The Indo-Pacific (INDOPAC) region is the geopolitical and economic center of gravity in the 21st century. Stretching from the west coast of the United States to the Indian Ocean, this vast area is home to the world’s most dynamic economies, critical trade routes, and emerging security challenges. As a former Commander of U.S. Naval Air Forces Pacific, I have witnessed firsthand the region’s strategic complexity and the evolving role of our Nation’s joint force along with allies and partners in maintaining the stability of the region for the last 80 years.

The Strategic Importance Of INDOPAC

The Indo-Pacific is home to over half the world’s population and nearly two-thirds of global GDP. It hosts some of the world’s busiest maritime trade routes, with the South China Sea alone accounting for one-third of global shipping. The region is also the epicenter of strategic competition, with China’s rapid military expansion, territorial disputes, and efforts to assert influence through economic and military means reshaping the security landscape.

U.S. interests in the region are clear: freedom of navigation, adherence to international law, strong alliances, and deterrence against destabilizing activities. The U.S. Navy plays a crucial role in this equation, ensuring open sea lanes, conducting joint exercises with allies, and deterring aggression through a persistent forward presence. Companies like Parsons are instrumental in this mission, providing advanced technology solutions to enhance maritime security, cybersecurity resilience, and intelligence capabilities that strengthen our strategic posture in INDOPAC.

Parsons’ Strategic Investment In Hawaii

Recognizing the critical role of the Indo-Pacific in global security, Parsons has expanded its presence to the island of Oahu, a key hub for U.S. military operations in the region. Hawaii’s strategic location makes it an essential forward operating base for U.S. forces, serving as a bridge between the continental United States and the broader Indo-Pacific theater. INDOPAC’s “tyranny of distance” is unique to this region and sets it apart from any other geographic component commander. San Diego to Hawaii is over 2,500 miles. Hawaii to Guam (2^nd island chain) is over 3,800 miles, and Guam to Manila (1^st island chain) is over 1,600 miles. Successful deterrence is dependent on agile, redundant and resilient supply chains. That logistics “tail” is essential if conflict occurs. Parsons’ presence in Hawaii and strategic partnerships with world-class logistics experts and providers gives us a unique opportunity to solve the most complex logistics problems across the phases of competition.

By establishing a headquarters on Oahu, Parsons is positioned to better provide cutting-edge technology solutions, real-time intelligence support, and critical infrastructure modernization that will bolster U.S. capabilities in deterring threats and maintaining regional stability in INDOPAC.

Lessons From Experience

Throughout my career, I have worked closely with allies and partners across the Indo-Pacific, from Japan and South Korea to Australia and India. One of the most valuable lessons I have learned is that presence equals influence. Whether through joint training, humanitarian missions, or multinational operations, the strength of U.S. engagement in the region is measured by our ability to build trust and interoperability with partners. INDOPAC plays a crucial role in these efforts.

In my time commanding air and maritime forces in the Pacific, I saw the direct impact of high-end naval capabilities, real-time intelligence, and strategic deterrence in maintaining regional stability. However, maintaining a competitive edge requires constant adaptation—whether integrating unmanned systems, leveraging artificial intelligence, or strengthening cyber resilience. Companies like Parsons are leading the way in these areas, developing AI-driven analytics, autonomous systems integration, and next-generation mission support to help the U.S. maintain its advantage in a rapidly evolving threat environment.

Parsons And INDOPACOM Alignment

Parsons has emerged as a key player in delivering capabilities in this region. We have coordinated capabilities and actions to deliver outcomes to the Commanders of INDOPAC and each of the components. Our portfolio, from complex project management to space enabled warfare has earned Parsons “a seat at the table.” We’ve proven ourselves as both partner and lead on myriad projects.

This is an exciting time to be with Parsons and to be forward in Oahu. The Indo-Pacific will define the future of global stability, and the United States must remain fully committed to its role as a stabilizing force in INDOPAC. As someone who has spent a career operating in this critical region, I believe that through strength, adaptability, and partnership, Parsons can significantly contribute to ensuring a free and open Indo-Pacific for generations to come.

The challenges are significant, but so are the opportunities. The time to act is now, and with the support of industry leaders like Parsons, we are better positioned than ever to meet the demands of an increasingly complex security environment.

The post The INDOPAC Region: A Strategic Imperative For U.S. Security appeared first on Parsons Corporation.

“Meet The Mission”: Your Inside Look At Parsons’ Innovation

We are thrilled to announce our new video and podcast series called, “Meet The Mission,” a deep dive into the cutting-edge technology and groundbreaking innovation driving Parsons forward. This dynamic new platform provides listeners with exclusive access to Parsons’ experts, exploring the latest projects, industry trends, and the future of critical technologies.

The inaugural episode, “Future Tech: What to Expect in Cybersecurity & Defense in 2025,” sets the stage for the series mission: to bring listeners to the forefront of innovation. In this episode, industry leaders Ryan Gabriele and Jenn Bergstrom tackle pivotal questions surrounding the evolving landscape of cybersecurity and defense, offering invaluable insights into the technologies shaping our future.

