CASE STUDY: USAF CISO
Challenge:
The Air Force Chief Information Security Officer (CISO) needed to enhance cybersecurity capabilities for Operational Technology (OT) for the civil engineering group (A4C). However, securing Air Force industrial control systems is different from traditional IT systems, causing them to pose a risk to the organization beyond the original use of the control systems. The Air Force CISO needed program management support to develop a robust and documented strategy to secure civil engineering-related systems OT.
Solution:
Arlo is currently providing Program Management Office (PMO) support to the Air Force CISO as the lead RMF contractor. Our experts work closely with an Air Force team to provide guidance, create/mature processes, and work as a liaison between the AO, the program office, vendors (developers), and the assessment team. We focus on documenting repeatable processes and templates, developing strategy, and training across the organization. We create clear and repeatable messaging that communicates CISOs’ goals and focus. To facilitate communication and ensure transparency, Arlo hosts distinct and collaborative meetings with the team and hosts meetings with the AO.

Results:
With our PMO support, the USAF CISO yielded the development of an Operational Technology (OT) Cybersecurity Strategy outlining how the USAF can manage risk with their OT-related systems supporting critical operations for the USAF, DoD, and the nation. This OT Cybersecurity Strategy aligns to the Air Force Cybersecurity Strategy. As part of our work, Arlo alos established an office specifically focused on Cyber Resiliency of Control Systems (CROCS).