CYBERSECURITY CHALLENGES FOR DOD ACQUISITION PROGRAMS. Steve Mills Professor of Information Technology
|
|
|
- Christopher Morton
- 10 years ago
- Views:
Transcription
1 CYBERSECURITY CHALLENGES FOR DOD ACQUISITION PROGRAMS 1 Steve Mills Professor of Information Technology [email protected]
2 Overview Cybersecurity Policy Overview Questions Challenge #1 - Cybersecurity Owners and Stakeholders Challenge #2 - Cybersecurity Performance of DoD Programs Challenge #3 - Integrating Cybersecurity into the DoD Acquisition Lifecycle Recommendations Final Thoughts How DAU Can Help 2
3 3 Cybersecurity Policy Overview
4 DoDI Cybersecurity Signed Mar 14, 2014 Adopts the term Cybersecurity in lieu of Information Assurance Extends applicability to all DoD information technology processing DoD information Emphasizes operational resilience, integration, and interoperability Leverages and builds upon numerous existing Federal policies and standards so we have less DoD policy to write and maintain Adopts common Federal Cybersecurity terminology so we are all speaking the same language Transitions to the NIST SP Security Control Catalog Incorporates Cybersecurity early and continuously throughout the acquisition lifecycle 4
5 DoDI Risk Management Framework (RMF) for DoD IT Signed Mar 12, 2014 New approach for DoD to manage Cybersecurity risk RMF adds another dimension to the DoD Risk Management Process A 6 step process that emphasizes continuous monitoring and timely correction of deficiencies Adopts NIST s Risk Management Framework, used by Civil and Intelligence communities Moves from a checklist-driven process to a risk based approach Embeds the RMF steps/activities in the DoD Acquisition Lifecycle Promotes DT&E and OT&E integration Implements Cybersecurity via security controls vice numerous policies and memos Supports and encourages use of automated tools 5
6 Cybersecurity & DoDI Cybersecurity: Prevention of damage, protection of, and restoration of computers, electronic communications systems, wire communication, and electronic communication, including information contained therein DoDI Required by DoDI Enclosure 11, Section 6. Cybersecurity All acquisitions of systems containing IT will have a Cybersecurity Strategy. Beginning at Milestone A, the PM will submit the Cybersecurity Strategy STATUTORY for all programs containing IT, including NSS. Also cited in DODI Table 9. Clinger-Cohen Act Ensure that the program has a Cybersecurity Strategy that is consistent with DoD policies, standards and architectures 6 Cybersecurity = All DoD IT is included. Not just the network! Cybersecurity effort spans the entire acquisition process A team sport with impacts to all Acquisition Career Fields
7 Cybersecurity in Acquisition Research Efforts Defense Science Board (DSB) Task Force Report: Resilient Military Systems and the Advanced Cyber Threat. (January 2013) Ongoing DSB Studies on Cybersecurity: DSB Task Force on Cyber Defense (Oct 09, 2014) DSB Task Force on Cyber Deterrence (Oct 09, 2014) DSB Task Force on Cyber Supply Chain (Nov 12, 2014) Sponsor of ongoing studies is Mr. Frank Kendall, USD AT&L 7
8 Questions Who in the acquisition workforce needs to be involved in addressing the Cyber threat? How vulnerable and resilient are DoD systems against the Cyber threat? How well is Cybersecurity integrated into the DoD Acquisition Lifecycle? 8
9 9 Challenge #1 Cybersecurity Stakeholders
10 Cybersecurity Stakeholders J2 - Intel It s Hacking! It s Network Defense! J3 - Ops PM SE J6 CIO Cybersecurity is Operational! It s Electronic Warfare! Cybersecurity It s Program Protection! IT T&E LOG CON 10
11 11 Challenge #2 Cybersecurity Performance of DoD Programs
12 Defense Science Board CyberSecurity Observations Current DoD actions, though numerous are fragmented. Thus DoD is not prepared to defend against this threat. DoD Red Teams, using cyber attack tools which can be downloaded from the internet, are very successful at defeating our systems With present capabilities and technology it is not possible to defend with confidence against the most sophisticated cyber attacks. It will take years for the Department to build an effective response to the cyber threat. 12 Source: DoD Defense Science Board Task Force Report: Resilient Military Systems and the Advanced Cyber Threat. (January 2013)