What You’ll Discover In This Episode

Episode Breakdown

• Personal Tech & AI (4:39 – 12:19): Get a glimpse into the personal tech habits of our experts and their perspectives on AI assistance tools like ChatGPT, Siri, and Alexa.
• Cybersecurity & Defense Trends (12:19): Explore the major trends poised to redefine cybersecurity and defense strategies in the coming year.
• Project Linchpin (16:20): Ryan breaks down Parsons’ role in the Army’s Project Linchpin, offering a behind-the-scenes look at its impact.
• Innovations in Cyber Threat Defense (21:50): Discover the most promising innovations that could revolutionize how we combat cyber threats.
• Cloud Infrastructure & AI (26:45): Understand the crucial role cloud infrastructure plays in accelerating AI adoption within the defense sector.
• AI Cyber Defense Resilience (30:30): Learn how Parsons is ensuring its AI-powered cyber defenses remain robust against sophisticated adversaries.
• Gamification & AI in the Cloud (35:10): Gain insights from gamification experiences and events focused on AI and cloud technologies.
• Multi-Cloud & Cloud Adoption Barriers (39:20 – 41:39): Dive into the complexities of multi-cloud environments and the challenges of cloud adoption in the defense industry.
• Zero-Trust Architectures (45:22): Explore the impact of zero-trust architectures on cybersecurity strategies.
• Future-Proofing National Security Tech (48:05): Discuss the challenges and strategies for future-proofing national security technologies.
• Cybersecurity Threats (52:40): Gain expert perspectives on the biggest cybersecurity threats facing US defense systems in the next 3-5 years.
• The Exciting Future (54:50): Hear what excites our experts most about the future of cybersecurity, AI, machine learning, and defense technology.

About Our Host

Candice Scarborough is the host of “Meet The Mission” and Director of Cyber Security and Software Engineering at Parsons, experienced with full-stack and object-oriented web applications, databases, service architectures, cloud infrastructure, security, risk analysis/mitigation. Her background in Software Engineering and Project/Software Development provides unique insight into technical requirements while still providing practical solutions to those needs that come up when the need arises.

About Our Guests

Ryan Gabriele is Senior Vice President and Chief Technology Officer for Defense & Intelligence at Parsons, founded and manages the SPARC organization, spearheading technical solutioning and productization for the Defense and Intelligence market. With 20+ years of DOD experience, he supports business development, leads customer engagements, and communicates Parsons’ value to strategic partners. You can learn more about him here.

Jenn Bergstrom serves as Vice President of Cloud and Data Solutions within the Defense & Intelligence sector at Parsons and is also a Parsons Fellow. A leader driven by a passion for empowering teams, Jenn fosters excellence by focusing on targeted technologies and a “leading by lifting” approach. She is known for strong tactical and strategic thinking. You can learn more about her here.

Tune In and Join The Conversation

Don’t miss out on this opportunity to explore the future of technology with us! Subscribe to “Meet The Mission” on YouTube or Spotify and stay tuned for new episodes released monthly.

The post Introducing Meet The Mission, A New Video And Podcast Series By Parsons appeared first on Parsons Corporation.

Cybersecurity threats facing the water sector aren’t some far-off concern—they’re here, they’re persistent, and they’re only getting smarter. Domain name system (DNS) vulnerabilities, phishing attempts, lateral movement inside your network—these aren’t just buzzwords; they’re the daily reality that the water sector can no longer afford to ignore. Ransomware, for example, can bring operations to a screeching halt. But the more sophisticated attacks? Those are the ones that keep people up at night. 

In this blog, we’re going to dig into the trends and incidents that are happening at our client water utilities across the country. We’re here to shine a light on what’s going on behind the scenes and why every utility—no matter the size—needs to take cybersecurity seriously before it’s too late. 

Key Cybersecurity Concerns Found By Cyberzcape 

Our Security Operations Center (SOC) has had a front-row seat to the evolving threats facing water utilities across the country. While every system is different, we’ve identified several key vulnerabilities and recurring issues that have popped up time and time again in the water sector over the last few months. Spoiler: the hackers aren’t playing around. 

OpenDNS DNSCrypt Communications

One of the more common—and concerning—findings is not inherently malicious but can be used by attackers to obfuscate DNS traffic and bypass detection mechanisms. In one instance, our SOC team detected suspicious OpenDNS DNSCrypt communications at a water utility. DNS, often referred to as the “phonebook of the internet,” is a crucial part of how all systems communicate. When attackers manipulate or hijack DNS, they can intercept or redirect network traffic, putting the integrity of the entire system at risk. It’s like someone secretly rerouting your mail to an entirely different address—only, in this case, the stakes involve essential water services.

Lateral Movement Is The New Break-In Playbook 

Another red flag we’ve seen involves WinRM/WMI traffic, which can signal not only lateral movement but also enable remote code execution, data exfiltration, and system compromise. This is the digital equivalent of a burglar creeping from room to room, looking for anything valuable. If not detected early, lateral movement allows attackers to dig deeper into the network, gaining access to critical systems and data. Beyond just network exploration, the use of WinRM/WMI can lead to executing commands that control the entire system and extract sensitive data. At one client site, we saw signs of this very behavior, suggesting that attackers could have been probing for weaknesses to exploit. In the water sector, such weaknesses could lead to major disruptions, from altered chemical levels to halted operations. 

Passwords In Plain Sight, Yet Again… 

Let’s not forget about cleartext credentials—those old-school, unencrypted usernames and passwords floating around on the network like it’s 1995. Exposed credentials remain a significant vulnerability that requires immediate attention to avoid unauthorized access. Our team recently flagged this issue at another utility, where cleartext credentials were detected in the network traffic. Leaving credentials exposed is like handing an intruder your house keys, and yet, it’s still something we encounter in environments that should know better, and we encounter it A LOT. 

Convenience With Risks Using Remote Access 

Remote access is another common weak point. We’ve identified Citrix/GoToMyPC activity at a number of facilities. While remote desktop software can be convenient, it’s also a glaring vulnerability if not properly secured. In critical infrastructure environments like water utilities, access through remote tools can lead to operational control by malicious actors. This type of vulnerability came to light in 2021 with the Oldsmar, Florida incident, where a hacker used TeamViewer to try and poison the water supply. If attackers gain access, they could control everything from water flow to chemical treatments, making it a critical area for vigilance. 

