THIS PAGE LEFT INTENTIONALLY BLANK

Size: px
Start display at page:

Download "THIS PAGE LEFT INTENTIONALLY BLANK"

Transcription

1

2 THIS PAGE LEFT INTENTIONALLY BLANK

3 THE DEPARTMENT OF DEFENSE CYBER STRATEGY April 2015

4 THIS PAGE LEFT INTENTIONALLY BLANK

5

6 THIS PAGE LEFT INTENTIONALLY BLANK

7 TABLE OF CONTENTS I. INTRODUCTION...1 II. STRATEGIC CONTEXT...9 III. STRATEGIC GOALS...13 I. Build and maintain ready frces and capabilities t cnduct cyberspace peratins II. Defend the DD infrmatin netwrk, secure DD data, and mitigate risks t DD missins III. IV. Be prepared t defend the U.S. hmeland and U.S. vital interests frm disruptive r destructive cyberattacks f significant cnsequence Build and maintain viable cyber ptins and plan t use thse ptins t cntrl cnflict escalatin and t shape the cnflict envirnment at all stages V. Build and maintain rbust internatinal alliances and partnerships t deter shared threats and increase internatinal security and stability IV. IMPLEMENTATION OBJECTIVES...17 STRATEGIC GOAL I STRATEGIC GOAL II STRATEGIC GOAL III STRATEGIC GOAL IV STRATEGIC GOAL V V. MANAGING THE STRATEGY...29 CONCLUSION...32

8 THIS PAGE LEFT INTENTIONALLY BLANK

9 T h e D e p a r t m e n t f D e f e n s e C y b e r S t r a t e g y We live in a wired wrld. Cmpanies and cuntries rely n cyberspace fr everything frm financial transactins t the mvement f military frces. Cmputer cde blurs the line between the cyber and physical wrld and cnnects millins f bjects t the Internet r private netwrks. Electric firms rely n industrial cntrl systems t prvide pwer t the grid. Shipping managers use satellites and the Internet t track freighters as they pass thrugh glbal sea lanes, and the U.S. military relies n secure netwrks and data t carry ut its missins. The United States is cmmitted t an pen, secure, interperable, and reliable Internet that enables prsperity, public safety, and the free flw f cmmerce and ideas. These qualities f the Internet reflect cre American values f freedm f expressin and privacy, creativity, pprtunity, and innvatin. And these qualities have allwed the Internet t prvide scial and ecnmic value t billins f peple. Within the U.S. ecnmy alne, anywhere frm three t 13 percent f business sectr value-added is derived frm Internet-related businesses. Over the last ten years Internet access increased by ver tw billin peple acrss the glbe.. Yet these same qualities f penness and dynamism that led t the Internet s rapid expansin nw prvide dangerus state and nn-state actrs with a means t undermine U.S. interests. We are vulnerable in this wired wrld. Tday ur reliance n the cnfidentiality, availability, and integrity f data stands in stark cntrast t the inadequacy f ur cybersecurity. The Internet was nt riginally designed with security in mind, but as an pen system t allw scientists and researchers t send data t ne anther quickly. Withut strng investments in cybersecurity and cyber defenses, data systems remain pen and susceptible t rudimentary and dangerus frms f explitatin and attack. Malicius actrs use cyberspace t steal data and intellectual prperty fr their wn ecnmic r plitical gals. And an actr in ne regin f the glbe can use cyber capabilities t strike directly at a netwrk thusands f miles away, destrying data, disrupting businesses, r shutting ff critical systems. State and nn-state actrs cnduct cyber peratins t achieve a variety f plitical, ecnmic, r military bjectives. In cnducting their peratins, they may strike at a natin s values as well as its interests r purpses. As ne example, in Nvember, 2014, likely in retaliatin fr the 1

10 T h e D e p a r t m e n t f D e f e n s e C y b e r S t r a t e g y planned release f a satirical film, Nrth Krea cnducted a cyberattack against Sny Pictures Entertainment, rendering thusands f Sny cmputers inperable and breaching Sny s cnfidential business infrmatin. In additin t the destructive nature f the attacks, Nrth Krea stle digital cpies f a number f unreleased mvies, as well as thusands f dcuments cntaining sensitive data regarding celebrities, Sny emplyees, and Sny s business peratins. Nrth Krea accmpanied their cyberattacks with cercin, intimidatin, and the threat f terrrism. The Nrth Krean attack n Sny was ne f the mst destructive cyberattacks n a U.S. entity t date. The attack further spurred an already nging natinal discussin abut the nature f the cyber threat and the need fr imprved cybersecurity. The increased use f cyberattacks as a plitical instrument reflects a dangerus trend in internatinal relatins. Vulnerable data systems present state and nn-state actrs with an enticing pprtunity t strike the United States and its interests. During a cnflict, the Defense Department assumes that a ptential adversary will seek t target U.S. r allied critical infrastructure and military netwrks t gain a strategic advantage. Beynd the attacks described abve, a sphisticated actr culd target an industrial cntrl system (ICS) n a public utility t affect public safety, r enter a netwrk t manipulate health recrds t affect an individual s well-being. A disruptive, manipulative, r destructive cyberattack culd present a significant risk t U.S. ecnmic and natinal security if lives are lst, prperty destryed, plicy bjectives harmed, r ecnmic interests affected. The Red Flag 14-1 Cyber Prtectin Team wrks n cyber defense prcedures inside the Cmbined Air and Space Operatins Center-Nellis, Nellis, NV. The CPT's primary gal is t find and thwart ptential space, cyberspace and missile threats against U.S. and allied frces. (U.S. Air Frce pht by Senir Airman Brett Clashman) Leaders must take steps t mitigate cyber risks. Gvernments, cmpanies, and rganizatins must carefully priritize the systems and data that they need t prtect, assess risks and hazards, and make prudent investments in cybersecurity and cyber defense capabilities t achieve their security gals and bjectives. Behind these defense investments, rganizatins f every kind must build business cntinuity plans and be ready t perate in a degraded cyber envirnment where access t netwrks and data is uncertain. T mitigate risks in cyberspace requires a cmprehensive strategy t cunter and if necessary withstand disruptive and destructive attacks. Defending the United States in Cyberspace In cncert with ther agencies, the United States Department f Defense (DD) is respnsible fr defending the U.S. hmeland and U.S. interests frm attack, including attacks that may ccur in cyberspace. In a manner cnsistent with U.S. and internatinal law, the Department f Defense seeks t deter attacks and defend the United States against any adversary that seeks t harm U.S. natinal interests during times f peace, crisis, r cnflict. T this end the Defense Department has develped capabilities fr cyber peratins and is integrating thse capabilities int the full array f tls that the United States gvernment uses t defend U.S. natinal interests, including diplmatic, infrmatinal, military, ecnmic, financial, and law enfrcement tls. 2

11 T h e D e p a r t m e n t f D e f e n s e C y b e r S t r a t e g y The May 2011 Department f Defense Strategy fr Operating in Cyberspace guided the Defense Department s cyber activities and peratins in supprt f U.S. natinal interests ver the last fur years. This new strategy sets priritized strategic gals and bjectives fr DD s cyber activities and missins t achieve ver the next five years. It fcuses n building capabilities fr effective cybersecurity and cyber peratins t defend DD netwrks, systems, and infrmatin; defend the natin against cyberattacks f significant cnsequence; and supprt peratinal and cntingency plans. This strategy builds n previus decisins regarding DD s Cyber Missin Frce and cyber wrkfrce develpment and prvides new and specific guidance t mitigate anticipated risks and capture pprtunities t strengthen U.S. natinal security. As a matter f first principle, cybersecurity is a team effrt within the U.S. Federal gvernment. T succeed in its missins the Defense Department must perate in partnership with ther Departments and Agencies, internatinal allies and partners, state and lcal gvernments, and, mst imprtantly, the private sectr. Cybersecurity Activities T supprt its missins in cyberspace, the Defense Department cnducts a range f activities utside f cyberspace t imprve cllective cybersecurity and prtect U.S. interests. Fr example, the Defense Department cperates with agencies f the U.S gvernment, with the private sectr, and with ur internatinal partners t share infrmatin, build alliances and partnerships, and fster nrms f respnsible behavir t imprve glbal strategic stability. Infrmatin sharing and interagency crdinatin. T secure and advance U.S. interests in cyberspace, DD seeks t share infrmatin and crdinate with U.S. gvernment agencies in an integrated fashin n a range f cyber activities. Fr example, if DD learns f malicius cyber activities that will affect imprtant U.S. netwrks and systems that are vital fr U.S. natinal and ecnmic security r public safety, DD supprts agencies like the Department f Hmeland Security (DHS) and the Federal Bureau f Investigatin (FBI) as they reach ut t U.S. entities, and ften ther cuntries, t share threat infrmatin such as technical indicatrs f a ptential attack. Such infrmatin sharing can significantly imprve an rganizatin s ability t defend itself against a brad range f cyberattacks. In additin t sharing infrmatin, DD partners with ther agencies f the U.S. gvernment t synchrnize peratins and t share lessns-learned and cybersecurity bestpractices. This includes incident management and netwrk defense respnse. Build bridges t the private sectr. Frm applicatin develpers t Internet Services Prviders, private cmpanies prvide the gds and services that make up cyberspace. The Defense Department relies n the private sectr t build its netwrks, prvide cybersecurity services, and research and Mr. Je Sciabica and Maj. Gen. J. Kevin McLaughlin sign an Air Frce Civil Engineer Center-Air Frces Cyber cllabratin agreement. The initiative is designed t enhance the security f industrial cntrl systems that supprt critical Air Frce infrastructures arund the wrld. (U.S. Air Frce pht by Shannn Carabajal) 3

12 T h e D e p a r t m e n t f D e f e n s e C y b e r S t r a t e g y develp advanced capabilities. The Defense Department has benefited frm private sectr innvatin thrughut its histry. Ging frward, DD will wrk clsely with the private sectr t validate and cmmercialize new ideas fr cybersecurity fr the Department. Building alliances, calitins, and partnerships abrad. The Defense Department engages in a brad array f activities t imprve cybersecurity and cyber peratins capacity abrad. DD helps U.S. allies and partners t understand the cyber threats they face and t build the cyber capabilities necessary t defend their netwrks and data. Allies and partners als ften have cmplementary capabilities that can augment thse f the United States, and the United States seeks t build strng alliances and calitins t cunter ptential adversaries cyber activities. Strategically, a unified calitin sends a message that the United States and its allies and partners are aligned in cllective defense. In additin t the Five Eyes treaty partners, DD wrks clsely with key partners in the Middle East, the Asia-Pacific, and Eurpe t understand the cybersecurity envirnment and build cyber defense capacity. Three Primary Missins in Cyberspace The President has established principles and prcesses fr gverning cyber peratins. The purpse f these principles and prcesses is t plan, develp, and use U.S. capabilities effectively, and t ensure that cyber peratins ccur in a manner cnsistent with the values that the United States prmtes dmestically and internatinally. The Defense Department has three primary cyber missins. First, DD must defend its wn netwrks, systems, and infrmatin. The U.S. military s dependence n cyberspace fr its peratins led the Secretary f Defense in 2011 t declare cyberspace as an peratinal dmain fr purpses f rganizing, training, and equipping U.S. military frces. The Defense Department must be able t secure its wn netwrks against attack and recver quickly if security measures fail. T this end, DD cnducts netwrk defense peratins n an nging basis t securely perate the Department f Defense Infrmatin Netwrk (DDIN). If and when DD detects indicatins f hstile activity within its netwrks, DD has quick-respnse capabilities t clse r mitigate vulnerabilities and secure its netwrks and systems. Netwrk defense peratins n DD netwrks cnstitute the vast majrity f DD s peratins in cyberspace. In additin t defense investments, DD must prepare and be ready t perate in an envirnment where access t cyberspace is cntested. During the Cld War, frces prepared t perate in an envirnment where access t cmmunicatins culd be interrupted by the adversary s advanced capabilities, t include the ptential use f an electrmagnetic pulse that culd disrupt satellite and ther glbal cmmunicatins capabilities. Cmmanders cnducted peridic exercises that required their teams t perate withut access t cmmunicatins systems. Thrugh years f practice and exercise, a culture f resilience tk rt in the military and units were ready and prepared t perate in cntested envirnments. Since the end f the Cld War, hwever, a yunger generatin has grwn increasingly mre accustmed t an envirnment f cnnectivity. The generatin f military men and wmen that grew up since the end f the Cld War have had near cnstant access t infrmatin and cmmunicatins, and the infrmatin revlutin has led t a mre agile and glbally adaptive frce. In the face f an escalating cyber threat, the lessns f the previus generatins must nw be passed dwn. The Defense Department must be able t carry ut its missins t defend the 4

