Cyber Community Highlights

Similar documents
Team Redstone Exhibition (TREx)

Cyber R &D Research Roundtable

CYBERSECURITY CHALLENGES FOR DOD ACQUISITION PROGRAMS. Steve Mills Professor of Information Technology

NICE and Framework Overview

CYBERSECURITY CHALLENGES FOR DOD ACQUISITION PROGRAMS. Steve Mills DAU-South

Cybersecurity is one of the most important challenges for our military today. Cyberspace. Cybersecurity. Defending the New Battlefield

How To Evaluate A Dod Cyber Red Team

Defense Acquisition Review Journal

Cybersecurity Throughout DoD Acquisition

TechNet Land Forces South Small Business Opportunities. Carey Webster Director, Federal Information Solutions Deltek

A Comprehensive Cyber Compliance Model for Tactical Systems

STIGs,, SCAP and Data Metrics

Cybersecurity: The Defense Perspective

OFFICE OF THE SECRETARY OF DEFENSE 1700 DEFENSE PENTAGON WASHINGTON, DC

System Security Engineering

UNCLASSIFIED. UNCLASSIFIED Office of Secretary Of Defense Page 1 of 8 R-1 Line #50

Virtual Learning Tools in Cyber Security Education

Cybersecurity Training in OT&E for DOT&E Action Officers

Analysis One Code Desc. Transaction Amount. Fiscal Period

How to use the National Cybersecurity Workforce Framework. Your Implementation Guide

Department of Defense INSTRUCTION

Certification Programs

Department of Defense DIRECTIVE

Defense Security Service

FREQUENTLY ASKED QUESTIONS

National Initiative for Cyber Security Education

Systems Engineering and Integration Efforts. 11 Dec 2013

Cyber Security Research and Development: A Homeland Security Perspective

Proposed Cybersecurity T&E Process

Department of Defense INSTRUCTION

DoD IA Training Products, Tools Integration, and Operationalization

Team Redstone Small Business

U.S. Army Research, Development and Engineering Command. Cyber Security CRA Overview

CSSIA CompTIA Security+ Domain. Network Security. Network Security. Network Security. Network Security. Network Security

You Don t Know What You Can t See: Network Security Monitoring in ICS Rob Caldwell

Department of Defense INSTRUCTION

Some Thoughts on the Future of Cyber-security

Ms. Sandy Veautour Chief Systems Engineer PSG

CHAIRMAN OF THE JOINT CHIEFS OF STAFF INSTRUCTION

Partnering with Small Business

UNCLASSIFIED. Trademark Information

NETWORK PENETRATION TESTS FOR EHR MANAGEMENT SOLUTIONS PROVIDER

Security Testing for Web Applications and Network Resources. (Banking).

Practical Applications of Software Security Model Chris Nagel

Network Operations (NetOps)

Security Content Automation Protocol for Governance, Risk, Compliance, and Audit

Department of Defense INSTRUCTION

WORKFORCE COMPOSITION CPR. Verification and Validation Summit 2010

Department of Defense DIRECTIVE

Combating Spear-phishing:

Dr. Markus Braendle, Head of Cyber Security, ABB Group 10 Steps on the Road to a Successful Cyber Security Program Asia Pacific ICS Security SUMMIT

DHS, National Cyber Security Division Overview

Forum of International Development Studies 21 (Mar. 2002)

Data- Centric Enterprise Approach to Risk Management Gregory G. Jackson, Sr. Cyber Analyst Cyber Engineering Division Dynetics Inc.

Centers of Academic Excellence in Cyber Security (CAE-C) Knowledge Units Review

AUSA Small Business Panel Small Business Opportunities. M. John Smith Program Manager 14 October 2015

DEPARTMENT OF DEFENSE 6000 DEFENSE PENTAGON WASHINGTON, D.C

We ve been hacked! We did it! Rick Grandy Lockheed Martin Hanford Site

Data Consolidation and Application Optimization (DCAO) Organization

CyberSecurity Solutions. Delivering

Everything You Wanted to Know about DISA STIGs but were Afraid to Ask

UNCLASSIFIED/FOR OFFICIAL USE ONLY. Department of Homeland Security (DHS) Continuous Diagnostics & Mitigation (CDM) CDM Program Briefing

Subj: DEPARTMENT OF THE NAVY CYBERSECURITY/INFORMATION ASSURANCE WORKFORCE MANAGEMENT, OVERSIGHT, AND COMPLIANCE

Tim Denman Systems Engineering and Technology Dept Chair/ Cybersecurity Lead DAU South, Huntsville

