As MSC’s partner, TDI designed, implemented, & operated a continuous framework to identify & manage vulnerabilities across MSC’s vast fleet.

The Military Sealift Command (MSC) operates ships for the U.S. Navy and the entire Department of Defense (DoD). Providing ocean transportation globally, MSC relies on sound cybersecurity measures in its operations. TDI supported MSC as an expert to assist with their cybersecurity needs in their entirety. TDI led an extremely experienced and highly-skilled team to support MSC across all of their operating environments, including both Afloat and Ashore. TDI also provided direct administrative cyber support to the Afloat Information Assurance Manager (IAM).

From a cybersecurity support services perspective, TDI exceeded all of MSC’s requirements. Despite the highly dynamic and fast-paced Afloat Information Assurance (IA) environment that involves a multitude of contractors and government groups supporting various cybersecurity activities, TDI introduced standardization, automation, and streamlined processes into the Information Assurance Vulnerability Management (IAVM) management process. TDI’s standardized approach to patching, scanning and analysis of scan results and vulnerability trends enabled the Afloat IAM to improve the effectiveness of the overall IAVM program through more precise and targeted remediation actions to the fleet, resulting in an improved security posture for the fleet.

As an example, for a period of five months, TDI assisted the Afloat IAM in achieving over a 60% reduction in the number of total reported vulnerabilities in the fleet. In addition, TDI was successful in reducing the highest concentration of reported vulnerabilities from the majority of vulnerabilities being over 120 days overdue, to the largest percentage of vulnerabilities being under 60 days overdue. During the same timeframe, TDI increased the number of ships that MSC was reporting accurately by over 30%. TDI’s reporting to increased MSC’s overall IAVM awareness of their Afloat Environment. This, in turn, led to a more robust process for conducting more accurate and timely Retina scans.

TDI’s approach to providing computer network attack/security assessment support to the MSC Fleet was exemplary. TDI used both automated scans and manual validation and verification to reduce false positives and ensure automated scans were always augmented by a human factor. TDI provided a results summary, mapping identified vulnerabilities to industry- and government-standard vulnerability databases. TDI developed ship activity reports that summarized all attack activities. Our Patch Development Process used successively cumulative ships scans and assessment results to identify distinct patterns in the vulnerabilities common across the fleet. Subsequently, we developed remediation strategies for the afloat sites which result in more widely applicable and cost effective remediation solutions for the fleet.

TDI’s engineers invoked a Business Process Improvement function across all the IA Admin activities – conducting industry research, evaluating emerging IA and cybersecurity guidance and policy, and continually compiling and assessing “lessons learned” in supporting the MSC Fleet, in order to provide MSC IA Leadership with ideas and recommendations on how to streamline the MSC’s Security Program and enhance the IA functions and technologies used to assess and enhance the security posture of Afloat systems and sites.

From an A&A perspective, TDI exceled in terms of technical services and delivery of A&A related activities and artifacts in support of the Afloat Environment. TDI performed A&A activities in support of the entire DIACAP Life-cycle for MSC’s Afloat Environment. TDI managed the assembly and submission of Site/System/Type/Platform IT (PIT) packages. TDI developed in-house checklists and review procedures, based on discussions with the Navy CA and NAO, to improve the quality of A&A packages and more effectively conform to emerging guidance and policy from these external entities. We developed realistic and attainable A&A Project Plans, along with comprehensive plans and timelines to manage the required activities. While implementing the plan, TDI produced all related documents/artifacts which may include, but are not limited to, the DIACAP package (System Identification Profile (SIP), Scorecard, POA&Ms, DIACAP Implementation Plan), and appropriate supporting artifacts (Concept of Operations (CONOPS), System Security Plan (SSP), etc).

