It s just software Or It s all software and it s the new normal
|
|
- Gavin Pierce
- 6 years ago
- Views:
Transcription
1 NSWCDD-PN t s just software Or t s all software and it s the new normal John Seel, Ph.D. Distinguished Engineer for Warfare s Software John.seel@navy.mil
2 Thoughts about software We ve moved from a model of it s just software to a model where software is the key ingredient in many systems Software sustainment requires domain expertise and software expertise Software sustainment is about: Continuous engineering and technical debt Fixing errors and problems with existing software New capabilities, new hardware, new cyber challenges There is no reset in software sustainment, only changes from the baseline Software sustainment triggers: The complete systems engineering process Re-design or re-factoring of existing code Potentially Recertification 2 2
3 Software Reliant Warfare s Challenges Number Software Size, Reliance, Complexity, and Cyber Threats Cost, Schedule, & Technical Challenges overnment in-house applied Software Expertise * Verified in documented performance result reports of DOD software system acquisition Time Challenges include ever increasing: - Demand for faster and cheaper development and delivery of systems to meet emergent needs & threats - Pressure to cut corners and not utilize rigorous and disciplined data-driven bestpractices/processes - Cyber threats and associated information and software assurance requirements - and -of- (SOS) complexity and inter-dependencies - Rapid evolution of software technologies and methodologies A single wrong character in the thousands to millions of lines-of-code can result in a mission critical failure 3 3
4 Engineer-n Quality, Safety, Security, and Resiliency OAL: Define, develop and deliver high quality, safe secure and resilient systems nformation Assurance (A) compliance (patches) does NOT equal cyber security Utilize processes, tools, and technology to facilitate vulnerability/threat detection, isolation, and recovery Define Assurance and Resiliency Requirements Architect/Design resilient defense-in-depth systems Protect-Detect-solate-Endure-Recover -Limit interfaces to external systems - dentify and harden (firewall) critical control points (interfaces) - Add processing to Detect cyber intrusions - solate and limit consequences (protect mission critical components)- - Endure through the Cyber intrusion to successfully complete the mission - Return the system to a trusted state Utilize multiple-tools to remove vulnerabilities during development Mission & Stakeholder Analysis Concept eneration Requirements Definition. SYSTEM ANALYSS & CONTROL User Centered, Risk Focused, and Total-Cost based Engineering Analysis and Assessment: Modeling & Simulation Architecture nterface Definition Configuration Management Specialty Engineering: Anti-Tamper, Environmental, Human s ntegration nformation Assurance, Logistics, Safety, Training, etc. Verification, Validation, & Certification ntegration &Test nformation Assurance Patches only Decommission address& Dispose Known threats Train, Operate,& Support Deploy/nstall Cannot test in system & software security & resiliency Define and utilize metrics and tools to quantify sw vulnerability, survivability, resiliency, and risk Subsystem/nterface Design Subsystem ntegration/test Utilize data-driven best engineering practices nclude independent Audits to ensure best practices Build and Unit Test (Hardware/Software) Assurance : The level of confidence that system functions as intended and is free of vulnerabilities, either intentionally or unintentionally designed or inserted as part of the software throughout the lifecycle. Application of technologies and processes to achieve a required level of confidence that systems and services function in the intended manner, are free from accidental or intentional vulnerabilities, provide security capabilities appropriate to the threat environment, and recover from intrusions and failures. 4