FedVTE Training Catalog SUMMER advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov

EFFECTIVE VULNERABILITY SCANNING DEMYSTIFYING SCANNER OUTPUT DATA

Mark S. Orndorff Director, Mission Assurance and NetOps

Next-Generation Penetration Testing. Benjamin Mossé, MD, Mossé Security

EC-Council Certified Security Analyst (ECSA)

OFFICE OF THE SECRETARY OF DEFENSE 1700 DEFENSE PENTAGON WASHINGTON, DC

Deep Security/Intrusion Defense Firewall - IDS/IPS Coverage Statistics and Comparison

Cyber Watch. Written by Peter Buxbaum

Advanced & Persistent Threat Analysis - I

PLATFORM IT GUIDANCE

Technical Writing For JEM PMR 1 - A Practical Paper

Ocean Class AGOR Program Acquisition Status. Prepared by PEO Ships, PMS325Q For UNOLS Annual meeting 13 October 2009

FedVTE Training Catalog SPRING advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov

Consolidated Afloat Networks and Enterprise Services (CANES)

A Woman- Owned, Small Business. Capability Briefing. March 2014

Contracting Officers Representative Tracking Tool

Information Assurance Program at West Point

Presentation to NDIA 16th Annual Systems Engineering Conference Hyatt Regency, Crystal City, VA October 2013

Report Book: Retina Network Security Scanner Unlimited

Business and Enterprise Systems Deputy PEO

Penetration Testing with Kali Linux

TOP SECRET//SI//REL TO USA, AUS, CAN, GBR, NZL TOP SECRET//SI//REL TO USA, AUS, CAN, GBR, NZL. (U) SIGINT Strategy February 2012

If you know the enemy and know yourself, you need not fear the result of a hundred battles.

Hardware Enabled Zero Day Protection

UNCLASSIFIED. UNCLASSIFIED Air Force Page 1 of 6 R-1 Line #165

How SPAWAR s Information Technology & Information Assurance Technical Authority Support Navy Cybersecurity Objectives

Security-as-a-Service (Sec-aaS) Framework. Service Introduction

Case 2:08-cv ABC-E Document 1-4 Filed 04/15/2008 Page 1 of 138. Exhibit 8

AFCEA Aberdeen Luncheon. Army Common Operating Environment (COE) Update. March 11, 2015

National Initiative for Cybersecurity Education

Transcription:

Cyber Community Highlights March 13, 2015 Presented by: Rob Goldsmith, AMRDEC Cyber Lead

Cyber Stakeholders S&T, RDT&E, Materiel Developers Academia (Local) Operational Units & Agencies (Sample) Federally Funded Research and Development Centers (FFRDCs) (e.g. Sandia Nat l Lab, Oak Ridge Nat l Lab, etc.) Defense Industrial Base 2

Operationalizing Cyber 3

What Is Key Terrain? BG Gouverneur Warren Discovered By Chance That Little Round Top Was Undefended Sent For Help From Any Available Units 4

What Is Key Terrain? Don t Give An Inch! Last Words Of COL Strong Vincent Union Leader Who Rushed Troops To Little Round Top Mortally Wounded Defending The Right Flank 5

What Is Key Terrain? Little Round Top (Left), Big Round Top (Right) COL Joshua Chamberlain Union Leader On The Left Flank Of Little Round Top Out Of Ammo, Unable To Withstand Another Assault, He Led His Men In A Bayonet Attack Holding The Line 6

What Is Key Terrain? COL Patrick Paddy O Rorke Union Leader Killed Leading The 140 th New York Charged Into Battle, Saved The Right Flank, Held Little Round Top Western Slope Of Little Round Top & Right Flank Of The Union Line 7

Conclusion To Protect Everything Is To Protect Nothing Focusing Resources Protecting Cyber Key Terrain Is Critical In Today s Environment Key Terrain Can Only Be Identified When There Is An Operational Context Risk To Missions Should Be Managed By Operational Leaders Operations Must Be Able To Understand Risk Introduced Through The Cyber Domain And Direct Actions Of Other Staff Elements 8