13 DOT&E FY 2014 Annual Report Cyber adversaries have become as serious a threat to U.S. military forces as the air, land, sea and undersea threats represented in operational testing for decades" Program managers worked to resolve vulnerabilities found from cybersecurity testing in prior years, but FY-14 testing revealed new vulnerabilities. Cyber Opposition Forces (OPFOR) portraying adversaries with beginner or intermediate cyber capabilities were able to demonstrate that many DOD missions are currently at risk from cyber adversaries Demand has begun to exceed the capacity of existing personnel able to portray cyber threats. 2 years later Things are not getting better!! 13 Source: DOT&E FY 2014 Annual Report (January 2015)
14 14 Challenge #3 Integrating Cybersecurity into the DoD Acquisition Lifecycle
15 Cybersecurity in the DoD Acquisition Lifecycle Model 1: Hardware Intensive Program A B C IOC Materiel Solution Analysis Materiel Development Decision Technology Maturation & Risk Reduction. CDD-V DRFPRD Engineering & Manufacturing Development LRIP FRP Decision Sustainment Operations & Support ICD Draft CDD CDD PDR CDR CPD Production & Deployment FOC Disposal JCIDS Process Defense Acquisition System/JCIDS Process Warfighter/End User 15 To achieve positive acquisition outcomes, we must consistently bake in Cybersecurity into our acquisition programs
16 Measuring Cybersecurity How should Cybersecurity be Measured? Common Vulnerabilities and Exposures (CVE) approach? Operational Resilience approach? How can we bake in Cybersecurity into our DoD systems without a standard way to measure it? Linkage exists between measurement and the SE process What are the C/S/P impacts of Cybersecurity on our DoD systems? Many PMs consider Cybersecurity an unfunded requirement How important is Cybersecurity to the key stakeholders who have numerous priorities? 16
17 Integrating Cybersecurity across the Acquisition Lifecycle A B C IOC ICD Materiel Solution Analysis Materiel Development Decision Draft CDD Technology Maturation & Risk Reduction. CDD-V CDD DRFPRD Engineering & Manufacturing Development LRIP CPD FRP Decision Production & Deployment Sustainment FOC Operations & Support Disposal Develop Cybersecurity Strategy (CS) Establish Cybersecurity Working IPT (WIPT) RMF STEPS 1. Categorize System 2. Select Controls 3. Implement Controls 4. Assess Controls 5. Authorize System 6. Monitor System 1 Categorize System 2 Select Security Controls Influence Design/RFP 3 Implement Security Controls 4 Access Security Controls Monitoring Strategy 5 Request Authority to Operate / Authorize 6 Effective Cybersecurity in DoD acquisition programs encompasses all of the actions taken to ensure the Confidentiality, Integrity and Availability (CIA) of the system PMs should integrate cybersecurity into the system s acquisition lifecycle activities, e.g., SEP, TEMP, PPP, Cybersecurity Strategy and Source Selection processes 17 Cybersecurity Shift Left approach will yield better acquisition outcomes
18 Recommendations DoD needs to develop an accurate way to measure Cybersecurity Cybersecurity KPP? Cybersecurity should treated as a design consideration and recognized as a key component of the System engineering effort Cybersecurity must be integrated into the Acquisition Strategy, SEP, TEMP, and LCSP May require some type of forcing function to ensure compliance A Cybersecurity Champion is needed to effectively synchronize Cybersecurity efforts across the acquisition lifecycle of DoD programs AMRDEC Cyber Integrator Pilot Program Product Support Manager approach 18
