Testing & Training Cross Talk Forum: Scoping the Cyber T&E Challenge

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Testing & Training Cross Talk Forum: Scoping the Cyber T&E Challenge"

Transcription

1 Testing & Training Cross Talk Forum: Scoping the Cyber T&E Challenge Ryan Norman Test Resource Management Center 4800 Mark Center Drive Suite 07J22 Alexandria, VA (571)

2 Cyberspace T&E Problem Cyberspace vulnerabilities leave our warfighters vulnerable Warfighter s mission is at risk to cyberspace attacks A cyberspace attack could render systems inoperable and prohibit warfighters from completing their missions Cyberspace vulnerabilities in DoD warfighting systems and information systems are our biggest concern How can the T&E community help? Cyberspace vulnerabilities need to be tested and resolved during system development, prior to operational testing Existing DoD laboratories and ranges the testbeds for DoD systems are essential to test cyberspace defense TRMC Immediate Focus: Computer Network Defense (CND) of Weapon and IT Acquisition Systems 1

3 Specialty Engineering Development/Design Engineering Decision Authority Input Requirements Definitions (JCIDS) Cyberspace T&E within the Acquisition Process Operational Need Measures of Effectiveness/Suitability Output to Next Phase of Development or Lifecycle Support Transition Identify Cyberspace Measures Decomposition & Definition Cyberspace Vulnerability Assessments Component Level Testing to the chipset level Requirements Analysis Understand System of Logical Systems Dependencies Analysis Design Solution Detailed Design System Measures of Performance Allocated Functions & Performance Requirements Component/Interface Definition Element Design Criteria Validation Ensure System of Systems Mitigation of Verification Cyberspace Threats Integration Confirmation Audits OT&E Validation against actual Cyber Threats Realization & Assessment DT&E Verification in Realistic Environment Integrated Component Testing Implementation Tech Data & Training Pubs Component Characterization Hardware Fabrication Software Creation/Coding V Chart Source: DAU Acquisition Community Connection 2

4 Cyberspace T&E Strategy Overview Test & Evaluation that accurately and affordably measures cyberspace effectiveness and vulnerabilities of warfighting systems and DoD information systems, to verify the warfighter s capability to achieve mission success while operating in cyberspace Cyberspace Attack Effects and Impacts: Unauthorized Access Unauthorized Use Disruption of Ops Loss of Control Data Corruption Data Fabrication Target Spoofing Cyberspace Test Tools Systems Under Test Cyberspace T&E Vision Federated Cyberspace T&E Capability Cyberspace Threat Representations Cyberspace Test Instrumentation An integrated T&E enterprise capable of creating a realistic cyberspace test environment at all required security levels, collecting performance & vulnerability test data, and assessing effects Four Major Thrusts 1.Cyberspace T&E Process Additional activities to test cyberspace during the acquisition process 2.Cyberspace T&E Methodology Test approach to adequately assess cyberspace capabilities/limitations 3.Cyberspace T&E Workforce T&E training to enable T&E professionals to conduct future cyberspace T&E 4.Cyberspace T&E Infrastructure Existing DoD Labs, Ranges, & Networks Industry & Academia Accessible Common Framework for: Cyberspace Environment Tools Cyberspace Test Instrumentation 3

5 Some Tenets of a Successful Cyberspace T&E Strategy 1. Mission Focus 2. Enterprise Perspective Beyond DoD 3. Tiered Management Structure & Accountability 4. Leveraging Existing Processes & Capabilities 5. Utilize Agile Concepts Cyberspace T&E Vision: T&E that accurately and affordably measures cyberspace effectiveness and vulnerabilities of warfighting systems and DoD information systems, to verify the warfighter s capability to achieve mission success while operating in cyberspace 4

6 Cyberspace T&E Strategy: Infrastructure Enterprise that supports DoD cyberspace testing needs Automated IA Test Tools Analysis Tools Test Control Sim/Stim Instrumentation Infrastructure Core Traits Managed Common Framework: Ensure interoperability of developed infrastructure Robust & Contained Environment Instantiation: Enterprise components that address cyberspace T&E needs Non-obtrusive instrumentation: Data capture of cyberspace measures Assessment Teams Readily Available: Infrastructure that spans C/S/A s and interfaces with other government, industry, and academia asappropriate Enterprise Knowledge Management: Infrastructure must enable collaboration, learning, and sharing data Net Ops Red Teams Credentialed Centers of Excellence : Managed & implemented process for documenting quality of cyberspace facilities and capabilities 5

7 The TRMC Blueprint : Putting Test Capabilities on the DoD Map Quadrennial Defense Review Strategic Planning Guidance Service T&E/S&T Working Groups DoD Strategic Plan for T&E Resources Service T&E Needs and Solutions Process TRMC Joint Investment Programs Risk mitigation needs Technology shortfalls Requirements Risk mitigation solutions Capabilities Advanced development (6.3 Funding) (6.4 Funding) (6.5 Funding) Service Improvement & Modernization/ Programs Acquisition Programs / Advanced Concept Technology Demonstrations T&E Multi-Service / Agency Capabilities DoD Corporate Distributed Test Capability 6

8 JMETC, JIOR, and You We must all work together to maximize our ability to perform cyberspace test and training The TRMC Joint Mission Environment Test Capability (JMETC) now has responsibility for Cyber T&E infrastructure Will leverage existing TRMC processes to ensure the best bang for the buck Investments can be beneficial to test & training communities Coordination has begun with Joint Staff J7 Joint and Coalition Warfare JMETC and JIOR have been in coordination for several years Working towards established processes for persistent connectivity in support of emerging test & training requirements Obviously, there are many policy / IA impediments Progress being made slowly but surely 7

9 Summary Cyberspace vulnerabilities leave our warfighters vulnerable Cyberspace T&E must become as agile as the threat Cyberspace T&E Vision Thrust Areas: 1. Process 2. Methodology 3. Workforce 4. Infrastructure Starting in FY13, the Joint Mission Environment Test Capability is resourced to provide Cyberspace Test Infrastructure Testing and Training collaboration essential for mutual success of both missions 8