Phishing For Trouble 

While network vulnerabilities can bring attackers inside, we’re also seeing more traditional attack vectors like phishing continue to evolve. Cyberzcape, our real-time threat detection and response platform, is seeing more instances of phishing attempts and malicious DNS queries, targeting everything from email accounts to network servers. It’s not just the IT systems at risk; the operational technology (OT) networks—the ones that control the actual water treatment processes—are also being probed. As the lines between IT and OT blur, these threats make it more challenging to defend infrastructure comprehensively. This means utilities need stronger, integrated defenses that span both environments. 

Preparing For What’s Next In Water 

The cybersecurity threats we’ve outlined—whether DNS vulnerabilities, lateral movement, or phishing—are just the beginning. The truth is, the water sector can’t afford to wait. As these threats evolve and become more sophisticated, utilities of all sizes need to strengthen their defenses. Ignoring the risks will only lead to more incidents, greater disruptions, and potentially devastating consequences. 

But here’s the good news: we are here to help. We’re not just flagging vulnerabilities—we’re giving water utilities the tools they need to proactively protect their systems. Cyberzcape monitors, detects, and stops threats in real-time to keep water facilities secure 24/7, ensuring you’re never caught off guard. And for those looking to stay ahead of the curve, our Cybersecurity Playbook for the Water Sector offers a comprehensive guide to building stronger, more resilient defenses—step by step. 

The risks are here, but so are the solutions. Take action now, secure your infrastructure, and ensure the safety and reliability of your water systems for years to come. At Parsons, we’re not just your partner in cybersecurity—we’re your partner in safeguarding the future. 

The post Behind The Scenes Of The Water Sector’s Cybersecurity Crisis—And What You Need To Know  appeared first on Parsons Corporation.

Four Essential Steps To Stay Safe Online

As a leading defense, security, and infrastructure provider, our team brings decades of expertise to the forefront of protecting organizations and individuals from cyber threats. With October recognized as Cybersecurity Awareness Month, we’re sharing our top tips to help you stay safe in today’s increasingly digital world.

Rather than overwhelming you with countless recommendations, we’ve distilled our advice into four impactful actions that can significantly enhance your cybersecurity. From implementing robust authentication methods to managing your passwords and keeping your software up-to-date, these steps will strengthen your defenses and protect your most valuable data.

Let’s dive into practical solutions that you can adopt today to bolster your online security.

1. Enable Two-Factor Authentication 

• Text message-based 2-factor authentication is one of the least secure methods, but it’s still significantly better than having no 2-factor authentication at all. More secure methods include those used by companies like Apple and Google, where they send a code to a trusted device or app. However, these methods can be more challenging to implement for companies without the extensive reach of Google and Apple. As a result, text messages are often used as a fair compromise. 
• Using separate authentic apps, where you open the app to view a code you type in as the 2nd factor, may be less convenient than a text message, but they are more secure than text messages. We highly recommend you take advantage of those options where possible. 
• Your email account is what you should secure the most because if a malicious actor has access to your email, they can reset passwords and get into most of your other accounts. This is why enabling 2-factor authentication for those accounts is also important, as they tend to protect you even if someone gets access to your email. 

2. Use a Password Manager 

• If you use a password manager properly, you’ll only need to remember one password —the password to your password manager. That password becomes critically important, so make sure it’s unique and not easily guessed or cracked. Length is the most important factor here—the longer the password, the better, even if you have to sacrifice some complexity for length. 

3. Be Cautious With Unsolicited Invitations And Links 

• This will protect you from most bad things. Did you go looking for new antivirus software? If not, then don’t click the pop-up ad asking to install one—it’s probably a scam. Did you go looking for a 20% off coupon for your favorite online vendor? If not, then don’t click that link. Be diligent—malicious actors try really hard to entice you to do things you didn’t ask for. They make things sound really good, but the risk of missing out on a potentially legit good thing is significantly lower than the likelihood of getting scammed, installing malware, or other bad things happening, so just don’t do it. If you didn’t specifically go searching for it or looking for it, don’t accept it.  Following this advice should help keep you from clicking on links in emails or opening email attachments, which are two important things to avoid to help protect yourself. 

4. Keep Your Software Up-to-Date 

• The most important things to keep up-to-date are your primary web browser, your computer’s operating system, and your phone, all of which should have an auto-update option. The things you use regularly are the ones to keep up-to-date. Once patches are released, malicious actors can reverse engineer them to figure out what was fixed and try to exploit them soon after. This is a big reason why installing patches and keeping your software up-to-date is critical: it prevents them from having time to take advantage of the updates before you get them installed. 

By focusing on these four key actions—enabling two-factor authentication, using a password manager, being cautious with unsolicited links, and keeping your software up-to-date—you’re taking proactive steps to safeguard your digital presence.

In a world where cyber threats are constantly evolving, these simple yet powerful measures can go a long way in protecting your personal information and maintaining your online security.

We’re committed to staying ahead of these challenges, and we hope these tips help you do the same. Stay safe, stay informed, and take control of your cybersecurity today.

The post Lockdown Your Digital Life appeared first on Parsons Corporation.

Loops, crashes, and lockouts got you down? If you’re frustrated with the recent issues stemming from active monitoring solutions, such as the recent issues affecting CrowdStrike software, it might be time to evaluate a different approach to securing your network. Here at Parsons, we believe in a tiered approach to cybersecurity to help your operations stay online and protected.

On Friday, July 19, 2024, endpoint security company CrowdStrike pushed out an update to its customers, resulting in a global IT outage. This update caused devices running Microsoft Windows to become unavailable. CrowdStrike has released a fix, but it requires manual intervention for each endpoint. This incident underscores risks associated with agent-based monitoring solutions and should have network operators considering whether agent-based monitoring is the right approach for them when there are options for agent-less monitoring, which can be more resilient and less intrusive.

Risks Of Agent-based Monitoring Solutions

The recent Falcon Sensor update incident illustrates risks associated with agent-based monitoring solutions. A bad software update to a third-party application or appliance can compromise your entire system with the potential to cause widespread outages and require extensive manual remediation efforts.