19 Cybersecurity Final Thoughts Cybersecurity is not just the network. It is part of the DNA of an acquisition program Cybersecurity threats cannot be totally mitigated. You must manage the risk Your Cybersecurity effort must be synchronized across your acquisition program (PPP, Cybersecurity Strategy, Security Plan, TEMP & SEP) The PM must work the people side Reward and encourage your Cybersecurity heroes! Industry Partners are a critical component of your Cybersecurity efforts. They design and build our products! Communicate across systems and functional boundaries. Cybersecurity requires everyone s energy and expertise Take every opportunity to educate and train your team Cybersecurity is a moving target 19
20 How DAU Can Help DAU Cybersecurity Courses DAU Course offerings and availability dates: o Cybersecurity Throughout DoD Acquisition (CLE 074) o Covers Cybersecurity across acquisition career fields. Available CY15 o Risk Management Framework (RMF) Implementers Course (ISA220) - Available CY16 o Cybersecurity content being incorporated into all career fields 20
21 How DAU Can Help (cont.) Contact DAU directly for : Content Consulting/Tailored Assistance Targeted Training such as: Seminar Cybersecurity Challenges for DoD PMs Seminar Risk Management Framework (RMF) Seminar Cybersecurity Testing in DoD Acquisition DAU POCs for Cybersecurity Outreach and Mission Assistance: Steve Mills (256) Tim Denman (256)
CYBERSECURITY CHALLENGES FOR DOD ACQUISITION PROGRAMS. Steve Mills DAU-South
CYBERSECURITY CHALLENGES FOR DOD ACQUISITION PROGRAMS Steve Mills DAU-South 1 Overview Questions Cybersecurity Owners and Stakeholders Cybersecurity Why It Matters to DoD Program Managers Defense Science
Cybersecurity Throughout DoD Acquisition
Cybersecurity Throughout DoD Acquisition Tim Denman Cybersecurity Performance Learning Director DAU Learning Capabilities Integration Center [email protected] [email protected] Cybersecurity
Tim Denman Systems Engineering and Technology Dept Chair/ Cybersecurity Lead DAU South, Huntsville [email protected]
Tim Denman Systems Engineering and Technology Dept Chair/ Cybersecurity Lead DAU South, Huntsville [email protected] Current State of Cybersecurity in the DoD Current Needs Communications focus Changing
DEPARTMENT OF DEFENSE 6000 DEFENSE PENTAGON WASHINGTON, D.C. 20301-6000
DEPARTMENT OF DEFENSE 6000 DEFENSE PENTAGON WASHINGTON, D.C. 20301-6000 NOV 1 0 2015 CHIEF INFORMATION OFFICER MEMORANDUM FOR ASSISTANT SECRETARY OF THE ARMY FOR ACQUISITION, LOGISTICS AND TECHNOLOGY ASSIST
1 July 2015 Version 1.0
1 July 2015 Version 1.0 Cleared for Open Publication June 26, 2015 DoD Office of Prepublication and Security Review Cybersecurity T&E Guidebook ii July 1, 2015 Version 1.0 Table of Contents 1 INTRODUCTION...
AF Life Cycle Management Center
AF Life Cycle Management Center Avionics Weapon Systems Cybersecurity Risk Management Framework Assessment & Authorization Update Harrell Van Norman AFLCMC/EZAS Cybersecurity Technical Expert [email protected]
Cybersecurity in Test & Evaluation. James S. Wells Deputy Director, Cyberspace & HSE Programs Office of Test & Evaluation
Cybersecurity in Test & Evaluation James S. Wells Deputy Director, Cyberspace & HSE Programs Office of Test & Evaluation Problem Statement Insufficient T&E information regarding a system s cybersecurity
WORKFORCE COMPOSITION CPR. Verification and Validation Summit 2010
WORKFORCE COMPOSITION CPR PEO IEW&S Organizational Assessment VCSA Brief Date 2010 October 13, 2010 This briefing is UNCLASSIFIED/FOUO PREDECISIONAL LIMITED DISTRIBUTION AS OF: 11 Sep 2010 Verification
RMF. Cybersecurity and the Risk Management. Framework UNCLASSIFIED
Cybersecurity and the Risk Management Framework Wherewe ve been and where we re going Information Assurance DoD Instruction 8500.01,Para 1(d),adoptsthe term cybersecurity as it is defined in National Security
DoD Software Assurance (SwA) Overview
DoD Software Assurance (SwA) Overview Tom Hurt Office of the Deputy Assistant Secretary of Defense for Systems Engineering NDIA Program Protection Summit / Workshop McLean, VA May 19, 2014 May 19, 2014
Interim DoDI 5000.02 -- The Cliff Notes Version --