10 Questions? Ryan Norman Test Resource Management Center 4800 Mark Center Drive Suite 07J22 Alexandria, VA (571)

11 Backup Slides Not Intended for Presentation

12 Computer Network Operations Defend Cyberspace Defensive Cyberspace Operations (DCO) Actions taken to protect, monitor, analyze, detect and respond to unauthorized activity within Department of Defense information systems and computer networks. CND employs IA capabilities to respond to unauthorized activity within DoD information systems and computer networks in response to a CND alert or threat information Note: CND also employs intelligence, counterintelligence, law enforcement, and other military capabilities to defend DoD information and computer networks. Own Cyberspace Offensive Cyberspace Operations (OCO) Actions taken through the use of computer networks to disrupt, deny, degrade, or destroy information resident in computers and computer networks, or the computers and networks themselves. Computer Network Exploitation (CNE) Enabling operations and intelligence collection capabilities conducted through the use of computer networks to gather data from target or adversary automated information systems or networks. Our T&E Infrastructure must support both Defending & Owning Cyberspace. Existing laboratories and ranges are essential to test CND. 11

13 Development Progression Development Stage DT&E Functions DT&E Cyberspace Functions Requirements Engage early Identify Cyber Defense Measures to be Evaluate testability tested Design Component Test Integration System Test Interoperability Cyberspace T&E Strategy: T&E Process DT&E Activities for Cyberspace Assist in engineering design Verify component specification compliance and functionality Verify system specification compliance Assess human-system integration Progress to plan for Reliability Growth Characterize system functionality Stress the system within an intended mission environment Provide assessments of capabilities and limitations Verify KPPs, COIs, CTPs, and KSAs Assess progress towards meeting COIs Assess system safety Support joint interoperability process Assess compatibility with legacy systems Assurance, Certification, and Accreditation Assess vulnerability, susceptibility, and threat Test individual hardware / software components (SW/HW Assurance) Ensure SUT instrumented to Chipset level Test integrated components in integration lab SUT w/digital mission traffic & scenario simulation Penetration tests Penetration effects tests Test & Evaluate standards conformance Perform live interoperability tests Information Assurance Activities Cyberspace Testing Look beyond compliance to performance Certify system readiness for OT&E Test in realistic cyber environments - Benign - Threat Test in COCOM mission scenarios 12

14 Mechanism(s) for sharing best practices for cyberspace T&E throughout the community Define test procedures to measure and assess cyberspace capabilities and limitations Design Reference Missions (DRM) Threat Reference Designs (TRD) Example IA Attributes: Availability, Integrity, Authentication, Confidentiality, Nonrepudiation CND Metric Types: Cyberspace T&E Strategy: Methodology Test Procedures & Best Practices for Cyberspace Protection: Available, timely, & reliable access to data and information Detection: Measured time to determine threat has penetrated defenses Reaction: Measured Response from Human Factors, SUT, and Network Warfighting Environment Test Environment Restoration: Measured time and degree to which operations are returned to normal 13

15 Cyberspace T&E Strategy: Workforce Cyberspace Curriculum for T&E Professionals Cyberspace activities/operations require an additional skill set for the T&E Workforce (current focus is on Weapon Systems Acquisition) Additional Cyberspace T&E skill set needs to include knowledge of: Performing T&E Cyberspace functions. Computer Network Operations (CNO) Technology trends Potential Cyber Threats (Communications, Software and Hardware) Cyberspace T&E infrastructure, Environment Tools, Test Instrumentation, and Test Control Tools T&E Cyberspace functions include: Identifying Cyber Defense Measures that need to be tested Assess vulnerability, susceptibility, and threat Planning and executing of Penetration Tests on Systems and the evaluation of results Planning, Executing, and Evaluating System-of-Systems Test events in realistic cyberspace environments (both benign and threat) Strategy: Leverage ongoing competency assessment of the DoD T&E Workforce to identifying gaps, create Learning Objectives, and develop training material on Cyberspace T&E Encourage the use of external Cyberspace training opportunities 14

16 Cyberspace T&E Strategy Proposed Implementation Plan Define Traits of Major Thrusts Develop Cyberspace T&E Reqmts. Begin AoA s and CBA s Develop Cyberspace T&E Roadmap Increment #1 FY12+ Validate Progress through Test Pilots Increment #0 Cyberspace T&E Vision & Major Thrusts : Provides unified end state for cyberspace DT&E and test infrastructure. Continue to refine and socialize with C/S/As Define Traits of Major Thrusts : Functional decomposition of qualities necessary to achieve cyberspace T&E vision Develop Cyberspace T&E Requirements: TCRD-like document that describes process, methodology, workforce, and infrastructure requirements that must be met to achieve cyberspace T&E vision Begin Analysis of Alternatives (AoA) and Capabilities Based Assessments (CBA): Identify existing leverage opportunities that could help and risk items that could hinder achieving cyber T&E vision Develop Cyberspace T&E Roadmap: Implementation plan to realize defined requirements Validate Progress through Test Pilots: Ensures requirements are satisfied and matured as needed 15

17 InterTEC Cyber Event (ICE) 2011 Test Objectives 1. Conduct a series of tests that measure progress towards stakeholder goals: Verify Interoperability: Establish baseline operational mission performance in a benign environment conducted as part of InterTEC Systems Acceptance Testing (SAT) to leverage existing, proven methodology Conduct Cyber Defense Test: Conduct representative cyberspace attacks to evaluate mission performance in a threat-enriched operational environment 2. Gauge progress towards cyberspace T&E vision in context of cyberspace T&E major thrust traits: Assess Infrastructure connectivity, tools, and processes for repeatability and gaps Assess validity of utilized cyberspace T&E methodologies and measures JCAS Operational Use Case provides realistic context for achieving 2011 ICE test objectives 16

18 Key ICE 2011 Deliverables Three ICE 2011 Systems Under Test 1. [THRUST AREA: Methodology] Initial Methodologies for conducting cyberspace T&E 2. [THRUST AREA: Methodology] Preliminary set of CND DT&E metrics and measures 3. [THRUST AREA: Infrastructure] Gap analysis for a more robust red and blue cyberspace T&E infrastructure 17

Introduction to NICE Cybersecurity Workforce Framework

Introduction to NICE Cybersecurity Workforce Framework Introduction to NICE Cybersecurity Workforce Framework Jane Homeyer, Ph.D., Deputy ADNI/HC for Skills and Human Capital Data, ODNI Margaret Maxson, Director, National Cybersecurity Education Strategy,