Frequent updates, such as those associated with agent-based solutions, can lead to system instability, as seen with the recent outage. Mission-critical servers should only receive updates while not in production or when an operator is available to immediately roll back any updates that cause issues.

A Less Intrusive Cybersecurity Approach

Instead of risking operational disruptions, consider a less intrusive solution. At Parsons, we recommend a balanced approach that does not compromise your system’s stability. Agent-based protection has been avoided in OT on mission critical servers for years due to the frequent updates that are needed to keep these applications current.  Mission critical servers should only receive updates while not in production or an operator is available to immediately roll back any updates that causes an issue.

Agent-based Protection vs. Agent-less Based Protection

Agent-based protection has the benefit of being on the device where it can provide immediate incident response. However, agent-based protection may introduce risks, such as system slowdowns and operational disruptions, especially when updates can occur at any time without prior notice.

On the other hand, Agent-less based Protection has many of the same abilities as Agent-based protection but eliminates the risk of impacting system operation so that your security tools are not the cause of your operation outage. Agent-less protection can scan your servers for malware, vulnerabilities and missing patches on a preplanned schedule when any outage can quickly be resolved.

The Benefits Of Agent-less Protection

At Parsons, we offer a different approach with our Cyberzcape platform. Cyberzcape leverages passive monitoring and pre-planned vulnerability scanning to secure your network without disrupting your operations. Here’s why Cyberzcape stands out:

1. Non-Intrusive Security: Unlike active monitoring solutions, Cyberzcape’s passive monitoring operates quietly in the background. This means no more worrying about updates causing downtime or operational disruptions.
2. Pre-Planned Vulnerability Scanning: Conducts scheduled scans of your network nodes, identifying vulnerabilities before they can be exploited. This proactive approach ensures that your network is always one step ahead of potential threats.
3. Continuous Protection: Provides ongoing security without interfering with your day-to-day activities.
4. Tailored for Your Needs: Offers a tiered security approach, allowing you to choose the level of protection that best fits your needs.

Why Choose Cyberzcape?

The last thing you need is a cybersecurity solution that hinders your productivity. Cyberzcape ensures that your network remains secure without compromising performance.

Cyberzcape can co-exist in your network with other complementary agent-based solutions. However, to avoid potential risks, we recommend not running CrowdStrike on critical servers. Cyberzcape’s agent-less solution ensures your critical infrastructure remains protected without the risk of operational disruptions.

Here’s why Cyberzcape stands out as the premier choice for your cybersecurity needs:

Key Features Of Cyberzcape:

• Advanced Threat Detection: Cyberzcape continuously monitors for potential threats, using sophisticated algorithms and threat intelligence feeds to identify and mitigate risks before they can cause harm.
• Real-Time Monitoring: Stay ahead of cyber threats with real-time monitoring that provides up-to-the-minute insights into your network’s security status.
• Threat Feed Analysis: Cyberzcape analyzes threat feeds to identify patterns and emerging threats to protect your network against the latest cyber risks.
• Vulnerability Management: Our solution tracks and eliminates vulnerabilities within your network by patching and securing your network before any incident occurs.
• Compliance Management: Stay on top of regulatory requirements with Cyberzcape’s compliance management features, helping you avoid penalties and ensure your network adheres to industry standards.
• User-Friendly Dashboard: Cyberzcape’s intuitive dashboard delivers actionable insights, allowing for proactive management of cyber risks and swift mitigation of potential threats.

By avoiding intrusive updates and scans, Cyberzcape minimizes the risk of system crashes and downtime, ensuring that your critical network operations continue smoothly. This passive monitoring approach keeps your network stable and your systems running efficiently, avoiding the pitfalls that active monitoring solutions can sometimes introduce.

Comprehensive Coverage

Cyberzcape provides robust security across your entire network. As Parsons’ flagship cyber monitoring product, Cyberzcape is designed to protect critical infrastructure from evolving cyber threats. It integrates seamlessly with existing systems, leveraging its passive monitoring approach to identify vulnerabilities and provide advanced threat detection, real-time monitoring, and threat feed analysis to cover your network from threat detection and prevention to incident response and vulnerability management.

With Cyberzcape, you have access to Parsons’ team of cybersecurity experts, ready to assist you in achieving and maintaining true cybersecurity. Our team provides 24/7 support and tailored guidance to help you navigate the complexities of network security and ensure that your operations remain protected. Cyberzcape is a smart choice for organizations looking to enhance their cybersecurity posture.

Ready to elevate your protection? With advanced threat detection, real-time monitoring, and a range of other features for your network, Parsons is here to protect your network. Contact us today to learn more about how Cyberzcape can benefit your organization.

The post Why Cyberzcape’s Agent-less Monitoring Keeps You Online And Protected appeared first on Parsons Corporation.

Our Drinking Water Is Under Attack

The United States’ critical infrastructures, such as our safe drinking water systems, are more vulnerable to cyberattacks than ever before. Water utilities have become an increased target for hackers, with the potential consequences extending far beyond the financial damage caused by ransomware attacks. A successful cyberattack can disrupt essential operations, steal sensitive information, and even endanger public health by manipulating the treatment processes to poison drinking water. This stark reality underscores the importance of safeguarding our water systems to protect not just infrastructure but also the lives of the people who depend on them.

Cyberattacks on water utilities can have catastrophic outcomes. For instance, hackers could remotely access systems to open and close valves, override alarms, disable pumps, or tamper with chemical dosing. Such actions can lead to untreated or improperly treated water being distributed to the public, posing serious health risks. These threats highlight the urgent need for robust cybersecurity measures to ensure the safety and reliability of our water supply.

