: Understand and establish roles and responsibilities
Roles and responsibilities around enterprise cybersecurity and manufacturing cybersecurity must be clearly understood. Formalize your combined security approach by developing the policies, plans, and procedures necessary for managing and maintaining a cyber-secure posture. Establish a governance program backed by executive leadership to enable continued transformation over time.
No. 4: Provide continuous awareness, education, and practice
Drive organizational change by providing education and awareness programs that are tailored by role—general managers need different insights than plant managers, who need different insights than procurement specialists, and so on. Educate operators and administrators about relevant cyber risks to foster a culture that prioritizes cyber as a key enabler of safety, revenue generation, and business operations and stability. A delay in production could greatly impact current contracts, revenue, and an organization’s reputation and long-term growth. To help build awareness and preparation, test your posture by providing role-specific practice opportunities with cybersecurity exercises such as wargaming. According to a 2018 survey, 61 percent of manufacturers say they conduct semi-annual cyber exercises.
No. 5: Gain deeper visibility to identify and respond to incidents
Deploy detection sensors, centralized log aggregation, and a consolidated monitoring capability to gain greater, faster visibility into cyber threats across the manufacturing environment. Synchronize response efforts by establishing a coordinated approach to managing OT and enterprise incidents.
When cybersecurity and its impact is widely recognized as a business priority, stakeholders can use hard work and change management to strengthen the organization’s security posture and help promote safety, productivity, and customer trust. With a threat landscape that’s always evolving, the steps above will help propel your organization towards a resilient approach to IT and OT cybersecurity.