More information

NICE and Framework Overview

NICE and Framework Overview NICE and Framework Overview Bill Newhouse NIST NICE Leadership Team Computer Security Division Information Technology Lab National Institute of Standards and Technology TABLE OF CONTENTS Introduction to

More information

DoD Strategy for Defending Networks, Systems, and Data

DoD Strategy for Defending Networks, Systems, and Data DoD Strategy for Defending Networks, Systems, and Data November 13, 2013 Department DoDD of Defense Chief Information Officer DoD Strategy for Defending Networks, Systems, and Data Introduction In July

More information

NICE Cybersecurity Workforce Framework Tutorial

NICE Cybersecurity Workforce Framework Tutorial NICE Cybersecurity Workforce Framework Tutorial Jane Homeyer, Ph.D., Deputy ADNI/HC for Skills and Human Capital Data, ODNI Margaret Maxson, Director, National Cybersecurity Education Strategy, DHS Outline

More information

CYBERSECURITY CHALLENGES FOR DOD ACQUISITION PROGRAMS. Steve Mills Professor of Information Technology Steve.mills@dau.mil 256.922.

CYBERSECURITY CHALLENGES FOR DOD ACQUISITION PROGRAMS. Steve Mills Professor of Information Technology Steve.mills@dau.mil 256.922. CYBERSECURITY CHALLENGES FOR DOD ACQUISITION PROGRAMS 1 Steve Mills Professor of Information Technology Steve.mills@dau.mil 256.922.8761 Overview Cybersecurity Policy Overview Questions Challenge #1 -

More information

CYBERSECURITY CHALLENGES FOR DOD ACQUISITION PROGRAMS. Steve Mills DAU-South

CYBERSECURITY CHALLENGES FOR DOD ACQUISITION PROGRAMS. Steve Mills DAU-South CYBERSECURITY CHALLENGES FOR DOD ACQUISITION PROGRAMS Steve Mills DAU-South 1 Overview Questions Cybersecurity Owners and Stakeholders Cybersecurity Why It Matters to DoD Program Managers Defense Science

More information

UNCLASSIFIED R-1 ITEM NOMENCLATURE

UNCLASSIFIED R-1 ITEM NOMENCLATURE COST ($ in Millions) FY 2011 FY 2012 Base OCO Total FY 2014 FY 2015 FY 2016 FY 2017 Cost To Complete Total Cost Total Program Element 9.986 10.218 19.380-19.380 19.060 19.332 19.217 19.405 Continuing Continuing

More information

UNCLASSIFIED. UNCLASSIFIED Office of Secretary Of Defense Page 1 of 8 R-1 Line #50

UNCLASSIFIED. UNCLASSIFIED Office of Secretary Of Defense Page 1 of 8 R-1 Line #50 Exhibit R-2, RDT&E Budget Item Justification: PB 2015 Office of Secretary Of Defense Date: March 2014 0400:,, Test & Evaluation, Defense-Wide / BA 3: Advanced Technology (ATD) COST ($ in Millions) Prior

More information

UNCLASSIFIED. UNCLASSIFIED Office of Secretary Of Defense Page 1 of 16 R-1 Line #145

UNCLASSIFIED. UNCLASSIFIED Office of Secretary Of Defense Page 1 of 16 R-1 Line #145 Exhibit R-2, RDT&E Budget Item Justification: PB 2015 Office of Secretary Of Defense Date: March 2014 0400: Research, Development, Test & Evaluation, Defense-Wide / BA 6: RDT&E Management Support COST

More information

Triangle InfoSeCon. Alternative Approaches for Secure Operations in Cyberspace

Triangle InfoSeCon. Alternative Approaches for Secure Operations in Cyberspace Triangle InfoSeCon Alternative Approaches for Secure Operations in Cyberspace Lt General Bob Elder, USAF (Retired) Research Professor, George Mason University Strategic Advisor, Georgia Tech Research Institute

More information

Cybersecurity is one of the most important challenges for our military today. Cyberspace. Cybersecurity. Defending the New Battlefield

Cybersecurity is one of the most important challenges for our military today. Cyberspace. Cybersecurity. Defending the New Battlefield Cybersecurity Defending the New Battlefield Steven J. Hutchison, Ph.D. Cybersecurity is one of the most important challenges for our military today. Cyberspace is a new warfighting domain, joining the

More information

Before The House Armed Services Committee Subcommittee on Terrorism, Unconventional Threats and Capabilities Hearing on Cyber Terrorism

Before The House Armed Services Committee Subcommittee on Terrorism, Unconventional Threats and Capabilities Hearing on Cyber Terrorism Statement by Robert F. Lentz Director of Information Assurance Office of the Assistant Secretary of Defense for Networks and Information Integration and DoD Chief Information Officer Before The House Armed

More information

Joint Interoperability Certification

Joint Interoperability Certification Joint Interoperability Certification What the Program Manager Should Know Chris Watson (Note: This article is an updated version of Joint Interoperability Certification: What the Program Manager Should

More information

DEFENSE INFORMATION SYSTEMS AGENCY STRATEGIC PLAN UNITED IN SERVICE TO OUR NATION

DEFENSE INFORMATION SYSTEMS AGENCY STRATEGIC PLAN UNITED IN SERVICE TO OUR NATION DEFENSE INFORMATION SYSTEMS AGENCY STRATEGIC PLAN 2015 2020 UNITED IN SERVICE TO OUR NATION DIRECTOR S STATEMENT We are at an operational crossroads. We continue to operate in a contested battlespace,

More information

ENTERPRISE COMPUTING ENVIRONMENT. Creating connections THROUGH SERVICE & WORKFORCE EXCELLENCE

ENTERPRISE COMPUTING ENVIRONMENT. Creating connections THROUGH SERVICE & WORKFORCE EXCELLENCE ITA Strategic Plan FY 2011 - FY 2016 U.S. Army Information Technology Agency REALIZING The DoD ENTERPRISE COMPUTING ENVIRONMENT Creating connections THROUGH SERVICE & WORKFORCE EXCELLENCE Provide Quality

More information

Enlisted Information Dominance Warefare Specialist (EIDWS) Common Core

Enlisted Information Dominance Warefare Specialist (EIDWS) Common Core Enlisted Information Dominance Warefare Specialist (EIDWS) Common Core Fleet Weather Center Norfolk 1 References: Joint DoDIIS/Cryptologic SCI Information Systems Security Standards DCID 6/3 SECNAVINST

