AFCEC team evaluates cybersecurity at Malmstrom AFB

  • Published
  • By Susan Lawson
  • AFCEC Public Affairs

Members of the elite Air Force Civil Engineer Center Industrial Control Systems, or ICS, Mitigation Team traveled to Malmstrom Air Force Base, Montana, recently to evaluate two of the civil engineer ICS for cybersecurity compliance.

October is National Cybersecurity Awareness Month, and the work of Base Civil Engineer, or BCE, squadrons and the AFCEC ICS mitigation team demonstrates how civil engineers are at the forefront of the Air Force initiative to tackle cybersecurity of ICS throughout the service. The team’s expertise and mission turns that awareness into action by providing onsite support to BCEs to apply cyber security principles to ICS devices and their computer support systems.


During their visit, the team conducted scans and evaluated the mitigation work performed to secure the ICS at Malmstrom as part of the Air Force Certification and Accreditation Program. Successfully completing this process enables BCEs to demonstrate that they have achieved an acceptable level of cyber security for their ICS and to receive a network authority to operate for each of the two systems.


“We are fortunate to have the expertise of the industrial control system mitigation team from AFCEC here at Malmstrom Air Force Base, said Lt Col Joel Purcell, commander of the 341st civil engineer squadron. “They were able to evaluate the vulnerabilities across our industrial control systems and work with our team for the process of a request for authority to operate.”


The 341st Civil Engineer Squadron information assurance manager, or IAM, and AFCEC ICS mitigation team worked hand-in-hand with technical leads to evaluate the work done on the energy management control system and the fire alarm reporting system that serve the base. The team achieved their goals to mitigate remaining vulnerabilities on both ICS and to ensure compliance with Department of Defense regulations for the ICS that allows them to securely operate on the Air Force Network.

ICS is a general term that includes several types of control systems used for monitoring, controlling and managing building systems and utility infrastructure in support of the Air Force mission.

Similar to information technology, or IT, systems that manage data, ICS use technology to impact and control elements of the physical world, such as heating, ventilation and air conditioning controls in large facilities.  


While the operating systems, hardware and software applications are similar to IT, ICS have different performance and reliability requirements. For example, ICS are rarely turned off. Unlike IT, security protection of ICS must be implemented in a way that maintains system integrity during normal operation and allows the infrastructure to operate while dealing with a possible cybersecurity incident.


The ICS Mitigation Team is unique in its ability to support the CE squadron through its application of skills in both the civil engineering and IT environments. 

“Through compliance, these systems become resilient and hardened against common risks which are very similar to those found on IT systems and on internet-enabled devices,” said Dr. Ivy Bates, branch chief for the AFCEC Civil Engineer Maintenance Inspection and Repair Team’s ICS branch. “Not all risks to every ICS can be fixed but the goal of our mitigation team is to work with the civil engineer IAM to mitigate the cyber risks to an acceptable level while still maintaining reliable system operation.”


To learn more about the CEMIRT ICS Team, contact the AFCEC Reach Back Center at or 850-283-6995.