5 Common Software Oversight and ntegration Challenges Software Development Responsibility % DEFNE Req s ARCHTECT & Software DEVELOP & Software Key: : NSWCDD SMEs : ndustry Organizations NTERATE & TEST A common software (sw) system acquisition approach is for the government to over-rely on private industry for the sw architecure, design, and coding activities overnment interaction with the sw development effort is limited to reactive (versus proactive) technical reviews nd Engineering Technical Reviews (SETRs) E.. SRR, SFR, PDR, CDR, TRR, This approach frequently results* in: - Vendor-Lock & Proprietary Software - Cost & Schedule Overruns - Poor Quality - Non Modular Open s Architecure (MOSA) - ntegration ssues Limited insight and understanding of the sw development organization(s) development approach, processes, methodologies, toolsets, and if best-practices are being utilized Limited insight or understanding of private industries cost/schedule/quality Basis-of-Estimates (BOEs) - Failure to validate estimates against actual historical performance for that specific contractor Lack of leading-indicators (metrics) for sw development cost, schedule, technical performance and quality Lack of regular data-driven performance/risk management reviews that include gov t software experts Limited insight and understanding of SW arch, design, interfaces (SETRs occur too late to address issues) * As documented in numerous studies/reports from the ov t Accounting Office (AO), Defense Science Board (DSB), Carnegie Mellon University Software Engineering nstitute (CMU SE), and others 5 5
6 Software Success Teaming: ndustry & overnment in-house expertise overnment and ndustry SW development Teaming Approach: ov t engineers responsible not just for oversight but also for actual development (subset of sw architecture, design and coding) Benefits: Provides PMs with business and technical advantages Provides Program Managers with access to in-house sw experts Facilitates controlling cost: government is not solely reliant on industry expertise Enables transitioning sw between development organizations if req d due to performance issues Provides industry with a true technical peer to help negotiate fair cost, schedule, and technical approach Teaming With ndustry Software Development Responsibility % DEFNE Req s ARCHTECT & Software DEVELOP & Software Hands-On Development NTERATE & TEST Key: : NSWCDD SMEs : ndustry Organizations ov t n-house Applied Expertise Pipeline Responsibility & Complexity ov t hands-on sw development at all levels of complexity is required to maintain expertise pipeline& be a technical peer with industry Mission and s-of-s Level Level Component Level nd Sub-Components Level Time / Experience ov t Software Experts team with ndustry SW Experts to Define, Design, Develop, and Deliver Software s 6 6 6
7 Keys to Software Project Oversight and ntegration Success* Proposals that include Cost, Schedule and Quality estimation Basis-Of-Estimates AND historical data that demonstrates the contractor can execute within the estimates and goals Data-driven continuous improvement ; and historical data/demonstration of this capability Contracts that specify and require: Documented Mature Data-Driven Best-Practice Based SW Development Processes Software Assurance and reliability requirements Modular Open s Architecure (MOSA) ov t ownership rights of Source Code and ALL other supporting documentation, scripts, problem reports, & quality metrics, etc. ncluding all libraries, environments, etc required to compile and regenerate the executables Frequent structured data-driven communication, including metrics and leading indicators for cost, schedule Utilization of Formal best-practice based management of Requirements, nterfaces, Risk and Configurations Adequate Cost, Schedule and Resources to develop and/ or utilize model-based-system-engineering, automated testing, models/simulations, data-extraction and other non-operationally-delivered sw products Not the complete set of best practices; just a selected subset of proven techniques 7 7
8 overnment and ndustry SW Development Teaming Consistent Success Rapid Development Tactical Development Strategic Development Detect-Track-Engage s: Lasers, Precision Munitions, uns, Lethal & Non-Lethal Tomahawk Weapon Control Surface Warfare Mission Module (Littoral Combat Ship) Submarine Ballistic Missile Mission Planning and Fire Control s 10+ years 30+ years 50+ years ov t in-house developers teaming with industry developers has been successfully utilized for some of the Navy s most mission critical systems for many decades December 2016 SW Quality assessment - Data from 10 programs,15 systems, 177 different sw components, and 110 deliveries between Wide range of systems: Missile, un, Laser Weapon/Fire Control & Mission Planning systems - Wide range of sw size: 9 Million Source-Lines-of-Code (SLOC) to several-thousand SLOC - Wide range of sw development approaches: Nuclear Certified, DOD 5000 Waterfall, Agile, Rapid Consistent high quality software delivered on schedule and within budget - Operationally successful and proven results (e.g. Tomahawk Weapon Control, Battle Management ) - Well over 90% of projects delivered software with ZERO open mission critical defects - Well over 90% of systems reported ZERO mission critical defects after operational delivery 8 8
