As president and chief executive officer, Christopher Fountain provides strategic direction to SecureInfo and is responsible for leading overall operations. He is focused on expanding upon SecureInfo’s success by maintaining a customer-centric, results-oriented culture.
Mr. Fountain is recognized for his expertise and passion across a spectrum of cybersecurity issues and technologies. He has testified before the U.S. Congress regarding pending cybersecurity legislation and is directly involved in SecureInfo customer strategies to effectively protect information assets used across the Federal government and critical infrastructure industries.
Mr. Fountain has a successful track record of leading and growing companies, with more than 23 years of experience in the information technology industry. His experience includes work with security, enterprise resource planning, supply chain, content management and infrastructure software and services companies, serving customers across many industries. He has held senior executive leadership and board positions over the past 16 years. Mr. Fountain has led global operations for companies headquartered in the United States and the United Kingdom, where he lived in 2004 and 2005.
Mr. Fountain graduated cum laude from the University of Michigan with a B.S. degree in Industrial & Operations Engineering.
MilsatMagazine (MSM)
What makes Kratos SecureInfo different from other organization involved in the business of cybersecurity?
Chris Fountain
Kratos SecureInfo is exclusively focused on protecting information assets in support of our customer’s mission. We address systems and networks of all types and sizes, including large scale, highly classified SATCOM networks that deliver warfighter communications.
We are one of the few cybersecurity providers that understand the SATCOM industry. We were recently designated as an Air Force Agent of the Certifying Authority (ACA) for Space Systems. This allows us to leverage our satellite and cybersecurity subject matter expertise to provide comprehensive information security assessments in support of space systems. In addition, Kratos SecureInfo also recently introduced a new SATCOM Cybersecurity Assessment service which commercial satellite operators and service providers can use to proactively reduce their risk and to evaluate readiness in advance of regulations and enforcement.
Kratos SecureInfo is also unique in that we work within a larger organization that is an industry leading provider of a broad suite of SATCOM solutions that ensure the reliability and availability of these networks. We work in close coordination with other Kratos business units to bring in-depth cybersecurity and satellite expertise and solutions in a range of areas to our SATCOM customers. These areas include cyber protection for satellite ground networks, interference detection and geo-location for signals, situational awareness of the network, RF link monitoring and assurance and physical security for critical infrastructure.
MSM
When was SecureInfo acquired by Kratos and what made the acquisition such a good fit?
Chris Fountain
SecureInfo was acquired by Kratos in November of 2011 and was a natural fit for Kratos, given its national security focus and strong interest in building a cybersecurity focused organization. We have the best of both worlds—a highly focused team of cybersecurity experts and the resources and reach of a billion dollar public company. Working to help some of the most security conscious organizations in the world meet their mission objectives has, and continues to be, an exciting challenge. Doing business as a part of Kratos has opened new opportunities for us.
MSM
What services and solutions does Kratos SecureInfo provide and what is your role within the company?
Chris Fountain
With more than 20 years as a leading cybersecurity firm and hundreds of years of cumulative field experience, Kratos SecureInfo serves as a trusted and proven advisor to its customers. Federal agencies, government solution providers and companies in the critical infrastructure industries rely on us to improve their cybersecurity posture. Kratos SecureInfo delivers a range of solutions and services including cloud security, continuous monitoring, operational cybersecurity and cybersecurity risk management services to our customers.
My role is focused on leading overall operations, providing strategic direction and taking our success to the next level of growth. Part of my role also includes working closely with other Kratos divisions to capitalize on the internal synergies available to us.
MSM
What do you see as the cybersecurity challenges affecting the satellite industry?
Chris Fountain
Historically, satellite networks have been isolated from other systems, but change is underway. It’s well accepted now that an “air gapped” system is not necessarily a secure system. Today, SATCOM networks are an integral part of a larger network, which introduces new cybersecurity issues. Using an air gap as a security measure is no longer adequate. The line between SATCOM networks and IT networks have blurred substantially—especially with stovepipe serial technologies moving to lower cost and interoperable IP-based technologies. Newer IP based systems are bringing additional cybersecurity risks. This is against an environment where cyber-attacks and threats continue to increase.
MSM
What are the key regulations required today in terms of security?
Chris Fountain
With the increasing number of cyber-attacks, the U.S. government is placing even more emphasis on cybersecurity risk management to combat the ever changing threats. A good example is the DISA Future COMSATCOM Services Acquisition (FCSA) contract which requires compliance with NIST Information Assurance (IA) standards.
Another example is the latest revision of the Committee on National Security Systems Policy 12 (CNSSP-12) which requires compliance with IA standards for the entire SATCOM system life cycle. It is becoming clear that cybersecurity legislation will soon likely require the application of NIST IA standards for all US critical infrastructure, including SATCOM communication.
MSM
What are the potential effects of these regulations?
