Rapid technological advancement has ushered in a time of near-constant innovation for the Department of Defense (DOD), bringing both previously unimaginable progress and a marked increase in threats. Cybersecurity has emerged as a critical aspect of day-to-day DOD operations, and the U.S. Army Engineer Research and Development Center (ERDC) Information Technology Laboratory (ITL) is home to a Security Control Assessor-Validator (SCA-V) team that is playing an integral role in securing vulnerable infrastructure and sensitive data.
“Cybersecurity work is important to almost every aspect and capability we have come to take for granted in today’s world,” said Kelly Hills, ITL SCA-V lead. “Cybersecurity is necessary to protect all categories and types of data from theft, damage and exploit, and without comprehensive safeguards in place and the ability to conduct third-party audits of these implemented mechanisms, data and systems could remain unknowingly at risk, which could be devastating to national security.”
ITL’s SCA-V team is one of only eight teams appointed by the U.S. Army Network Enterprise Technology Command Cyber Security Directorate to perform third-party Assessment and Authorization validations on U.S. Army systems to obtain and maintain an Authority to Operate. The group uses the Risk Management Framework – a required, comprehensive set of security regulations – to assess the management, operational and technical security controls and enhancements employed within an information system and determine overall effectiveness.
“We conduct these assessments on all types of information systems around the world, including systems that belong to the U.S. Army Corps of Engineers,” said Hills. “Examples are hosting enclaves, the cloud, web and desktop applications, enterprise systems, simulation, training, tactical, and financial models and systems, to name a few. These assessments ensure security posture is maintained and data is kept safe from adversaries.”
Comprised of 16 members with a wide range of knowledge, expertise and certification, the ITL SCA-V team performs more than 100 assessments per year on average and was also recently responsible for conducting 36 assessments in Southwest Asia, traveling to multiple countries within a 12-month period. The group also has the ability to perform remote assessments, a process they created and documented in FY20 when faced with a COVID-19-related travel ban.
“As the premier DOD center engaged in creating and applying advanced information technology to support the Warfighter and the nation, ITL is uniquely suited for these efforts,” said Hills. “The SCA-V team is responsible for ensuring our nation’s information, and therefore our men and women in uniform, remain safe and secure. The team contributes to the ERDC mission by developing and delivering groundbreaking solutions to operational environments, continually finding new ways to ensure that the Army’s and DOD’s information systems remain secure.”