More information

FREQUENTLY ASKED QUESTIONS

FREQUENTLY ASKED QUESTIONS FREQUENTLY ASKED QUESTIONS Continuous Monitoring 1. What is continuous monitoring? Continuous monitoring is one of six steps in the Risk Management Framework (RMF) described in NIST Special Publication

More information

OFFICE OF THE SECRETARY OF DEFENSE 1700 DEFENSE PENTAGON WASHINGTON, DC 20301-1700

OFFICE OF THE SECRETARY OF DEFENSE 1700 DEFENSE PENTAGON WASHINGTON, DC 20301-1700 OFFICE OF THE SECRETARY OF DEFENSE 1700 DEFENSE PENTAGON WASHINGTON, DC 20301-1700 OPERATIONAL TEST AND EVALUATION AUG 0 1 2014 MEMORANDUM FOR COMMANDER, ARMY TEST AND EVALUATION COMMAND COMMANDER, AIR

More information

US Cyber Command. Lt Col Paul Young J64 Acting Chief, Architectures and Engineering Division

US Cyber Command. Lt Col Paul Young J64 Acting Chief, Architectures and Engineering Division US Cyber Command Lt Col Paul Young J64 Acting Chief, Architectures and Engineering Division Global Internet Growth DECEMBER 1995 16 million Internet users MARCH 2001 458 million Internet users FEBRUARY

More information

Obtaining Enterprise Cybersituational

Obtaining Enterprise Cybersituational SESSION ID: SPO-R06A Obtaining Enterprise Cybersituational Awareness Eric J. Eifert Sr. Vice President Managed Security Services DarkMatter Agenda My Background Key components of the Cyber Situational

More information

1 July 2015 Version 1.0

1 July 2015 Version 1.0 1 July 2015 Version 1.0 Cleared for Open Publication June 26, 2015 DoD Office of Prepublication and Security Review Cybersecurity T&E Guidebook ii July 1, 2015 Version 1.0 Table of Contents 1 INTRODUCTION...

More information

The Comprehensive National Cybersecurity Initiative

The Comprehensive National Cybersecurity Initiative The Comprehensive National Cybersecurity Initiative President Obama has identified cybersecurity as one of the most serious economic and national security challenges we face as a nation, but one that we

More information

Empowering IT Acquisitions

Empowering IT Acquisitions Empowering IT Acquisitions Public Release 66ABG-2015-0081 Tim Rudolph, Ph.D. AFLCMC Chief Technology Officer AF Tech Advisor, Integrated Information Capabilities 21 May 2015 The Point Value Deployed Rapidly

More information

DoD Software Assurance

DoD Software Assurance Kristen Baldwin Principal Deputy Office of the Deputy Assistant Secretary of Defense for Systems Engineering 16th Annual NDIA Systems Engineering Conference Arlington, VA October 30, 2013 10/30/2013 Page-1

More information

APPENDIX J INFORMATION TECHNOLOGY MANAGEMENT GOALS

APPENDIX J INFORMATION TECHNOLOGY MANAGEMENT GOALS APPENDIX J INFORMATION TECHNOLOGY MANAGEMENT GOALS Section 5123 of the Clinger-Cohen Act requires that the Department establish goals for improving the efficiency and effectiveness of agency operations

More information

CyberSecurity Solutions. Delivering

CyberSecurity Solutions. Delivering CyberSecurity Solutions Delivering Confidence Staying One Step Ahead Cyber attacks pose a real and growing threat to nations, corporations and individuals globally. As a trusted leader in cyber solutions

More information

National Initiative for Cyber Security Education

National Initiative for Cyber Security Education 2014/PPWE/SEM2/007 Agenda Item: 5 National Initiative for Cyber Security Education Submitted by: United States Women Business and Smart Technology Seminar Beijing, China 23 May 2014 NICE OVERVIEW Women

More information

Department of Defense INSTRUCTION. SUBJECT: Information Assurance (IA) in the Defense Acquisition System

Department of Defense INSTRUCTION. SUBJECT: Information Assurance (IA) in the Defense Acquisition System Department of Defense INSTRUCTION NUMBER 8580.1 July 9, 2004 SUBJECT: Information Assurance (IA) in the Defense Acquisition System ASD(NII) References: (a) Chapter 25 of title 40, United States Code (b)

More information

Enhancing Adoption of Agile Software Development in DoD [To Improve Acquisition Outcomes] September 22-23, 2015

Enhancing Adoption of Agile Software Development in DoD [To Improve Acquisition Outcomes] September 22-23, 2015 Enhancing Adoption of Agile Software Development in DoD [To Improve Acquisition Outcomes] September 22-23, 2015 Don Johnson Office of the Secretary of Defense USD(AT&L) DASD(C3, Cyber & Business System)

More information

SYSTEMS SECURITY ENGINEERING

SYSTEMS SECURITY ENGINEERING SYSTEMS SECURITY ENGINEERING Mission Statement Integrating Security into Every Solution We Deliver Reducing Risk and Providing Fully Reliable and Trusted Solutions Utilizing Best Practices and Rigorous

More information

Department of Defense NetOps Strategic Vision

Department of Defense NetOps Strategic Vision Department of Defense NetOps Strategic Vision December 2008 Department of Defense Chief Information Officer The Pentagon Washington, D.C. Table of Contents 1 Purpose...1 2 Introduction...1 2.1 NetOps

More information

DoD CIO s 10-Point Plan for IT Modernization. Ms. Teri Takai DoD CIO

DoD CIO s 10-Point Plan for IT Modernization. Ms. Teri Takai DoD CIO DoD CIO s 10-Point Plan for IT Modernization Ms. Teri Takai DoD CIO Executive Summary Proactive Partnerships for IT Modernization IT Modernization Strategy Consolidate Infrastructure Streamline Processes

More information

Cyber Superiority. Weapon System Normalization Update. Colonel Aaron Smith HQ AFSPC/A5I Chief, Cyberspace Superiority. AFCEA Luncheon Jan 2015

