Federal Cyber Protection Teams (CPTs) require a suite of cyber tools in the field to protect field-based operations, conduct operational technology (OT) vulnerability analysis, detect threats to cyber-physical systems (CPS), and perform post-incident OT attack investigations. These self-contained flyaway kits require agility and efficiency to properly equip the teams they support.
Gain a deeper understanding of the use cases, benefits, and requirements of flyaway kits that enable cyber work in the field across government agencies.
What are Flyaway Kits?
Flyaway kits go by many different names including expeditionary kits, hunt kits, assessment kits, Defensive Cyber Operations (DCO) kits, security operations center (SOC) in a box, and mobile air cyber kits. What all of these names refer to are self contained, mobile kits outfitted with purpose-built capabilities for the DoD and civilian missions they serve.
In order for these kits to suit the mission at hand, they must have both the hardware, mobility and analysis capabilities necessary for IT, OT and broader CPS cyber requirements. The hardware typically meets mobility, space, and environmental requirements such as ruggedized.
Flyaway kits enable hunt teams to conduct a wide variety of cyber tasks, from vulnerability analysis to threat detection to incident response, and they do so across a diversity of environments and assets - from IT and OT to the Internet of Military Things (IoMT). All of these functions can operate on both classified and unclassified networks.
In order to provide the best insights to hunt teams, the kits must provide:
Deep visibility and network access
User interface on a mobile platform, such as a laptop
Easy portability on a variety of transportation methods
Quick setup and tear down time
Reduced size for transportation on-the-go and in areas with space constraints
Flyaway Kit Use Cases
Vulnerability Assessments, Extend Expertise
When most people think of flyaway kit use cases, they typically think of military field operations and critical DoD missions that require hunt teams to maintain cybersecurity on the ground. Flyaway kits in military operations are useful in assessing the environment as well as post-attack analysis, making its functionality critical in a wide variety of combat scenarios. They are an effective tool when deployed units lack particular technical expertise. They enable subject matter experts to be flown in, to execute one or several operations, provide feedback and recommendations to the local team, and re-deploy to the next base.
Incident Response and Post-Attack Investigation
Flyaway kits can also be used in a variety of Federal operations requiring further investigation of a cyber incident, like incident response scenarios. Again, subject matter experts or investigators can fly in, investigate, perform analysis onsite, generate investigation reports, recommend next steps and fly out.
Emergency Response Operations
When emergencies like natural disasters hit, Federal operators can fulfill their mission while maintaining OT and CPS security. Flyaway kits enable the teams on the ground during emergency response efforts to protect critical devices and the network on-the-go. During these natural disaster efforts when power or network may be down, flyaway kits can allow CPTs to communicate securely about search and rescue efforts, damage, supply requests, and more.
Classified Operations
During classified operations when protecting OT and CPS and maintaining airtight cybersecurity is critical to the mission, flyaway kits enable on the ground teams to address and prioritize vulnerabilities, discover assets, and detect threats in real time over a classified network.
Continuity of Operations
Flyaway kits are also critical to continuity of operations, enabling teams to perform the same high level cybersecurity actions in the field as they would be able to on-base. During critical missions there is no room for gaps in cybersecurity and the tools in flyaway kits allow for total protection of OT and CPS devices no matter where the mission is located.
Benefits of Flyaway Kits
Agility
Flyaway kits can be lightweight and small, remaining with the operator at all times during travel, and allow Federal operations to be agile, bring cyber and OT cyber expertise to environments and scenarios where it’s lacking, do so swiftly, and in challenging environments. And unlike a constant capability in a more stable environment, they also allow swift re-sets of capabilities for fast turnaround for the next deployment.
Adherence to Federal Standards
There are several federal standards designed to ensure flyaway kits are agile and responsive enough for government use. Flyaway kits must be TSA compliant in order to fly on commercial airlines and the FAA-approved minimum equipment list (MEL) for an operator outlines the items approved for inclusion in flyaway kits.
Zero Trust Architecture
As the Department of Defense works rapidly to adopt their Zero Trust Strategy, meeting the deadlines established for their Zero Trust Reference Architecture, and Civilian agencies widely adopt the Zero Trust Maturity Model, flyaway kits must fit within these parameters. Following Zero Trust Architecture principles ensures compatibility with Federal standards and makes flyaway kits as secure as possible on-the-go, maintaining security no matter who comes into possession of the kit.
How Claroty Enables Cyber Protection Teams
Purpose-built for the cyber-physical industry, The Claroty Platform equips federal civilian and DoD operators with the cyber tools they need to hunt for vulnerabilities and threats on OT and CPS networks. With five collection options to rapidly discover assets in the environment, five detection engines to detect different categories of threats, and two categories of alerts to deliver details and prioritization of threats, The Claroty Platform can help reduce your attack surface and meet hunt team requirements.
In addition to industry-leading asset discovery, exposure management, and threat detection, The Claroty Platform meets the specific needs of these agile teams, including:
Resource and Setup “Light”: Software-based, our capabilities support most hardware form factors for these environments.
Swift Response: The Platform’s swift deployment with its Edge data collector option enables discovery of assets and network insights in minutes.
Forward-support: When teams need to be fast, particularly in challenging environments or to support attack investigations, Edge data collection can be easily downloaded remotely to swiftly scan in advance and without on-the-ground expertise until the experts can arrive onsite. This has the added advantage of allowing the experts to preview the results and develop a game-plan pre-arrival
Standalone and Airgapped Operation: Operate independent of outside platforms or services in austere environments with or without internet access. Utilize additional storage and processing resources from your field network’s existing infrastructure
Incident Response (IR)-Enabled: Gather timeline-based event data with data ingestion and analysis capabilities for incident response
SOC Readiness: Integrate with other partners through APIs to export data to SOC teams’ SIEMs and SOARs
Ease of Use With Flexible Platform Options: Utilize automations, in-tool descriptions, remediation guidance, and swift resets for less configuration time. Platform options include bare metal hardware or Hypervisor.
Learn more about how Claroty supports the needs of hunt teams in the field or speak to one of our experts about protecting your OT and CPS networks from threats.