Interim DoDI 5000.02 -- The Cliff Notes Version -- A Quick Glance at New Guidance -- 17 December 2013 -- Defense Acquisition University/Midwest Region [email protected] 17 Jan 2014, v 1.0 The New Department
NICE and Framework Overview
NICE and Framework Overview Bill Newhouse NIST NICE Leadership Team Computer Security Division Information Technology Lab National Institute of Standards and Technology TABLE OF CONTENTS Introduction to
System Security Engineering
A Critical Discipline of SE Ms. Kristen Baldwin Director, Systems Analysis DDR&E/Systems Engineering 12th Annual NDIA Systems Engineering Conference 28 October 2009 10/28/09 Page-1 Defense Research & Engineering
Update: OSD Systems Engineering Revitalization Efforts
Update: OSD Systems Engineering Revitalization Efforts 23 October 2007 Col Rich Hoeferkamp Ms. Sharon Vannucci Systems and Software Engineering (Enterprise Development) Office of the Deputy Under Secretary
National Initiative for Cyber Security Education
2014/PPWE/SEM2/007 Agenda Item: 5 National Initiative for Cyber Security Education Submitted by: United States Women Business and Smart Technology Seminar Beijing, China 23 May 2014 NICE OVERVIEW Women
How To Become A Senior Contracting Official
Program Management Specific Functional Requirements for Key Leadership Positions (Attributes and Demonstrated Experience Beyond Level III Certification) Education: o Advanced Degree Preferably in a technical,
Cybersecurity is one of the most important challenges for our military today. Cyberspace. Cybersecurity. Defending the New Battlefield
Cybersecurity Defending the New Battlefield Steven J. Hutchison, Ph.D. Cybersecurity is one of the most important challenges for our military today. Cyberspace is a new warfighting domain, joining the
Implementing Program Protection and Cybersecurity
Implementing Program Protection and Cybersecurity Melinda Reed Office of the Deputy Assistant Secretary of Defense for Systems Engineering Mark Godino Office of the Deputy Assistant Secretary of Defense
Building Security In:
#CACyberSS2015 Building Security In: Intelligent Security Design, Development and Acquisition Steve Caimi Industry Solutions Specialist, US Public Sector Cybersecurity September 2015 A Little About Me
How to use the National Cybersecurity Workforce Framework. Your Implementation Guide
How to use the National Cybersecurity Workforce Framework Your Implementation Guide A NATIONAL PROBLEM The Nation needs greater cybersecurity awareness. The US workforce lacks cybersecurity experts. Many
Risk Management Framework (RMF): The Future of DoD Cyber Security is Here
Risk Management Framework (RMF): The Future of DoD Cyber Security is Here Authors: Rebecca Onuskanich William Peterson 3300 N Fairfax Drive, Suite 308 Arlington, VA 22201 Phone: 571-481-9300 Fax: 202-315-3003
FOUNDATION: Material Solution Analysis Is More Than Selecting an Alternative
Establishing the Technical FOUNDATION: Material Solution Analysis Is More Than Selecting an Alternative Aileen G. Sedmak, Zachary S. Taylor, and Lt Col William A. Riski, USAF (Ret.) Several government
OFFICE OF THE SECRETARY OF DEFENSE 1700 DEFENSE PENTAGON WASHINGTON, DC 20301-1700
OFFICE OF THE SECRETARY OF DEFENSE 1700 DEFENSE PENTAGON WASHINGTON, DC 20301-1700 OPERATIONAL TEST AND EVALUATION AUG 0 1 2014 MEMORANDUM FOR COMMANDER, ARMY TEST AND EVALUATION COMMAND COMMANDER, AIR
SYSTEMS SECURITY ENGINEERING
SYSTEMS SECURITY ENGINEERING Mission Statement Integrating Security into Every Solution We Deliver Reducing Risk and Providing Fully Reliable and Trusted Solutions Utilizing Best Practices and Rigorous
Department of Defense INSTRUCTION
Department of Defense INSTRUCTION NUMBER 3222.03 August 25, 2014 Incorporating Change 1, Effective January 8, 2015 DoD CIO SUBJECT: DoD Electromagnetic Environmental Effects (E3) Program References: See
NDIA Manufacturing Council: DoD Systems Engineering / Manufacturing Update
NDIA Manufacturing Council: DoD / Manufacturing Update 12 May 2010 Nicholas Torelli Director, Mission Assurance Office of the Secretary of Defense 05/12/2010 Page-1 DISTRIBUTION STATEMENT A -- Cleared