13 T h e D e p a r t m e n t f D e f e n s e C y b e r S t r a t e g y cuntry. Organizatins must exercise and learn t perate withut the tls that have becme such a vital part f their daily lives and peratins. Fr its secnd missin, DD must be prepared t defend the United States and its interests against cyberattacks f significant cnsequence. While cyberattacks are assessed n a case-by-case and factspecific basis by the President and the U.S. natinal security team, significant cnsequences may include lss f life, significant damage t prperty, serius adverse U.S. freign plicy cnsequences, r serius ecnmic impact n the United States. If directed by the President r the Secretary f Defense, the U.S. military may cnduct cyber peratins t cunter an imminent r n-ging attack against the U.S. hmeland r U.S. interests in cyberspace. The purpse f such a defensive measure is t blunt an attack and prevent the destructin f prperty r the lss f life. DD seeks t synchrnize its capabilities with ther gvernment agencies t develp a range f ptins and methds fr disrupting cyberattacks f Navy Petty Officer 1st Class Jel Melendez, Naval Netwrk Warfare Cmmand infrmatin systems analysis, Air Frce Staff Sgt. Rgerick Mntgmery, U.S. Cyber Cmmand netwrk analysis, and Army Staff Sgt. Jacb Harding, 780th Military Intelligence Brigade cyber systems analysis, at an exercise during Cyber Flag 13-1 at Nellis Air Frce Base, NV. (U.S. Air Frce pht by Senir Airman Matthew Lancaster) significant cnsequence befre they can have an impact, t include law enfrcement, intelligence, and diplmatic tls. As a matter f principle, the United States will seek t exhaust all netwrk defense and law enfrcement ptins t mitigate any ptential cyber risk t the U.S. hmeland r U.S. interests befre cnducting a cyberspace peratin. The United States gvernment has a limited and specific rle t play in defending the natin against cyberattacks f significant cnsequence. The private sectr wns and perates ver ninety percent f all f the netwrks and infrastructure f cyberspace and is thus the first line f defense. One f the mst imprtant steps fr imprving the United States verall cybersecurity psture is fr cmpanies t priritize the netwrks and data that they must prtect and t invest in imprving their wn cybersecurity. While the U.S. gvernment must prepare t defend the cuntry against the mst dangerus attacks, the majrity f intrusins can be stpped thrugh relatively basic cybersecurity investments that cmpanies can and must make themselves. Third, if directed by the President r the Secretary f Defense, DD must be able t prvide integrated cyber capabilities t supprt military peratins and cntingency plans. There may be times when the President r the Secretary f Defense may determine that it wuld be apprpriate fr the U.S. military t cnduct cyber peratins t disrupt an adversary s militaryrelated netwrks r infrastructure s that the U.S. military can prtect U.S. interests in an area f peratins. Fr example, the United States military might use cyber peratins t terminate an nging cnflict n U.S. terms, r t disrupt an adversary s military systems t prevent the use f frce against U.S. interests. United States Cyber Cmmand (USCYBERCOM) may als be directed t cnduct cyber peratins, in crdinatin with ther U.S. gvernment agencies as apprpriate, t deter r defeat strategic threats in ther dmains. 5

14 T h e D e p a r t m e n t f D e f e n s e C y b e r S t r a t e g y T ensure that the Internet remains pen, secure, and prsperus, the United States will always cnduct cyber peratins under a dctrine f restraint, as required t prtect human lives and t prevent the destructin f prperty. As in ther dmains f peratins, in cyberspace the Defense Department will always act in a way that reflects enduring U.S. values, including supprt fr the rule f law, as well as respect and prtectin f the freedm f expressin and privacy, the free flw f infrmatin, cmmerce, and ideas. Any decisin t cnduct cyber peratins utside f DD netwrks is made with the utmst care and deliberatin and under strict plicy and peratinal versight, and in accrdance with the law f armed cnflict. As it makes its investments and builds cyber capabilities t defend U.S. natinal interests, the Defense Department will always be attentive t the ptential impact f defense plicies n state and nn-state actrs behavir. A New Cyber Missin Frce The Defense Department requires the cmmitment and crdinatin f multiple leaders and cmmunities acrss DD and the brader U.S. gvernment t carry ut its missins and execute this strategy. Defense Department law enfrcement, intelligence, cunterintelligence, and plicy rganizatins all have an active rle, as d the men and wmen that build and perate DD s netwrks and infrmatin technlgy systems. Every rganizatin needs t play its part. Fr example, netwrk service prviders acrss DD must be adaptive and active t fllw cybersecurity best-practices and cyber defense rders. U.S. Cyber Cmmand must synchrnize its activities with ther DD rganizatins, particularly cmbatant cmmands, t respnd t emerging challenges and pprtunities. Installatin wners and peratrs must partner with the Military Departments Cmputer Emergency Respnse Teams (CERTs), DHS, and USCYBERCOM t build adaptive defenses and cntinuity plans fr missin-critical systems and the civil systems that supprt them. Success requires creative and strng intra-departmental and interagency partnerships. Amng DD s cyber persnnel and frces, the Cyber Missin Frce (CMF) has a unique rle within the Department. In 2012, DD began t build a CMF t carry ut DD s cyber missins. Once fully peratinal, the CMF will include nearly 6,200 military, civilian, and cntractr supprt persnnel frm acrss the military departments and defense cmpnents. The Cyber Missin Frce represents a majr investment by the Department f Defense and the United States as whle, and a central aim f this strategy is t set specific gals and bjectives t guide the develpment f the Cyber Missin Frce and DD s wider cyber wrkfrce t prtect and defend U.S. natinal interests. The Cyber Missin Frce will be cmprised f cyber peratrs rganized int 133 teams, primarily aligned as fllws: Cyber Prtectin Frces will augment traditinal defensive measures and defend pririty DD netwrks and systems against pririty threats; Natinal Missin Frces and their assciated supprt teams will defend the United States and its interests against cyberattacks f significant cnsequence; and Cmbat Missin Frces and their assciated supprt teams will supprt cmbatant cmmands by generating integrated cyberspace effects in supprt f peratinal plans and cntingency peratins. Cmbatant cmmands integrate Cmbat Missin Frces and Cyber Prtectin Teams int plans and peratins and emply them in cyberspace, while the Natinal Missin Frce perates under the Cmmander f USCYBERCOM. Outside f this cnstruct, teams can als be used t supprt ther missins as required by the Department. 6

15 T h e D e p a r t m e n t f D e f e n s e C y b e r S t r a t e g y In 2013 the Department began t integrate the CMF int the larger multi-missin U.S. military frce t achieve synergy acrss dmains, assure the CMF s readiness within the frce, and restructure the military and civilian wrkfrce and infrastructure t execute DD s missins. During the curse f implementing this strategy, DD will cntinue t build the CMF, and will cntinue t mature the necessary cmmand, cntrl, and enabling rganizatins required fr effective peratins. DD will fcus n ensuring that its frces are trained and ready t perate using the capabilities and architectures they need t cnduct cyber peratins, cntinue t build plicy and legal framewrks t gvern CMF emplyment, and integrate the CMF int DD s verall planning and frce develpment. This strategy recgnizes that effective cybersecurity will require clse cllabratin within DD and acrss the federal gvernment, with industry, with internatinal allies and partners, and with state and lcal gvernments. The pursuit f security in cyberspace requires a whle-f-gvernment and internatinal apprach due t the number and variety f stakehlders in the dmain, the flw f infrmatin acrss internatinal brders, and the distributin f respnsibilities, authrities, and capabilities acrss gvernments and the private sectr. Fr each f DD s missins, DD must cntinue t develp rutine relatinships and prcesses fr crdinating its cyber peratins. Specific risks and pprtunities infrm this new strategy. Fr example, DD s wn netwrk is a patchwrk f thusands f netwrks acrss the glbe, and DD lacks the visibility and rganizatinal structure required t defend its diffuse netwrks effectively. The Defense Department must further develp adequate warning intelligence f adversary intentins and capabilities fr cnducting destructive and disruptive cyberattacks against DD and the United States. Beynd its wn netwrks, DD relies n civil critical infrastructure acrss the United States and verseas fr its peratins, yet the cybersecurity f such critical infrastructure is uncertain. T mitigate these and ther risks and imprve U.S. natinal security, this strategy sets strategic gals fr the Department t achieve, and prescribes bjectives and metrics fr meeting each gal. All f the gals and bjectives within this strategy reflect the gals f the 2015 United States Natinal Security Strategy and the 2014 Quadrennial Defense Review. DD sets five strategic gals fr its cyberspace missins: U.S. Strategic Cmmand serves as the Defense Department s glbal synchrnizer fr capabilities that affect every cmbatant cmmand. Here the sun sets ver sme f the assets that prvide capabilities at Frward Operating Base Sharana in Afghanistan s Paktika prvince. (U.S. Army pht by Spc. Raymnd Schaeffer) 1. Build and maintain ready frces and capabilities t cnduct cyberspace peratins; 2. Defend the DD infrmatin netwrk, secure DD data, and mitigate risks t DD missins; 7

16 T h e D e p a r t m e n t f D e f e n s e C y b e r S t r a t e g y 3. Be prepared t defend the U.S. hmeland and U.S. vital interests frm disruptive r destructive cyberattacks f significant cnsequence; 4. Build and maintain viable cyber ptins and plan t use thse ptins t cntrl cnflict escalatin and t shape the cnflict envirnment at all stages; 5. Build and maintain rbust internatinal alliances and partnerships t deter shared threats and increase internatinal security and stability. 8

17 T h e D e p a r t m e n t f D e f e n s e C y b e r S t r a t e g y Key Cyber Threats Frm , the Directr f Natinal Intelligence named the cyber threat as the number ne strategic threat t the United States, placing it ahead f terrrism fr the first time since the attacks f September 11, Ptential state and nn-state adversaries cnduct malicius cyber activities against U.S. interests glbally and in a manner intended t test the limits f what the United States and the internatinal cmmunity will tlerate. Actrs may penetrate U.S. netwrks and systems fr a variety f reasns, such as t steal intellectual prperty, disrupt an rganizatin s peratins fr activist purpses, r t cnduct disruptive and destructive attacks t achieve military bjectives. Ptential adversaries have invested significantly in cyber as it prvides them with a viable, plausibly deniable capability t target the U.S. hmeland and damage U.S. interests. Russia and China have develped advanced cyber capabilities and strategies. Russian actrs are stealthy in their cyber tradecraft and their intentins are smetimes difficult t discern. China steals intellectual prperty (IP) frm glbal businesses t benefit Chinese cmpanies and undercut U.S. cmpetitiveness. While Iran and Nrth Krea have less develped cyber capabilities, they have displayed an vert level f hstile intent twards the United States and U.S. interests in cyberspace. In additin t state-based threats, nn-state actrs like the Islamic State in Iraq and the Levant (ISIL) use cyberspace t recruit fighters and disseminate prpaganda and have declared their intent t acquire disruptive and destructive cyber capabilities. Criminal actrs pse a cnsiderable threat in cyberspace, particularly t financial institutins, and idelgical grups ften use hackers t further their plitical bjectives. State and nn-state threats ften als blend tgether; patritic entities ften act as cyber surrgates fr states, and nn-state entities can prvide cver fr state-based peratrs. This behavir can make attributin mre difficult and increases the chance f miscalculatin. Malware Prliferatin The glbal prliferatin f malicius cde r sftware ( malware ) increases the risk t U.S. netwrks and data. T cnduct a disruptive r destructive cyber peratin against a military system r industrial cntrl system requires expertise, but a ptential adversary need nt spend 9

18 T h e D e p a r t m e n t f D e f e n s e C y b e r S t r a t e g y billins f dllars t develp an ffensive capability. A natin-state, nn-state grup, r individual actr can purchase destructive malware and ther capabilities n the black market. State and nn-state actrs als pay experts t search fr vulnerabilities and develp explits. This practice has created a dangerus and uncntrlled market that serves multiple actrs within the internatinal system, ften fr cmpeting purpses. As cyber capabilities becme mre readily available ver time, the Department f Defense assesses that state and nn-state actrs will cntinue t seek and develp cyber capabilities t use against U.S. interests. Risk t DD Netwrks and Infrastructure The Defense Department s wn netwrks and systems are vulnerable t intrusins and attacks. In additin t DD s wn netwrks, a cyberattack n the critical infrastructure and key resurces n which DD relies fr its peratins culd impact the U.S. military s ability t perate in a cntingency. DD has made gains in identifying cyber vulnerabilities f its wn critical assets thrugh its Missin Assurance Prgram fr many key assets, DD has identified its physical netwrk infrastructure n which key physical assets depend but mre must be dne t secure DD s cyber infrastructure. In additin t destructive and disruptive attacks, cyber actrs steal peratinal infrmatin and intellectual prperty frm a range f U.S. gvernment and cmmercial entities that impact the Defense Department. Victims include weapns develpers as well as cmmercial firms that supprt frce mvements thrugh U.S. Transprtatin Cmmand (USTRANSCOM). State actrs have stlen DD s intellectual prperty t undercut the United States strategic and technlgical advantage and t benefit their wn military and ecnmic develpment. Finally, the Defense Department faces a risk frm the U.S. gvernment s cntinued budgetary uncertainty. Althugh DD has priritized the allcatin f resurces in its budget t develp cyber capabilities, cntinued fiscal uncertainty requires that DD plan t build its cyber capabilities under a declining verall defense budget. DD must cntinue t priritize its cyber investments and develp the capabilities required t defend U.S. interests at hme and verseas. Deterrence in the Future Security Envirnment In the face f an escalating threat, the Department f Defense must cntribute t the develpment and implementatin f a cmprehensive cyber deterrence strategy t deter key state and nn-state actrs frm cnducting cyberattacks against U.S. interests. Because f the variety and number f state and nn-state cyber actrs in cyberspace and the relative availability f destructive cyber tls, an effective deterrence strategy requires a range f plicies and capabilities t affect a state r nn-state actrs behavir. As DD builds its Cyber Missin Frce and verall capabilities, DD assumes that the deterrence f cyberattacks n U.S. interests will nt be achieved thrugh the articulatin f cyber plicies alne, but thrugh the ttality f U.S. actins, including declaratry plicy, substantial indicatins and warning capabilities, defensive psture, effective respnse prcedures, and the verall resiliency f U.S. netwrks and systems. The deterrence f state and nn-state grups in cyberspace will thus require the fcused attentin f multiple U.S. gvernment departments and agencies. The Department f Defense has a number f specific rles t play in this equatin. 10

