Our strategy and technology consultants have empowered our international clients with the knowledge and experience they need to build their own local resources and capabilities.
Our clients call upon us to work on their hardest problems—delivering effective health care, protecting warfighters and their families, keeping our national infrastructure secure, bringing into focus the traditional boundaries between consumer products and manufacturing as those boundaries blur.
Booz Allen was founded on the notion that we could help companies succeed by bringing them expert, candid advice and an outside perspective on their business. The analysis and perspective generated by that talent can be found in the case studies and thought leadership produced by our people.
We've come a long way delivering innovative solutions. But our next chapter is still being written.
Our 22,600 engineers, scientists, software developers, technologists, and consultants live to solve problems that matter. We’re proud of the diversity throughout our organization, from our most junior ranks to our board of directors and leadership team.
Congratulations. You’ve successfully implemented your nuclear plant’s cybersecurity program. With this major achievement, you’ve laid the foundation for an efficient and effective strategy to protect your utility’s critical digital assets (CDAs) from cyber attack.
Now that Milestone 8 is in your rearview mirror, you’ll need to ensure that your team meets your cyber plan’s ongoing monitoring and assessment requirements.
Here are the eight critical steps to making sure that happens.
“Now that Milestone 8 is in your rearview mirror, you’ll need to ensure that your team meets your cyber plan’s ongoing monitoring and assessment requirements. ”
Design changes will occur. To maintain efficiency, include your cybersecurity team in the design process. They have the expertise to review and analyze proposed designs for security and compliance, and a tight feedback loop is an essential part of identifying secure solutions.
CDAs will be added, removed, or modified. Create processes that incorporate cybersecurity into these changes.
When replacing a CDA with an identical or similar device, set the baseline configuration parameters to match the device that’s being replaced. If new parameters are discovered during the configuration stage, document and discuss them with your cybersecurity team to determine whether or not the settings are compliant with regulations and controls.
Following any changes,
Presentations provide the
If the CSAT decides that the risk of device operations is not acceptable, then additional controls or an alternative design will be required.
Numerous security controls require ongoing program monitoring. Cybersecurity plays a key role in supporting program monitoring activity with configuration, testing, baseline capture, installation, and reassessments.
Much of your program monitoring will require outages to complete, making it necessary to provide your site cybersecurity experts with precise, time-sensitive schedules for the completion of their related tasks. Be aware that in some cases, cyber-related program monitoring tasks may require that changes be made to how monitoring is performed.
Your incident response program will evolve from discussion-based table tops to full-scale drills and exercises. It will require support from not only from cyber
Be sure to document incident response, lessons learned, and update procedures.
Your security team will review contingency plans and ensure that they are compliant with regulations. Following incidents, documentation will be reviewed, and guidance on improving security posture will be provided.
Your security team will inform you of its existing security controls and alternatives to consider. Keep threat vectors as low as possible and within acceptable limits.
Given the adverse impact it could have on your equipment, scanning is not likely to take place. In the event that an issue is found, follow documented policy and procedures. That includes the implementation of patching, monitoring, and additional access controls.
Have a plan for periodically assessing CDA cybersecurity controls. Your security team should actively update your security management solution with installation and assessment results.
This information is critical for CDA reassessments and all CDA-related operations, including replacement, removal, and program monitoring. Controls and alternate controls are reviewed and assessed for regulatory compliance.
Don't go it alone
Booz Allen has been finding solutions to the day’s toughest challenges for over 100 years. We live to solve problems. Our people know the policies, architectures, and intelligence that best define cyber enterprises and operations because they helped pioneer them.
That’s why companies trust us to resolve their most complex cyber issues, from the operations center to the boardroom. We protect our clients against the attacks of