9 Technical Excellence, Rigor, and Discipline MATTERS We develop some of the most lethal and dangerous systems in the history of mankind These are our friends & colleagues husbands & wives mothers & fathers sons & daughters brothers & sisters THER LVES DEPEND ON US We must deliver safe, reliable, secure, and high quality systems 9
Cybersecurity in Acquisition
Kristen J. Baldwin Acting Deputy Assistant Secretary of Defense for Systems Engineering (DASD(SE)) Federal Cybersecurity Summit September 15, 2016 Sep 15, 2016 Page-1 Acquisition program activities must
More informationAchieving DoD Software Assurance (SwA)
Achieving DoD Software Assurance (SwA) Thomas Hurt Office of the Deputy Assistant Secretary of Defense for Systems Engineering 20th Annual NDIA Systems Engineering Conference Springfield, VA October 26,
More informationCyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS
Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS Continual disclosed and reported
More informationThe Perfect Storm Cyber RDT&E
The Perfect Storm Cyber RDT&E NAVAIR Public Release 2015-87 Approved for public release; distribution unlimited Presented to: ITEA Cyber Workshop 25 February 2015 Presented by: John Ross NAVAIR 5.4H Cyberwarfare
More informationUNCLASSIFIED FY 2016 OCO. FY 2016 Base
Exhibit R-2, RDT&E Budget Item Justification: PB 2016 Office of the Secretary Of Defense Date: February 2015 0400: Research, Development, Test & Evaluation, Defense-Wide / BA 3: Advanced Technology Development
More informationUNCLASSIFIED. FY 2016 Base FY 2016 OCO
Exhibit R-2, RDT&E Budget Item Justification: PB 2016 Office of the Secretary Of Defense Date: February 2015 0400: Research, Development, Test & Evaluation, Defense-Wide / BA 2: COST ($ in Millions) Prior
More informationDefence services. Independent systems and technology advice that delivers real value. Systems and Engineering Technology
Defence services Independent systems and technology advice that delivers real value Systems and Engineering Technology Frazer-Nash Consultancy Working in the UK and internationally, Frazer-Nash is making
More informationSystems 2020 Strategic Initiative Overview
Systems 2020 Strategic Initiative Overview Kristen Baldwin ODDR&E/Systems Engineering 13 th Annual NDIA Systems Engineering Conference San Diego, CA October 28, 2010 Oct 2010 Page-1 DISTRIBUTION STATEMENT
More informationAcquisition and Intelligence Community Collaboration
Acquisition and Intelligence Community Collaboration Kristen Baldwin Deputy Director, Software Engineering and System Assurance Office of the Deputy Under Secretary of Defense (Acquisition and Technology)
More informationCorporate Capabilities
Corporate Capabilities 2017 Summary Thomas Edison stated, "there's a way to do it better find it." intellisolutions is 3 rd party certified as a Woman-Owned Small Business (WOSB)*. Founded in 2006 in San
More informationCyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.
Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK. In today s escalating cyber risk environment, you need to make sure you re focused on the right priorities by
More informationDepartment of Defense (DoD) Joint Federated Assurance Center (JFAC) Overview
Department of Defense (DoD) Joint Federated Assurance Center (JFAC) Overview Kristen Baldwin Principal Deputy, Office of the Deputy Assistant Secretary of Defense for Systems Engineering (DASD(SE)) 17
More informationDELIVERING SIMPLIFIED CYBER SECURITY JOURNEYS
DELIVERING SIMPLIFIED CYBER SECURITY JOURNEYS Building digital trust and cyber security resilience is no longer just an IT issue, it s a business mandate. Fusion brings a simplified approach to our client
More informationCyber Challenges and Acquisition One Corporate View
Sentar Inc 315 Wynn Dr Huntsville, AL 35805 256-430-0860 www.sentar.com Cyber Challenges and Acquisition One Corporate View Defense Acquisition University Conference Huntsville, AL February 22-23, 2011
More informationEvolving the Security Strategy for Growth. Eric Schlesinger Global Director and CISO Polaris Alpha
Evolving the Security Strategy for Growth Eric Schlesinger Global Director and CISO Polaris Alpha Evolving the Security Strategy for Growth Where Do We Start? Our History, Making History In late 2016,