The Environmental Protection Agency has been tracking these issues, and it’s not pretty. Inspections have identified significant cybersecurity vulnerabilities in water systems. Over 70% of the systems inspected since September 2023 were found to be in violation of basic Safe Drinking Water Act requirements. These violations included missing sections of the Risk and Resilience Assessments (RRAs) and Emergency Response Plans (ERPs). Inspectors discovered alarming deficiencies, such as failure to change default passwords, using single logins for all staff, and not curtailing access for former employees.

Our dedication to protecting vital systems has allowed us to assist over 600 utilities across the nation in maintaining robust cybersecurity defenses. With the introduction of the Environmental Protection Agency’s (EPA) Clean Water State Revolving Fund (CWSRF), we’re excited to continue expanding our support, helping even more utilities get ahead of cyber threats with enhanced cybersecurity measures.

Understanding The Clean Water State Revolving Fund (CWSRF)

Recognizing the increasing threat of cyberattacks, the EPA has implemented the CWSRF to bolster cybersecurity efforts across the country. The CWSRF operates much like a bank, offering low-interest loans to public, private, and non-profit entities for water quality projects, including cybersecurity enhancements. These funds are repaid and then recycled to fund additional projects, ensuring continuous improvement and protection of our water infrastructure.

The significance of the CWSRF cannot be overstated. By providing financial assistance, it enables utilities to implement crucial cybersecurity measures that might otherwise be out of reach. This not only helps in protecting the infrastructure but also in building resilience against potential cyber threats.

Eligibility For The CWSRF Program

Each state’s CWSRF program comes with its own set of criteria and priorities, but generally, it offers assistance to a wide range of entities involved in water infrastructure projects. Eligible projects might include:

• Risk and Resilience Assessments: Evaluating the security of electronic, computer, or other automated systems used by utilities.
• Cybersecurity Training: Workshops, seminars, and other training events aimed at enhancing cybersecurity awareness and response capabilities.
• Technology Upgrades: Updating outdated computers and software, enhancing the security of IT and OT systems, installing or updating SCADA systems, and more.
• Physical Security Enhancements: Implementing measures such as locking doors and cabinets, installing intrusion alarms, and protecting network cables.

The flexibility of the CWSRF allows states to strategically focus their programs using Intended Use Plans (IUPs). These plans outline the goals, operations, and compliance measures of each state’s CWSRF program, making it possible to prioritize cybersecurity projects that are most needed.

For instance, the CWSRF can fund the development of contingency and emergency response plans, ensuring that utilities are prepared to handle cyber incidents efficiently. Additionally, it supports the procurement of cybersecurity tools and technologies, such as advanced threat detection systems (like Cyberzcape), upgrading legacy control systems, and secure network backups, which are essential in mitigating cyber risks.

How We Can Help

At Parsons, we’re not just about identifying problems; we’re about providing solutions. We understand the complexities and challenges that utilities face in the realm of cybersecurity. That’s why we’re committed to helping you put together a comprehensive, long-term cybersecurity strategy that addresses your specific needs. We also are here to help any utility craft their Intended Use Plans for the CWSRF.

Our team of experts is here to guide you through every step of the process, from conducting initial risk assessments to implementing advanced cybersecurity measures. We’re dedicated to ensuring that your water systems are not only protected against current threats but also resilient against future ones. Our clients consistently praise our comprehensive approach and deep understanding of their unique challenges. By working closely with each utility, we’ve been able to tailor solutions that provide maximum protection and peace of mind.

Partner With Us For A Secure Future

As cyber threats continue to evolve, it’s essential to stay ahead of the curve. At Parsons, we’re ready to help you navigate the complexities of cybersecurity and ensure the safety and resilience of your water systems. Don’t wait for a cyber incident to occur—take proactive steps to protect your infrastructure today.

The post Enhancing Water Security With Parsons And EPA’s Low-Interest Loans appeared first on Parsons Corporation.

America’s drinking water infrastructure has a big problem right now: extremely loose cybersecurity policies and mandates. This isn’t a new thing. In December 2023, the Cybersecurity and Infrastructure Security Agency (CISA) announced that hackers had breached several US water facilities by exploiting systems with default set passwords. In another December 2023 attack, hacker groups breached the equipment of a Pittsburgh-area water utility that manages water pressure through other social engineering schemes. In 2021, a hacker took things to an even more malicious level in Tampa, Florida by exploiting weak cyber practices to increase the level of toxicity in the drinking water by a factor of 100. The common factor in all three instances: extremely loose cybersecurity policies and mandates. CISA’s response to the recent hacks was a bare minimum suggestion: “Use strong, unique passwords”. This is far from the only problem going on here.

I remember learning in my Computer Science 101 class that computer-generated random numbers are not actually random. Shocking, right? The system uses an algorithm, or set of instructions, to build a random number that can be reverse engineered. In the utility space, we utilize random number generation for several important purposes like secure password generation, encryption codes, security protocols, anomaly detection, and simulation. A classic example is password generation. A twelve-digit password takes 62 trillion times longer than a six-digit password to hack. That extra time is important in intercepting unauthorized users or programs – the longer they take to get in, the higher the chance of being found out and stopped.

But, what on Earth does this have to do with lava lamps?

Some businesses are taking the idea of password generation to a whole new level by leveraging lava lamps. Made popular in the 1960s, fitting perfectly with shag carpeting, conversation pits, and a big sound system playing Pink Floyd, lava lamps are a piece of moving sculpture that offers an endless array of shapes and patterns, making each viewing experience unique. The lamp’s fluid dynamics, where blobs of wax heat up, rise, and then cool down to fall back to the bottom, offer a hypnotic, calming effect that has captivated people for decades.

Now in the 21^st century, the movement and patterns of the lava lamps are captured by cameras and turned into a stream of random numbers. These random numbers are then used to create encryption keys to secure systems. This randomness is important in encryption and security applications because predictability can lead to vulnerabilities.