FREQUENTLY ASKED QUESTIONS
FREQUENTLY ASKED QUESTIONS Continuous Monitoring 1. What is continuous monitoring? Continuous monitoring is one of six steps in the Risk Management Framework (RMF) described in NIST Special Publication
UNCLASSIFIED. UNCLASSIFIED Office of Secretary Of Defense Page 1 of 16 R-1 Line #145
Exhibit R-2, RDT&E Budget Item Justification: PB 2015 Office of Secretary Of Defense Date: March 2014 0400: Research, Development, Test & Evaluation, Defense-Wide / BA 6: RDT&E Management Support COST
Department of Defense INSTRUCTION
Department of Defense INSTRUCTION NUMBER 5000.02 January 7, 2015 USD(AT&L) SUBJECT: Operation of the Defense Acquisition System References: See References 1. PURPOSE. This instruction: a. In accordance
Systems Engineering and Integration Efforts. 11 Dec 2013
Systems Engineering and Integration Efforts 11 Dec 2013 Mr. Leo Smith Director, PoR Engineering Support ASA(ALT) System of Systems Engineering & Integration Directorate (SOSE&I) Approved for Public Release;
DoD CIO s 10-Point Plan for IT Modernization. Ms. Teri Takai DoD CIO
DoD CIO s 10-Point Plan for IT Modernization Ms. Teri Takai DoD CIO Executive Summary Proactive Partnerships for IT Modernization IT Modernization Strategy Consolidate Infrastructure Streamline Processes
International Acquisition Career Path
International Acquisition Career Path By Jeffrey S. Grafton Associate Professor, DISAM An International Acquisition Career Path (IACP) has been created by the Under Secretary of Defense for Acquisition,
Cybersecurity Framework. Executive Order 13636 Improving Critical Infrastructure Cybersecurity
Cybersecurity Framework Executive Order 13636 Improving Critical Infrastructure Cybersecurity National Institute of Standards and Technology (NIST) Mission To promote U.S. innovation and industrial competitiveness
Cybersecurity: Mission integration to protect your assets
Cybersecurity: Mission integration to protect your assets C Y B E R S O L U T I O N S P O L I C Y O P E R AT I O N S P E O P L E T E C H N O L O G Y M A N A G E M E N T Ready for what s next Cyber solutions
Security Risk Management For Health IT Systems and Networks
Health IT Standards Committee Meeting Security Risk Management For Health IT Systems and Networks NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 1 Setting the stage. NATIONAL INSTITUTE OF STANDARDS AND
Policy on Information Assurance Risk Management for National Security Systems
CNSSP No. 22 January 2012 Policy on Information Assurance Risk Management for National Security Systems THIS DOCUMENT PRESCRIBES MINIMUM STANDARDS YOUR DEPARTMENT OR AGENCY MAY REQUIRE FURTHER IMPLEMENTATION
How To Write A Cybersecurity Framework
NIST Cybersecurity Framework Overview Executive Order 13636 Improving Critical Infrastructure Cybersecurity 2nd ENISA International Conference on Cyber Crisis Cooperation and Exercises Executive Order
TABLE OF CONTENTS. Chapter 1: EXECUTIVE SUMMARY... 1
TABLE OF CONTENTS Chapter 1: EXECUTIVE SUMMARY... 1 1.1 Scope... 1 1.2 Applicability... 2 1.2.1 MAP SharePoint... 2 1.2.2 PoPS V2 & MARCORSYSCOMO 5000.3A... 3 Chapter 2: DEFENSE ACQUISITION MANAGEMENT
DoD Strategy for Defending Networks, Systems, and Data
DoD Strategy for Defending Networks, Systems, and Data November 13, 2013 Department DoDD of Defense Chief Information Officer DoD Strategy for Defending Networks, Systems, and Data Introduction In July
PM/PMO Knowledge and Tools from DAU through the AT&L Knowledge Management System
PM/PMO Knowledge and Tools from DAU through the AT&L Knowledge Management System John Hickok Director, Knowledge Management Global Learning and Technology Center November 4, 2010 Integrated Defense Acquisition,
Department of Defense INSTRUCTION
Department of Defense INSTRUCTION NUMBER 5200.39 May 28, 2015 USD(I)/USD(AT&L) SUBJECT: Critical Program Information (CPI) Identification and Protection Within Research, Development, Test, and Evaluation
Proposed Cybersecurity T&E Process
