Blackwatch International takes a multi-pronged approach to support a variety of government customers with a broad range of mission objectives.
For customers such as the U.S. Patent and Trade Office, Blackwatch focuses on IT infrastructure and modernization. Whereas for its NASA and the Defense Microelectronics Activity, Blackwatch provides electrical mechanical engineering services and semiconductor manufacturing support, respectively.
“Whether in IT or engineering, a significant focus of our mission critical work is to ensure secure and trusted supply chain by vetting vendors and related materials from point of origin through the safe receipt and disposal of materials and equipment,” said David Wolf, senior vice president of operations and an owner of the firm. “Another major element to our service delivery is rapid response to our clients.”
A couple of recent examples demonstrate the real-world impact of how Blackwatch approaches tip of spear, mission critical services.
When the CrowdStrike episode effectively brought global compute capabilities to a stop for a couple of days this past summer, Blackwatch stepped in to get a major federal agency back up and running, fast.
“We have a support contract with this agency, and at about 2 a.m. on Friday morning, one of our overnight employees received an automated alert that servers were offline,” Wolf said. “We caught it literally within 30 minutes of it happening. We first discovered that problem for ourselves, and as the rest of the world was starting to pick up on what was going on, our team had already moved to a state of proactive response activities.”
Blackwatch system administrators logged in to diagnose the agency’s problem, and immediately implemented emergency procedures. “We established a remote command center. We had teams up working in conjunction with our operations manager as well as with the government employees,” he said.
While the agency never went offline, some 300 servers were negatively impacted. The Blackwatch team had them all up and running again in less than 18 hours, ensuring the agency could continue meeting its mission objectives effectively.
The agency also had about 6,000 laptop users impacted by the glitch, and while not within the scope of the Blackwatch contract, the team stepped in to restore those services as well. “Due to the speed in which we performed our recovery operations, the agency asked us to come in and help out,” Wolf said. “Over about a five-day period, we deployed 16 of our (usually remote/telework) employees back into the federal agency’s building, and they got all those laptops patched.”
Another recent incident involved a California city whose IT systems were impacted by a significant cyberattack, in September.
“Hackers penetrated the network and were actively exploiting vulnerabilities within the infrastructure,” Wolf said.
The Blackwatch team was onboarded via a strategic business partner, within hours of the attack being detected. They identified and isolated the intrusion, and then began 24/7 monitoring of the data logs to determine the scope of the breach. They cut off all the nefarious access, and within a couple of days had removed the malicious presence from an IT footprint that spanned some 7,000 applications and more than 9,000 workstations.
“We had all the government employees do password resets, and made sure all their security software was up to date. We coordinated with the FBI and local law enforcement agencies, and ensured that all of the application systems and workstations were virus-free and hacker-free,” Wolf said.
Wolf knows that government requirements for these kinds of services will only grow in the future. He also understands that the often-cumbersome Authority-To-Operate process can hinder government’s ability to gain timely access to these critical capabilities. ATO is a cybersecurity concept that Blackwatch is following closely in order to expand their footprint.
“One of our customers is working to deploy our applications better, faster, and cheaper with the latest and greatest technological improvements,” he said. “So we actively providing solutions for continuous and accelerated authorizations.”
Continuous Authorization to Operate or cATO, leverages ongoing monitoring and assessment to help agencies deploy new tools faster, while still maintaining a high level of security. In addition to cATO, Blackwatch has developed automated methodologies for accelerating authorization, which conventionally can take upwards of a year. That’s way too long in cyber time, but depending on the size of the application, Blackwatch can get it done in a matter of weeks, he said.
“There are public-facing agencies that need the ability to change rapidly, and to do it securely,” he said, and a focus on the ATO process can help facilitate the acceleration of time to value.
Of course there are challenges. As a small firm, Wolf said, Blackwatch has to be strategic about how it uses its resources.
“We have engineering and cybersecurity, but you can’t invest in everything while risking diluting your capabilities and expertise. You have to really target investments that are going to bring the best value to your customer, to your company, and to your employees,” he said. “We start with our strategic plan which we then monitor throughout the year as a guidebook with a focus on continuous improvement.”
This deliberate and thoughtful approach is paying off. “We are knocking it out of the park, and the customers are extremely happy with the way we serve them leveraging our precise and targeted approach and coverage model.” he said.