It’s a fascinating approach to make encryption and cybersecurity more secure. But cybersecurity, especially for water facilities, is a multi-faceted beast and thinking the problem is as simple as “We need a better lock on this one thing” is far from the only action an organization needs to take. This is not groovy at all. An organization, especially utilities providing essential services like drinking water, needs to make their IT and OT systems painful to hack with as small an attack surface as possible. Systems need to be regularly updated, strong policies for authentication and access need to be addressed regularly, and of course, since threats and hacker attack tactics change daily, the IT department needs to be aware 24/7 of what new defenses they need in place as fast as possible.

Parsons is helping utilities around the country address the critical problem of how an IT team can leverage technology to secure their networks on all fronts. Our solution, Cyberzcape, is a powerful and comprehensive tool that helps water utilities monitor, detect, and respond to cyber threats in real time. Cyberzcape integrates with existing IT and OT systems, providing a unified dashboard that displays the network status, alerts, and incidents. It also uses advanced analytics and machine learning to identify anomalies, vulnerabilities, and attack patterns, and provides actionable recommendations and automated responses. With Cyberzcape, water utilities can secure their networks from end-to-end, ensuring the safety and reliability of their critical infrastructure beyond just “updating your password.”

If you want to learn more about how Cyberzcape can keep your network “Good Vibes Only” and help you protect your water systems from cyberattacks, contact us today and request a free demo. We are ready to assist you with our expertise and experience in cybersecurity and water management.

Stay safe, stay groovy.

The post Are Lava Lamps The Secret To Safe Drinking Water? appeared first on Parsons Corporation.

When boots are on the ground in a crisis, a split-second interruption in communication can be the difference between a first responder hearing “shoot” when the order was “Don’t shoot.” That is why an up-to-date and operationally robust Public Safety Radio System is essential to maintaining the high standards of reliability and quality of service that mission-critical operations demand. At Parsons, our decades of experience in engineering and maintaining these systems have put us in the driver’s seat in the evolution and challenges of radio system networks. Conversations with our customers on their networks tend to start out the same way. So, we wanted to distill our years of expertise into five key lessons to help anyone in the business maintain public safety communications systems and stay up and running.

What makes a Public Safety radio system networks unique? 

The first use of radio for public safety use came from the Detroit Police Department in 1921. It was an experiment by a pioneering commissioner – and it was a failure. It was not until 1928 that the basic system became functional and usable, setting in motion the eventual adoption of radio communications by every police department and emergency services organization in the nation. It also set in motion decades of innovation and change in radio technology. Radios became more portable, reliable, and affordable. Systems became more functional and stable. New capabilities emerged such as the ability to carry digital data. Nowadays, these radio networks resemble the large service provider networks of cellular carriers (e.g. AT&T, Verizon, T-Mobile, etc.) where reliability, quality of service and diverse functionality is critical. And still today, LMR remains the best way to deliver highly reliable, mission critical mobile communications – especially in difficult environments. Ultimately, it’s the mission of these networks and the requirements surrounding that mission that makes them unique and why land mobile radio remains the primary technology in use. Public safety requires uptime and performance requirements that far exceed those of ordinary mobile service providers – and most other network providers as well. As a result, their design, engineering, and support requirements also surpass their cellular service provider brethren. 

Recent Trends in the Radio Communication Industry 

Even though radio communication networks have been around for a century, they continue to evolve and adapt with the changing needs of their users and technological advances. There are two major trends that are worth noting today in the industry. First, if you operate a radio network, you are aware of the convergence of network backhaul and internet protocol (IP) technologies over the past 20 years. The backhaul represents a key component of most LMR systems and is usually where your radio network and your IP network come together. This in turn means that cybersecurity challenges faced by most IP networks are also encountered by radio operators. So as cybersecurity threats continue to increase, radio operators need to further invest in adapting how they protect their network.  

A second trend worth noting is the shift towards Software Defined Networks (SDNs). A SDN leverages either software-based controllers or application programming interfaces (APIs) to communicate with hardware infrastructure and direct traffic through the network. As opposed to legacy networks—which use dedicated hardware for point-to-point connections— an SDN can create and control virtual networks via software components. SDNs present a new model for performance monitoring and management and represent a new challenge to identifying and troubleshooting issues in a mission critical network. 

5 Lessons Learned In Maintaining Public Safety Radio Networks 

We have been involved in design, engineering, implementing, and maintaining backhaul networks for decades and we have learned a lot along the way. The following are five key lessons Parsons has learned that you can apply to your own operational processes. 

1. Weak spots occur in the transport between elements (sites or devices)

For starters, the physical elements of radios and radio towers are hardly ever the source of your pain points. That is because radios are comparable to tanks—they are nearly indestructible, and it is a rare occasion that one would ever break. Therefore, the weak spots are really found in the transport between elements (such as microwave or fiber). For example, errors can be introduced whenever microwaves are affected by the weather, the trees, or even buses in transit. These sorts of variables have a direct impact on wireless communication systems, though weather is often a primary culprit. With that in mind, it’s safe to say weaknesses in communication stem from the intangible transport of information, rather than the physical components you use to facilitate this process. 

Key Takeaway: Instead of purchasing new repeaters radio sets, look to upgrade or add redundancy to the transport equipment in your network. 

2. You can never have too much redundancy 

A golden rule in building radio networks is that you can never have too many points of failures.. Multiple paths are a key tenet of highly available networks – and even though multiple paths are always designed into these networks, they are often under-engineered. Yes, two paths are technically ‘multi-path’, but the tradeoff here will often impact reliability and performance at some point. Most often we see operators avoiding the complexity associated with multiple paths concerned that it will trigger problems or be too difficult to and maintain. In practice, however, this is rarely the case and having more options within the routing infrastructure is a stabilizing factor. 

Key takeaway: Do not shy away from adding some complexity in search of more stability and reliability. 