Proposed Cybersecurity T&E Process M r P e t e C h r i s t e n s e n Te s t a n d E v a l u a t i o n P o r t f o l i o M a n a g e r T h e M I T R E C o r p o r a t i o n 1 5 N o v e m b e r 2 0 1 3 W
Achieving True Risk Reduction through Effective Risk Management
Achieving True Risk Reduction through Effective Pete Nolte Deputy Director, Major Program Support Office of the Deputy Assistant Secretary of Defense for Systems Engineering 16th Annual NDIA Systems Engineering
Managing Security Risk In a World of Complex Systems and IT Infrastructures
Object Management Group Technical Meeting Managing Security Risk In a World of Complex Systems and IT Infrastructures NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 1 Classes of Vulnerabilities A 2013
Release of the Draft Cybersecurity Procurement Language for Energy Delivery Systems
Release of the Draft Cybersecurity Procurement Language for Energy Delivery Systems Energy Sector Control Systems Working Group Supporting the Electricity Sector Coordinating Council, Oil & Natural Gas
Cybersecurity Training in OT&E for DOT&E Action Officers
Cybersecurity Training in OT&E for DOT&E Action Officers Dr. Catherine Warner Science Advisor to the Director, Operational Test and Evaluation (DOT&E) 6/12/2015-1 DOT&E Guidance Dr. Gilmore s August 1,
Defense Healthcare Management Systems
Defense Healthcare Management Systems Recovering Warrior Task Force Interagency Program Office (IPO) Review Mr. Christopher Miller 28 January 2014 1 Agenda Topic Introduction Program Executive Office (PEO)
THE UNDER SECRETARY OF DEFENSE 30 1 0 DEFENSE PENTAGON WASHINGTON, DC 20301-3010
THE UNDER SECRETARY OF DEFENSE 30 1 0 DEFENSE PENTAGON WASHINGTON, DC 20301-3010 ACQUISmON, TECHNOLOGY AND LOGISTICS NOV 0 8 2013 MEMORANDUM FOR SECRETARIES OF THE MILITARY DEPARTMENTS COMPONENT ACQUISITION
Preventing and Defending Against Cyber Attacks June 2011
Preventing and Defending Against Cyber Attacks June 2011 The Department of Homeland Security (DHS) is responsible for helping Federal Executive Branch civilian departments and agencies secure their unclassified
STATEMENT BY DAVID DEVRIES PRINCIPAL DEPUTY DEPARTMENT OF DEFENSE CHIEF INFORMATION OFFICER BEFORE THE
STATEMENT BY DAVID DEVRIES PRINCIPAL DEPUTY DEPARTMENT OF DEFENSE CHIEF INFORMATION OFFICER BEFORE THE HOUSE OVERSIGHT AND GOVERNMENT REFORM COMMITTEE S INFORMATION TECHNOLOGY SUBCOMMITTEE AND THE VETERANS
DOD Medical Device Cybersecurity Considerations
Enedina Guerrero, Acting Chief, Incident Mgmt. Section, Cyber Security Ops Branch 2015 Defense Health Information Technology Symposium DOD Medical Device Cybersecurity Considerations 1 DHA Vision A joint,
Re-Issuance of DOD Instruction 5000.02
Re-Issuance of DOD Instruction 5000.02 1 2 Overarching Objectives Decrease emphasis on rules and increase emphasis on process intent and thoughtful program planning Provide program structures and procedures
Software Engineering Framing DoD s Issues
Software Engineering Framing DoD s Issues Ms. Kristen Baldwin Director, Systems Analysis 15 September 2009 09/15/09 Page-1 DDR&E Organization WSARA 2009 - D,DT&E - D,SE - Dev Planning Director, Defense
Preventing and Defending Against Cyber Attacks November 2010
Preventing and Defending Against Cyber Attacks November 2010 The Nation s first ever Quadrennial Homeland Security Review (QHSR), delivered to Congress in February 2010, identified safeguarding and securing
ICBA Summary of FFIEC Cybersecurity Assessment Tool
ICBA Summary of FFIEC Cybersecurity Assessment Tool July 2015 Contact: Jeremy Dalpiaz Assistant Vice President Cyber Security and Data Security Policy [email protected] www.icba.org ICBA Summary
Department of Defense INSTRUCTION
Department of Defense INSTRUCTION NUMBER 5200.44 November 5, 2012 DoD CIO/USD(AT&L) SUBJECT: Protection of Mission Critical Functions to Achieve Trusted Systems and Networks (TSN) References: See Enclosure
Department of Defense INSTRUCTION
Department of Defense INSTRUCTION NUMBER 8330.01 May 21, 2014 DoD CIO SUBJECT: Interoperability of Information Technology (IT), Including National Security Systems (NSS) References: See Enclosure 1 1.