More informationOPTIMIZATION MAXIMIZING TELECOM AND NETWORK. The current state of enterprise optimization, best practices and considerations for improvement
MAXIMIZING TELECOM AND NETWORK OPTIMIZATION The current state of enterprise optimization, best practices and considerations for improvement AOTMP.com The Next Evolution of Telecom Management OVERVIEW As
More informationSolutions Technology, Inc. (STI) Corporate Capability Brief
Solutions Technology, Inc. (STI) Corporate Capability Brief STI CORPORATE OVERVIEW Located in the metropolitan area of Washington, District of Columbia (D.C.), Solutions Technology Inc. (STI), women owned
More informationDELIVERING MISSION BASED OUTCOMES TO THE INTELLIGENCE COMMUNITY SINCE 2002 MISSION-DRIVEN SOLUTIONS 1
DELIVERING MISSION BASED OUTCOMES TO THE INTELLIGENCE COMMUNITY SINCE 2002 MISSION-DRIVEN SOLUTIONS 1 MISSION-DRIVEN SOLUTIONS 2018 INTEGRATED INTEL SOLUTIONS ALL RIGHTS RESERVED MISSION-DRIVEN SOLUTIONS
More informationSecurity Monitoring Engineer / (NY or NC) Director, Information Security. New York, NY or Winston-Salem, NC. Location:
Position: Reports to: Location: Security Monitoring Engineer / (NY or NC) Director, Information Security New York, NY or Winston-Salem, NC Position Summary: The Clearing House (TCH) Information Security
More informationTRIAEM LLC Corporate Capabilities Briefing
TRIAEM LLC Corporate Capabilities Briefing 3/4/ 1 CORPORATE OVERVIEW CORPORATE VALUES MISSION STATEMENT SERVICES WORKFORCE EXPERIENCE CORPORATE CONTACTS 3/4/ 2 CORPORATE OVERVIEW TRIAEM is certified through
More informationDEVELOP YOUR TAILORED CYBERSECURITY ROADMAP
ARINC cybersecurity solutions DEVELOP YOUR TAILORED CYBERSECURITY ROADMAP Getting started is as simple as assessing your baseline THE RIGHT CYBERSECURITY SOLUTIONS FOR YOUR UNIQUE NEEDS Comprehensive threat
More informationDefense Engineering Excellence
Defense Engineering Excellence Kristen J. Baldwin Principal Deputy Office of the Deputy Assistant Secretary of Defense for Systems Engineering, OUSD(AT&L) 18th Annual NDIA Systems Engineering Conference
More informationCertified Information Systems Auditor (CISA)
Certified Information Systems Auditor (CISA) 1. Domain 1 The Process of Auditing Information Systems Provide audit services in accordance with IT audit standards to assist the organization in protecting
More informationUNCLASSIFIED FY 2016 OCO. FY 2016 Base
Exhibit R-2, RDT&E Budget Item Justification: PB 2016 Office of the Secretary Of Defense Date: February 2015 0400:,, Test & Evaluation, Defense-Wide / BA 3: Advanced Technology (ATD) COST ($ in Millions)
More informationUNCLASSIFIED. R-1 Program Element (Number/Name) PE D8Z / Software Engineering Institute (SEI) Applied Research. Prior Years FY 2013 FY 2014
Exhibit R-2, RDT&E Budget Item Justification: PB 2015 Office of Secretary Of Defense Date: March 2014 0400: Research, Development, Test & Evaluation, Defense-Wide / BA 2: COST ($ in Millions) Prior Years
More informationHow to Underpin Security Transformation With Complete Visibility of Your Attack Surface
How to Underpin Security Transformation With Complete Visibility of Your Attack Surface YOU CAN T SECURE WHAT YOU CAN T SEE There are many reasons why you may be considering or engaged in a security transformation
More informationUNCLASSIFIED. UNCLASSIFIED Office of Secretary Of Defense Page 1 of 8 R-1 Line #18
Exhibit R-2, RDT&E Budget Item Justification: PB 2015 Office of Secretary Of Defense Date: March 2014 0400: Research, Development, Test & Evaluation, Defense-Wide / BA 2: Applied Research COST ($ in Millions)
More informationImplementing a Modular Open Systems Approach (MOSA) to Achieve Acquisition Agility in Defense Acquisition Programs
Implementing a Modular Open Systems Approach (MOSA) to Achieve Acquisition Agility in Defense Acquisition Programs Philomena Zimmerman Office of the Deputy Assistant Secretary of Defense for Systems Engineering
More informationIT Consulting and Implementation Services
PORTFOLIO OVERVIEW IT Consulting and Implementation Services Helping IT Transform the Way Business Innovates and Operates 1 2 PORTFOLIO OVERVIEW IT Consulting and Implementation Services IT is moving from
More informationModular Open Systems Approach (MOSA) Panel on Standards
Modular Open Systems Approach (MOSA) Panel on Standards Ms. Phil Zimmerman Deputy Director, Engineering Tools and Environments Office of the Deputy Assistant Secretary of Defense on Systems Engineering
More informationIntegrated C4isr and Cyber Solutions