19 T h e D e p a r t m e n t f D e f e n s e C y b e r S t r a t e g y Deterrence is partially a functin f perceptin. It wrks by cnvincing a ptential adversary that it will suffer unacceptable csts if it cnducts an attack n the United States, and by decreasing the likelihd that a ptential adversary s attack will succeed. The United States must be able t declare r display effective respnse capabilities t deter an adversary frm initiating an attack; develp effective defensive capabilities t deny a ptential attack frm succeeding; and strengthen the verall resilience f U.S. systems t withstand a ptential attack if it penetrates the United States defenses. In additin, the United States requires strng intelligence, frensics, and indicatins and warning capabilities t reduce annymity in cyberspace and increase cnfidence in attributin. Respnse: The United States has been clear that it will respnd t a cyberattack n U.S. interests thrugh its defense capabilities. The United States has articulated this declaratry plicy in the 2011 United States Internatinal Strategy fr Cyberspace, in the Department f Defense Cyberspace Plicy Reprt t Cngress f 2011, and thrugh public statements by the President and the Secretary f Defense. The United States will cntinue t respnd t cyberattacks against U.S. interests at a time, in a manner, and in a place f ur chsing, using apprpriate instruments f U.S. pwer and in accrdance with applicable law. Denial: While DD has made prgress in building the Cyber Missin Frce, DD must increase its defensive capabilities t defend DD netwrks and defend the natin frm sphisticated cyberattacks, and must wrk with ther departments, agencies, internatinal allies and partners, and the private sectr t strengthen deterrence by denial thrugh imprved cybersecurity. Resilience: Because the Defense Department s capabilities cannt necessarily guarantee that every cyberattack will be denied successfully, the Defense Department must invest in resilient and redundant systems s that it may cntinue its peratins in the face f Airman 1st Class Nate Hammnd adjusts the frequency f a Rll-On Beynd Line f Sight Enhancement, r ROBE, data link system at the Transit Center at Manas, Kyrgyzstan. A ROBE cnnects manpwer assets n the grund t ther grund r airbrne units. (U.S. Air Frce pht/senir Airman Brett Clashman) disruptive r destructive cyberattacks n DD netwrks. The Defense Department cannt, hwever, fster resilience in rganizatins that fall utside f its authrity. In rder fr resilience t succeed as a factr in effective deterrence, ther agencies f the gvernment must wrk with critical infrastructure wners and peratrs and the private sectr mre bradly t develp resilient and redundant systems that can withstand a ptential attack. Effective resilience measures can help cnvince ptential adversaries f the futility f cmmencing cyberattacks n U.S. netwrks and systems. Attributin is a fundamental part f an effective cyber deterrence strategy as annymity enables malicius cyber activity by state and nn-state grups. On matters f intelligence, attributin, and warning, DD and the intelligence cmmunity have invested significantly in all surce 11

20 T h e D e p a r t m e n t f D e f e n s e C y b e r S t r a t e g y cllectin, analysis, and disseminatin capabilities, all f which reduce the annymity f state and nn-state actr activity in cyberspace. Intelligence and attributin capabilities help t unmask an actr s cyber persna, identify the attack s pint f rigin, and determine tactics, techniques, and prcedures. Attributin enables the Defense Department r ther agencies t cnduct respnse and denial peratins against an incming cyberattack. Public and private attributin can play a significant rle in dissuading cyber actrs frm cnducting attacks in the first place. The Defense Department will cntinue t cllabrate clsely with the private sectr and ther agencies f the U.S. gvernment t strengthen attributin. This wrk will be especially imprtant fr deterrence as activist grups, criminal rganizatins, and ther actrs acquire advanced cyber capabilities ver time. Finally, cyber capabilities present state and nn-state actrs with the ability t strike at U.S. interests in a manner that may r may nt necessarily warrant a purely military respnse by the United States, but which may nnetheless present a significant threat t U.S. natinal security and may warrant a nn-military respnse f sme kind. In respnse t certain attacks and intrusins, the United States may undertake diplmatic actins, take law enfrcement actins, and cnsider ecnmic sanctins. Fr example, the United States used verifiable and attributable data t engage China abut the risks psed by its ecnmic espinage. The attributin f this data allwed the United States t express cncerns regarding the impact f Chinese intellectual prperty theft n U.S. ecnmic cmpetitiveness, and the ptential risks psed t strategic stability by Chinese activity. Because they brke the law and t deter China frm cnducting future cyber espinage, the Justice Department indicted five members f the Peple s Liberatin Army fr stealing U.S. intellectual prperty t directly benefit Chinese cmpanies. The Defense Department will supprt the Justice Department and ther agencies in explring new tls and capabilities t help deter such activity in cyberspace. 12

21 T h e D e p a r t m e n t f D e f e n s e C y b e r S t r a t e g y III. STRATEGIC GOALS T mitigate risks and defend U.S. interests in the current and future security envirnment, the Defense Department utlines five strategic gals and specific bjectives fr its activities and missins. STRATEGIC GOAL I: BUILD AND MAINTAIN READY FORCES AND CAPABILITIES TO CONDUCT CYBERSPACE OPERATIONS. T perate effectively in cyberspace, DD requires frces and persnnel that are trained t the highest standard, ready, and equipped with best-in-class technical capabilities. In 2013 DD initiated a majr investment in its cyber persnnel and technlgies by initiating the CMF; nw DD must make gd n that investment by training its peple, building effective rganizatins and cmmand and cntrl systems, and fully develping the capabilities that DD requires t perate in cyberspace. This strategy sets specific bjectives fr DD t meet as it mans, trains, and equips its frces and persnnel ver the next five years and beynd. STRATEGIC GOAL II: DEFEND THE DOD INFORMATION NETWORK, SECURE DOD DATA, AND MITIGATE RISKS TO DOD MISSIONS. While DD cannt defend every netwrk and system against every kind f intrusin DD s ttal netwrk attack surface is t large t defend against all threats and t vast t clse all vulnerabilities DD must take steps t identify, priritize, and defend its mst imprtant netwrks and data s that it can carry ut its missins effectively. DD must als plan and exercise t perate within a degraded and disrupted cyber envirnment in the event that an attack n DD s netwrks and data succeeds, r if aspects f the critical infrastructure n which DD relies fr its peratinal and cntingency plans are disrupted. Finally, DD must raise the bar n technlgy and innvatin t stay ahead f the threat by enhancing its cyber defense capabilities, including by building and emplying a mre defendable netwrk architecture in the Jint Infrmatin Envirnment (JIE). Outside f DD netwrks, DD must wrk with the private sectr t help secure defense industrial base trade 13

22 T h e D e p a r t m e n t f D e f e n s e C y b e r S t r a t e g y data, and be prepared t assist ther agencies in hardening U.S. netwrks and data against cyberattacks and cyber espinage. STRATEGIC GOAL III: BE PREPARED TO DEFEND THE U.S. HOMELAND AND U.S. VITAL INTERESTS FROM DISRUPTIVE OR DESTRUCTIVE CYBERATTACKS OF SIGNIFICANT CONSEQUENCE. Cyber Flag 14-1 participants analyze an exercise scenari in the Red Flag building at Nellis Air Frce Base, NV. Cyber Flag fcuses n exercising USCYBERCOM s missin f perating and defending DD netwrks acrss the full spectrum f peratins against a realistic adversary in a virtual envirnment. (U.S. Air Frce pht by Airman 1st Class Christpher Tam) The Department f Defense must wrk with its interagency partners, the private sectr, and allied and partner natins t deter and if necessary defeat a cyberattack f significant cnsequence n the U.S. hmeland and U.S. interests. The Defense Department must develp its intelligence, warning, and peratinal capabilities t mitigate sphisticated, malicius cyberattacks befre they can impact U.S. interests. Cnsistent with all applicable laws and plicies, DD requires granular, detailed, predictive, and actinable intelligence abut glbal netwrks and systems, adversary capabilities, and malware brkers and markets. T defend the natin, DD must build partnerships with ther agencies f the gvernment t prepare t cnduct cmbined cyber peratins t deter and if necessary defeat aggressin in cyberspace. The Defense Department is fcused n building the capabilities, prcesses, and plans necessary t succeed in this missin. STRATEGIC GOAL IV: BUILD AND MAINTAIN VIABLE CYBER OPTIONS AND PLAN TO USE THOSE OPTIONS TO CONTROL CONFLICT ESCALATION AND TO SHAPE THE CONFLICT ENVIRONMENT AT ALL STAGES. During heightened tensins r utright hstilities, DD must be able t prvide the President with a wide range f ptins fr managing cnflict escalatin. If directed, DD shuld be able t use cyber peratins t disrupt an adversary s cmmand and cntrl netwrks, military-related critical infrastructure, and weapns capabilities. As a part f the full range f tls available t the United States, DD must develp viable cyber ptins and integrate thse ptins int Departmental plans. DD will develp cyber capabilities t achieve key security bjectives with precisin, and t minimize lss f life and destructin f prperty. T ensure unity f effrt, DD will enable cmbatant cmmands t plan and synchrnize cyber peratins with kinetic peratins acrss all dmains f military peratins. 14

23 T h e D e p a r t m e n t f D e f e n s e C y b e r S t r a t e g y STRATEGIC GOAL V: BUILD AND MAINTAIN ROBUST INTERNATIONAL ALLIANCES AND PARTNERSHIPS TO DETER SHARED THREATS AND INCREASE INTERNATIONAL SECURITY AND STABILITY. All three f DD s cyber missins require clse cllabratin with freign allies and partners. In its internatinal cyber engagement DD seeks t build partnership capacity in cybersecurity and cyber defense, and t deepen peratinal partnerships where apprpriate. Given the high demand and relative scarcity f cyber resurces, the Department f Defense must make hard chices and fcus its partnership capacity initiatives n areas where vital U.S. natinal interests are stake. Over the next five years, in additin t nging partner capacity building effrts in ther regins, DD will fcus its internatinal engagement n: the Middle East, the Asia-Pacific, and key NATO allies. Thrugh the curse f this strategy DD will cnstantly assess the internatinal envirnment and develp innvative partnerships t respnd t emerging challenges and pprtunities. 15

24 T h e D e p a r t m e n t f D e f e n s e C y b e r S t r a t e g y THIS PAGE LEFT INTENTIONALLY BLANK 16

25 T h e D e p a r t m e n t f D e f e n s e C y b e r S t r a t e g y IV. IMPLEMENTATION OBJECTIVES Each f DD s strategic gals requires specific, measurable bjectives fr the Department t achieve. The Office f the Principal Cyber Advisr t the Secretary f Defense, the Office f the Under Secretary f Defense fr Acquisitin, Technlgy, and Lgistics, and the Jint Staff will wrk with DD cmpnents t priritize and versee the implementatin f this strategy and its bjectives and t assign ffices f primary and supprt respnsibility fr managing each bjective. The ffice f primary respnsibility will develp a prject plan fr each bjective; the Principal Cyber Advisr will track prgress in achieving each bjective and ultimately the success f each strategic gal. STRATEGIC GOAL I: BUILD AND MAINTAIN READY FORCES AND CAPABILITIES TO CONDUCT CYBERSPACE OPERATIONS. Build the cyber wrkfrce. T make gd n DD s significant investment in cyber persnnel, and t help achieve many f the bjectives in this strategy, DD s first pririty is t develp a ready Cyber Missin Frce and assciated cyber wrkfrce. This wrkfrce will be built n three fundatinal pillars: enhanced training; imprved military and civilian recruitment and retentin; and strnger private sectr supprt. Maintain a persistent training envirnment. DD requires an individual and cllective training capability t achieve the gals utlined in this strategy and t meet future peratinal requirements. U.S. Cyber Cmmand will wrk with ther cmpnents, agencies, and military departments t define the requirements fr and create a training envirnment that will enable the ttal cyber frce t cnduct jint training (including exercises and missin rehearsals), experimentatin, certificatin, as well as the assessment and develpment f cyber capabilities and tactics, techniques, and prcedures fr missins that crss bundaries and netwrks. 17

26 T h e D e p a r t m e n t f D e f e n s e C y b e r S t r a t e g y Build viable career paths. Thrughut the curse f this strategy, and fllwing the CMF decisins f 2013, DD will cntinue t fster viable career paths fr all military persnnel perfrming and supprting cyber peratins. Draw n the Natinal Guard and Reserve. Thrughut the curse f this strategy, DD will draw n the Natinal Guard and Reserve Cmpnents as a resurce fr expertise and t fster creative slutins t cybersecurity prblems. The Reserve Cmpnent ffers a unique capability fr supprting each f DD s missins, including fr engaging the defense industrial base and the cmmercial sectr. It represents DD s critical surge capacity fr cyber respnders. Imprve civilian recruitment and retentin. In additin t develping highly-skilled military persnnel, DD must recruit and retain highly-skilled civilian persnnel, including technical persnnel fr its ttal cyber wrkfrce. Civilians must fllw a welldevelped career develpment and advancement track and be prvided with best-inclass pprtunities t develp and succeed within the wrkfrce. Develp and implement exchange prgrams with the private sectr. T supplement DD s civilian cyber wrkfrce, DD must be able t emply technical subject matter experts frm the best cybersecurity and infrmatin technlgy cmpanies in the cuntry t perfrm unique engineering and analytic rles within DD. The Defense Department will implement successful private sectr exchange prgrams t bring measurable benefits t the Department f Defense thrugh the design and develpment f new peratinal cncepts fr DD s cyberspace missins. Supprt the Natinal Initiative fr Cyberspace Educatin. DD will develp plicies t supprt the Natinal Initiative fr Cybersecurity Educatin. Wrking with interagency partners, ne r mre educatinal institutins, as well as state and private sectr partners, DD will cntinue t supprt innvative wrkfrce develpment partnerships fcused n bth the technical and plicy dimensins f cybersecurity and cyber defense. Build technical capabilities fr cyber peratins. In 2013, DD develped a mdel fr achieving CMF readiness and fr develping viable cyber military ptins t present t the President and Secretary f Defense. DD must have the technical tls available t cnduct peratins in supprt f cmbatant cmmand missins. Key initiatives include the fllwing: Develp the Unified Platfrm. On the basis f planning requirements, DD will develp the detailed requirements fr integrating disparate cyber platfrms and building an interperable and extendable netwrk f cyber capabilities. This Unified Platfrm will enable the CMF t cnduct full-spectrum cyberspace peratins in supprt f natinal requirements. Accelerate research and develpment. The Defense Department will cntinue t accelerate innvative cyber research and develpment t build cyber capabilities. The 18