How SPAWAR s Information Technology & Information Assurance Technical Authority Support Navy Cybersecurity Objectives
How SPAWAR s Information Technology & Information Assurance Technical Authority Support Navy Cybersecurity Objectives DON IT Conference // AFCEA West 2015 Presented by: RDML John Ailes Chief Engineer SPAWAR
Cybersecurity. Cybersecurity 331
Cybersecurity Summary DOT&E cybersecurity efforts in FY14 included 16 Combatant Command (CCMD) and Service assessments completed as part of the Cybersecurity Assessment Program, 21 cybersecurity operational
U.S. FLEET CYBER COMMAND U.S. TENTH FLEET DoD RMF Transition
U.S. FLEET CYBER COMMAND U.S. TENTH FLEET DoD RMF Transition Dr. Charles Kiriakou, Ms. Kate Cunningham, Mr. Kevin Winters, & Mr. Carl Rice September 3, 2014 UNCLASSIFIED 1 Bottom Line Up Front (BLUF) The
Trusted Systems and Networks (TSN) Analysis
Trusted Systems and Networks (TSN) Analysis JUNE 2014 Deputy Assistant Secretary of Defense for Systems Engineering and Department of Defense Chief Information Officer Washington, D.C. Deputy Assistant
Critical Infrastructure Cybersecurity Framework. Overview and Status. Executive Order 13636 Improving Critical Infrastructure Cybersecurity
Critical Infrastructure Cybersecurity Framework Overview and Status Executive Order 13636 Improving Critical Infrastructure Cybersecurity Executive Order: Improving Critical Infrastructure Cybersecurity
Guidelines for Cybersecurity DT&E v1.0
Guidelines for Cybersecurity DT&E v1.0 1. Purpose. These guidelines provide the means for DASD(DT&E) staff specialists to engage and assist acquisition program Chief Developmental Testers and Lead DT&E
Remarks for Admiral David Simpson WTA Advocates for Rural Broadband Spring Meeting Cybersecurity Panel
Remarks for Admiral David Simpson WTA Advocates for Rural Broadband Spring Meeting Cybersecurity Panel May 5th, 2015 10:00-11:30 a.m. Hyatt Regency, Indian Wells, CA Thank you all for welcoming me. It
Obtaining Enterprise Cybersituational
SESSION ID: SPO-R06A Obtaining Enterprise Cybersituational Awareness Eric J. Eifert Sr. Vice President Managed Security Services DarkMatter Agenda My Background Key components of the Cyber Situational
U.S. Defense Priorities OSD PA&E
1 U.S. Defense Priorities Deter potential adversaries and defend America and American interests Counter asymmetric threats including terrorism, cyber attacks and ballistic and cruise missiles Fight and
How To Write A National Cybersecurity Act
ROCKEFELLER SNOWE CYBERSECURITY ACT SUBSTITUTE AMENDMENT FOR S.773 March 17, 2010 BACKGROUND & WHY THIS LEGISLATION IS IMPORTANT: Our nation is at risk. The networks that American families and businesses
The Comprehensive National Cybersecurity Initiative
The Comprehensive National Cybersecurity Initiative President Obama has identified cybersecurity as one of the most serious economic and national security challenges we face as a nation, but one that we
Information Security Risk and Compliance Series Risking Your Business
Information Security Risk and Compliance Series Risking Your Business Sergio Saenz and Ron Nemes June 2015 Introduction As the DoD Information Assurance Certification and Accreditation Process (DIACAP)
Middle Class Economics: Cybersecurity Updated August 7, 2015
Middle Class Economics: Cybersecurity Updated August 7, 2015 The President's 2016 Budget is designed to bring middle class economics into the 21st Century. This Budget shows what we can do if we invest
Click to edit Master title style
Click to edit Master title style Fourth level» Fifth level Click Integrating to edit Master Cybersecurity title style Requirements into Source Selection and Contracts Breakout Session #F15 Alex Odeh, Third
Introduction to NICE Cybersecurity Workforce Framework
Introduction to NICE Cybersecurity Workforce Framework Jane Homeyer, Ph.D., Deputy ADNI/HC for Skills and Human Capital Data, ODNI Margaret Maxson, Director, National Cybersecurity Education Strategy,
Cloud Security. A Sales Guy Talks About DoD s Cautious Journey to the Public Cloud. Sean Curry Sales Executive, Aquilent
Cloud Security A Sales Guy Talks About DoD s Cautious Journey to the Public Cloud Sean Curry Sales Executive, Aquilent The first in a series of audits DoD did not fully execute elements of the July 2012
Big Data, Big Risk, Big Rewards. Hussein Syed
Big Data, Big Risk, Big Rewards Hussein Syed Discussion Topics Information Security in healthcare Cyber Security Big Data Security Security and Privacy concerns Security and Privacy Governance Big Data
System Security Engineering and Comprehensive Program Protection
System Security Engineering and Comprehensive Program Protection Melinda Reed Office of the Deputy Assistant Secretary of Defense for Systems Engineering 16th Annual NDIA Systems Engineering Conference