Integrated C4isr and Cyber Solutions When Performance Matters L3 Communication Systems-East provides solutions in the C4ISR and cyber markets that support mission-critical operations worldwide. With a
More informationVirtustream Cloud and Managed Services Solutions for US State & Local Governments and Education
Data Sheet Virtustream Cloud and Managed Services Solutions for US State & Local Governments and Education Available through NASPO ValuePoint Cloud Services VIRTUSTREAM CLOUD AND MANAGED SERVICES SOLUTIONS
More informationEngineered Resilient Systems Advanced Analytics and Modeling in Support of Acquisition
Engineered Resilient Systems Advanced Analytics and Modeling in Support of Acquisition David R. Richards Lead Technical Director for ERS US Army Engineer Research and Development Center (ERDC) Research
More informationDefining the Challenges and Solutions. Resiliency Model. A Holistic Approach to Risk Management. Discussion Outline
Resiliency Model A Holistic Approach to Risk Management Discussion Outline Defining the Challenges and Solutions The Underlying Concepts of Our Approach Outlining the Resiliency Model (RM) Next Steps The
More informationAMRDEC CYBER Capabilities
Presented to: HAMA AMRDEC CYBER Capabilities Distribution Statement A: Approved for public release: distribution unlimited 08 July 16 Presented by: Julie Locker AMRDEC Cyber Lead U.S. Army Aviation and
More informationDoD Strategy for Cyber Resilient Weapon Systems
DoD Strategy for Cyber Resilient Weapon Systems Melinda K. Reed Office of the Deputy Assistant Secretary of Defense for Systems Engineering NDIA Systems Engineering Conference October 2016 10/24/2016 Page-1
More informationSYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security
SYMANTEC: SECURITY ADVISORY SERVICES Symantec Security Advisory Services The World Leader in Information Security Knowledge, as the saying goes, is power. At Symantec we couldn t agree more. And when it
More informationSDLC Maturity Models
www.pwc.com SDLC Maturity Models SecAppDev 2017 Bart De Win Bart De Win? 20 years of Information Security Experience Ph.D. in Computer Science - Application Security Author of >60 scientific publications
More informationINFORMATION ASSURANCE DIRECTORATE
National Security Agency/Central Security Service INFORMATION ASSURANCE DIRECTORATE CGS Deployment Deployment is the phase of the system development lifecycle in which solutions are placed into use to
More informationCritical Infrastructure Security Vulnerability Assessment. A New Approach. Norman Bird - Senior Technical Lead - Nuclear Security
Critical Infrastructure Security Vulnerability Assessment A New Approach Norman Bird - Senior Technical Lead - Nuclear Security Critical Infrastructure Protection and Resilience Europe (CIPRE) Securing
More informationIT-CNP, Inc. Capability Statement
Securing America s Infrastructure Security Compliant IT Operations Hosting Cyber Security Information FISMA Cloud Management Hosting Security Compliant IT Logistics Hosting 1 IT-CNP, Inc. is a Government
More informationHQ 754 th Electronic Systems Group. Application Software Assurance Center of Excellence (ASACoE) Maj Michael Kleffman, CTO ASACoE
HQ 754 th Electronic Systems Group Application Software Assurance Center of Excellence (ASACoE) Maj Michael Kleffman, CTO ASACoE Overview Context and Mission Resources and Tempo Accomplishments Services
More informationRethinking Cybersecurity from the Inside Out
Rethinking Cybersecurity from the Inside Out An Engineering and Life Cycle-Based Approach for Building Trustworthy Resilient Systems Dr. Ron Ross Computer Security Division Information Technology Laboratory
More informationIncentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO
White Paper Incentives for IoT Security May 2018 Author: Dr. Cédric LEVY-BENCHETON, CEO Table of Content Defining the IoT 5 Insecurity by design... 5 But why are IoT systems so vulnerable?... 5 Integrating
More informationQuickBooks Online Security White Paper July 2017
QuickBooks Online Security White Paper July 2017 Page 1 of 6 Introduction At Intuit QuickBooks Online (QBO), we consider the security of your information as well as your customers and employees data a
More informationCyber Security For Business
Cyber Security For Business In today s hostile digital environment, the importance of securing your data and technology cannot be overstated. From customer assurance, liability mitigation, and even your
More informationRBI GUIDELINES ON CYBER SECURITY AND RAKSHA APPROACH
RBI GUIDELINES ON CYBER SECURITY AND RAKSHA APPROACH RBI GUIDELINES ON CYBER SECURITY AND RAKSHA APPROACH CONTEXT RBI has provided guidelines on Cyber Security Framework circular DBS. CO/CSITE/BC.11/33.01.001/2015-16
