The objective of this project is to develop a process to validate that media is free of malware at Navy installations across the world when vendors introduce new software or firmware from external sources. This project will investigate the best solution to implement a sanitization capability to inspect the contents of third party-provided media. This capability will greatly improve Navy’s control systems cybersecurity posture by reducing the risk of cyber intrusion during digital transfers. The investigation and testing will be piloted at the Naval Facilities Systems Engineering Command (NAVFAC) Engineering and Expeditionary Warfare Center Control Systems Test Bed and presented to NAVFAC Command Information Office for distribution to operational sites: Facility Engineering Commands (FEC). The test bed is located at NAVFAC facility in Port Hueneme, CA.

Digital Transfer Agent (DTA) is a tool that verifies a removable media by scanning for malware and alerting the administrator. Some tools offer a sanitization option as well to digitally erase the removable media for assuring a safe medium, like CD/DVD and USB Drives. Tools are a combination of hardware and software such as a kiosk for ease of use. The intent is for the solution to be its own stand-alone system.

NAVFAC’s deployed Facility Related Control Systems and Industrial Control Systems at Navy Installations around the world will operate under the same Standard Operating Procedure for mitigating portable media threats. The DTA solution provides a secured method to allow vendors to introduce their software and firmware to DoD critical systems. The solution reduces the complexity of dealing with this risk across systems, as a uniform solution is applied to all. The solution ensures critical sites are less prone to attacks which increases their resiliency, safety, and quality of life.