Cyber Superiority. Weapon System Normalization Update. Colonel Aaron Smith HQ AFSPC/A5I Chief, Cyberspace Superiority. AFCEA Luncheon Jan 2015 Cyber Superiority Weapon System Normalization Update AFCEA Luncheon Jan 2015 Colonel Aaron Smith HQ AFSPC/A5I Chief, Cyberspace Superiority Overview A5/8 Organization Where We Were/Are Way Forward Challenges

More information

System Security Engineering and Comprehensive Program Protection

System Security Engineering and Comprehensive Program Protection System Security Engineering and Comprehensive Program Protection Melinda Reed Office of the Deputy Assistant Secretary of Defense for Systems Engineering 16th Annual NDIA Systems Engineering Conference

More information

Cybersecurity Throughout DoD Acquisition

Cybersecurity Throughout DoD Acquisition Cybersecurity Throughout DoD Acquisition Tim Denman Cybersecurity Performance Learning Director DAU Learning Capabilities Integration Center Tim.Denman@dau.mil Acquisition.cybersecurity@dau.mil Cybersecurity

More information

White Paper Case Study: How Collaboration Platforms Support the ITIL Best Practices Standard

White Paper Case Study: How Collaboration Platforms Support the ITIL Best Practices Standard White Paper Case Study: How Collaboration Platforms Support the ITIL Best Practices Standard Abstract: This white paper outlines the ITIL industry best practices methodology and discusses the methods in

More information

Department of Defense Net-Centric Services Strategy

Department of Defense Net-Centric Services Strategy Department of Defense Net-Centric Services Strategy Strategy for a Net-Centric, Service Oriented DoD Enterprise March 2007 Prepared by the DoD CIO FOREWORD The Internet has facilitated an e-commerce explosion

More information

Common Criteria Evaluations for the Biometrics Industry

Common Criteria Evaluations for the Biometrics Industry Common Criteria Evaluations for the Biometrics Industry Kathy Malnick Senior Manager Criterian Independent Labs An initiative of the WVHTC Foundation Presentation outline Common Criteria defined Common

More information

DoD Software Assurance (SwA) Overview

DoD Software Assurance (SwA) Overview DoD Software Assurance (SwA) Overview Tom Hurt Office of the Deputy Assistant Secretary of Defense for Systems Engineering NDIA Program Protection Summit / Workshop McLean, VA May 19, 2014 May 19, 2014

More information

Department of Defense INSTRUCTION. SUBJECT: Communications Security (COMSEC) Monitoring and Information Assurance (IA) Readiness Testing

Department of Defense INSTRUCTION. SUBJECT: Communications Security (COMSEC) Monitoring and Information Assurance (IA) Readiness Testing Department of Defense INSTRUCTION NUMBER 8560.01 October 9, 2007 ASD(NII)/DoD CIO SUBJECT: Communications Security (COMSEC) Monitoring and Information Assurance (IA) Readiness Testing References: (a) DoD

More information

Cyber Security Solutions Integrated. Proactive. Resilient.

Cyber Security Solutions Integrated. Proactive. Resilient. Cyber Security Solutions Integrated. Proactive. Resilient. Between defending against cyber attacks and ensuring mission resilience, there is one important word: HOW Cyber attacks never stop coming. Intrusions

More information

Guidelines for Cybersecurity DT&E v1.0

Guidelines for Cybersecurity DT&E v1.0 Guidelines for Cybersecurity DT&E v1.0 1. Purpose. These guidelines provide the means for DASD(DT&E) staff specialists to engage and assist acquisition program Chief Developmental Testers and Lead DT&E

More information

C ETS C/ETS: CYBER INTELLIGENCE + ENTERPRISE SOLUTIONS CSCSS / ENTERPRISE TECHNOLOGY + SECURITY

C ETS C/ETS: CYBER INTELLIGENCE + ENTERPRISE SOLUTIONS CSCSS / ENTERPRISE TECHNOLOGY + SECURITY CSCSS / ENTERPRISE TECHNOLOGY + SECURITY C/ETS: CYBER INTELLIGENCE + ENTERPRISE SOLUTIONS CENTRE FOR STRATEGIC CSCSS CYBERSPACE + SECURITY SCIENCE CSCSS / ENTERPRISE TECHNOLOGY + SECURITY GROUP Information

More information

SECTION C: DESCRIPTION/SPECIFICATIONS/WORK STATEMENT

SECTION C: DESCRIPTION/SPECIFICATIONS/WORK STATEMENT PAGE 6 of 51 SECTION C: DESCRIPTION/SPECIFICATIONS/WORK STATEMENT Article C.1 Statement of Work This contract is designed to permit the Institutes and Centers (ICs) of NIH, the Department of Health and

More information

Network Mission Assurance

Network Mission Assurance Network Mission Assurance Michael F. Junod, Patrick A. Muckelbauer, PhD, Todd C. Hughes, PhD, Julius M. Etzl, and James E. Denny Lockheed Martin Advanced Technology Laboratories Camden, NJ 08102 {mjunod,pmuckelb,thughes,jetzl,jdenny}@atl.lmco.com

More information

PEO IWS Enterprise Product Lifecycle Management Integrated Data Environment (eplm IDE) Jolene Marshall Thomas Murphy

PEO IWS Enterprise Product Lifecycle Management Integrated Data Environment (eplm IDE) Jolene Marshall Thomas Murphy 2011 Integrated Warfare Systems Conference PEO IWS Enterprise Product Lifecycle Management Integrated Data Environment (eplm IDE) Jolene Marshall Thomas Murphy eplm IDE Initiation Malcolm Baldrige Source:

More information

UNCLASSIFIED. UNCLASSIFIED Office of Secretary Of Defense Page 1 of 9 R-1 Line #139

UNCLASSIFIED. UNCLASSIFIED Office of Secretary Of Defense Page 1 of 9 R-1 Line #139 Exhibit R-2, RDT&E Budget Item Justification: PB 2015 Office of Secretary Of Defense Date: March 2014 0400: Research, Development, Test & Evaluation, Defense-Wide / BA 6: RDT&E Management Support COST

More information

Operationally Focused CYBER Training Framework

Operationally Focused CYBER Training Framework Operationally Focused CYBER Training Framework Deputy Director, Field Security Operations 9 May 2012 Agenda DISA Cyber Workforce Training Vision Basic Tenets Role-based Educational/Assessment implementation

More information

Cisco Unified Communications and Collaboration technology is changing the way we go about the business of the University.