27 T h e D e p a r t m e n t f D e f e n s e C y b e r S t r a t e g y DD research and develpment cmmunity as well as established and emerging private sectr partners can prvide DD and the natin with a significant advantage in develping leap-ahead technlgies t defend U.S. interests in cyberspace. In additin t supprting current and planned investments, DD will fcus its basic and applied research agenda n develping cyber capabilities t expand the capacity f the CMF and the brader DD cyber wrkfrce. Validate and cntinually refine an adaptive cmmand and cntrl mechanism fr cyber peratins. DD has made significant prgress in recent years in develping cmmand and cntrl fr all three f its missins, but its cmmand and cntrl mdel must be finalized, resurced, and tested t ensure effectiveness. The cmmand and cntrl mdel must supprt USCYBERCOM and the cmbatant cmmands. It must be efficient and practical, and must prmte unity f effrt f effrt acrss all three cyber missins. Establish an enterprise-wide cyber mdeling and simulatin capability. DD will wrk in cllabratin with the intelligence cmmunity t develp the data schema, databases, algrithms, and mdeling and simulatin (M&S) capabilities necessary t assess the effectiveness f cyber peratins. Assess Cyber Missin Frce capacity. Assess the capacity f the prjected Cyber Missin Frce t achieve its missin bjectives when cnfrnted with multiple cntingencies. The Jint Staff, with supprt frm USCYBERCOM and ther DD cmpnents, will prpse, cllect, analyze, and reprt a set f apprpriate metrics t the Principal Cyber Advisr t measure the peratinal capacity f the CMF. These metrics will include updates n the status f USCYBERCOM cntingency capabilities, t include Air Frce Tech Sgt. Kevin Garner and Air Frce Senir Airman David Slnk, cyber transprt technicians assigned t the 354 th Cmmunicatins Squadrn, hk cables in t the new Air Frce Netwrk ruter system at Eielsn Air Frce Base, AK. (U.S. Air Frce pht by Staff Sgt. Christpher Bitz) capability develpment and prficiency as well as accesses and tls that may be required in a cntingency. In respnse t this analysis, DD will develp a plan fr ensuring that the CMF has the apprpriate capacity and flexibility available t respnd t changes in the strategic envirnment. STRATEGIC GOAL II: DEFEND THE DOD INFORMATION NETWORK, SECURE DOD DATA, AND MITIGATE RISKS TO DOD MISSIONS. Build the Jint Infrmatin Envirnment (JIE) single security architecture. The Defense Department will build DD infrmatin netwrks t meet the JIE s single security 19

28 T h e D e p a r t m e n t f D e f e n s e C y b e r S t r a t e g y architecture. The single security architecture will adapt and evlve t mitigate cyber threats; it will help DD t develp and fllw best-in-class cybersecurity practices, and its small netwrk ftprint will allw USCYBERCOM, cmbatant cmmands, and DD cmpnents t maintain cmprehensive situatinal awareness f netwrk threats and mitigatins. The JIE s single security architecture will enable a rbust netwrk defense and shift the fcus frm prtecting service-specific netwrks and systems t securing the DD enterprise in a unified manner. The JIE s single security architecture must be develped with enhanced cyber situatinal awareness, deplyed in respnse t validated requirements, and able t accmmdate future defensive measures. As a part f JIE planning DD will develp a framewrk fr develping and integrating new defensive techniques int DD s cybersecurity architecture, t include anmalybased detectin capabilities, data analytics t identify vulnerabilities and threats, and advanced encryptin methds. Assess and ensure the effectiveness f the Jint Frce Headquarters fr DD infrmatin netwrk (DDIN) peratins. Operating under USCYBERCOM, the Jint Frce Headquarters-DDIN will crdinate netwrk defense and mitigate cyber risks t DD peratins and missins acrss the defense enterprise. DD will assess, validate, and fully implement the Jint Frce Headquarters-DDIN cncept t perate DD netwrks securely, defend DD netwrks, and mitigate cyber risks t DD missins. Mitigate knwn vulnerabilities. The Defense Department will implement a capability t mitigate all knwn vulnerabilities that present a high risk t DD netwrks and data. In additin t zer-day vulnerabilities, ne f the greatest threats t DD netwrks and systems lies in knwn, high-risk vulnerabilities that ptential adversaries can explit. DD ften finds itself rushing t clse vulnerabilities nce an adversary has penetrated a system. The DD Chief Infrmatin Officer (CIO) will lead an effrt t implement an autmated patch management capability t distribute sftware and cnfiguratin patches, updates, and fixes t mitigate knwn, majr vulnerabilities n DD netwrks and systems against threats. Assess DD s cyber defense frces. The Defense Department will assess its cyber defense frces ability t cnduct integrated, adaptive, and dynamic defensive peratins. Enterprise-level and Cyber Prtectin Team (CPT) netwrk defenders must be able t discver, detect, analyze, and mitigate threats and vulnerabilities t defend the DD infrmatin netwrk. Imprve the effectiveness f the current DD Cmputer Netwrk Defense Service Prvider (CNDSP) cnstruct in defending and prtecting DD netwrks. Cmputer netwrk defense service prviders deliver cybersecurity slutins fr DD netwrks, t include mnitring, detectin, and prtectin capabilities. The Defense Department will determine whether current CNDSP prcesses are sufficient t defend netwrks against knwn and prjected threats in cyberspace and whether current CNDSP frces are adequately trained and equipped t defend against advanced threats. Finally, DD will 20

29 T h e D e p a r t m e n t f D e f e n s e C y b e r S t r a t e g y determine whether its CNDSP frces can integrate int the brader cyberspace cmmand and cntrl cnstruct and hw that integrated cnstruct will perfrm in the face f cyber threats that span CNDSP and CPT prtected netwrks and data. Plan fr netwrk defense and resilience. The Defense Department must identify and plan t defend the netwrks that supprt key DD missins. The Department must make a careful assessment f the pririty assets that it must defend in cyberspace t assure DD missins and exercise t defend thse assets effectively. Integrate cyber int missin assurance assessments. The Defense Department will integrate cybersecurity requirements and assessments int the DD Missin Assurance prgram and update DD plicy apprpriately. Currently DD cmpnents take varying appraches t measuring and assessing cyber risks fr missin assurance. DD will develp a Jint Missin Assurance Assessment Prgram that includes the integratin f cybersecurity assessments, cybersecurity requirements, and cyber peratins requirements. Assess Cyber Prtectin Team (CPT) capabilities. DD will cmplete an assessment f CPT capacity, capability, and emplyment mdel in regard t missin assurance pririties as set by cmbatant cmmand requirements. Sldiers mnitr netwrks in the Cyber Missin Unit Operatins Center at the Army's Cyber Center f Excellence, Frt Grdn, GA. (Pht by Michael L. Lewis) Imprve weapns systems cybersecurity. DD will assess and initiate imprvements t the cybersecurity f current and future weapns systems, ding s n the basis f peratinal requirements. Fr all future weapns systems that DD will acquire r prcure, DD will mandate specific cybersecurity standards fr weapns systems t meet. Acquisitin and prcurement plicy and practice will be updated t prmte effective cybersecurity thrughut a system s life cycle. Build and exercise cntinuity plans. All DD cmpnents will identify and build resiliency plans t maintain cntinuity f their mst critical peratins in the event f netwrk disruptin and degradatin. Military campaign plans must fully incrprate the ability t perate in a degraded cyber envirnment; military frces must exercise and be able t cnduct military campaigns in a degraded cyber envirnment where access t netwrks and data is uncertain. Cmpnents must balance cyber risks effectively t ensure that they can cntinue t carry ut their missins in the physical wrld. Red team DD s netwrk defenses. The Defense Department has develped mature red team capabilities t test vital netwrks and missin systems fr vulnerabilities and t better 21

30 T h e D e p a r t m e n t f D e f e n s e C y b e r S t r a t e g y prepare its cyber defense frces. Ging frward, DD must fcus its red team capabilities n pririty netwrks and missin systems t assure DD s ability t carry ut its mst critical missins. As a part f this wrk, every majr DD exercise shuld include a cyber red team t test DD's cyber defenses in a realistic scenari where the Department culd have its peratins disrupted by an adversary. Cmpnents will be audited regularly t ensure prgress in incrprating red team findings and imprving their cybersecurity psture. Mitigate the risk f insider threats. The natin's defense depends upn the fidelity f thse entrusted with the natin's secrets. The Defense Department has invested in the technlgical and persnnel slutins necessary t identify threats befre they can impact U.S. natinal security. The Defense Department cntinues t deply and implement these slutins thrugh cntinuus netwrk mnitring, imprved cybersecurity training fr the wrkfrce, and imprved methds fr identifying, reprting, and tracking suspicius behavir. This wrk extends beynd infrmatin technlgy and includes matters f persnnel and reliability. Mitigating the insider threat requires gd leadership and accuntability thrughut the wrkfrce. Beynd implementing plicies and prtcls, leaders will strive t create a culture f awareness t anticipate, detect, and respnd t insider threats befre they have an impact. Exercise t prvide Defense Supprt f Civil Authrities. Under its existing and planned frce structure, DD will develp a framewrk and exercise its Defense Supprt f Civil Authrities (DSCA) capabilities in supprt f DHS and ther agencies and with state and lcal authrities t help defend the federal gvernment and the private sectr in an emergency if directed. DD s annual exercise prgram, t include Cyber Guard, will include exercising with DHS and the FBI fr cntingencies that may require emergency allcatin f frces t help prtect critical infrastructure, under partner agencies lead. This framewrk will describe hw cmbatant cmmands and cmbat supprt agencies can partner with DHS and FBI and ther agencies t imprve integratin, training and supprt. Members f the Ohi Natinal Guard Cmputer Netwrk Defense Team cnduct cyber defense peratins during exercise Cyber Shield 2015 at Camp Atterbury, IN. (Ohi Natinal Guard pht by Staff Sgt. Gerge Davis) Define and refine the Natinal Guard s rle in supprting law enfrcement, Hmeland Defense, and Defense Supprt f Civil Authrities missins. DD will wrk with the Natinal Guard t define the crdinate, train, advise, and assist (C/TAA) rles f the Natinal Guard frce and refine implementatin thrugh Cyber Guard Under its existing and planned frce structure, 22

31 T h e D e p a r t m e n t f D e f e n s e C y b e r S t r a t e g y Natinal Guard frces will exercise t crdinate, train, advise, and assist state and lcal agencies and dmestic critical infrastructure and t prvide supprt t law enfrcement, Hmeland Defense, and Defense Supprt f Civil Authrities activities in supprt f natinal bjectives. Imprve accuntability and respnsibility fr the prtectin f data acrss DD and the DIB. The Defense Department will ensure that plicies and any assciated federal rules r cntract language requirements have been implemented t require DIB cmpanies t reprt data theft and lss t the Defense Cyber Crime Center. DD will cntinue t assess Defense Federal Acquisitin Regulatin Supplement (DFARS) rules and assciated guidance t ensure they mature ver time in a manner cnsistent with knwn standards fr prtecting data frm cyber adversaries, t include standards prmulgated by the Natinal Institute f Standards and Technlgy (NIST). DD will cntinue t expand cmpanies' participatin in threat infrmatin sharing prgrams, such as the Cyber Security/Infrmatin Assurance prgram. As the certificatin authrity fr DIB cleared defense cntractr sites, the Defense Security Service will expand educatin and training prgrams t include material fr DD persnnel and DIB cntractrs t enhance their cyber threat awareness. In additin, the Office f the Under Secretary f Defense fr Intelligence will review the sufficiency f current classificatin guidance fr critical acquisitin and technlgy prgrams t prtect infrmatin n cntractr netwrks. Strengthen DD s prcurement and acquisitin cybersecurity standards. T defend DD netwrks, DD must strengthen the cybersecurity requirements f DD s netwrk acquisitin and prcurement items by integrating cybersecurity standards int cntract vehicles fr research, develpment, and prcurement. DD will specify additinal cybersecurity standards fr industry t meet fr cmpnents f any DD prcurement item. Build cllabratin between the acquisitin, intelligence, cunterintelligence, law enfrcement, and peratins cmmunities t prevent, mitigate, and respnd t data lss. DD will establish a Jint Acquisitin Prtectin and Explitatin Cell (JAPEC) t link intelligence, cunterintelligence, and law enfrcement agents with acquisitin prgram managers t prevent and mitigate data lss and theft. DD will cnduct cmprehensive risk and damage assessments f cyber espinage and theft t infrm requirements, acquisitin, prgrammatic, and cunterintelligence curses f actin. The DD CIO, in cllabratin with the Office f the Under Secretary f Defense fr Acquisitin, Technlgy, and Lgistics, will assess and update specific infrmatin system security cntrls that underpin the DFARs fr defense cntractrs within the NIST and DFARS standards. 23