Cyber Key Terrain Top Level Mission Critical Mission Tasks/Sub Tasks Cyber Capabilities Critical Assets Mission Decomposition Mission to Assets Primary: Commander & G3/Ops Secondary: CIO/G6, Threat Intel/G2 Cyber Characterization Not All Cyber Capabilities Supporting The Critical Tasks Are Critical Identify Critical Capabilities = Cyber Key Terrain Primary: CIO/G6 Secondary: G3/Ops, Threat Intel/G2 Risk Analysis Apply Vulnerability, Threat, And Risk Assessment Against Each Cyber Asset Primary: CIO/G6, Threat Intel/G2 Secondary: G3/Ops 9

Materiel Developer SSE There Are Gaps In Current Security Requirements In Some Cases, Requirements Are Not Clear Or Even Defined Yet The Spectrum Of System Security Engineering Includes A Number Of Disparate Efforts AMRDEC Integrates These Activities For Materiel Developers 100% 95% 85% 80% 60% Activity Red Team BlueTeam HW/FW Testing Software Assurance Information Assurance Guidance DoDD O-8530.1 DoDI O-8530.2 CJCSI 6510.01 DoDI 5200.44 2013 NDAA DoDI 5200.39 DISA STIG DoDI 5200.44 DoDD 8500.01 DoDI 8500.2 DoDI 8510.01 Army BBPs CJCSI 6510.01 Tools NMap, Nessus, MetaSploit, Burp Suite, Air Crack, Wireshark, etc. FIB, SEM, X-Ray, etc. AdaCore CodePeer, CheckMarx, Fortify, AppScan, Coverity, etc. CTRAD, FireEye, etc. Retina, SCAP Compliance Checker (XCCDF), STIG Viewer, SRRs 10

Blue Team vs. IA Support 95% 85% BlueTeam DoDD O-8530.1 DoDI O-8530.2 CJCSI 6510.01 NMap, Nessus, MetaSploit, Burp Suite, Air Crack, Wireshark, etc. How Is The BT Different From The Program IA Person? 1. Higher Skill Set. IA Person Can Identify Many Known Vulnerabilities. BT Personnel Can Exploit Those Vulnerabilities. They Can Find Vulnerabilities Not Identified Through Basic Compliance Checks. 2. Different Focus. IA Focuses On Compliance With IA Controls. BT Leverages Available Information, Including C&A Results, But Focuses On Testing And Exploiting. 3. Different Tools. IA Person Uses SCAP And Retina. BT Must Employ Non- Standard Tools Used By Adversaries To Exploit Systems. 4. Different Methods. IA Person Checks For Compliance Against Standards. BT Uses As Many Methods Available To Attackers As Possible, Including Social Engineering And Close Access. 5. Different Mission. IA Person s Goal Is Accreditation. BT Goal Is System Security. 11

Elements Of Cyber Testing Materiel Solution Cyber Testing Shift Left An Iterative Process Embedded With SEs 90% An Event Certified DT 5% Blue Team An Event Certified OT 5% Common Tools & TTPs Beyond DIACAP/RMF! 12

Cyber Integrator (CI) Cyber Integrator Pilot For ACAT 1D Program Senior Cyber SME Works For Chief Engineer Cyber Dashboard Communicates Cyber Risk DAU / AMRDEC Co-Authored Articles for AT&L Magazine Presented At Feb 2015 DAU Winter Panel Sep/Oct 2014 Mar/Apr 2015 13

Team Redstone Cyber Senior Leaders Collaborating & Coordinating Cyber Activities And Funding AMRDEC SMDC PEO M&S PEO AVN AMCOM Others Synchronizing Cyber R&D Efforts Towards a Common Objective Developing Cyber Security R&D Road Maps (Reqs/Needs, Gaps, Plans) Determining Effective & Efficient Contract Strategies 14

Team Redstone Cyber Initiatives Kicked Off In 2014 Community Cyber Demonstration Tentatively Planned For 2017 Upcoming Team Redstone Engagements with Industry in FY15: Southeastern Cyber Security Summit, Huntsville, 3 4 Jun 2015 Team Redstone Cyber Industry Forum, TBD, Summer 2015 4 Apr Executive- Level Kick Off Meeting 21 May Action- Officer Briefings 27 Jan Meeting MSIC Brief OTA Brief 5 Mar APBI Briefing To Industry RSA Cyber Proof Of Concept Demonstration 1 Qtr 2 Qtr 3 Qtr 4 Qtr 1 Qtr 2 Qtr 3 Qtr 4 Qtr 1 Qtr 2 Qtr 3 Qtr 4 Qtr 2014 2015 2017 15

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information