Cybersecurity: The Defense Perspective



Similar documents
Partnering with Small Business

Department of Defense DIRECTIVE

Department of Defense DIRECTIVE

An Overview of Large US Military Cybersecurity Organizations

Department of Defense DIRECTIVE

STATEMENT OF MR. THOMAS ATKIN ACTING ASSISTANT SECRETARY OF DEFENSE FOR HOMELAND DEFENSE AND GLOBAL SECURITY OFFICE OF THE SECRETARY OF DEFENSE;

GAO DEFENSE DEPARTMENT CYBER EFFORTS. More Detailed Guidance Needed to Ensure Military Services Develop Appropriate Cyberspace Capabilities

Statement of Gil Vega. Associate Chief Information Officer for Cybersecurity and Chief Information Security Officer. U.S. Department of Energy

Department of Defense INSTRUCTION

National Initiative for Cybersecurity Education

National Initiative for Cyber Security Education

DEPARTMENT OF THE NAVY. Civilian Cybersecurity Workforce

2012 Army DCIPS Performance-Based Bonus and Awards Guidance

Preventing and Defending Against Cyber Attacks October 2011

Department of Defense DIRECTIVE

NICE and Framework Overview

Department of Defense INSTRUCTION

SUBJECT: Privileged Access to Army Information Systems and Networks. a. Army Regulation (AR) 25-2, Information Assurance (IA), 23 March 2009.

Preventing and Defending Against Cyber Attacks June 2011

STATEMENT BY DAVID DEVRIES PRINCIPAL DEPUTY DEPARTMENT OF DEFENSE CHIEF INFORMATION OFFICER BEFORE THE

DoD Cybersecurity Discipline Implementation Plan October 2015 Amended February 2016

Subj: DEPARTMENT OF THE NAVY CYBERSECURITY/INFORMATION ASSURANCE WORKFORCE MANAGEMENT, OVERSIGHT, AND COMPLIANCE

Human Resources Management. Portfolio Management Concept of Operations

The Comprehensive National Cybersecurity Initiative

Cyber Situational Awareness - Big Data Solution

Network Operations (NetOps)

DoD CIO s 10-Point Plan for IT Modernization. Ms. Teri Takai DoD CIO

Subj: CIVILIAN EMPLOYEE TRAINING AND CAREER DEVELOPMENT

SECRETARY OF THE ARMY WASHINGTON

Joint Information Environment Single Security Architecture (JIE SSA)

DISA and the Evolving DoD Enterprise

Triangle InfoSeCon. Alternative Approaches for Secure Operations in Cyberspace

Big Data Platform (BDP) and Cyber Situational Awareness Analytic Capabilities (CSAAC)

Introduction to NICE Cybersecurity Workforce Framework

Department of Defense DIRECTIVE

Department of Defense INSTRUCTION. SUBJECT: Communications Security (COMSEC) Monitoring and Information Assurance (IA) Readiness Testing

Department of Defense INSTRUCTION

Department of Defense INSTRUCTION

Department of Defense INSTRUCTION. Measurement and Signature Intelligence (MASINT)

DEFENSE INFORMATION SYSTEMS AGENCY STRATEGIC PLAN UNITED IN SERVICE TO OUR NATION

U.S. Defense Priorities OSD PA&E

Update on U.S. Critical Infrastructure and Cybersecurity Initiatives

Why Cybersecurity Matters in Government Contracting. Robert Nichols, Covington & Burling LLP

Department of Defense INSTRUCTION

Department of Defense INSTRUCTION

Preventing and Defending Against Cyber Attacks November 2010

Department of Defense INSTRUCTION

GAO CYBERSECURITY. Progress Made but Challenges Remain in Defining and Coordinating the Comprehensive National Initiative

Department of Defense INSTRUCTION

CYBER SECURITY WORKFORCE

Department of Defense DIRECTIVE. SUBJECT: Assistant Secretary of Defense for Public Affairs (ASD(PA))

Department of Defense DIRECTIVE

APPENDIX J INFORMATION TECHNOLOGY MANAGEMENT GOALS

How To Protect A Network From Attack From A Hacker (Hbss)