Chris Fountain
The effect is that compliance regulations will eventually be enforced on critical infrastructure companies, including commercial satellite operators and service providers. Cybersecurity compliance will become a cost of doing business and early adopters will have a competitive advantage. Compliant bids will enable enforcement, creating barriers to entry for others.
There will be a need for more control and planning over the implementation of compliance efforts and ongoing compliance management and measurement. By taking a pro-active approach, organizations can ensure compliance efforts support and enable operations versus dictating them.
MSM
What makes satellite systems different from other systems from a security standpoint?
Chris Fountain
The operational issues for satellite systems are different from the ground IP network paradigm. A good example is the limitation on how encryption can be used on satellite systems based on bandwidth constraints. Ensuring a strong security posture for satellite systems requires a deep understanding of the information security controls that need to be implemented across systems, especially commercial satellite systems. Information system security controls need to be adapted and applied to address the technical challenges and needs of satellite systems.
MSM
From a satellite perspective, what steps should organizations undertake to ensure a strong, security posture?
Chris Fountain
First, you need to gain a complete understanding of the existing security posture. This is critical to the other steps and tasks in the process. Kratos SecureInfo launched the SATCOM Cybersecurity Assessment to serve this specific purpose. Using a risk-based management approach is key to assuring secure SATCOM development and operations. An effective security program incorporates both technical and non-technical information security controls. From a satellite perspective some key areas to focus on include, Space and ground segments, Tracking, Telemetry and Command (TT&C) functions, Uplink and Downlink transmissions, and Network performance. Organizations should develop a comprehensive security plan to mitigate identified cybersecurity risks and vulnerabilities in the context of existing and likely threats. In addition, they need to create an ongoing program known as continuous monitoring to maintain a strong security posture and to manage risks.
MSM
A key need for warfighters is the ability to receive information in a secure and timely fashion—how does Kratos SecureInfo facilitate this requirement to help save lives and shorten missions?
Chris Fountain
The information assurance solutions and services we provide help to mitigate IT security risk and ensure continued operational use of military enterprise systems in support of the warfighters’ mission. We are experts in assuring the critical technologies that provide information superiority for the military.
Two great examples include cloud environments and satellite systems. As a Federal Risk and Authorization Management Program (FedRAMP) Third Party Assessment Organization (3PAO) we ensure that Cloud Service Providers (CSPs) meet stringent security requirements before they can provide cloud services to the government. In addition, with so much dependence from the military on satellite communications, we deliver a SATCOM Cybersecurity Assessment that helps commercial satellite providers ensure their systems are secure and provide the communications the Warfighter needs to be successful.
We are also a Special Agent of the Certifying Authority (ACA) for the Air Force Space Command (AFSPC), where we provide comprehensive information security assessments in support of space systems.
MSM
Given your wealth of experience in this industry, what project or projects have brought you the most satisfaction?
Chris Fountain
We currently serve some of the most security conscious and mission critical customers in the government. I’m proud of the work we do securing Army networks across the Middle East and Southwest Asia. We work at Camp Arifjan in Kuwait performing 7x24 monitoring over networks critical to warfighter operations. In addition, we’ve had the pleasure to work closely with the Pacific Air Forces (PACAF), the U.S. Air Force major command with operations all over the Pacific. We are involved in helping the Air Force secure systems and networks used across the entire Pacific region, including places like Diego Garcia, Guam, Korea, Japan and Alaska.
On the commercial side of things, we work with companies like Microsoft and Amazon Web Services and a host of other industry leading cloud service providers where we apply U.S. government cybersecurity frameworks to their cloud computing solutions. This works takes us into the exciting and quickly evolving world of cloud computing.
MSM
How will your division work within the new budgetary guidelines due to sequestration?
Chris Fountain
We’ve been working with budgetary constraints for years. Cybersecurity continues to be a high priority for the government, but sequestration certainly brings tighter constraints. Our approach is to provide a very good value for every dollar our customers invest with us. We are also very flexible in working with the government to ensure their security goals are met even during these challenging economic times. By helping our clients manage risk and ensure compliance they often are also able to increase the cost effectiveness of their operations. Moving to the cloud is a great example of where agencies can increase cost savings, while enhancing security at the same time.
MSM
Lastly, as more and more agencies and commercial companies see the need for security, where do you foresee the technologies taking us over the next year or two? Is Kratos SecureInfo prepared to address these areas?
Chris Fountain
As the need for security continues to increase we see cloud computing and satellite communications as two rapidly evolving areas. Cloud computing is becoming more and more important to the way computing resources are delivered and consumed by government and commercial organizations. The large cloud service providers realize that security concerns are one of the biggest obstacles to adoption. This has led to vastly improved security in the cloud which will only improve over time.
From a satellite perspective, we believe cybersecurity legislation will soon require the application of NIST Information Assurance (IA) standards for all U.S. critical infrastructures, including satellite communications.
We have delivered thousands of cybersecurity assessments and validations to commercial and government organizations and have extensive cloud and satellite expertise, so we are well prepared to help our clients address these critical areas and others as they evolve.