32 T h e D e p a r t m e n t f D e f e n s e C y b e r S t r a t e g y T safeguard critical prgrams and technlgies DD will wrk with cmpanies t develp alert capabilities and build layered cyber defenses. Finally, the Defense Cyber Crime Center, the Principal Cyber Advisr t the Secretary f Defense, and the Office f the Under Secretary f Defense fr Acquisitin, Technlgy, and Lgistics will cllabrate with the Services' Damage Assessment Management Offices t streamline risk and damage assessment prcesses t better infrm decisins t maintain, mdify, r cancel penetrated prgrams. Use DD cunterintelligence capabilities t defend against intrusins. The Military Departments and the Under Secretary f Defense fr Intelligence, in cnsultatin with the Principal Cyber Advisr, will develp a strategy fr the Secretary f Defense s apprval that maximizes the capabilities and authrities f the military departments cunterintelligence agencies t identify, attribute, and defend against cyber intruders. Cunterintelligence authrities are uniquely psitined t imprve ur insight int and frustrate and defeat cyber espinage. The strategy will specify hw DD s cunterintelligence agencies will cllabrate mre effectively with the brader U.S. intelligence and law enfrcement cmmunities n investigatins and human and technical peratins t thwart cyber-enabled intellectual prperty theft against the United States and its allies and partners. Supprt whle-f-gvernment plicies and capabilities t cunter intellectual prperty theft. The Defense Department will cntinue t wrk with ther agencies f the U.S. gvernment t cunter the threat psed by intellectual prperty theft thrugh cyberspace. STRATEGIC GOAL III: BE PREPARED TO DEFEND THE U.S. HOMELAND AND U.S. VITAL INTERESTS FROM DISRUPTIVE OR DESTRUCTIVE CYBERATTACKS OF SIGNIFICANT CONSEQUENCE. Cntinue t develp intelligence and warning capabilities t anticipate threats. T defend the natin against cyberattacks f significant cnsequence, DD will wrk with the brader intelligence cmmunity t develp intelligence capabilities abut adversary activities and prepare t disrupt cyberattacks befre they can impact the U.S. hmeland and U.S. interests. T meet cmbatant cmmand cntingency requirements, DD will expand its intelligence f key adversary human and technical netwrks. T perate effectively in cyberspace DD requires cyber intelligence and warning and shared situatinal awareness thrugh all phases f a ptential peratin. All intelligence cllectin will fllw the law and guidance utlined in executive rders. Develp and exercise capabilities t defend the natin. The Natinal Missin Frce and ther relevant DD cmpnents will train and partner with key interagency rganizatins 24

33 T h e D e p a r t m e n t f D e f e n s e C y b e r S t r a t e g y t prepare t cnduct cyber peratins t defend the natin frm cyberattacks f significant cnsequence. In additin, DD will practice emergency prcedures thrugh regular exercises at all levels f the Department and supprt interagency exercises t practice emergency and deliberate cyber actin prcedures. Build partnerships t defend the natin. DD will have a framewrk in place t cperate with ther gvernment agencies t cnduct defend the natin peratins. DD will wrk with FBI, CIA, DHS and ther agencies t build relatinships and integrate capabilities t prvide the President with the widest range f ptins available t respnd t a cyberattack f significant cnsequence t the United States. Cnduct an annual cmprehensive review f DD s defend the natin capabilities. The Defense Department s requirements and capabilities fr its missin t defend the natin against cyberattacks f significant cnsequence The Defense Advanced Research Prjects Agency (DARPA) Plan X prgram is a fundatinal cyber warfare prgram that is develping platfrms fr the Defense Department. DARPA uses advanced tuch-table displays t use finger gestures and mtins t advance the state f the art in cyber peratins. (Pht curtesy f DARPA) will evlve ver time. On an annual basis, DD will cnduct an in-depth review f the capabilities available and required fr the missin. As a part f this review, DD will validate new requirements and identify gaps and initiatives t pursue. Develp innvative appraches t defending U.S. critical infrastructure. DD will wrk with DHS t imprve the Enhanced Cybersecurity Services prgram and encurage additinal critical infrastructure entities t participate, with a particular emphasis n increasing the number f defense critical infrastructure participants. Develp autmated infrmatin sharing tls. T imprve shared situatinal awareness DD will partner with DHS and ther agencies t develp cntinuus, autmated, standardized mechanisms fr sharing infrmatin with each f its critical partners in the U.S. gvernment, key allied and partner militaries, state and lcal gvernments, and the private sectr. In additin, DD will wrk with ther U.S. gvernment agencies and Cngress t supprt legislatin that enables infrmatin sharing between the U.S. gvernment and the private sectr. Assess DD s cyber deterrence psture and strategy. Building ff f the Defense Science Bard s Task Frce n Cyber Deterrence, U.S. Strategic Cmmand (USSTRATCOM), in crdinatin with the Jint Staff and the Office f the Secretary f Defense, will assess the Department f Defense s ability t deter specific state and nn-state actrs frm cnducting cyberattacks f significant cnsequence n the U.S. hmeland and against U.S. interests, t 25

34 T h e D e p a r t m e n t f D e f e n s e C y b e r S t r a t e g y include lss f life, significant destructin f prperty, r significant impact n U.S. freign and ecnmic plicy interests. In cnducting its analysis, USSTRATCOM must determine whether DD is building the capabilities required fr attributing and deterring key threats frm cnducting such attacks and recmmend specific actins that DD can take t imprve its cyber deterrence psture. Careful attentin shuld be devted als t deterring nn-state actrs that may fall utside f traditinal deterrence framewrks but which culd pse a cnsiderable threat t U.S. interests. STRATEGIC GOAL IV: BUILD AND MAINTAIN VIABLE CYBER OPTIONS AND PLAN TO USE THOSE OPTIONS TO CONTROL CONFLICT ESCALATION AND TO SHAPE THE CONFLICT ENVIRONMENT AT ALL STAGES. Integrate cyber ptins int plans. T meet strategic end-states as defined by the Guidance fr the Emplyment f the Frce, cmbatant cmmand plans, and ther strategic guidance dcuments, DD will wrk with agencies f the U.S. gvernment as well as U.S. allies and partners t integrate cyber ptins int cmbatant cmmand planning. Accelerate the integratin f cyber requirements int plans. The Defense Department will accelerate the integratin f cyber requirements int cmbatant cmmand plans. Plans must utline and define specific cyberspace effects against targets. T facilitate this wrk, the Jint Staff will wrk with USSTRATCOM t synchrnize and integrate requirements int planning and prvide recmmendatins t the Chairman f the Jint Chiefs f Staff n the alignment, allcatin, assignment, and apprtinment f Cyber Missin Frces. STRATEGIC GOAL V: BUILD AND MAINTAIN ROBUST INTERNATIONAL ALLIANCES AND PARTNERSHIPS TO DETER SHARED THREATS AND INCREASE INTERNATIONAL SECURITY AND STABILITY. Build partner capacity in key regins. Under its existing and planned frce structure, DD will wrk with key allies and partners t build partner capacity and help secure the critical infrastructure and key resurces n which DD missins and U.S. interests depend. The Defense Department will wrk regularly with ther agencies f the U.S. gvernment, t include the Department f State, in building partner capacity. Pririty regins include the Middle East, Asia-Pacific, and Eurpe. Supprt the hardening and resiliency f Middle Eastern allies and partners netwrks and systems. As a part f its cyber dialgue and partnerships, DD will wrk with key Middle Eastern allies and partners t imprve their ability t secure their military netwrks as well as the critical infrastructure and key resurces upn which U.S. interests depend. Key initiatives include imprved infrmatin sharing t establish a 26

35 T h e D e p a r t m e n t f D e f e n s e C y b e r S t r a t e g y unified understanding f the cyber threat, an assessment f ur mutual cyber defense psture, and cllabrative appraches t building cyber expertise. Supprt the hardening and resiliency f Nrtheast Asian allies netwrks and systems. As a part f its brader cyber dialgue with Asian allies, DD will wrk with key allies and partners t imprve their ability t secure their military netwrks and critical infrastructure and key resurces upn which U.S. and allied interests depend. Build new strategic partnerships in the Asia-Pacific regin. The Defense Department will wrk with key states acrss the Asia-Pacific t build cyber capacity and minimize risk t U.S. and allied interests, in a manner cnsistent with DD s Internatinal Cyberspace Security Cperatin Guidance. U.S. Navy Seaman Katelynn L. Ehrs discusses netwrk and cmmunicatin training with Ryal Thai Navy sailrs during a Cperatin Aflat Readiness and Training military peratins sympsium in Sattahip, Thailand, in (Pht by Petty Officer 2nd Class David A. Brandenburg, U.S. Navy.) Wrk with key NATO allies t mitigate cyber risks t DD and U.S. natinal interests. The Defense Department will develp these partnerships thrugh the defense cnsultatins that DD hlds with its key NATO allies. DD will remain flexible and agile as it builds alliances and partnerships t best respnd t shifts in the strategic envirnment. Develp slutins t cunter the prliferatin f destructive malware. State and nn-state actrs seek t acquire destructive malware. The uncntrlled spread f destructive malware t hstile actrs presents a significant risk t the internatinal system. Wrking with the Department f State and ther agencies f the U.S. gvernment as well as U.S. allies and partners, the Defense Department will draw n best-practices t cunter the prliferatin f destructive malware within the internatinal system. In additin t internatinal regimes and best-practices, the U.S. gvernment has a range f dmestic exprt cntrl regimes fr gverning dual-use technlgies that can be used t prevent prliferatin. Wrk with capable internatinal partners t plan and train fr cyber peratins. Thrughut the curse f this strategy, DD will strengthen its internatinal alliances and partnerships t develp cmbined capabilities t achieve cyber effects in supprt f cmbatant cmmand plans. 27

36 T h e D e p a r t m e n t f D e f e n s e C y b e r S t r a t e g y Strengthen the United States cyber dialgue with China t enhance strategic stability. Thrugh the curse f this strategy, as part f the U.S.-China Defense Cnsultative Talks and related dialgues, such as the Cyber Wrking Grup, DD will cntinue t hld discussins with China t bring greater understanding and transparency f each natin s military dctrine, plicy, rles and missins in cyberspace. The gal f this wrk is t reduce the risks f misperceptin and miscalculatin that culd cntribute t escalatin and instability. DD will supprt U.S. gvernment effrts t strengthen cnfidence-building measures t bring a greater level f trust t the U.S.-China relatinship. In additin, DD will cntinue t raise cncerns abut China s cyber enabled theft f U.S. intellectual prperty, trade secrets, and cnfidential business infrmatin. 1 1 If and when U.S.-Russia military relatins resume, as a part f brader interagency effrts DD will seek t develp a military-t-military cyber dialgue with Russia t fster strategic stability in cyberspace. 28

37 T h e D e p a r t m e n t f D e f e n s e C y b e r S t r a t e g y V. MANAGING THE STRATEGY T achieve the gals and bjectives utlined in this strategy will require hard chices regarding cyber frces and persnnel, rganizatins, and capabilities. The financial chices that DD makes in the curse f implementing this strategy will have natinal and glbal implicatins fr years t cme, and DD must perate in an effective and cst-efficient manner t guarantee the best return n its investments. T that end, DD will pursue the fllwing management bjectives t gvern its cyber activities and missins. Establish the Office f the Principal Cyber Advisr t the Secretary f Defense. In the Natinal Defense Authrizatin Act (NDAA) f 2014, Cngress required the Defense Department t designate a Principal Cyber Advisr t the Secretary f Defense t review military cyberspace activities, cyber missin frces, and ffensive and defensive cyber peratins and missins. In additin, the Principal Cyber Advisr will gvern the develpment f DD cyberspace plicy and strategy fr the DD enterprise. The 2014 NDAA als stipulated that this Principal Cyber Advisr integrate the cyber expertise and perspectives f key rganizatins t build an intradepartmental team f key players t ensure effective gvernance f cyber issues within DD. The Principal Cyber Advisr respnsibilities assigned by the FY14 NDAA shall nt be interpreted t affect the existing respnsibilities and authrities f the Under Secretary f Defense fr Acquisitin, Technlgy, and Lgistics; the Under Secretary f Defense fr Plicy; the Under Secretary f Defense fr Intelligence; the Under Secretary f Defense fr Persnnel and Readiness; r any ther Principal Staff Assistant (PSA) in the ffice f the Secretary f Defense in cyber-related respnsibilities and authrities. An intradepartmental team. The Principal Cyber Advisr will wrk with DD cmpnents thrugh the Cyber Investment and Management Bard (CIMB) t review DD s cyber management. The CIMB will be a frum fr synchrnizatin, crdinatin, and prject management. It will nt replicate existing prgrammatic and budgetary mechanisms r interfere with previusly defined Principal Staff Assistant rles and authrities, nr will it interfere in any way with the military chain f cmmand; rather, it will prvide a single frum t integrate cyber initiatives, it will manage prjects thrugh 29

38 T h e D e p a r t m e n t f D e f e n s e C y b e r S t r a t e g y cmpletin, and streamline DD s cyber gvernance structures. The PCA will wrk with the Office f the Under Secretary f Defense fr Acquisitin, Technlgy, and Lgistics and the Jint Staff t build an intradepartmental team f DD representatives t supprt the CIMB in this wrk. A senir executive frum. Subrdinate and reprting t the CIMB, a senir executive frum will prvide initial senir-level crdinatin n key cyber issues. The senir executive frum will recmmend curses f actin t the CIMB and will crdinate with ther OSD and Jint Staff gvernance bdies t facilitate unity f effrt and reslve management issues at apprpriate levels. If and when a budgetary r financial matter cmes int play during the Prgram and Budget Review prcess, the Principal Cyber Advisr will use the senir executive frum and the CIMB t crdinate recmmendatins fr the Deputy s Management Actin Grup r ther financial and budgetary rganizatins, vetting ptins and alternatives thrugh the issue teams as apprpriate. Imprve cyber budgetary management. DD will develp an agreed-upn methd t mre transparently and effectively manage the DD cyber peratins budget. Tday cyber funding is spread acrss the DD budget, t include the Military Intelligence Prgram (MIP), in multiple apprpriatins, budget lines, prgram elements, and prjects. In additin, the Under Secretary f Defense fr Intelligence, n behalf f DD, ensures that all Natinal Intelligence Prgram (NIP) investments are aligned t supprt DD missins. The diffuse nature f the DD cyber budget presents DD with a challenge fr effective budgetary management; DD must develp a new methd fr managing crss-prgram funding t imprve missin effectiveness and achieve management efficiencies. Sailrs cnduct an exercise at Fleet Cyber Cmmand's headquarters in the Frank B. Rwlett Building, Frt Gerge G. Meade, MD. This exercise features members f Fleet Cyber Cmmand's Jint Frce Headquarters-Cyber (JFHQ-C). Develp DD s cyber peratins and cybersecurity plicy framewrk. Cnsistent with Presidential guidance, DD will align and simplify its cyber peratins and cybersecurity plicy management and identified gaps, verlaps, seams, cnflicts, and areas in need f revisin in current dcumentatin. This effrt will help translate natinal and departmental guidance and plicy int tactical peratins. It is essential t clarifying cnflicts in existing dcumentatin that currently cmplicate cyber peratins and cybersecurity gvernance. Cnduct an end-t-end assessment f DD s cyber capabilities. U.S. Cyber Cmmand will lead a cmprehensive peratinal assessment f its psture. In crdinatin with the Principal Cyber Advisr t the Secretary f Defense, the Office f the Under Secretary f Defense fr Acquisitin, Technlgy, and Lgistics, and the Office f the Directr f Cast Assessment and Prgram Evaluatin, USCYBERCOM will prvide shrt- and lng-term recmmendatins thrugh the CIMB t prvide t the Secretary f 30