As new A&A requirements emerged, TDI was always willing to support MSC. When new systems require additional cybersecurity engineering support – such as the hardening of the Next Generation Wideband (NGW) system, a new A&A effort such as the Navigation AIDS system (NAVAIDS), or the assumption of all Activity 4 support to accredited packages – TDI always came through for MSC. For example, TDI successfully achieved the accreditation of over a dozen MSC shipboard systems/networks platforms and leveraged the use of standardized templates and questionnaires by “ship class” to develop the initial packages for over 130 MSC ship site accreditations.

TDI was also directly involved in assisting MSC IA Leadership with their initiative to make the MSC Fleet into a key stakeholder in managing their own cyber health. TDI consistently provided On-The-Job-Training (OJT) to civilian mariners (CIVMAR) while aboard ship to provide scanning and patching assistance. TDI performed a variety of services during these visits to include assisting with Annual Security Reviews, Scanning, Patching, providing formal cybersecurity training, and assisting in troubleshooting information systems. As an example, the USNS GRASP recognized TDI for the value of the training their personnel provided to the ship’s crew while onboard to provide routine scanning and patching assistance.

The expertise, dedication, and commitment of our personnel in support of MSC was exemplary and the results reflected in the improved security posture of MSC’s Afloat Environment underscores that quality.

TDI is a Fully Qualified Navy Validator company

Testimonials

Don’t take it from us, hear what our clients have to say about TDI

“TDI’s approach to Managed Cybersecurity Performance (MCP) has been a game changer for us. We now have added visibility and insight to better understand risk and the ROI (return on investment) we’re receiving from our other security provider. Our security program continues to mature and we’re able to maintain continuous compliance. MCP gives me one less thing to worry about and frankly makes my job easier.””
Johnny Yang
Director Information Security & Compliance
“TDI always provides top notch personnel that meet or exceed the requirements of the contract. Their deliverables, reports, and technical aptitude are bar none. We will continue to hire TDI … they always come through for us and our end customers.”
Emilio Gonzalez
Joint Strike Fighter Program Manager
“[TDI Employee] You are the Man !! Thanks so much for the quick turn around.”
W.A. Harrison
USAJOBS Program Office Deputy Program Director
“The most appealing part of the engagement was the development of the 10-year strategic security plan for our mutual client. The quality of the thinking and input into the deliverables was exceptional.”
Bruce Gnatowski
Director Verizon Global Services
“On behalf of MCSC, PdM TFITS, Manpower Team, I would like to express our appreciation for the excellence in leadership & teamwork demonstrated by [TDI Staff] over the past 18 months. Her role as a lead IA professional was carried out in a manner above and beyond expectations.”
Beverly Walker
USMC Manpower Branch Manager
“Highly skilled and knows their work. . . exceptional at task preparation & reduced time to perform tasks by 90%. TDI brings quality & care to the table. Lots of companies have good people, but TDI employees really care about the work they do & the collective customers we support.”
Deron Burba
Smithsonian CIO
“TDI and its staff provided high quality testing engagements followed up by concise easy to understand reports. They clearly showed adherence to tasks schedule and offer adequate frequency of client/customer interaction resulting in a very satisfied customer.”
Carla Little-Kopach
Chief, DARPA SSO BPA
“TDI has proven an invaluable asset to the mission of the CTO…have strengthened the overall IA posture of the DEA Enterprise…and continues to further innovate and provide solutions that help sharpen the overriding information technology goals and mission of the Office of the CTO.”
Mark Shafernich
CTO, DEA

Related Case Studies

All Case Studies
World’s most advanced & costly fighter jet. Who can fly in to secure it. TDI

TDI provided cybersecurity services to the Joint Strike Fighter for its enterprise of 14 networks, providing Certification and Accreditation management, security operations, and security consulting.
TDI securely marches in step with the U.S. Army

TDI has managed the Assessment & Authorization (A&A) efforts for the Army AWRDS program since 2006, ensuring it achieved and maintained uninterrupted Authority to Operate, under both DIACAP and RMF.
TDI, security the warfighter so they can keep us safe

Semper Fidelis is a motto the Marines live by. TDI embraced this notion, having provided cybersecurity services to the US Marine Corps for over a decade across dozens of programs.

nSights Report


X