Cisco Unified Communications and Collaboration technology is changing the way we go about the business of the University. Data Sheet Cisco Optimization s Optimize Your Solution using Cisco Expertise and Leading Practices Optimizing Your Business Architecture Today, enabling business innovation and agility is about being able

More information

PASTA Abstract. Process for Attack S imulation & Threat Assessment Abstract. VerSprite, LLC Copyright 2013

PASTA Abstract. Process for Attack S imulation & Threat Assessment Abstract. VerSprite, LLC Copyright 2013 2013 PASTA Abstract Process for Attack S imulation & Threat Assessment Abstract VerSprite, LLC Copyright 2013 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

More information

Department of Defense INSTRUCTION

Department of Defense INSTRUCTION Department of Defense INSTRUCTION NUMBER 8320.05 August 18, 2011 ASD(NII)/DoD CIO SUBJECT: Electromagnetic Spectrum Data Sharing References: See Enclosure 1 1. PURPOSE. This Instruction: a. Establishes

More information

System Security Engineering

System Security Engineering A Critical Discipline of SE Ms. Kristen Baldwin Director, Systems Analysis DDR&E/Systems Engineering 12th Annual NDIA Systems Engineering Conference 28 October 2009 10/28/09 Page-1 Defense Research & Engineering

More information

Systems Engineering and Integration Efforts. 11 Dec 2013

Systems Engineering and Integration Efforts. 11 Dec 2013 Systems Engineering and Integration Efforts 11 Dec 2013 Mr. Leo Smith Director, PoR Engineering Support ASA(ALT) System of Systems Engineering & Integration Directorate (SOSE&I) Approved for Public Release;

More information

Department of Defense DIRECTIVE

Department of Defense DIRECTIVE Department of Defense DIRECTIVE NUMBER 8140.01 August 11, 2015 DoD CIO SUBJECT: Cyberspace Workforce Management References: See Enclosure 1 1. PURPOSE. This directive: a. Reissues and renumbers DoD Directive

More information

Department of Defense DIRECTIVE

Department of Defense DIRECTIVE Department of Defense DIRECTIVE NUMBER 3000.09 November 21, 2012 USD(P) SUBJECT: Autonomy in Weapon Systems References: See Enclosure 1 1. PURPOSE. This Directive: a. Establishes DoD policy and assigns

More information

Cyber R &D Research Roundtable

Cyber R &D Research Roundtable Cyber R &D Research Roundtable 2 May 2013 N A T I O N A L S E C U R I T Y E N E R G Y & E N V I R O N M E N T H E A L T H C Y B E R S E C U R I T Y Changing Environment Rapidly Evolving Threat Changes

More information

DOCUMENT CHANGE RECORD

DOCUMENT CHANGE RECORD DOCUMENT CHANGE RECORD Version Number Date Description V 0.1 April 19, 2010 Pre-Decisional Draft Release V 0.2 July 23, 2010 Pre-Decisional Draft Release V 0.3 September 15, 2010 Pre-Decisional Draft Release

More information

Defense Acquisition Guidebook Systems Engineering g Chapter Update

Defense Acquisition Guidebook Systems Engineering g Chapter Update Defense Acquisition Guidebook Systems Engineering g Chapter Update Aileen Sedmak Office of the Deputy Assistant Secretary of Defense for Systems Engineering 16th Annual NDIA Systems Engineering Conference

More information

How to use the National Cybersecurity Workforce Framework. Your Implementation Guide

How to use the National Cybersecurity Workforce Framework. Your Implementation Guide How to use the National Cybersecurity Workforce Framework Your Implementation Guide A NATIONAL PROBLEM The Nation needs greater cybersecurity awareness. The US workforce lacks cybersecurity experts. Many

More information

workforce operate and maintain protect and defend securely provision support investigate analyze operate and collect CYBERSECURITY framework

workforce operate and maintain protect and defend securely provision support investigate analyze operate and collect CYBERSECURITY framework introduction The National Initiative for Cybersecurity Education (NICE) is a nationally coordinated effort focused on cybersecurity awareness, education, training, and professional development. Two Executive

More information

VULNERABILITY ASSESSMENT AND SURVEY PROGRAM. Overview of Assessment Methodology. U.S. Department of Energy Office of Energy Assurance

VULNERABILITY ASSESSMENT AND SURVEY PROGRAM. Overview of Assessment Methodology. U.S. Department of Energy Office of Energy Assurance VULNERABILITY ASSESSMENT AND SURVEY PROGRAM Overview of Assessment Methodology U.S. Department of Energy Office of Energy Assurance September 28, 2001 CONTENTS 1 Introduction... 1 2 Assessment Methodology...

More information

Principles of Supply Chain Risk Management (SCRM) Van Poindexter Professor of Production and Logistics Management DAU, South Region

Principles of Supply Chain Risk Management (SCRM) Van Poindexter Professor of Production and Logistics Management DAU, South Region Principles of Supply Chain Risk Management (SCRM) Van Poindexter Professor of Production and Logistics Management DAU, South Region The supply chain The supply chain is the distributed and interconnected

More information

Emerging Capability & Prototyping

Emerging Capability & Prototyping Emerging Capability & Prototyping Mr. Earl Wyatt Deputy Assistant Secretary of Defense, Emerging Capability & Prototyping Office of the Assistant Secretary of Defense (Research and Engineering) http://www.acq.osd.mil/ecp/

More information

Department of Defense INSTRUCTION

Department of Defense INSTRUCTION Department of Defense INSTRUCTION NUMBER 8551.01 May 28, 2014 DoD CIO SUBJECT: Ports, Protocols, and Services Management (PPSM) References: See Enclosure 1 1. PURPOSE. In accordance with the authority

More information

Build (develop) and document Acceptance Transition to production (installation) Operations and maintenance support (postinstallation)

Build (develop) and document Acceptance Transition to production (installation) Operations and maintenance support (postinstallation) It is a well-known fact in computer security that security problems are very often a direct result of software bugs. That leads security researches to pay lots of attention to software engineering. The

More information

Writing a Systems Engineering Plan, or a Systems Engineering Management Plan? Think About Models and Simulations

Writing a Systems Engineering Plan, or a Systems Engineering Management Plan? Think About Models and Simulations Writing a Systems Engineering Plan, or a Systems Engineering Management Plan? Think About Models and Simulations Philomena Zimmerman Office of the Deputy Assistant Secretary of Defense for Systems Engineering