3. Quality of Service is everything 

It’s tough to overstate the importance of Quality of Service (QoS). To put it lightly, QoS is everything. A strong QoS is one that prioritizes voice traffic and allows public safety radio system backhaul networks to be multifunctional. With these features in tow, the Quality of Service for radio networks will no doubt exceed that of other network backhaul technology. A focus on quality can deliver highly consistent and reliable results, as well as reducing the chance of inaccuracies or disruptions that might crop up along your network. In addition, Quality of Service is essential in providing an excellent experience for each customer. 

Key takeaway: Make sure you benchmark, measure and work to improve your QoS. 

4. Highly redundant, multipath networks often hide issues 

The idea that highly redundant networks often hide issues may seem contradictory to the notion that you can never have too much redundancy. And yet, this is the paradox that exists within most public safety radio networks, since both sentiments are inherently true. Because LMR networks work so well, when a transient failure occurs you might not even notice the issue right away. 

Surfacing problems is difficult because the systems are designed to fail-over and recover so fast via the high redundancy, and that when something goes wrong, those errors do not really surface to the radio system operator or owner. All those amazing benefits that redundancy has to offer will also trigger a substantial issue—in that when you do have problems resulting from the weather (etc.), they are typically not visible to the LMR operator. But that’s exactly where Quality of Service comes back into play. Engineering good backhaul networks with prioritized voice LMR voice traffic allows the abundant capacity to not only be multifunctional, but to carry out other services and systems across the same networks, as well. 

Key takeaway: Even though you may not be alerted to problems does not mean your network is not experiencing important errors that you cannot see 

5. Tracking down backhaul issues that show themselves in the radio system network is notoriously difficult 

Tracking down backhaul issues that have surfaced in the LMR network is a major challenge. This difficulty stems from the fact that the tools monitoring these backhaul systems are not correlated to the LMR network in any way. And manually trying to link cause/effect between the system is almost impossible. Making this more difficult is the typical backhaul network manager software is not designed for a radio technician. As an example, the Vendor’s standard system monitoring software generates a “degraded sitelink” message (excessive jitter) at 3:05 am. Radio techs see the error and want to see where it happened. You would need backhaul monitoring that tracked the same data from the backhauls perspective and keep a timestamp to correlate the LMR with the Backhaul errors. 

Key takeaway: Look for tools that make it easier to correlate these issues on both sides of the network. Hint: only Parsons offers a solution to this problem. 

Wrapping up 

As you are thinking through all the requirements and responsibilities of building an LMR backhaul network, keep in mind that you need to build one with the same technology that is driving large scale carriers. This means creating a highly available network that has fast recovery, and that respects the seriousness (and urgency) of your data. More specifically, you will want to establish a network that prioritizes your public safety traffic, provides QoS, and is still adaptable to transport non-LMR systems.  

Let’s face it: most network management tools that monitor the backhaul of public safety systems are expensive and difficult to use. But what is worse, is that these operational difficulties result in more time to resolve issues than is acceptable for critical communication networks. A faster and more functional path forward is needed, to be sure. Fortunately, Parsons has designed an innovative platform that exceeds the capabilities of these other tools and helps you to operate much more efficiently. 

The post Mastering Land Mobile Radio (LMR) Backhaul Networks: Essential Lessons From Decades Of Experience  appeared first on Parsons Corporation.

What Is Technical Writing

Professionals in diverse technical fields face the challenge of effectively communicating complex ideas and solutions to individuals with less technical expertise. Technical writing encompasses the process of transforming intricate information into easily understandable content through the use of reports, user manuals, technical solutions, and other mediums.

Our team supports mission customers throughout the Department of Defense (DoD), Intelligence Community (IC), Maryland Procurement Office (MPO), and more. In our industry, characterized by the technology and solutions we develop, a distinct language has evolved. However, this specialized language does not always translate to individuals outside of this field or to those in programmatic or managerial roles within government organizations. As a consequence, understanding gaps can arise, leading to the loss of critical information due to unexplained acronyms, excessive technical details, or obscure technical jargon.

Due to the nature of our business, it is highly probable that you will be tasked with creating various technical documents, such as proposals, software/solutions documentation, or contract deliverables. These documents will be shared with our government customers, who may possess varying levels of technical expertise.

Purpose

Once a document or work product has been assigned or initiated, it is important to think about the product’s purpose. What is the point you want to get across? What do you want readers to think about? As you start to write, keep the purpose in mind and attempt to weave it throughout your body of work. If the content does not support the purpose, it should be removed.

Identify The Target Audience

When communicating any type of information, it’s critical to consider your audience. Generally, there are three main audience categories: the “lay” audience, the “managerial” audience (often seen with our government customers), and the “expert” audience:

• Lay Audience – Comprised of individuals without specialized knowledge. If you are unsure which audience is appropriate, default to the lay audience.
• Managerial Audience – May have special knowledge, but requires the right information to make decisions. Many of our government customers will fall into this category.
• Expert Audience – Has the most technical expertise, but may be the most demanding. Documents for this audience will likely be quite technical in nature, and allow for the use of industry-specific language.

Simply Technical Content

A key tenant of technical writing is to ensure technical content is digestible for the average reader, including those who may not have technical expertise. This involves adjusting the vocabulary, providing examples, and carefully selecting the appropriate level of detail. Simplifying not only the technical jargon, but also ensuring the adequacy of the presented information is crucial. The content should include enough relevant details to be effective without overwhelming the audience or being redundant. Incorporating examples or analogies are a great way to explain a technical concept or complex solution.

A valuable approach to ensure adequate language simplification is to conduct a nontechnical peer review or to engage a technical writer for feedback. This reviewer should be someone who is not directly involved in the field or holds a nontechnical role. If the nontechnical reviewer struggles to comprehend the message conveyed, it is likely that the intended audience will encounter similar difficulties. While there may be instances where technical jargon cannot be entirely avoided, it remains crucial to maintain simplicity and conciseness in explanations.

