Cybersecurity isn’t just about managing remote digital threats; it’s about protecting critical infrastructure, too. And as Biff Lyons sees it, the need for more robust cyber operations couldn’t be greater.
“Many or most infrastructures and America’s control systems have been in place for years and were designed well before cybersecurity was a concern,” says Lyons, executive vice president and manager of Parsons’ Defense & Security division.
Think of digital systems that drive state-run infrastructure, such as traffic lights, telecom networks and electrical grids. It doesn’t take much to bring them down.
That was the case in western Ukraine. In December 2015, the country saw the world’s first cyber-induced power outage on an electrical grid, which affected more than 220,000 residents.
Soon after, the Homeland Security Department sounded the alarm about the vulnerability of America’s own industrial control systems – raising the question of not “if,“ but ”when,“ a similar attack may strike at home.
It’s a threat Parsons’ Federal business unit has seen coming.
In early 2016, the multinational engineering, construction, technical and management services firm realigned its organization to better serve its customers and create more opportunities for growth.
The Pasadena, California-based company soon rechristened its government services business unit, now known as Federal, and established two divisions: Infrastructure and Environment, and Defense and Security.
The Defense and Security division leverages Parsons’ rich 70-plus-year history of infrastructure development worldwide and merges it with the latest, evolving cybersecurity needs.
RELATED: Parsons VP James “Jay” Williams Promoted to Manage New Cyber Infrastructure Protection Sector
“We work with our global clientele on important infrastructure programs that include positive train control implementation for rail/transit systems, automated traffic management systems, water utilities, oil and gas facilities, and significant infrastructure systems that are the responsibility of major Fortune 500 companies,” Lyons says.
“We are beginning to merge industrial control systems with infrastructure expertise and cyber capability – that is all a great synergy for addressing emerging threats,” Lyons says.
Creating cyber awareness is central to those efforts.
“There is a general lack of awareness of what assets are accessible via a network connection, thus creating threat vectors,” says Lyons, who’s been with Parsons in a variety of leadership roles since November 2011, following the company’s acquisition of defense contracting firm SPARTA, Inc.
Current infrastructure shortcomings, he adds, only serve to showcase a “wide disparity in understanding and dealing with the [evolving cyber] threats.”
Those threats, Lyons says, are compounded by the internet of things’ now-ubiquitous role in shaping nearly every area of life — such as utilities, defense systems and water treatment plants.
“It is all connected with the internet and now there are vulnerabilities associated with that,” Lyons says.
Those vulnerabilities also happen to be where Lyons sees the greatest chance to make a difference.
“A really neat part of my job – and the job of the division that I’m leading – is the idea of merging our cybersecurity capability with a corporatewide physical and electronic security business that Parsons has had for years – to address a converged security market that is rapidly merging with the internet of things,” Lyons says.
Anticipating Evolving Threats
Parsons took another step in addressing deepening cyber risks in 2014 with the acquisition of Secure Missions Solutions, a provider of critical asset protection and cybersecurity needs to the defense and national security communities.
RELATED: Parsons Acquires Secure Mission Solutions, Expands Cybersecurity Offering
“Anticipating where we see the market and accompanying threats evolving, we’ve been making the right investments, in the right markets, and are now focusing on integrating those capabilities to address the new reality,” Lyons says.
Those new investments – and deepening cyber knowledge – also find a home at Parsons’ Cyber Solutions Center in Centreville, Virginia. Since opening in March 2015, the facility has been assisting Parsons in pinpointing security vulnerabilities on behalf of customers.
“Using this [facility], we are bringing in the actual hardware systems and PLCs that control things like power grid substations, building management systems, and much more,” Lyons says.
“In doing so,” he adds, “we are able to model different operation technology networks and control systems – and demonstrate threat vulnerabilities and design and test solutions.”
Parsons has also developed a “highly configurable and scalable platform,” as Lyons puts it, for supporting a wide variety of security operations.
“We have developed and integrated some of our own tools for mapping networks – and identifying potential vulnerabilities – along with open source and commercial capabilities,” says Lyons, whose own understanding of the cyber domain is deepened by undergraduate and doctoral degrees in physics.
“We have exercised this platform and our tools to great success with some of our customers,” he adds.
Recent wins include a 5-year IDIQ contract to deliver services to support the defensive and offensive cyber missions of the U.S. Cyber Command.
In addition, Parsons’ Federal business unit is currently engaged in cyber infrastructure projects with USG and municipal clients nationally.
“We’re also bidding on several opportunities nationally and globally,” Lyons says. “People will say, ‘I didn’t know that Parsons could do that.’ It’s really an exciting time.”
The critical infrastructure protection is far more basic than described in this article. Cyber security represents the second level of critical infrastructure. I have been in contact with congressmen and senators about the first level.