More information

RMF. Cybersecurity and the Risk Management. Framework UNCLASSIFIED

RMF. Cybersecurity and the Risk Management. Framework UNCLASSIFIED Cybersecurity and the Risk Management Framework Wherewe ve been and where we re going Information Assurance DoD Instruction 8500.01,Para 1(d),adoptsthe term cybersecurity as it is defined in National Security

More information

Department of Defense DIRECTIVE

Department of Defense DIRECTIVE Department of Defense DIRECTIVE NUMBER 8000.01 March 17, 2016 DoD CIO SUBJECT: Management of the Department of Defense Information Enterprise (DoD IE) References: See Enclosure 1 1. PURPOSE. This directive:

More information

State Agency Cyber Security Survey v 3.4 2 October 2014. State Agency Cybersecurity Survey v 3.4

State Agency Cyber Security Survey v 3.4 2 October 2014. State Agency Cybersecurity Survey v 3.4 State Agency Cybersecurity Survey v 3.4 The purpose of this survey is to identify your agencies current capabilities with respect to information systems/cyber security and any challenges and/or successes

More information

National Initiative for Cybersecurity Education

National Initiative for Cybersecurity Education THE NICE VISION National Initiative for Cybersecurity Education a national campaign to promote cybersecurity awareness and digital literacy from our boardrooms to our classrooms, and to build a digital

More information

IT Professional Standards. Information Security Discipline. Sub-discipline 605 Information Security Testing and Information Assurance Methodologies

IT Professional Standards. Information Security Discipline. Sub-discipline 605 Information Security Testing and Information Assurance Methodologies IT Professional Standards Information Security Discipline Sub-discipline 605 Information Security Testing and Information Assurance Methodologies December 2012 Draft Version 0.6 DOCUMENT REVIEW Document

More information

CYBER SECURITY GUIDANCE

CYBER SECURITY GUIDANCE CYBER SECURITY GUIDANCE With the pervasiveness of information technology (IT) and cyber networks systems in nearly every aspect of society, effectively securing the Nation s critical infrastructure requires

More information

i Network, Inc Technology Solutions, Products & Services Providing the right information, to the right customer, at the right time.

i Network, Inc Technology Solutions, Products & Services Providing the right information, to the right customer, at the right time. Technology Solutions, Products & Services Providing the right information, to the right customer, at the right time. 2 Barry Brueseke (619) 401 7334 www.inetwork west.com 4/3/2014 IEEE Cyber Security Workshop

More information

The Information Assurance Process: Charting a Path Towards Compliance

The Information Assurance Process: Charting a Path Towards Compliance The Information Assurance Process: Charting a Path Towards Compliance A white paper on a collaborative approach to the process and activities necessary to attain compliance with information assurance standards.

More information

UNCLASSIFIED. FY 2016 Base FY 2016 OCO

UNCLASSIFIED. FY 2016 Base FY 2016 OCO Exhibit R-2, RDT&E Budget Item Justification: PB 2016 Air Force : February 2015 3600: Research, Development, Test & Evaluation, Air Force / BA 7: Operational Systems Development COST ($ in Millions) FY

More information

Information Assurance Metrics Highlights

Information Assurance Metrics Highlights Information Assurance Metrics Highlights Dr. Michael Schildcrout Naval Security Group 1 Outline Metrics Development Process Joint Service Effort DOT&E Sponsorship Risk Levels Remaining Issues 2 Information

More information

Actions and Recommendations (A/R) Summary

Actions and Recommendations (A/R) Summary Actions and Recommendations (A/R) Summary Priority I: A National Cyberspace Security Response System A/R 1-1: DHS will create a single point-ofcontact for the federal government s interaction with industry

More information

NHTSA S AUTOMOTIVE CYBERSECURITY RESEARCH. Arthur Carter, Frank Barickman, NHTSA

NHTSA S AUTOMOTIVE CYBERSECURITY RESEARCH. Arthur Carter, Frank Barickman, NHTSA NHTSA S AUTOMOTIVE CYBERSECURITY RESEARCH Arthur Carter, Frank Barickman, NHTSA Electronic Systems Safety Research Division Electronic Systems Safety (ESS) Research Division conducts research to ensure

More information

Department of Defense. SUBJECT: Interoperability and Supportability of Information Technology (IT) and National Security Systems (NSS)

Department of Defense. SUBJECT: Interoperability and Supportability of Information Technology (IT) and National Security Systems (NSS) Department of Defense DIRECTIVE NUMBER 4630.05 May 5, 2004 Certified Current as of April 23, 2007 ASD(NII)/DoD CIO SUBJECT: Interoperability and Supportability of Information Technology (IT) and National

More information

Department of Defense DIRECTIVE. SUBJECT: Management of the Department of Defense Information Enterprise

Department of Defense DIRECTIVE. SUBJECT: Management of the Department of Defense Information Enterprise Department of Defense DIRECTIVE SUBJECT: Management of the Department of Defense Information Enterprise References: See Enclosure 1 NUMBER 8000.01 February 10, 2009 ASD(NII)/DoD CIO 1. PURPOSE. This Directive:

More information

The DoD CIO Charter:

The DoD CIO Charter: George Mason University, Fairfax, VA The DoD CIO Charter: A Template for I.T. Governance? Paul A. Strassmann,October 3, 2005 1 Authority for the DoD CIO 2 Traditional Views of the CIO Roles 3 An Expansive

More information

ESKISP6055.01 Manage security testing

ESKISP6055.01 Manage security testing Overview This standard covers the competencies concerning with managing security testing activities. Including managing resources activities and deliverables. This includes planning, conducting and reporting

More information

System/Data Requirements Definition Analysis and Design

System/Data Requirements Definition Analysis and Design EXECUTIVE SUMMARY This document provides an overview of the Systems Development Life-Cycle (SDLC) process of the U.S. House of Representatives. The SDLC process consists of seven tailored phases that help

More information

(U) Appendix D: Evaluation of the Comprehensive National Cybersecurity Initiative

(U) Appendix D: Evaluation of the Comprehensive National Cybersecurity Initiative (U) Appendix D: Evaluation of the Comprehensive National Cybersecurity Initiative (U) Presidential Directive NSPD 54/HSPD 23, Cybersecurity Policy, established United States policy, strategy, guidelines,