39 T h e D e p a r t m e n t f D e f e n s e C y b e r S t r a t e g y Defense regarding rganizatinal structure, cmmand and cntrl mechanism, rules f engagement, persnnel, capabilities, tls, and ptential peratinal gaps. The gal f this psture assessment will be t prvide a clear understanding f the future peratinal envirnment; key stakehlder views; as well as strategic pririties, chices, and resurces fr planning and peratins. 31

40 T h e D e p a r t m e n t f D e f e n s e C y b e r S t r a t e g y THIS PAGE LEFT INTENTIONALLY BLANK 32

41 T h e D e p a r t m e n t f D e f e n s e C y b e r S t r a t e g y CONCLUSION We live in a time f grwing cyber threats t U.S. interests. State and nn-state actrs threaten disruptive and destructive attacks against the United States and cnduct cyber-enabled theft f intellectual prperty t undercut the United States technlgical and military advantage. We are vulnerable in cyberspace, and the scale f the cyber threat requires urgent actin by leaders and rganizatins acrss the gvernment and the private sectr. Since develping its first cyber strategy in 2011, the Defense Department has made significant prgress in building its cyber capabilities, develping its rganizatins and plans, and fstering the partnerships necessary t defend the cuntry and its interests. Mre must be dne. Stemming frm the gals and bjectives utlined in this strategy, apprpriate resurces must be aligned and managed t ensure prgress. This strategy presents an aggressive, specific plan fr achieving change. Fr DD t succeed in its missin f defending the United States and its interests in cyberspace, leaders frm acrss the Department must take actin t achieve the bjectives utlined in this dcument. They must als hld their rganizatins accuntable. Because f the nature f netwrks and cmputer cde, n single rganizatin can be relied upn t d this wrk. Success requires clse cllabratin acrss DD, between agencies f the U.S. gvernment, with the private sectr, and with U.S. allies and partners. The strategic envirnment can change quickly. That is especially true in cyberspace. We must be dynamic, flexible, and agile in this wrk. We must anticipate emerging threats, identify new capabilities t build, and determine hw t enhance ur partnerships and planning. As always, ur wmen and men bth unifrmed and civilian persnnel will be ur greatest and mst enduring strength and a cnstant surce f inspiratin. By wrking tgether we will help prtect and defend the United States and its interests in the digital age. 33

FACT SHEET: THE DEPARTMENT OF DEFENSE (DOD) CYBER STRATEGY

FACT SHEET: THE DEPARTMENT OF DEFENSE (DOD) CYBER STRATEGY FACT SHEET: THE DEPARTMENT OF DEFENSE (DOD) CYBER STRATEGY APRIL 2015 An engine f innvatin and cmmunicatin, the Internet cnnects billins f peple, helps deliver gds and services glbally, and brings ideas

More information

MANITOBA SECURITIES COMMISSION STRATEGIC PLAN 2013-2016

MANITOBA SECURITIES COMMISSION STRATEGIC PLAN 2013-2016 MANITOBA SECURITIES COMMISSION STRATEGIC PLAN 2013-2016 The Manitba Securities Cmmissin (the Cmmissin) is a divisin f the Manitba Financial Services Agency (MFSA). The ther divisin is the Financial Institutins

More information

Chapter 7 Business Continuity and Risk Management

Chapter 7 Business Continuity and Risk Management Chapter 7 Business Cntinuity and Risk Management Sectin 01 Business Cntinuity Management 070101 Initiating the Business Cntinuity Plan (BCP) Purpse: T establish the apprpriate level f business cntinuity

More information

Professional Leaders/Specialists

Professional Leaders/Specialists Psitin Prfile Psitin Lcatin Reprting t Jb family Band BI/Infrmatin Manager Wellingtn Prfessinal Leaders/Specialists Band I Date February 2013 1. POSITION PURPOSE The purpse f this psitin is t: Lead and

More information

Change Management Process

Change Management Process Change Management Prcess B1.10 Change Management Prcess 1. Intrductin This plicy utlines [Yur Cmpany] s apprach t managing change within the rganisatin. All changes in strategy, activities and prcesses

More information

CMS Eligibility Requirements Checklist for MSSP ACO Participation

CMS Eligibility Requirements Checklist for MSSP ACO Participation ATTACHMENT 1 CMS Eligibility Requirements Checklist fr MSSP ACO Participatin 1. General Eligibility Requirements ACO participants wrk tgether t manage and crdinate care fr Medicare fee-fr-service beneficiaries.

More information

CASSOWARY COAST REGIONAL COUNCIL POLICY ENTERPRISE RISK MANAGEMENT

CASSOWARY COAST REGIONAL COUNCIL POLICY ENTERPRISE RISK MANAGEMENT CASSOWARY COAST REGIONAL COUNCIL POLICY ENTERPRISE RISK MANAGEMENT Plicy Number: 2.20 1. Authrity Lcal Gvernment Act 2009 Lcal Gvernment Regulatin 2012 AS/NZS ISO 31000-2009 Risk Management Principles

More information

POLICY 1390 Information Technology Continuity of Business Planning Issued: June 4, 2009 Revised: June 12, 2014

POLICY 1390 Information Technology Continuity of Business Planning Issued: June 4, 2009 Revised: June 12, 2014 State f Michigan POLICY 1390 Infrmatin Technlgy Cntinuity f Business Planning Issued: June 4, 2009 Revised: June 12, 2014 SUBJECT: APPLICATION: PURPOSE: CONTACT AGENCY: Plicy fr Infrmatin Technlgy (IT)

More information

UNITED STATES OF AMERICA FEDERAL ENERGY REGULATORY COMMISSION. Statement of Thomas F. O Brien. Vice President & Chief Information Officer

UNITED STATES OF AMERICA FEDERAL ENERGY REGULATORY COMMISSION. Statement of Thomas F. O Brien. Vice President & Chief Information Officer UNITED STATES OF AMERICA FEDERAL ENERGY REGULATORY COMMISSION Revised Critical Infrastructure Prtectin Reliability Standards Dcket N. RM15-14-000 Statement f Thmas F. O Brien Vice President & Chief Infrmatin

More information

GUIDELINE INFORMATION MANAGEMENT (IM) PROGRAM PLAN

GUIDELINE INFORMATION MANAGEMENT (IM) PROGRAM PLAN Gvernment f Newfundland and Labradr Office f the Chief Infrmatin Officer Infrmatin Management Branch GUIDELINE INFORMATION MANAGEMENT (IM) PROGRAM PLAN Guideline (Definitin): OCIO Guidelines derive frm

More information

Avaya Business Continuity Plan Overview

Avaya Business Continuity Plan Overview Avaya Business Cntinuity Plan Overview 1 Crprate Business Cntinuity Prgram Mdel at Avaya At Avaya the versight f the Business Cntinuity Prgram belngs t the Crprate Business Cntinuity Management Team. This

More information

Internal Audit Charter and operating standards

Internal Audit Charter and operating standards Internal Audit Charter and perating standards 2 1 verview This dcument sets ut the basis fr internal audit: (i) the Internal Audit charter, which establishes the framewrk fr Internal Audit; and (ii) hw

More information

Job Profile Data & Reporting Analyst (Grant Fund)

Job Profile Data & Reporting Analyst (Grant Fund) Jb Prfile Data & Reprting Analyst (Grant Fund) Directrate Lcatin Reprts t Hurs Finance Slihull Finance Directr Nminally 37 hurs but peratinally available at all times t meet Cmpany requirements Cntract

More information

PENETRATION TEST OF THE INDIAN HEALTH SERVICE S COMPUTER NETWORK

PENETRATION TEST OF THE INDIAN HEALTH SERVICE S COMPUTER NETWORK Department f Health and Human Services OFFICE OF INSPECTOR GENERAL PENETRATION TEST OF THE INDIAN HEALTH SERVICE S COMPUTER NETWORK Inquiries abut this reprt may be addressed t the Office f Public Affairs

More information

Maintain a balanced budget primarily the General & Park Funds

Maintain a balanced budget primarily the General & Park Funds EXHIBIT B City f Chic Budget Cntingency Plan P The purpse f the Budget Cntingency Plan is t establish a guideline and general apprach t respnd t adverse financial and ecnmic cnditins that culd negatively

More information

2008-2011 CSU STANISLAUS INFORMATION TECHNOLOGY PLAN SUMMARY

2008-2011 CSU STANISLAUS INFORMATION TECHNOLOGY PLAN SUMMARY 2008-2011 CSU STANISLAUS INFORMATION TECHNOLOGY PLAN SUMMARY OFFICE OF INFORMATION TECHNOLOGY AUGUST 2008 Executive Summary The mst recent CSU Stanislaus infrmatin technlgy (IT) plan was issued in 2003.

More information

The Allstate Foundation Domestic Violence Program 2015 Moving Ahead Financial Empowerment Grant

The Allstate Foundation Domestic Violence Program 2015 Moving Ahead Financial Empowerment Grant The Allstate Fundatin Dmestic Vilence Prgram 2015 Mving Ahead Financial Empwerment Grant Due Date: September 1, 2015 Online applicatin: https://www.grantrequest.cm/sid_1010?sa=sna&fid=35296 The Allstate

More information

Personal Data Security Breach Management Policy

Personal Data Security Breach Management Policy Persnal Data Security Breach Management Plicy 1.0 Purpse The Data Prtectin Acts 1988 and 2003 impse bligatins n data cntrllers in Western Care Assciatin t prcess persnal data entrusted t them in a manner

More information

High Level Meeting on National Drought Policy (HMNDP) CICG, Geneva 11-15 March 2013

High Level Meeting on National Drought Policy (HMNDP) CICG, Geneva 11-15 March 2013 High Level Meeting n Natinal Drught Plicy (HMNDP) CICG, Geneva 11-15 March 2013 Plicy Dcument: Natinal Drught Management Plicy United Natins Cnventin t Cmbat Desertificatin (UNCCD) Fd and Agriculture Organizatin

More information

Version: Modified By: Date: Approved By: Date: 1.0 Michael Hawkins October 29, 2013 Dan Bowden November 2013

Version: Modified By: Date: Approved By: Date: 1.0 Michael Hawkins October 29, 2013 Dan Bowden November 2013 Versin: Mdified By: Date: Apprved By: Date: 1.0 Michael Hawkins Octber 29, 2013 Dan Bwden Nvember 2013 Rule 4-004J Payment Card Industry (PCI) Patch Management (prpsed) 01.1 Purpse The purpse f the Patch

More information

Risk Management Policy AGL Energy Limited

Risk Management Policy AGL Energy Limited Risk Management Plicy AGL Energy Limited AUGUST 2014 Table f Cntents 1. Abut this Dcument... 2 2. Plicy Statement... 2 3. Purpse... 2 4. AGL Risk Cntext... 3 5. Scpe... 3 6. Objectives... 3 7. Accuntabilities...

More information

Key Steps for Organizations in Responding to Privacy Breaches

Key Steps for Organizations in Responding to Privacy Breaches Key Steps fr Organizatins in Respnding t Privacy Breaches Purpse The purpse f this dcument is t prvide guidance t private sectr rganizatins, bth small and large, when a privacy breach ccurs. Organizatins

More information

ENTERPRISE RISK MANAGEMENT ENTERPRISE RISK MANAGEMENT POLICY

ENTERPRISE RISK MANAGEMENT ENTERPRISE RISK MANAGEMENT POLICY ENTERPRISE RISK MANAGEMENT POLICY Plicy N. 10014 Review Date Octber 1, 2014 Effective Date March 1, 2014 Crss- Respnsibility Vice President, Reference Administratin Apprver Executive Cuncil 1. 1. Plicy

More information

CTF-ENDORSED NF CLINICS: PRINCIPLES OF OPERATION

CTF-ENDORSED NF CLINICS: PRINCIPLES OF OPERATION Pilt Guidelines 2006 CTF-ENDORSED NF CLINICS: PRINCIPLES OF OPERATION Backgrund Children s Tumr Fundatin supprts research directed tward finding treatments fr neurfibrmatsis (NF) as well as effrts fcused

More information

Session 9 : Information Security and Risk

Session 9 : Information Security and Risk INFORMATION STRATEGY Sessin 9 : Infrmatin Security and Risk Tharaka Tennekn B.Sc (Hns) Cmputing, MBA (PIM - USJ) POST GRADUATE DIPLOMA IN BUSINESS AND FINANCE 2014 Infrmatin Management Framewrk 2 Infrmatin

More information

Florida Healthcare Coalition Task Force Healthcare Coalition Requirements

Florida Healthcare Coalition Task Force Healthcare Coalition Requirements Flrida Healthcare Calitin Task Frce Healthcare Calitin Requirements HEALTHCARE COALITION REQUIREMENTS The fllwing is a list f requirements fr healthcare calitins (HCC) t cmplete if participating in grant

More information

Solution. Industry. Challenges. Client Case Study. Legacy Systems too Costly to Maintain. Supply Chain Advantage. Delivered.