A Comprehensive Cyber Compliance Model for Tactical Systems

GAO DEPARTMENT OF HOMELAND SECURITY. Actions Taken Toward Management Integration, but a Comprehensive Strategy Is Still Needed

September 24, Mr. Hogan and Ms. Newton:

The Cost and Economic Analysis Program

How To Write A National Cybersecurity Act

Subj: CYBERSPACE/INFORMATION TECHNOLOGY WORKFORCE CONTINUOUS LEARNING

Fort Gordon Mobile Training Team (MTT) Requirements (FY16)

Department of Defense DIRECTIVE. SUBJECT: Management of the Department of Defense Information Enterprise

US Cyber Challenge: Finding the people who canwin in cyberspace? Alan Paller Director of Research, SANS Institute

2012 Information Technology Workforce Assessment for Cybersecurity (ITWAC) Summary Report

Department of Defense INSTRUCTION. Policy on Graduate Education for Military Officers

September 10, Dear Administrator Scott:

DOD DIRECTIVE CLIMATE CHANGE ADAPTATION AND RESILIENCE

Department of Defense INSTRUCTION

Department of Defense DIRECTIVE

Middle Class Economics: Cybersecurity Updated August 7, 2015

OFFICE OF THE SECRETARY OF DEFENSE 1700 DEFENSE PENTAGON WASHINGTON, DC

The Joint Staff Overseas Contingency Operations Overseas Contingency Operations (OCO), Defense-Wide Budget Activity 01: Operating Forces

THE NATIONAL CYBERSECURITY WORKFORCE FRAMEWORK. USER GUIDE Employers

United States Coast Guard Cyber Command. Achieving Cyber Security Together. Homeland Security

How To Evaluate A Dod Cyber Red Team

Department of Defense DIRECTIVE

US Army Network Security Reference Architecture

Department of Defense INSTRUCTION

Bridging the Cybersecurity Talent Gap Cybersecurity Employment and Opportunities for Engagement

Comprehensive Soldier and Family Fitness Directive

Introducing... FedVTE and FedCTE

RECRUITMENT PROCEDURES FOR CYBER SECURITY POSITIONS UNDER SCHEDULE A AUTHORITY

Department of Defense INSTRUCTION. DoD Information Assurance Scholarship Program

Space Ground Services in the Joint Information Environment (JIE)

Achieving Cybersecurity Excellence Through Evolution of the Nation's Cyber Workforce

Actions and Recommendations (A/R) Summary

Preparing Millennials to Lead in Cyberspace

DoD Cloud Computing Strategy Needs Implementation Plan and Detailed Waiver Process

Homeland Security: Information Assurance Challenges and Opportunities. Building the National Cyber Security Division

Software Reprogramming Policy for Electronic Warfare and Target Sensing Systems

Operationally Focused CYBER Training Framework

Cyber R &D Research Roundtable

National Initiative for Cybersecurity Education

Department of Defense DIRECTIVE

UNCLASSIFIED. Army Data Governance. COL Linda Jantzen CIO/G-6 Acting Dir, Army Architecture Integration Center February 17, 2016 UNCLASSIFIED

Why Diversity is important

Department of Defense INSTRUCTION

UNCLASSIFIED UNCLASSIFIED

Cyber Workforce Training

DISA Acquisition Opportunities

Transcription:

Cybersecurity: The Defense Perspective Ms. Essye Miller Director, Cybersecurity Army CIO/G-6 October 15, 2015 1

CIO/G-6 As the CIO As the G-6 Reports directly to the Secretary of the Army for setting the strategic direction and objectives, and supervising all Army C4 and information technology functions. Supports the Chief of Staff and the Army to enable expeditionary mission command; network defense and operations; and restructure, equip and employ Signal forces. Cyber Security Army Cyber Strategy Information Assurance Cyber Emerging Technologies / R&D Testing, Evaluation & Certification Integrates Cyber Security & Network Modernization 2

Culture, Conduct, & Capabilities Culture: Statutes Policy & Doctrine, Directives, Regulations, & Orders Conduct: Awareness Training (Individual & Organizational) Discipline Capability: Enterprise Enclave (Post/Camp/Station/ Community of Interest) End Point 3