Reduce Or Eliminate Fluff

When writing, it’s natural to be inclined towards adding extensive details and vivid imagery, as often encountered in recreational reading. However, in the context of our work, it is unnecessary and can hinder the understanding of technical content. When discussing technical solutions or products, it is advisable to keep the language straightforward and concise. Avoid using unnecessary adjectives and adverbs. While these embellishments may enhance a New York Times Best Seller, they are not the appropriate approach for technical documentation in our field.

Pro Tips

While there are plenty of writing tips on the Internet, here are a few to get you started:

• Pictures – The saying “a picture is worth a thousand words” holds true, especially when it comes to explaining complex system overviews or difficult concepts. Visual aids, such as diagrams or illustrations, can be immensely helpful. Visual learners, in particular, find it easier to comprehend challenging concepts when accompanied by a visual aid.
• Analogies and Examples – Complex ideas can be communicated effectively through the use of analogies. This involves using real-world equivalents the audience will easily recognize. Examples are a great approach to making content understandable to lay or managerial audiences.
• Voice – There are two popular types of “voice” in writing – Active and Passive. Active voice is conversational and is typically easier to follow. Passive voice is often more formal and can, at times, make writing dense. Passive voice is fairly common within Government writing.
• Review – Request a nontechnical review from someone who shares a similar level of understanding as the target audience. This could be a technical writer or someone within your organization’s Program Management Office (PMO).
• Focus on the End User – Often times, our customer’s end users will scan the content provided and look for information that is easy to digest and is relevant to their needs. It’s critical to explain the “why.”
• Expand Acronyms – Acronyms should be expanded on first use in every document.

Here, we often support government customers. The language we use within the contracting and technical fields differs from the styles used in academia orthe media. Your document may not follow the Modern Language Association (MLA) or the Chicago Manual of Style but instead may follow the Department of Defense’s Style Guide. At the end of the day, the most important things to remember are your purpose and your audience.

The post Writing For Non-Technical Writers appeared first on Parsons Corporation.

I never thought of myself as a ‘technical’ person. I was more comfortable designing brochures, writing social media posts, and creating marketing videos. But after 15 years working in marketing and communications, I closed that door of my career when I had my son. I wanted to be closer to him and my husband, who had just begun his new career as our city’s mayor. Taking a purchasing job at a local factory wasn’t exactly the role I wanted, but being close to my family was more important than my career.

While there, I wrote work instructions, policies, and reports, and designed user’s manuals, learning modules, databases, and other documentation. These tasks made me feel reenergized, and I discovered I had stumbled on a new career path: technical communication.

Being Part Of Security Innovation

With 82% of security breaches involving social attacks, errors, and misuse, our Business Information Security Office (BISO) knew a critical component to protecting our network is employee security communications, awareness, and education. I joined the BISO team to develop and lead BISO Outreach, working directly with employees to advocate for stronger security practices.

Although the BISO is commonly a singular role in the cybersecurity industry, our Security Operations (SecOps) team took this idea and spun it into an entire office. This approach arms BISO advisors with the knowledge of each business group’s unique goals, methods, and workstreams. By providing this information during security initiatives’ early development stages, our SecOps team has more insight on how to develop security for, and deploy it to, the business.

Using Technical Communication To ‘Translate Cyber’

Technical communication is more than technical writing; it is a user-centered approach to providing the right information, in the right way, at the right time to make someone’s life easier and more productive (Society for Technical Communication).

Technical communicators are information architects, instructional designers, usability and human factor professionals, visual designers, e-learning developers, and more.

While developing BISO Outreach, I added graphic design and storytelling elements to our security presentations and Workplace campaigns. By translating ‘cyber,’ security threats were now easier for our employees to understand. After the first year of implementing technical communication techniques, we saw a steep decline in category 5a noncompliance cases because our employees had a better understanding of the role they play in security. We also saw an increase in user interaction and comment rates on our Security 360 Workplace page. Because of our success, my team grew to three and matured into BISO UX (User Experience). We now have three new technical communication strategies: User Persona Development & Analysis, Security User Behavior & Trend Analysis, and Security & Usability Metric Analysis.

Being A Part Of Women In Cybersecurity

I ended my second year with Parsons as an official cybersecurity subject matter expert (SME) by being selected to present at a national security conference. In August 2023, I presented Instructions Not Included: Technical Communicators Rewrite How Security Speaks Cyber to thousands of people at the SANS Security Awareness Summitt in Las Vegas, NV. Furthering my place in cybersecurity, I was also selected to be a part of Women in Cybersecurity’s (WiCyS) Speaker Spotlight Program. WiCyS is a global community of women, allies, and advocates who are dedicated to the recruitment, retention, and advancement of women in cybersecurity. Through their partnership with Innovation Women, they help female cybersecurity professionals gain speaking opportunities in the cybersecurity arena.

I’m also working with the Society for Technical Communication’s webinar program where I’ll have the opportunity to present and raise awareness of the work we are doing in the BISO UX group at Parsons.

It’s unfortunate that only 14% of the cybersecurity workforce is comprised of women. Moving farther up the ladder of those 14%, 1% are in senior leadership positions (The Importance of Women in Cybersecurity, Utica University). But Parsons has given me the opportunity to use my technical communication talents to innovate the way we ‘speak cyber.’ There are not a lot of cybersecurity departments that focus solely on communication – across the board. My area of the BISO constitutes 100% technical communication, which encompasses communication, education, and the user experience.

Looking to the future, I’m excited to leverage opportunities that raise the level of the “technical communicator” role at Parsons and for the overall industry.

The post Rewriting How Security ‘Speaks Cyber’ appeared first on Parsons Corporation.