Solution. Industry. Challenges. Client Case Study. Legacy Systems too Costly to Maintain. Supply Chain Advantage. Delivered. Supply Chain Advantage. Delivered. Client Case Study MEBC Supprts the Federal Aviatin Administratin Manage Prject Risk during Majr ERP Implementatin thrugh Independent Verificatin and Validatin (IV&V)

More information

Research Report. Abstract: The Emerging Intersection Between Big Data and Security Analytics. November 2012

Research Report. Abstract: The Emerging Intersection Between Big Data and Security Analytics. November 2012 Research Reprt Abstract: The Emerging Intersectin Between Big Data and Security Analytics By Jn Oltsik, Senir Principal Analyst With Jennifer Gahm Nvember 2012 2012 by The Enterprise Strategy Grup, Inc.

More information

Security Services. Service Description Version 1.00. Effective Date: 07/01/2012. Purpose. Overview

Security Services. Service Description Version 1.00. Effective Date: 07/01/2012. Purpose. Overview Security Services Service Descriptin Versin 1.00 Effective Date: 07/01/2012 Purpse This Enterprise Service Descriptin is applicable t Security Services ffered by the MN.IT Services and described in the

More information

Health Stream Portfolio (e.g. Mental health, drug & alcohol) and Contract of Employment

Health Stream Portfolio (e.g. Mental health, drug & alcohol) and Contract of Employment Psitin Descriptin Psitin Agency Reprts t Terms and Cnditins f Emplyment Classificatin/ Salary Stream Length f Psitin Lcatin Health Stream Lead Health Stream Prtfli (e.g. Mental health, drug & alchl) Primary

More information

1 Focus Area: Water & Urbanization

1 Focus Area: Water & Urbanization 1 Fcus Area: Water & Urbanizatin Water & Urbanizatin addresses Integrated Urban Water Management (IUWM), fld risk management in cities, climate change and urban areas, management f newly urbanized areas,

More information

Pilot Learning Group. Round Table Action Learning Session 1: Models of partnership working

Pilot Learning Group. Round Table Action Learning Session 1: Models of partnership working Pilt Learning Grup Rund Table Actin Learning Sessin 1: Mdels f partnership wrking Intrductin The Academy fr Justice (AJC) pilt learning grup was established fllwing a requirement t develp Learning Grups

More information

Submission of the Canadian Association for Graduate Studies to the House of Commons Standing Committee on Finance on the 2015 Federal Budget

Submission of the Canadian Association for Graduate Studies to the House of Commons Standing Committee on Finance on the 2015 Federal Budget Submissin f the Canadian Assciatin fr Graduate Studies t the Huse f Cmmns Standing Cmmittee n Finance n the 2015 Federal Budget Summary The Canadian Assciatin fr Graduate Studies (CAGS) thanks the Huse

More information

Version Date Comments / Changes 1.0 January 2015 Initial Policy Released

Version Date Comments / Changes 1.0 January 2015 Initial Policy Released Page 1 f 6 Vice President, Infrmatics and Transfrmatin Supprt APPROVED (S) REVISED / REVIEWED SUMMARY Versin Date Cmments / Changes 1.0 Initial Plicy Released INTENT / PURPOSE The Infrmatin and Data Gvernance

More information

CAPITALISATION PLAN PLAN FOR CAPITALISATION OF PROJECT RESULTS

CAPITALISATION PLAN PLAN FOR CAPITALISATION OF PROJECT RESULTS CAPITALISATION PLAN PLAN FOR CAPITALISATION OF PROJECT RESULTS INTRODUCTION Easy Finance Capitalisatin Plan identifies the strategy t ensure explitatin and sustainability f the prject beynd prject s develpment

More information

Business Continuity Management Policy

Business Continuity Management Policy Business Cntinuity Management Plicy Versin: 1.0 Last Amendment: Apprved by: Library Cuncil f New Suth Wales Plicy wner/spnsr: Directr, Operatins and Chief Financial Officer Plicy Cntact Officer: Senir

More information

CO-OP/STUDENT INTERN: Standard Operating Procedure Manual

CO-OP/STUDENT INTERN: Standard Operating Procedure Manual CO-OP/STUDENT INTERN: Standard Operating Table f Cntents Purpse... 2 Cincinnati s Educatinal Histry... 2 Missin... 3 Cre Values f Prgram... 3 Scpe f Prgram... 3 Prgram Recruitment... 4 On-barding... 5

More information

Statewide Strategic Plan for Global Learning in Minnesota. Global Learning Advisory Board. 2013-2018 Five Year Plan

Statewide Strategic Plan for Global Learning in Minnesota. Global Learning Advisory Board. 2013-2018 Five Year Plan 1 Statewide Strategic Plan fr Glbal Learning in Minnesta Glbal Learning Advisry Bard 2013-2018 Five Year Plan Ratinale Students in Minnesta are grwing up in cmmunities that reflect the cultures f the wrld.

More information

Army DCIPS Employee Self-Report of Accomplishments Overview Revised July 2012

Army DCIPS Employee Self-Report of Accomplishments Overview Revised July 2012 Army DCIPS Emplyee Self-Reprt f Accmplishments Overview Revised July 2012 Table f Cntents Self-Reprt f Accmplishments Overview... 3 Understanding the Emplyee Self-Reprt f Accmplishments... 3 Thinking Abut

More information

EJttilb Health. The University of Texas Medical Branch Audit Services. Audit Report. Epic In-Basket Management Audit. Engagement Number 2015-008

EJttilb Health. The University of Texas Medical Branch Audit Services. Audit Report. Epic In-Basket Management Audit. Engagement Number 2015-008 ',. -... : t'f" ' EJttilb Health The University f Texas Medical Branch Audit Reprt Audit Engagement Number 2015-008 July 2015 nie University f Texas Medical Branch 301 University Bulevard, Suite 4.100

More information

POSITION DESCRIPTION. Classification Higher Education Worker, Level 7. Responsible to. I.T Manager. The Position

POSITION DESCRIPTION. Classification Higher Education Worker, Level 7. Responsible to. I.T Manager. The Position Psitin Title I.T Prject Officer Classificatin Higher Educatin Wrker, Level 7 Respnsible t The Psitin I.T Manager The psitin assists with the cmpletin f varius IT prjects intended t enable the nging administratin

More information

Oakland Unified School District Impact Assessment Performance Management in Action

Oakland Unified School District Impact Assessment Performance Management in Action Oakland Unified Schl District Impact Assessment Perfrmance Management in Actin The perfrmance management system that has been built in this district prvides the systems that supprt ur cmmitment t scial

More information

Creating an Ethical Culture and Protecting Your Bottom Line:

Creating an Ethical Culture and Protecting Your Bottom Line: Creating an Ethical Culture and Prtecting Yur Bttm Line: Best Practices fr Crprate Cdes f Cnduct Nte: The infrmatin belw and all infrmatin n this website is nt meant t be taken as legal advice. Please

More information

INFRASTRUCTURE TECHNICAL LEAD

INFRASTRUCTURE TECHNICAL LEAD 1. PURPOSE OF POSITION This psitin is respnsible fr the delivery f peratinal supprt and maintenance f the TDHB IT infrastructure envirnment. This rle is als pivtal in the develpment and delivery f infrastructure

More information

POSITION NUMBER: LOCATION: Vancouver. DATE: February 2009

POSITION NUMBER: LOCATION: Vancouver. DATE: February 2009 POSITION TITLE: Team Lead Service Centre DIVISION/BRANCH: IS/IT CURRENT CLASSIFICATION LEVEL: IS27 SUPERVISOR S POSITION NUMBER POSITION NUMBER: LOCATION: Vancuver DATE: February 2009 SUPERVISOR S TITLE/CLASSIFICATION:

More information

Cyber Security Legislation Privacy Protections are Substantially Similar

Cyber Security Legislation Privacy Protections are Substantially Similar Cyber Security Legislatin Privacy Prtectins are Substantially Similar By Rb Strayer and David Beardwd The fur mst prminent cyber security legislative prpsals the Obama administratin s legislative text;

More information

A National CERT what can it do for you?

A National CERT what can it do for you? A Natinal CERT what can it d fr yu? Ian M Dwdeswell Qatar Cmputer Emergency Respnse Team (Q-CERT) 2 Presentatin Overview Wh we are What we d What we can d fr yu Questins 3 What is Q-CERT? The natinal cmputer

More information

HIPAA HITECH ACT Compliance, Review and Training Services

HIPAA HITECH ACT Compliance, Review and Training Services Cmpliance, Review and Training Services Risk Assessment and Risk Mitigatin: The first and mst imprtant step is t undertake a hlistic risk assessment that examines the risks and cntrls related t fur critical

More information

IT Planning and Organizational Applications CRM and Integrated Solutions

IT Planning and Organizational Applications CRM and Integrated Solutions Dr Sherif Kamel Department f Management Schl f Business, Ecnmics and Cmmunicatin IT Planning and Organizatinal Applicatins CRM and Integrated Slutins Outline Functinal Infrmatin Systems The Value Chain

More information

University of Texas at Dallas Policy for Accepting Credit Card and Electronic Payments

University of Texas at Dallas Policy for Accepting Credit Card and Electronic Payments University f Texas at Dallas Plicy fr Accepting Credit Card and Electrnic Payments Cntents: Purpse Applicability Plicy Statement Respnsibilities f a Merchant Department Prcess t Becme a Merchant Department

More information

THE CITY UNIVERSITY OF NEW YORK IDENTITY THEFT PREVENTION PROGRAM

THE CITY UNIVERSITY OF NEW YORK IDENTITY THEFT PREVENTION PROGRAM THE CITY UNIVERSITY OF NEW YORK IDENTITY THEFT PREVENTION PROGRAM 1. Prgram Adptin The City University f New Yrk (the "University") develped this Identity Theft Preventin Prgram (the "Prgram") pursuant

More information

Represent New College Stamford at both national and regional events and serve on appropriate external committees.

Represent New College Stamford at both national and regional events and serve on appropriate external committees. JOB DESCRIPTION Pst: Reprts t: Respnsible fr: Executive Directr Partnerships & Skills Principal and Chief Executive Apprenticeship Develpment Manager Head f Marketing Business Sales Team Salary: Attractive

More information

Delaware Performance Appraisal System

Delaware Performance Appraisal System Delaware Perfrmance Appraisal System Building greater skills and knwledge fr educatrs DPAS-II Guide fr Administratrs (District Administratrs) Supervisr Rubric fr Evaluating District Administratrs Updated

More information

The Importance Advanced Data Collection System Maintenance. Berry Drijsen Global Service Business Manager. knowledge to shape your future

The Importance Advanced Data Collection System Maintenance. Berry Drijsen Global Service Business Manager. knowledge to shape your future The Imprtance Advanced Data Cllectin System Maintenance Berry Drijsen Glbal Service Business Manager WHITE PAPER knwledge t shape yur future The Imprtance Advanced Data Cllectin System Maintenance Cntents

More information

Copernicus & Big Data: A Perspective from the European EO Services Industry. Geoff Sawyer: EARSC Secretary General

Copernicus & Big Data: A Perspective from the European EO Services Industry. Geoff Sawyer: EARSC Secretary General Cpernicus & Big Data: A Perspective frm the Eurpean EO Services Industry. Geff Sawyer: EARSC Secretary General What is EARSC? EARSC is a trade assciatin (NPO), funded in 1989, which represents cmpanies:

More information

Organization Design Specialist

Organization Design Specialist Organizatin Design Specialist Suthern Africa Regin BACKGROUND One f the key challenges t implementing the new strategic directin and especially the cmmitment t face the custmer (the child and the cmmunity)

More information

VCU Payment Card Policy

VCU Payment Card Policy VCU Payment Card Plicy Plicy Type: Administrative Respnsible Office: Treasury Services Initial Plicy Apprved: 12/05/2013 Current Revisin Apprved: 12/05/2013 Plicy Statement and Purpse The purpse f this

More information

UNIVERSITY OF CALIFORNIA MERCED PERFORMANCE MANAGEMENT GUIDELINES

UNIVERSITY OF CALIFORNIA MERCED PERFORMANCE MANAGEMENT GUIDELINES UNIVERSITY OF CALIFORNIA MERCED PERFORMANCE MANAGEMENT GUIDELINES REFERENCES AND RELATED POLICIES A. UC PPSM 2 -Definitin f Terms B. UC PPSM 12 -Nndiscriminatin in Emplyment C. UC PPSM 14 -Affirmative

More information

COPIES-F.Y.I., INC. Policies and Procedures Data Security Policy

COPIES-F.Y.I., INC. Policies and Procedures Data Security Policy COPIES-F.Y.I., INC. Plicies and Prcedures Data Security Plicy Page 2 f 7 Preamble Mst f Cpies FYI, Incrprated financial, administrative, research, and clinical systems are accessible thrugh the campus

More information

White Paper for Mobile Workforce Management and Monitoring Copyright 2014 by Patrol-IT Inc. www.patrol-it.com

White Paper for Mobile Workforce Management and Monitoring Copyright 2014 by Patrol-IT Inc. www.patrol-it.com White Paper fr Mbile Wrkfrce Management and Mnitring Cpyright 2014 by Patrl-IT Inc. www.patrl-it.cm White Paper fr Mbile Wrkfrce Management and Mnitring Cpyright 2014 by Patrl-IT Inc. www.patrl-it.cm 2

More information

The Whole of Government Approach: Models and Tools for EGOV Strategy & Alignment

The Whole of Government Approach: Models and Tools for EGOV Strategy & Alignment The Whle f Gvernment Apprach: Mdels and Tls fr EGOV & Alignment Adegbyega Oj (in cllabratin with T. Janwski and E. Estevez) United Natins University a@iist.unu.edu OVERVIEW 1. THE WG APPROACH 2. APPLICATION

More information

UNIVERSITY INCIDENT PLANNING COMMITTEE TERMS OF REFERENCE

UNIVERSITY INCIDENT PLANNING COMMITTEE TERMS OF REFERENCE 1. TITLE OF COMMITTEE UNIVERSITY INCIDENT PLANNING COMMITTEE University Incident Planning Cmmittee (IPC) 2. ESTABLISHMENT TERMS OF REFERENCE The University Incident Planning Cmmittee is established in