More informationISA 201 Intermediate Information Systems Acquisition
ISA 201 Intermediate Information Systems Acquisition 1 Lesson 8 (Part A) 2 Learning Objectives Today we will learn to: Overall: Apply cybersecurity analysis throughout acquisition lifecycle phases. Analyze
More informationUNCLASSIFIED R-1 ITEM NOMENCLATURE FY 2013 OCO
Exhibit R-2, RDT&E Budget Item Justification: PB 2013 Office of Secretary Of Defense DATE: February 2012 0400: Research,, Test & Evaluation, Defense-Wide BA 3: Advanced Technology (ATD) COST ($ in Millions)
More informationSystems Engineering and System Security Engineering Requirements Analysis and Trade-Off Roles and Responsibilities
Systems Engineering and System Security Engineering Requirements Analysis and Trade-Off Roles and Responsibilities Melinda Reed Office of the Deputy Assistant Secretary of Defense for Systems Engineering
More informationBalancing Compliance and Operational Security Demands. Nov 2015 Steve Winterfeld
Balancing Compliance and Operational Security Demands Nov 2015 Steve Winterfeld What is more important? Compliance with laws / regulations Following industry best practices Developing a operational practice
More informationINFORMATION SECURITY. One line heading. > One line subheading. A briefing on the information security controls at Computershare
INFORMATION SECURITY A briefing on the information security controls at Computershare One line heading > One line subheading INTRODUCTION Information is critical to all of our clients and is therefore
More informationAgenda. Bibliography
Humor 2 1 Agenda 3 Trusted Digital Repositories (TDR) definition Open Archival Information System (OAIS) its relevance to TDRs Requirements for a TDR Trustworthy Repositories Audit & Certification: Criteria
More informationIndustry role moving forward
Industry role moving forward Discussion with National Research Council, Workshop on the Resiliency of the Electric Power Delivery System in Response to Terrorism and Natural Disasters February 27-28, 2013
More informationRocky Mountain Cyberspace Symposium 2018 DoD Cyber Resiliency
Rocky Mountain Cyberspace Symposium 2018 DoD Cyber Resiliency Mr. Ed Brindley Acting Deputy Cyber Security Department of Defense 7 March 2018 SUPPORT THE WARFIGHTER 2 Overview Secretary Mattis Priorities
More informationJoint Federated Assurance Center (JFAC): 2018 Update. What Is the JFAC?
21 st Annual National Defense Industrial Association Systems and Mission Engineering Conference Joint Federated Assurance Center (JFAC): 2018 Update Thomas Hurt Office of the Under Secretary of Defense
More informationProtecting your data. EY s approach to data privacy and information security
Protecting your data EY s approach to data privacy and information security Digital networks are a key enabler in the globalization of business. They dramatically enhance our ability to communicate, share
More informationProgram Protection Implementation Considerations
Program Protection Implementation Considerations Melinda Reed Deputy Director for Program Protection Office of the Deputy Assistant Secretary of Defense for Systems Engineering NDIA Program Protection
More informationA Supply Chain Attack Framework to Support Department of Defense Supply Chain Security Risk Management
A Supply Chain Attack Framework to Support Department of Defense Supply Chain Security Risk Management D r. J o h n F. M i l l e r T h e M I T R E C o r p o r a t i o n P e t e r D. K e r t z n e r T h
More informationAirmen & community support missions. Two decades of taking risk in infrastructure created a fiscally unsustainable posture.
Airbases are a determining factor in the success of air operations. The two-legged stool of men and planes would topple over without this equally important third leg. General Henry H. Hap Arnold PURPOSE
More informationNaval Surface Warfare Center,
CAPT Brian R. Durant Commander NSWCDD Technical Director - (540) 653-8103 Dennis M. McLaughlin Technical Director Naval Surface Warfare Center, Dahlgren Naval Undersea DivisionWarfare Center The The Leader
More informationKenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data
Kenna Platform Security A technical overview of the comprehensive security measures Kenna uses to protect your data V3.0, MAY 2017 Multiple Layers of Protection Overview Password Salted-Hash Thank you
More informationAccelerate Your Enterprise Private Cloud Initiative
