Operational Cyber Security
We specialize in providing expert Cyber Security resources to assess the needs of our customers and deliver fully-compliant Cyber Security programs in highly-regulated and complex environments. We provide Cyber Security programs for enterprise/business systems, applications, Industrial Control Systems (ICS/SCADA), Internet of Things (IoT) devices, and Cloud environments.
We Secure all Types of Systems and all Classifications of Data with Defense-in-Depth Methodologies
We understand that connectivity in all types of environments may be required to support the mission and we know how to ensure that connectivity occurs in a secure and compliant manner.
Cyber Security Programs Across All Environments: ICS/SCADA, IoT, Cloud, Enterprise/Business, and Classified
Industrial Control System (ICS) Security
ICS security needs have become more challenging with targeted attacks against devices once believed to have “security through obscurity.” Our ICS Cyber Specialists enable ICS mission needs for customers with a proven defense in depth approach to isolate critical assets appropriately and secure core components, while enabling secure connectivity to address business requirements and mission needs. We ensure that ICS systems are monitored without impacting the operational integrity or availability of the system.
Internet of Things (IoT)
A rapid influx of IoT devices absent of basic security design principles have altered the cyber threat landscape and increased organizational risks. Devices of all kinds have become Internet enabled to connect people and functions to devices. This newly interconnected world has been created with low cost methodologies rather than security-minded methodologies resulting in organizations bringing in devices without security features. We assess IoT security, address vulnerabilities and gaps, and monitor the organizational environment to ensure that the mission is not impacted.
Security in the Cloud
BGS provides Cloud security for private, public, govcloud, FEDRAMP, and hybrid cloud environments. Additionally, BGS assesses cloud environments, cloud service providers, and software to ensure compliance and security. When making the move to a cloud environment, security by design is crucial to ensure that the configuration of the environment addresses security needs and compliance requirements. Two of the largest security issues with cloud environments are misconfiguration and failure to adhere to security requirements due to confusion in roles and responsibilities between the provider and the organization. BGS ensures that configurations are compliant and that roles and responsibilities are clearly understood.
Enterprise/Business Systems Security
BGS provides Cyber Security Programs for enterprise and business systems, as well as securing software. BGS assesses, tests, monitors, configures, and addresses network, firewall, and application security. Cyber Security Program features are described in the Cyber Security Program Features area below.
Classified Computing Security
BGS provides Q cleared resources to address security needs for classified computing environments. Our resources are experienced handling classified matter, and in ensuring that compliance requirements are addressed in limited areas.
Cyber Security Program Features
Policies, Procedures, and Plans
BGS creates and maintains policies, procedures, and plans to ensure Cyber Security compliance. We utilize proven templates for the creation of compliance documents to facilitate efficient use of resources. The policies, procedures, and plans support the Cyber Program.
Scanning, Testing, and Evaluating
BGS is contracted to perform ethical scanning, testing, and evaluating of security capabilities. A Rules of Engagement agreement is established with the organization prior to performing ST&E processes. A results report is provided to the customer, along with recommendations for any improvements.
Vulnerabilities, Threats, and Risks
The Cyber Program is based around Risk Management. BGS uses industry standard tools to scan for vulnerabilities, and then provides vulnerability mitigation activities. BGS evaluates vulnerabilities, analyzes threat sources, and determines the likelihood of the threat source using a vulnerability against an organization as well as the impact on the organization to establish a risk rating. Risks are managed constantly throughout the Cyber Program activities. BGS routinely performs Risk Assessments.
Incident Response and Reporting
When incidents occur, BGS provides efficient incident response and investigation activities. The appropriate response additionally involves reporting to the appropriate organizations.
Contingency Planning & Mission Impacts
Mission Impact Assessments (MIA’s) are key components for the contingency planning process. MIA’s are completed to assess tolerance and establish priorities for the purpose of the contingency planning process. The contingency planning process provides methods for recovering in the event of an outage. Additionally, the contingency planning process includes training and testing of the contingency plan to determine effectiveness.
Certification & Accreditation for ATOs
BGS has created many certification and accreditation packages for organizations to obtain authority to operate for general support system environments and for industrial control systems. Our proven templates allow for efficient completion of required documentation to provide organizations with compliant packages.
Continuous Monitoring Program
One main component of the Cyber Program is continuous monitoring. Continuous monitoring to offers assurances of the effectiveness of mitigating controls, and additionally provides opportunities for continuous improvements.
Cyber Security Awareness Programs
BGS develops Cyber Awareness training content for organizations that is customized to match the policies and procedures as well as enable the mission.
Insider Threat Program
Insider threats can be accidental or intentional. Regardless of the intent, insider threats are a growing problem. BGS establishes Insider Threat Awareness Programs to enable staff to recognize signs of insider threat, and monitoring activities that assist recognizing potential insider threats. Additionally, response activities are a key component of the program.
BGS delivers content via classroom or electronic information system.
Full Scope Cyber Security Support Services
- Providing the full scope of Cyber Security Support Services for General Support Systems, Industrial Control Systems, and Operational Technology for the Department of Energy’s DUF6 project across three sites in Lexington, KY, Paducah, KY, and Portsmouth, OH. Tasks include: C&A package creation and maintenance, risk assessments, privacy program compliance, mission impact assessments, contingency planning, incident response, system security plans, device characterization, controls selections, plan of actions and milestones, security assessment reports, implementation and maintenance of cyber security tools, cyber awareness training, and continuous monitoring support.
Certification and Accreditation Packages
- Creation of compliant certification and accreditation packages for the DOE Office of Environmental Management Los Alamos Legacy Cleanup Contractor, N3B, for telemetry, portable devices, and enterprise and cloud-based systems. Tasks include: development of System Security Plan, device characterization, controls selections, risk assessments, privacy program compliance, mission impact assessments, contingency planning, incident response, plan of actions and milestones, security assessment reports.
NIST 800-171 Assessments
- Performed NIST 800-171 assessments for commercial organizations providing support to the U.S. government and military to ensure compliance.