Department of Defense NetOps Strategic Vision
Department of Defense NetOps Strategic Vision December 2008 Department of Defense Chief Information Officer The Pentagon Washington, D.C. Table of Contents 1 Purpose...1 2 Introduction...1 2.1 NetOps
Department of Defense DIRECTIVE
Department of Defense DIRECTIVE NUMBER 5000.01 May 12, 2003 Certified Current as of November 20, 2007 SUBJECT: The Defense Acquisition System USD(AT&L) References: (a) DoD Directive 5000.1, The Defense
An Overview of Large US Military Cybersecurity Organizations
An Overview of Large US Military Cybersecurity Organizations Colonel Bruce D. Caulkins, Ph.D. Chief, Cyber Strategy, Plans, Policy, and Exercises Division United States Pacific Command 2 Agenda United
Cloud Security for Federal Agencies
Experience the commitment ISSUE BRIEF Rev. April 2014 Cloud Security for Federal Agencies This paper helps federal agency executives evaluate security and privacy features when choosing a cloud service
APPENDIX J INFORMATION TECHNOLOGY MANAGEMENT GOALS
APPENDIX J INFORMATION TECHNOLOGY MANAGEMENT GOALS Section 5123 of the Clinger-Cohen Act requires that the Department establish goals for improving the efficiency and effectiveness of agency operations
CS 2 SAT: The Control Systems Cyber Security Self-Assessment Tool
INL/CON-07-12810 PREPRINT CS 2 SAT: The Control Systems Cyber Security Self-Assessment Tool ISA Expo 2007 Kathleen A. Lee January 2008 This is a preprint of a paper intended for publication in a journal
(U) Appendix D: Evaluation of the Comprehensive National Cybersecurity Initiative
(U) Appendix D: Evaluation of the Comprehensive National Cybersecurity Initiative (U) Presidential Directive NSPD 54/HSPD 23, Cybersecurity Policy, established United States policy, strategy, guidelines,
IG ISCM MATURITY MODEL FOR FY 2015 FISMA FOR OFFICIAL USE ONLY
IG MATURITY MODEL FOR FY 2015 FISMA 1 Ad-hoc 1.1 program is not formalized and activities are performed in a reactive manner resulting in an adhoc program that does not meet 2 requirements for a defined
OFFICE OF THE SECRETARY OF DEFENSE 1700 DEFENSE PENTAGON WASHINGTON, DC 20301-1700
OFFICE OF THE SECRETARY OF DEFENSE 1700 DEFENSE PENTAGON WASHINGTON, DC 20301-1700 OPERATIONAL TEST AND EVALUATION FEB 0 1 2013 MEMORANDUM FOR COMMANDER, ARMY TEST AND EVALUATION COMMAND DIRECTOR, MARINE
Department of Defense INSTRUCTION
Department of Defense INSTRUCTION NUMBER 8510.01 March 12, 2014 DoD CIO SUBJECT: Risk Management Framework (RMF) for DoD Information Technology (IT) References: See Enclosure 1 1. PURPOSE. This instruction:
Cyber Security for Advanced Manufacturing Next Steps
Status Update Cyber Security for Advanced Manufacturing Next Steps NDIA Manufacturing Division February 19, 2015 Michael McGrath Consultant, Analytic Services Inc. [email protected] NDIA White
Cybersecurity Delivering Confidence in the Cyber Domain
Cybersecurity Delivering Confidence in the Cyber Domain With decades of intelligence and cyber expertise, Raytheon offers unmatched, full-spectrum, end-to-end cyber solutions that help you secure your
Joint Interoperability Certification
Joint Interoperability Certification What the Program Manager Should Know Chris Watson (Note: This article is an updated version of Joint Interoperability Certification: What the Program Manager Should
SECURITY CONTROLS AND RISK MANAGEMENT FRAMEWORK
SECURITY CONTROLS AND RISK MANAGEMENT FRAMEWORK BACKGROUND The National Institute of Standards and Technology (NIST) Special Publication 800-53 defines a comprehensive set of controls that is the basis
The Senior Executive s Role in Cybersecurity. By: Andrew Serwin and Ron Plesco.
The Senior Executive s Role in Cybersecurity. By: Andrew Serwin and Ron Plesco. 1 Calling All CEOs Are You Ready to Defend the Battlefield of the 21st Century? It is not the norm for corporations to be
Statement. Mr. Paul A. Brinkley Deputy Under Secretary of Defense for Business Transformation. Before
Statement of Mr. Paul A. Brinkley Deputy Under Secretary of Defense for Business Transformation Before THE UNITED STATES SENATE ARMED SERVICES COMMITTEE (SUBCOMMITTEE ON READINESS AND MANAGEMENT SUPPORT)
SCADA Security Training
SCADA Security Training 1-Day Course Outline Wellington, NZ 6 th November 2015 > Version 3.1 web: www.axenic.co.nz phone: +64 21 689998 page 1 of 6 Introduction Corporate Background Axenic Ltd Since 2009,
OPERATING AND SUPPORT COST-ESTIMATING GUIDE
OPERATING AND SUPPORT COST-ESTIMATING GUIDE OFFICE OF THE SECRETARY OF DEFENSE COST ASSESSMENT AND PROGRAM EVALUATION MARCH 2014 This page intentionally left blank Contents 1. INTRODUCTION... 1-1 1.1 Purpose...