Cisco Cloud Comprehensive, enterprise cloud enablement services help you realize a secure, agile, and highly automated infrastructure-as-a-service (IaaS) environment for cost-effective, rapid IT service
More informationBusiness Architecture Implementation Workshop
Delivering a Business Architecture Transformation Project using the Business Architecture Guild BIZBOK Hands-on Workshop In this turbulent and competitive global economy, and the rapid pace of change in
More informationTHE BENEFITS OF DOING THE SAME THING, THE SAME WAY, EVERYWHERE
Approved for Public Release THE BENEFITS OF DOING THE SAME THING, THE SAME WAY, EVERYWHERE Tim Swett, Lianne Poisson, Twila Pfieffer, Danny Poisson Raytheon Company GBS Information Technology liveworx.com
More informationTwilio cloud communications SECURITY
WHITEPAPER Twilio cloud communications SECURITY From the world s largest public companies to early-stage startups, people rely on Twilio s cloud communications platform to exchange millions of calls and
More informationAvionics Cyber T&E Examples Testing Cyber Security Resilience to support Operations in the 3rd Offset Environment
Avionics Cyber T&E Examples Testing Cyber Security Resilience to support Operations in the 3rd Offset Environment 26 January 2017 Presented by: Mr. Chad Miller NAVAIR Cyber T&E What: Replicate Cyber Battlespace
More informationRoles and Responsibilities on DevOps Adoption
Roles and Responsibilities on DevOps Adoption Hasan Yasar Technical Manager, Adjunct Faculty Member Secure Lifecycle Solutions CERT SEI CMU Software Engineering Institute Carnegie Mellon University Pittsburgh,
More informationUNCLASSIFIED R-1 ITEM NOMENCLATURE FY 2013 OCO
Exhibit R-2, RDT&E Budget Item Justification: PB 2013 Office of Secretary Of Defense DATE: February 2012 COST ($ in Millions) FY 2011 FY 2012 Base OCO Total FY 2014 FY 2015 FY 2016 FY 2017 Cost To Complete
More informationAn Integrative Framework for Secure and Resilient Mission Assurance
Sentar Inc 315 Wynn Dr Huntsville, AL 35805 256-430-0860 www.sentar.com An Integrative Framework for Secure and Resilient Mission Assurance 10/18/2010 1 What is^ Mission Assurance? DoD Definition: Mission
More informationCampus IT Modernization OPERATIONAL CONTINUITY FLEXIBLE TECHNOLOGY MODERNIZED SYSTEMS
Campus IT Modernization OPERATIONAL CONTINUITY FLEXIBLE TECHNOLOGY MODERNIZED SYSTEMS Managing the Complexity of IT Modernization Constructing and modernizing a new campus is a complex undertaking, requiring
More informationAdvanced Technology Academic Research Council Federal CISO Summit. Ms. Thérèse Firmin
Advanced Technology Academic Research Council Federal CISO Summit Ms. Thérèse Firmin Acting Deputy DoD CIO Cyber Security Department of Defense 25 January 2018 2 Overview Secretary Mattis Priorities Cybersecurity
More informationDEPARTMENT OF THE AIR FORCE PRESENTATION TO THE SUBCOMMITTEE ON STRATEGIC FORCES U.S. HOUSE OF REPRESENTATIVES
NOT FOR PUBLICATION UNTIL RELEASED BY THE UNITED STATES HOUSE OF REPRESENTATIVES DEPARTMENT OF THE AIR FORCE PRESENTATION TO THE U.S. HOUSE OF REPRESENTATIVES SUBJECT: Assuring National Security Space:
More informationEngineering Improvement in Software Assurance: A Landscape Framework
Engineering Improvement in Software Assurance: A Landscape Framework Lisa Brownsword (presenter) Carol C. Woody, PhD Christopher J. Alberts Andrew P. Moore Agenda Terminology and Problem Scope Modeling
More informationCybersecurity and Program Protection
Cybersecurity and Program Protection Melinda K. Reed Office of the Deputy Assistant Secretary of Defense for Systems Engineering 19 th Annual NDIA Systems Engineering Conference Springfield, Virginia October
More informationRED HAT ENTERPRISE LINUX. STANDARDIZE & SAVE.
RED HAT ENTERPRISE LINUX. STANDARDIZE & SAVE. Is putting Contact us INTRODUCTION You know the headaches of managing an infrastructure that is stretched to its limit. Too little staff. Too many users. Not
More informationSOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT
RSA ARCHER IT & SECURITY RISK MANAGEMENT INTRODUCTION Organizations battle growing security challenges by building layer upon layer of defenses: firewalls, antivirus, intrusion prevention systems, intrusion
More informationContinuous protection to reduce risk and maintain production availability
Industry Services Continuous protection to reduce risk and maintain production availability Managed Security Service Answers for industry. Managing your industrial cyber security risk requires world-leading
More informationAssociation for International PMOs. Expert. Practitioner. Foundation PMO. Learning.