More information

WHITE PAPER. Vendor Managed Inventory (VMI) is Not Just for A Items

WHITE PAPER. Vendor Managed Inventory (VMI) is Not Just for A Items WHITE PAPER Vendr Managed Inventry (VMI) is Nt Just fr A Items Why it s Critical fr Plumbing Manufacturers t als Manage Whlesalers B & C Items Executive Summary Prven Results fr VMI-managed SKUs*: Stck-uts

More information

2008 BA Insurance Systems Pty Ltd

2008 BA Insurance Systems Pty Ltd 2008 BA Insurance Systems Pty Ltd BAIS have been delivering insurance systems since 1993. Over the last 15 years, technlgy has mved at breakneck speed. BAIS has flurished in this here tday, gne tmrrw sftware

More information

HEALTH INFORMATION EXCHANGE GRANTS CRITERIA

HEALTH INFORMATION EXCHANGE GRANTS CRITERIA 1 HEALTH INFORMATION EXCHANGE GRANTS CRITERIA INTRODUCTION On August, 20 th, the federal Office f the Natinal Crdinatr fr Health Infrmatin Technlgy (ONC) released an pprtunity fr states t apply fr between

More information

Data Protection Act Data security breach management

Data Protection Act Data security breach management Data Prtectin Act Data security breach management The seventh data prtectin principle requires that rganisatins prcessing persnal data take apprpriate measures against unauthrised r unlawful prcessing

More information

Now More Than Ever: The Heightened Need for Cybersecurity

Now More Than Ever: The Heightened Need for Cybersecurity Cybersecurity White Paper Nw Mre Than Ever: The Heightened Need fr Cybersecurity Cybersecurity is nt a ne-tuch, push-buttn, cure-all step t prtecting yur cmpany s data. It s a well-planned prcess that

More information

To: Ms. Connie Kendig Sponsored Programs & Grants Manager Internet Society Email: projects@isoc.org. Date: April 2011

To: Ms. Connie Kendig Sponsored Programs & Grants Manager Internet Society Email: projects@isoc.org. Date: April 2011 T: Ms. Cnnie Kendig Spnsred Prgrams & Grants Manager Internet Sciety Email: prjects@isc.rg Date: April 2011 Reprt: Wmen and Cybercrime: the dark side f ICTs Brief verview f the prject: While ICTs have

More information

Systems Load Testing Appendix

Systems Load Testing Appendix Systems Lad Testing Appendix 1 Overview As usage f the Blackbard Academic Suite grws and its availability requirements increase, many custmers lk t understand the capability f its infrastructure. As part

More information

Vulnerability Management:

Vulnerability Management: Vulnerability Management: Creating a Prcess fr Results Kyle Snavely Veris Grup, LLC Summary Organizatins increasingly rely n vulnerability scanning t identify risks and fllw up with remediatin f thse risks.

More information

NC3A SOA Techwatch Day Call for Presentations

NC3A SOA Techwatch Day Call for Presentations NC3A SOA Techwatch Day Call fr Presentatins 1 February 2012 Hsted at NATO C3 Agency, The Hague, The Netherlands By NC3A Chief Technlgy Office (CTO) David Burtn Chief Technlgy fficer Versin 1, 1 December

More information

Case Study Law Firm Profit and Growth LBMS Transforms a Major Law Firm s Market Expansion & Increased Profitability Vision into Reality

Case Study Law Firm Profit and Growth LBMS Transforms a Major Law Firm s Market Expansion & Increased Profitability Vision into Reality Case Study Law Firm Prfit and Grwth LBMS Transfrms a Majr Law Firm s Market Expansin & Increased Prfitability Visin int Reality Cpyright 2011 Elegrity Incrprated. All rights reserved. N part f this dcument

More information

ITIL Release Control & Validation (RCV) Certification Program - 5 Days

ITIL Release Control & Validation (RCV) Certification Program - 5 Days ITIL Release Cntrl & Validatin (RCV) Certificatin Prgram - 5 Days Prgram Overview ITIL is a set f best practices guidance that has becme a wrldwide-adpted framewrk fr Infrmatin Technlgy Services Management

More information

Job Classification Details Department Job Function Job Family Job Title Job Code Salary Level

Job Classification Details Department Job Function Job Family Job Title Job Code Salary Level Jb Classificatin Details Department Jb Functin Jb Family Jb Title Jb Cde Salary Level Chief Diversity Office Marketing, Cmmunicatins, & Outreach Cmmunicatin/Cnstituent Relatins Cmmunicatins Crdinatr PMP1

More information

Sources of Federal Government and Employee Information

Sources of Federal Government and Employee Information Inf Surce Surces f Federal Gvernment and Emplyee Infrmatin Ridley Terminals Inc. TABLE OF CONTENTS General Infrmatin Intrductin t Inf Surce Backgrund Respnsibilities Institutinal Functins, Prgram and Activities

More information

Privacy Policy. The Central Equity Group understands how highly people value the protection of their privacy.

Privacy Policy. The Central Equity Group understands how highly people value the protection of their privacy. Privacy Plicy The Central Equity Grup understands hw highly peple value the prtectin f their privacy. Fr that reasn, the Central Equity Grup takes particular care in dealing with any persnal and sensitive

More information

Enterprise Security Management CIS 259

Enterprise Security Management CIS 259 Enterprise Security Management CIS 259 Prerequisites CIS 175 Descriptin This curse is designed t cver the managerial aspects f cmputer security and risk management fr enterprises. The student will attain

More information

Information Governance and RIM Explained

Information Governance and RIM Explained Infrmatin Gvernance and RIM Explained Interactive Panel Discussin Clarifying the Definitins f Infrmatin Gvernance and RIM and hw they wrk tgether Daryl Dwns, CRM David Fleming, CRM, IGP, CIP Hward Ls,

More information

This report provides Members with an update on of the financial performance of the Corporation s managed IS service contract with Agilisys Ltd.

This report provides Members with an update on of the financial performance of the Corporation s managed IS service contract with Agilisys Ltd. Cmmittee: Date(s): Infrmatin Systems Sub Cmmittee 11 th March 2015 Subject: Agilisys Managed Service Financial Reprt Reprt f: Chamberlain Summary Public Fr Infrmatin This reprt prvides Members with an

More information

BRISTOL CITY COUNCIL ROLE AND EMPLOYEE PROFILE: Architect (Practitioner Level) Specific Role Data Architect

BRISTOL CITY COUNCIL ROLE AND EMPLOYEE PROFILE: Architect (Practitioner Level) Specific Role Data Architect BRISTOL CITY COUNCIL ROLE AND EMPLOYEE PROFILE: Architect (Practitiner Level) Specific Rle Data Architect Grade Directrate Managed by BG13 (TBC) Business Change Senir Infrmatin Systems & Technlgy Architect

More information

Duration of job. Context and environment: (e.g. dept description, region description, organogram)

Duration of job. Context and environment: (e.g. dept description, region description, organogram) Rle Prfile Jb Descriptin Jb Title Ref n: Prgramme Manager, Services fr Internatinal Educatin Marketing Directrate r Regin East Asia Department/Cuntry Indnesia Lcatin f pst Jakarta Pay Band G Reprts t Senir

More information

Gravesham Borough Council

Gravesham Borough Council Classificatin: Part 1 Public Key Decisin: Please specify - N Gravesham Brugh Cuncil Reprt t: Perfrmance and Administratin Cmmittee Date: 12 Nvember 2015 Reprting fficer: Subject: Crprate Perfrmance Manager

More information

SLDS Site Visit Report: Wisconsin May 30, 2012 2

SLDS Site Visit Report: Wisconsin May 30, 2012 2 INTRODUCTION The Statewide Lngitudinal Data Systems (SLDS) Grant Prgram cnducts site visits t its grantee states t assess prgress n SLDS grant-funded wrk, prvide technical assistance, and learn best practices.

More information

FY 2014 Senior Level (SL) and Scientific or Professional (ST) Performance Appraisal System Opening Guidance

FY 2014 Senior Level (SL) and Scientific or Professional (ST) Performance Appraisal System Opening Guidance Office f Executive Resurces Office f the Chief Human Capital Officer U.S. Department f Energy FY 2014 Senir Level (SL) and Scientific r Prfessinal (ST) Perfrmance Appraisal System Opening Guidance Table

More information

LINCOLNSHIRE POLICE Policy Document

LINCOLNSHIRE POLICE Policy Document LINCOLNSHIRE POLICE Plicy Dcument 1. POLICY IDENTIFICATION PAGE POLICY TITLE: ICT CHANGE & RELEASE MANAGEMENT POLICY POLICY REFERENCE NO: PD 186 POLICY OWNERSHIP: ACPO Cmmissining Officer: Prtfli / Business-area

More information

FACILITIES DESIGN & CONSTRUCTION OFFICE OF ENERGY MANAGEMENT UTILITY SERVICES, REPORT ON LONG-RANGE PLAN 2014

FACILITIES DESIGN & CONSTRUCTION OFFICE OF ENERGY MANAGEMENT UTILITY SERVICES, REPORT ON LONG-RANGE PLAN 2014 FACILITIES DESIGN & CONSTRUCTION OFFICE OF ENERGY MANAGEMENT UTILITY SERVICES, REPORT ON LONG-RANGE PLAN 2014 TABLE OF CONTENTS Intrductin......1 Descriptins f Current Cntract Gals and Strategies fr Lng

More information

Cross Agency Priority Goal Quarterly Progress Update

Cross Agency Priority Goal Quarterly Progress Update Crss Agency Pririty Gal Quarterly Prgress Update Shared Services Gal Leaders: Krysta Harden, Deputy Secretary, US Department f Agriculture; Dave Mader, Cntrller, Office f Federal Financial Management,

More information

Agenda. o Purpose of IT Assessment o Scope of IT Assessment o Deloitte Recommendations o IBM Discussions o Research Data Center o Open Season

Agenda. o Purpose of IT Assessment o Scope of IT Assessment o Deloitte Recommendations o IBM Discussions o Research Data Center o Open Season Agenda Purpse f IT Assessment Scpe f IT Assessment Delitte Recmmendatins IBM Discussins Research Data Center Open Seasn Purpse f IT Assessment Determine if IT resurces are being utilized efficiently and

More information

The actions discussed below in this Appendix assume that the firm has already taken three foundation steps:

The actions discussed below in this Appendix assume that the firm has already taken three foundation steps: MAKING YOUR MARK 6.1 Gd Practice This sectin presents an example f gd practice fr firms executing plans t enter the resurces sectr supply chain fr the first time, r fr thse firms already in the supply

More information

TOWARDS OF AN INFORMATION SERVICE TO EDUCATIONAL LEADERSHIPS: BUSINESS INTELLIGENCE AS ANALYTICAL ENGINE OF SERVICE

TOWARDS OF AN INFORMATION SERVICE TO EDUCATIONAL LEADERSHIPS: BUSINESS INTELLIGENCE AS ANALYTICAL ENGINE OF SERVICE TOWARDS OF AN INFORMATION SERVICE TO EDUCATIONAL LEADERSHIPS: BUSINESS INTELLIGENCE AS ANALYTICAL ENGINE OF SERVICE A N D R E I A F E R R E I R A, A N T Ó N I O C A S T R O, D E L F I N A S Á S O A R E

More information

HIPAA Compliance 101. Important Terms. Pittsburgh Computer Solutions 724-942-1337

HIPAA Compliance 101. Important Terms. Pittsburgh Computer Solutions 724-942-1337 HIPAA Cmpliance 101 Imprtant Terms Cvered Entities (CAs) The HIPAA Privacy Rule refers t three specific grups as cvered entities, including health plans, healthcare clearinghuses, and health care prviders

More information

Mobile Workforce. Improving Productivity, Improving Profitability

Mobile Workforce. Improving Productivity, Improving Profitability Mbile Wrkfrce Imprving Prductivity, Imprving Prfitability White Paper The Business Challenge Between increasing peratinal cst, staff turnver, budget cnstraints and pressure t deliver prducts and services

More information

Safety and Operational Risk Update. Mark Bly Executive Vice President, S &OR

Safety and Operational Risk Update. Mark Bly Executive Vice President, S &OR Safety and Operatinal Risk Update Mark Bly Executive Vice President, S &OR Prgress in safety and risk management Acting n lessns frm the Gulf f Mexic il spill Investment in integrity and capability Divisinal

More information

FINANCIAL SERVICES FLASH REPORT

FINANCIAL SERVICES FLASH REPORT FINANCIAL SERVICES FLASH REPORT Draft Regulatry Cmpliance Management Guideline Released by the Office f the Superintendent f Financial Institutins May 5, 2014 On April 30, 2014, the Office f the Superintendent

More information

Implementing an electronic document and records management system using SharePoint 7

Implementing an electronic document and records management system using SharePoint 7 Reprt title Agenda item Implementing an electrnic dcument and recrds management system using SharePint 7 Meeting Finance, Prcurement & Prperty Cmmittee 16 June 2008 Date Reprt by Dcument Number Head f

More information

IN-HOUSE OR OUTSOURCED BILLING

IN-HOUSE OR OUTSOURCED BILLING IN-HOUSE OR OUTSOURCED BILLING Medical billing is ne f the mst cmplicated aspects f running a medical practice. With thusands f pssible cdes fr diagnses and prcedures, and multiple payers, the ability

More information

Audit Committee Charter. St Andrew s Insurance (Australia) Pty Ltd St Andrew s Life Insurance Pty Ltd St Andrew s Australia Services Pty Ltd

Audit Committee Charter. St Andrew s Insurance (Australia) Pty Ltd St Andrew s Life Insurance Pty Ltd St Andrew s Australia Services Pty Ltd Audit Cmmittee Charter St Andrew s Insurance (Australia) Pty Ltd St Andrew s Life Insurance Pty Ltd St Andrew s Australia Services Pty Ltd Versin 2.0, 22 February 2016 Apprver Bard f Directrs St Andrew

More information