Email this Article Email   

CHIPS Articles: NSWC Crane employee develops software tool to increase cybersecurity, cost avoidance over $8 million

NSWC Crane employee develops software tool to increase cybersecurity, cost avoidance over $8 million
By NSWC Crane Corporate Communications - August 29, 2019
CRANE, Ind. – A Naval Surface Warfare Center, Crane Division (NSWC Crane) information technologist developed a software tool projected to provide over $8 million in cost avoidance annually and increase NSWC Crane’s cybersecurity posture. Dan Ireland combined and expanded sample code provided by colleagues Nick Hurley and Rickey Beem to create the Evaluate-STIG (Security Technical Implementation Guide) tool, a Windows Powershell tool with the ability to highly automate the process of documenting system compliance.

“Compliance with security requirements is a core step in obtaining an authority to operate (ATO) for any computing system,” said Ireland. “But, more importantly, a strong cybersecurity posture is paramount in protecting DoD systems, intellectual property, and the Warfighter.”

In the NAVSEA Inspector General audit, Information Technology (IT) is required to check all computing assets for compliance. Benchmark scans can be performed for some of the STIGs to help with checklist documentation but can still result in many items marked as Not Reviewed. Administrators then need to review them manually for compliance. Furthermore, many STIGs do not have an associated benchmark, making compliance documentation completely manual.

“While the scans we have are a tremendous help, the remaining Not Reviewed items are labor intensive, prone to error, and cost prohibitive,” said Ireland. “Having to do this work manually makes day-to-day operations suffer.”

Ireland’s tool could produce over $8 million in cost avoidance annually and cut over 1,500 man-hours by automating the otherwise manual process. The Evaluate-STIG tool also strengthens Crane’s cyber security posture by closing the gap left from the benchmark scans and producing accurate, more complete STIG compliance documentation through an automated and consistent process.

“I’m proud of Dan and the ITD team for what they’re bringing to the DoD with this tool. Crane is reducing administrative burden, achieving greater compliance through automation, and is more confident systems are properly configured and protected.” said Bill Carter, NSWC Crane’s Activity Chief Information Officer (ACIO). “This group has been a constant source of innovation, and I’m looking forward to seeing what else they can create in the future.”

The goal is for the Evaluate-STIG tool to be eventually utilized by the entire Warfare Center enterprise.

“I think all Warfare Centers experience similar pain points, and this tool could help,” said Ireland. “Eventually, I would like to see it saving the entire Department of Defense time and money.”

For more news from NAVSEA and the Warfare Centers, go to www.navsea.navy.mil.

A Naval Surface Warfare Center, Crane Division (NSWC Crane) information technologist developed a software tool projected to provide over $8 million in cost avoidance annually and increase NSWC Crane’s cybersecurity posture. (Photo by NSWC Crane Corporate Communications)
A Naval Surface Warfare Center, Crane Division (NSWC Crane) information technologist developed a software tool projected to provide over $8 million in cost avoidance annually and increase NSWC Crane’s cybersecurity posture. (Photo by NSWC Crane Corporate Communications)
Related CHIPS Articles
Related DON CIO News
Related DON CIO Policy

CHIPS is an official U.S. Navy website sponsored by the Department of the Navy (DON) Chief Information Officer, the Department of Defense Enterprise Software Initiative (ESI) and the DON's ESI Software Product Manager Team at Space and Naval Warfare Systems Center Pacific.

Online ISSN 2154-1779; Print ISSN 1047-9988
Hyperlink Disclaimer