Culture US Statutes: Title 40 USC - The Clinger Cohen Act of 1996 Title 44 USC - The Federal Information Security Management Act 2002 Title 10 USC The Goldwater-Nichols Act FY 14 National Defense Authorization Act Section 932 Policy & Doctrine Presidential Policy Directive 20 National Security Presidential Directive-54 DoDI 8500.01 Cybersecurity DoDI 8530.01 Cybersecurity Activities Support to DODIN Operations DoDI 8510.01 Risk Management Framework (FMR) for DoD Information Technology Joint Pub 3-12 cyberspace Operations FM 3-38 Cyber Electromagnetic Activities Directives, Regulations, & Orders DAGO 2014-02 ARCYBER as Army Force Component of USCYBERCOM and Second Army as DRU AR 25-1 Army Information Technology AR 25-2 Information Assurance (Cybersecurity) AR 10-87 Army Commands, Army Service Component Commands and Direct Reporting Units 4

Cybersecurity Campaign Most cyber attacks against DoD and others have exploited preventable vulnerabilities DoD Cybersecurity Directives The DoD Cybersecurity Campaign identifies specific actions which drive commanders and DoD senior leaders to enforce full cybersecurity compliance and accountability Two campaign elements are Cybersecurity Discipline Implementation Plan (CSDIP) and the DoD Cybersecurity Scorecard What is the Army doing Established IPT to coordinate Army way-ahead Improving data accuracy Assessing system compliance Changing culture and behavior 5

Conduct Awareness Training Individual Organizational Annual Periodic Discipline 5 Operational Excellence Principles Integrity Level of Knowledge Procedural Compliance Formality and Backup Questioning Attitude DOD Cybersecurity Culture and Compliance initiative (DC3I) 6

Cybersecurity Awareness Month October is Cybersecurity Awareness Month Third year of an Army-wide awareness effort Coincides with National Cyber Security Awareness Month Reinforces the DHS theme: Celebrating 5 Years of Stop. Think. Connect. Focus on risk management and insider threat Build awareness of all Army leaders the need to assess and manage risks, conduct continuous monitoring practices to identify, assess and respond to vulnerabilities Creates a culture of awareness that anticipates, detects, and responds to insider threats before they can impact Army networks Supports the Army s overall capability to continuously assess cyber operational readiness, security and reliability 7

Capability Enterprise Enclave End Point Web Content Filter (WCF) Access Control List (ACL ) SHARKSEER Web Application Filtering (WAF) DMZ HBSS AV HBSS ACCM HBSS DCM (EEMSG) ECOS DNSSEC HBSS HIPS (ERS) Arbor HBSS HBSS PA.mil Proxy SSL Proxy HBSS RSD EMET IAVM STIGS CMRS ACAS 8

Cyber Workforce Workforce Roles. Consensus on characterizing civilian cyberspace work roles. Matrix derived from DoD s implementation of NICE framework. Color-coding associates DCWF with three CF17 work role classification bins. Parenthetical-coding reflects cross-walk of DCWF/CF17 association with DoDD 8140 cyberspace workforce areas. Consolidated product associating work roles across three references provides foundation for determining training requirements for the civilian cyberspace workforce. National Initiative for Cybersecurity Education (NICE) 9

Civilian Cyberspace Workforce OPT- Overview Goal: To unify the management of the Army civilian cyberspace workforce. Objectives: Establish an Army enterprise methodology to clearly designate, recruit, develop, credential and retain the civilian cyberspace workforce. Develop a training pipeline with viable career management solutions to prepare a cadre of trained civilians to enter cyberspace work roles over the course of their careers. Implement best practices for recruiting, developing and retaining the civilian cyberspace workforce across the Army and DoD. 2210 IT Management (CP-34) 0391 Telecommunications (CP-34) 0855 Electronics Engineer (CP-16) 0854 Computer Engineer (CP-16) 1550 Computer Scientist (CP-16) 22100132 Intelligence Ops (CP-35) 22110080 Security Adm (CP-35/CP-19) 22121811 Criminal Investigation (CP-19) 1515 Ops Research (CP-36/CP-11) *Derived from December 2014 OPM memorandum extending use of Schedule A Authority 10

Final Thoughts 11

Stay Connected! 12

Unified Cybersecurity Ms. Essye Miller Director, Cybersecurity Army CIO/G-6 October 15, 2015 13

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information