Booz Allen Commercial delivers advanced cyber defenses to the Fortune 500 and Global 2000. We are technical practitioners and cyber-focused management consultants with unparalleled experience – we know how cyber-attacks happen and how to defend against them.
Our strategy and technology consultants have empowered our international clients with the knowledge and experience they need to build their own local resources and capabilities.
In facing challenges of modernization, our Middle East and North Africa clients have complex requirements that benefit from our proven experience in guiding major programs and projects for governments and private-sector organizations. The services we offer in UAE, Qatar, Egypt, Turkey, Kuwait, Morocco, Jordan, and other regional countries build on our consulting legacy.
Our clients call upon us to work on their hardest problems—delivering effective health care, protecting warfighters and their families, keeping our national infrastructure secure, bringing into focus the traditional boundaries between consumer products and manufacturing as those boundaries blur.
Booz Allen was founded on the notion that we could help companies succeed by bringing them expert, candid advice and an outside perspective on their business. The analysis and perspective generated by that talent can be found in the case studies and thought leadership produced by our people.
Learn more about Booz Allen's diverse culture and environment of inclusion that fosters respect and opportunity for all employees.
We've come a long way delivering innovative solutions. But our next chapter is still being written.
Our 22,600 engineers, scientists, software developers, technologists, and consultants live to solve problems that matter. We’re proud of the diversity throughout our organization, from our most junior ranks to our board of directors and leadership team.
Booz Allen takes pride in a culture that encourages and rewards the many dimensions of leadership—innovative thinking, active collaboration, and personal service. We’re particularly proud of the diversity of our Leadership Team and Board of Directors, among the most diverse in corporate America today.
Defending our Capture the Flag title at S4x18 was a high stakes game for the Booz Allen Dark Labs team, but it's nothing compared to what our workforce faces from 9 to 5.
His marching orders were clear—infiltrate the programmable logic controller (PLC) that the plant used to control an important piece of manufacturing equipment.
The PLC management ports were protected by a firewall, but the web-enabled system dashboard was not. A flaw in the web app revealed a username and encrypted password, and after some quick decryption assistance from a colleague, this cyber expert was right where he wanted to be—inside the firewall.
With no additional security in place, the PLC was his. Now, were he so inclined, he could manipulate the equipment that it controlled, potentially causing line disruptions that would bring the plant’s production grinding to a halt.
Except, in reality, there was no plant, no line, no production. The people, the PLC, and the firewall were real, but everything else was a fiction, created for one of the S4x18 Capture the Flag (CTF) competition’s 48 challenges. An annual conference focused on cybersecurity for SCADA (supervisory control and data acquisition) and ICS (industrial control systems), S4 brings together industry elites from around the globe. Held in Miami Beach, S4’s 2018 CTF featured teams from as far away as Israel and Japan, and from companies as sizable as Cisco.
There defending Booz Allen’s S4 2017 CTF victory, Tim Nary, Tom Georgen, Rich Sala, and Ryan Brandt worked around the clock to power through challenge after challenge, including the one described above. Their efforts paid off—by competition’s end, they had firmly claimed first place.
“We know what kind of vulnerabilities adversaries like to exploit on these systems because we’ve practiced exploiting those vulnerabilities ourselves.”
With bragging rights on the line, the CTF’s stakes were high, but they were nothing compared to what Booz Allen’s
“Booz Allen’s cyber professionals protect operational technology (OT) systems for some truly critical industry and infrastructure,” says Kyle Miller, a Booz Allen OT cybersecurity expert. “Their work might help secure a factory that makes life-saving pharmaceuticals or a power plant that keeps the lights on for millions. The stakes don’t get higher than that.”
At a water treatment plant, the real-life equivalents of the remote terminal units (RTUs), human-machine interfaces (HMIs), and PLCs that Tim, Tom, Rich, and Ryan were infiltrating at S4x18’s CTF might work together to control and collect data on processes like the measurement and flow of various treatment chemicals. At an oil field, they might do the same for things like pump pressure and pipeline flow.
“We know what kind of vulnerabilities adversaries like to exploit on these systems because we’ve practiced exploiting those vulnerabilities ourselves,” says Tim, who goes toe-to-toe with
As critical to operations as they are, you’d think robust cybersecurity would be standard for OT systems, but the fact is many of them have little to no security at all.
“It’s common for facilities to be running on ICS equipment that’s 20 or 30 years old,” says Kyle. “They weren’t designed with connectivity in mind. Now they’re being networked and sometimes even made fully internet-accessible with almost no thought given to cybersecurity.”
Booz Allen’s OT cyber teams pair battle-tested cyber experts, like Tim with engineers who have decades of experience designing and running industrial control and SCADA systems in the commercial, federal, defense, and international realms.
With that combined expertise, we can do things like help an oil and gas company use network redundancies to patch real-time ICS components without taking them offline, thereby avoiding safety compromises and production interruptions.
“We have a really broad portfolio of clients when it comes to industrial cyber services,” Kyle says. “We’ve done everything from power plants to oil and gas to water and
Want the peace of mind that comes with having your ICS secured by one of the biggest, most experienced players in industrial cyber? Learn more about what our Dark Labs team can offer.