AIPMO Association for International PMOs Expert Practitioner Foundation www.pmolearning.co.uk PMO Learning The Leading Standard and Certification for People Working in PMO Today Understand the Value of
More informationDigital Wind Cyber Security from GE Renewable Energy
Digital Wind Cyber Security from GE Renewable Energy BUSINESS CHALLENGES The impact of a cyber attack to power generation operations has the potential to be catastrophic to the renewables industry as well
More informationLifecycle Performance Care Services. Bulletin 43D02A00-04EN
Performance Care Services Bulletin 43D02A00-04EN As your trusted partner, Yokogawa is always with you to address your concerns whether recognized or hidden. Performance Care Services offer a complete service
More informationAdvancing Sustainment through Public-Private Partnership
Air Force Sustainment Center Advancing Sustainment through Public-Private Partnership Mr. Earl Williams AFSC/LGXB 21 August 2017 Version 1 1 Overview Public-Private Partnerships Public-Private Partnerships
More informationCyber Attacks & Breaches It s not if, it s When
` Cyber Attacks & Breaches It s not if, it s When IMRI Team Aliso Viejo, CA Trusted Leader with Solution Oriented Results Since 1992 Data Center/Cloud Computing/Consolidation/Operations 15 facilities,
More informationTraining and Certifying Security Testers Beyond Penetration Testing
Training and Certifying Security Testers Beyond Penetration Testing Randall W. Rice, CTAL (Full), CTAL-SEC Director, ASTQB Board of Directors www.astqb.org Most organizations do not know the true status
More informationI n t e g r i t y - S e r v i c e - E x c e l l e n c e
I n t e g r i t y - S e r v i c e - E x c e l l e n c e Headquarters U.S. Air Force I n t e g r i t y - S e r v i c e - E x c e l l e n c e AF Chief Information Security Officer (CISO) Mr. Pete Kim (SES)
More informationContinuous Monitoring and Incident Response
Continuous Monitoring and Incident Response Developing robust cyber continuous monitoring and incident response capabilities is mission critical to energy-related operations in today s digital age. As
More informationMission Aware Cybersecurity
Mission Aware Cybersecurity Cody Fleming (UVA) Scott Lucero (OSD) Peter Beling, Barry Horowitz (UVA), Calk Elks (VCU) October 2016 1 Systems Engineering Research Center (SERC) Overview DoD and the Intelligence
More informationSecuring Your Digital Transformation
Securing Your Digital Transformation Security Consulting Managed Security Leveraging experienced, senior experts to help define and communicate risk and security program strategy using real-world data,
More informationEngineering Your Software For Attack
Engineering Your Software For Attack Robert A. Martin Senior Principal Engineer Cyber Security Center Center for National Security The MITRE Corporation 2013 The MITRE Corporation. All rights reserved.
More informationIncident Response Services to Help You Prepare for and Quickly Respond to Security Incidents
Services to Help You Prepare for and Quickly Respond to Security Incidents The Challenge The threat landscape is always evolving and adversaries are getting harder to detect; and with that, cyber risk
More informationBUSINESS CONTINUITY MANAGEMENT PROGRAM OVERVIEW
BUSINESS CONTINUITY MANAGEMENT PROGRAM OVERVIEW EXECUTIVE SUMMARY CenturyLink is committed to ensuring business resiliency and survivability during an incident or business disruption. Our Corporate Business
More informationYour Challenge. Our Priority.
Your Challenge. Our Priority. Building trust and Confidence. When Federal managers and military leaders face tough challenges in cyber, data collection & analytics, enterprise IT or systems and software
More informationSymantec Data Center Transformation
Symantec Data Center Transformation A holistic framework for IT evolution As enterprises become increasingly dependent on information technology, the complexity, cost, and performance of IT environments
More informationSecuring Industrial Control Systems
L OCKHEED MARTIN Whitepaper Securing Industrial Control Systems The Basics Abstract Critical infrastructure industries such as electrical power, oil and gas, chemical, and transportation face a daunting
More informationEvaluating and Improving Cybersecurity Capabilities of the Electricity Critical Infrastructure
Evaluating and Improving Cybersecurity Capabilities of the Electricity Critical Infrastructure March 2015 Pamela Curtis Dr. Nader Mehravari Katie Stewart Cyber Risk and Resilience Management Team CERT
More informationDATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE
DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE EXECUTIVE SUMMARY ALIGNING CYBERSECURITY WITH RISK The agility and cost efficiencies
More informationGoogle Cloud & the General Data Protection Regulation (GDPR)
Google Cloud & the General Data Protection Regulation (GDPR) INTRODUCTION General Data Protection Regulation (GDPR) On 25 May 2018, the most significant piece of European data protection legislation to
More informationDoD Software Assurance Initiative. Mitchell Komaroff, OASD (NII)/DCIO Kristen Baldwin, OUSD(AT&L)/DS
DoD Software Assurance Initiative Mitchell Komaroff, OASD (NII)/DCIO Kristen Baldwin, OUSD(AT&L)/DS Agenda Background Software Assurance Definition Guiding Principles for SwA DoD SwA Strategy Elements»
More informationOffice of Acquisition Program Management (OAPM)
Office of Acquisition Program Management (OAPM) Ron Gallihugh Assistant Administrator Airport Consultants Council July 18, 2017 Acquisition Reform Historically, Transportation Security Administration (TSA)
More informationUNCLASSIFIED UNCLASSIFIED
: February 6 Exhibit R, RDT&E Budget Item Justification: PB : Research,, Test & Evaluation, / BA 5: System & Demonstration (SDD) COST ($ in Millions) FY 5 FY 6 R Program Element (Number/Name) PE 65A /
More information