More information

COUNTERINTELLIGENCE. Protecting Key Assets: A Corporate Counterintelligence Guide

COUNTERINTELLIGENCE. Protecting Key Assets: A Corporate Counterintelligence Guide COUNTERINTELLIGENCE O F F I C E O F T H E N A T I O N A L C O U N T E R I N T E L L I G E N C E Protecting Key Assets: A Corporate Counterintelligence Guide E X E C U T I V E Counterintelligence for the

More information

GAO DEFENSE DEPARTMENT CYBER EFFORTS. More Detailed Guidance Needed to Ensure Military Services Develop Appropriate Cyberspace Capabilities

GAO DEFENSE DEPARTMENT CYBER EFFORTS. More Detailed Guidance Needed to Ensure Military Services Develop Appropriate Cyberspace Capabilities GAO United States Government Accountability Office Report to Congressional Requesters May 2011 DEFENSE DEPARTMENT CYBER EFFORTS More Detailed Guidance Needed to Ensure Military Services Develop Appropriate

More information

DOD DIRECTIVE 4715.21 CLIMATE CHANGE ADAPTATION AND RESILIENCE

DOD DIRECTIVE 4715.21 CLIMATE CHANGE ADAPTATION AND RESILIENCE DOD DIRECTIVE 4715.21 CLIMATE CHANGE ADAPTATION AND RESILIENCE Originating Component: Office of the Under Secretary of Defense for Acquisition, Technology, and Logistics Effective: January 14, 2016 Releasability:

More information

Subj: DEPARTMENT OF THE NAVY CYBERSECURITY/INFORMATION ASSURANCE WORKFORCE MANAGEMENT, OVERSIGHT, AND COMPLIANCE

Subj: DEPARTMENT OF THE NAVY CYBERSECURITY/INFORMATION ASSURANCE WORKFORCE MANAGEMENT, OVERSIGHT, AND COMPLIANCE D E PAR TME NT OF THE N A VY OFFICE OF T HE SECRET ARY 1000 NAVY PENT AGON WASHINGT ON D C 20350-1000 SECNAVINST 5239.20 DON CIO SECNAV INSTRUCTION 5239.20 From: Secretary of the Navy Subj: DEPARTMENT

More information

Cybersecurity. Cybersecurity 331

Cybersecurity. Cybersecurity 331 Cybersecurity Summary DOT&E cybersecurity efforts in FY14 included 16 Combatant Command (CCMD) and Service assessments completed as part of the Cybersecurity Assessment Program, 21 cybersecurity operational

More information

HHSN316201200042W 1 QSSI - Quality Software Services, Inc

HHSN316201200042W 1 QSSI - Quality Software Services, Inc ARTICLE C.1. STATEMENT OF WORK This contract is designed to permit the Institutes and Centers (ICs) of NIH, the Department of Health and Human Services (DHHS), and all other federal agencies to acquire

More information

Update On Smart Grid Cyber Security

Update On Smart Grid Cyber Security Update On Smart Grid Cyber Security Kshamit Dixit Manager IT Security, Toronto Hydro, Ontario, Canada 1 Agenda Cyber Security Overview Security Framework Securing Smart Grid 2 Smart Grid Attack Threats

More information

This Conference brought to you by www.ttcus.com

This Conference brought to you by www.ttcus.com This Conference brought to you by www.ttcus.com Linkedin/Group: Technology Training Corporation @Techtrain Technology Training Corporation www.ttcus.com U.S. Army Intelligence and Security Command Army

More information

NAVFAC EXWC Platform Information Technology (PIT) Cyber Security Initiatives

NAVFAC EXWC Platform Information Technology (PIT) Cyber Security Initiatives NAVFAC EXWC Platform Information Technology (PIT) Cyber Security Initiatives Center of excellence for secure integration, deployment and sustainment of Industrial Control Systems and Operational Technology

More information

National Cybersecurity Challenges and NIST. Donna F. Dodson Chief Cybersecurity Advisor ITL Associate Director for Cybersecurity

National Cybersecurity Challenges and NIST. Donna F. Dodson Chief Cybersecurity Advisor ITL Associate Director for Cybersecurity National Cybersecurity Challenges and NIST Donna F. Dodson Chief Cybersecurity Advisor ITL Associate Director for Cybersecurity Though no-one knows for sure, corporate America is believed to lose anything

More information

Cisco Advanced Services for Network Security

Cisco Advanced Services for Network Security Data Sheet Cisco Advanced Services for Network Security IP Communications networking the convergence of data, voice, and video onto a single network offers opportunities for reducing communication costs

More information

Defining a Secure Mobile Framework Architecture at DHA

Defining a Secure Mobile Framework Architecture at DHA Ms. Janine Oakley, Transition Manager Innovation and Advanced Technology Development Division 2015 Defense Health Information Technology Symposium Defining a Secure Mobile Framework Architecture at DHA

More information

An Overview of Large US Military Cybersecurity Organizations

An Overview of Large US Military Cybersecurity Organizations An Overview of Large US Military Cybersecurity Organizations Colonel Bruce D. Caulkins, Ph.D. Chief, Cyber Strategy, Plans, Policy, and Exercises Division United States Pacific Command 2 Agenda United

More information

NATIONAL STRATEGY FOR GLOBAL SUPPLY CHAIN SECURITY

NATIONAL STRATEGY FOR GLOBAL SUPPLY CHAIN SECURITY NATIONAL STRATEGY FOR GLOBAL SUPPLY CHAIN SECURITY JANUARY 2012 Table of Contents Executive Summary 1 Introduction 2 Our Strategic Goals 2 Our Strategic Approach 3 The Path Forward 5 Conclusion 6 Executive

More information

WHITE PAPER December, 2008

WHITE PAPER December, 2008 INTRODUCTION Key to most IT organization s ongoing success is the leadership team s ability to anticipate, plan for, and adapt to change. With ever changing business/mission requirements, customer/user

More information

National Cyber Security Framework and Protocol. for securing digital information in networked critical infrastructures and communications

National Cyber Security Framework and Protocol. for securing digital information in networked critical infrastructures and communications OPERATIONAL REQUIREMENTS DOCUMENT National Cyber Security Framework and Protocol Contents for securing digital information in networked critical infrastructures and communications 1. General Description

More information