Gone are the days when we just launched rockets into space, sorry Hidden Figures! Now, when we launch rockets and satellites (and more) into space, we have to protect the confidentiality, integrity and availability of all the data in, on and around a launch. To meet that need, systems need cyber assessment and information assurance…vulnerability assessments to ensure the system and software have security controls built in to protect against the ever-changing cyber threats.
Gone are the days when we just launched rockets into space, sorry Hidden Figures!
Engility develops virtual models that serve as test environments for conducting vulnerability assessments without any direct impact on the operational system. We call this a Blue Team Vulnerability Assessment Program (BT-VAP). Using a decade of experience in full lifecycle Independent Verification & Validation (IV&V), we support customers by assessing and testing their safety and mission critical software systems to ensure the systems are safe, reliable and secure. Our Blue Team has already assessed the critical infrastructure of seven space missions at multiple NASA Centers, not to mention customers in the intelligence community and Department of Defense!
BT-VAP is a four-step process that is a proven method of identifying vulnerabilities in a program. We are relentless when it comes to following the process because it ensures program capabilities are secured . The process includes:
- Planning. We talk to the team we are going to assess and make sure we outline the rules of engagement.
- Discovery. By going onsite to complete surveys and collect data, we find out as much information as possible about the program.
- Assessment. We develop a virtual model of the system(s) and conduct an active assessment.
- Results and remediation. We provide insight into how the identified vulnerabilities can be remediated.
We are relentless when it comes to following the process because it ensures program capabilities are secured.
These might seem like steps you would find in a variety of investigative or even legal processes, but our experience in cybersecurity has evolved the BT-VAP process to keep pace with the new threats to our nation’s space program. Hand-in-hand we have completed vulnerably assessments that are aimed at making each mission safer, more reliable and more secure.
The really exciting thing to me about conducting assessments is the chance to interact with some of America’s most meaningful systems and brilliant scientists and engineers. One program that stands out is the penetration testing we completed on the James Web Space Telescope in Baltimore, Md., at the John Hopkins Applied Physics Lab. The penetration testing allowed us to work with a very talented group of engineers, learn their system and strengthen the cyber security elements.
It’s an exhilarating and rewarding time to be in cybersecurity
I'm proud of the capabilities we bring to NASA (and other agencies) and the development of new BT-VAP assessment methods. It’s an exhilarating and rewarding time to be in cybersecurity, and we embrace the opportunity to evolve the programs depicted in Hidden Figures and other films, making our space program a little safer and more secure every day.