Improving Cybersecurity Governance Through Data-Driven Decision- Making and Execution
|
|
- Ralf Marshall
- 5 years ago
- Views:
Transcription
1 Improving Cybersecurity Governance Through Data-Driven Decision- Making and Execution Doug Gray 2014 Carnegie Mellon University
2 Report Documentation Page Form Approved OMB No Public reporting burden for the collection of information is estimated to average 1 hour per response, including the time for reviewing instructions, searching existing data sources, gathering and maintaining the data needed, and completing and reviewing the collection of information. Send comments regarding this burden estimate or any other aspect of this collection of information, including suggestions for reducing this burden, to Washington Headquarters Services, Directorate for Information Operations and Reports, 1215 Jefferson Davis Highway, Suite 1204, Arlington VA Respondents should be aware that notwithstanding any other provision of law, no person shall be subject to a penalty for failing to comply with a collection of information if it does not display a currently valid OMB control number. 1. REPORT DATE 01 OCT REPORT TYPE N/A 3. DATES COVERED - 4. TITLE AND SUBTITLE Improving Cybersecurity Governance Through Data-Driven Decision-Making and Execution 6. AUTHOR(S) Douglas Gray 5a. CONTRACT NUMBER 5b. GRANT NUMBER 5c. PROGRAM ELEMENT NUMBER 5d. PROJECT NUMBER 5e. TASK NUMBER 5f. WORK UNIT NUMBER 7. PERFORMING ORGANIZATION NAME(S) AND ADDRESS(ES) Software Engineering Institute Carnegie Mellon University Pittsburgh, PA PERFORMING ORGANIZATION REPORT NUMBER 9. SPONSORING/MONITORING AGENCY NAME(S) AND ADDRESS(ES) 10. SPONSOR/MONITOR S ACRONYM(S) 12. DISTRIBUTION/AVAILABILITY STATEMENT Approved for public release, distribution unlimited 13. SUPPLEMENTARY NOTES The original document contains color images. 14. ABSTRACT 15. SUBJECT TERMS 11. SPONSOR/MONITOR S REPORT NUMBER(S) 16. SECURITY CLASSIFICATION OF: 17. LIMITATION OF ABSTRACT SAR a. REPORT unclassified b. ABSTRACT unclassified c. THIS PAGE unclassified 18. NUMBER OF PAGES 26 19a. NAME OF RESPONSIBLE PERSON Standard Form 298 (Rev. 8-98) Prescribed by ANSI Std Z39-18
3 Copyright 2014 Carnegie Mellon University This material is based upon work funded and supported by Department of Homeland Security under Contract No. FA C-0003 with Carnegie Mellon University for the operation of the Software Engineering Institute, a federally funded research and development center sponsored by the United States Department of Defense. NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN AS-IS BASIS. CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. This material has been approved for public release and unlimited distribution. This material may be reproduced in its entirety, without modification, and freely distributed in written or electronic form without requesting formal permission. Permission is required for any other use. Requests for permission should be directed to the Software Engineering Institute at permission@sei.cmu.edu. CERT is a registered mark of Carnegie Mellon University. DM
4 Objectives Inform the reader of how effective data, metrics, analytics and management can make the Observe-Orient-Decide- Act (OODA) loop faster and more effective how a faster and effective OODA loop can make government cybersecurity posture more adaptive and resilient how the OODA loop differs between cybersecurity governance and cybersecurity operations how to achieve positive cybersecurity governance effects within the OODA framework 3
5 The OODA Loop An Introduction 4
6 Comparison of OODA to other Frameworks OODA Loop Observe Orient Decide Act NIST SP Risk Management Process* Monitor Frame Assess Respond Shewhart Cycle** Plan D o C h e c k A c t *Source: NIST SP According to NIST SP , the Risk-Management Process is not a sequential process like the OODA Loop or the Shewhart Cycle. All components can receive input and send output directly to all other components. **Source: Walton (1988) 5
7 Why the OODA Loop Federal government at inherent cybersecurity disadvantage in comparison to threat actors due to size and structural constraints Improved and faster OODA can leverage Federal government s inherent advantages: Economies of scale Opportunities for information sharing Access to law enforcement channels Goals: Reduce threat advantage Decrease Federal government s enterprise wide risk surface area Increase cybersecurity governance efficiency Increase threat actors work factor across the enterprise Note: The Act phase of the OODA loop does not have to lead to posture-affecting change. It may lead to another, more refined OODA loop. 6
8 Cybersecurity Governance 7
9 Comparison of Operations and Governance Operations Scope Individual networks, systems, users, organizations Timescale Immediate to 6 months Level of Transactional Abstraction Management Direct interaction Impact Governance Multiple networks, systems, user bases, organizations 6 to 36 months* Trends, aggregations Context setting *Although the maximum technology-related decision is limited to approximately three years due to rate of technological change, government organizations must program their expected budget needs five years in advance. In addition, DoD is legislatively mandated to formulate strategy and priorities through the Quadrennial Defense Review process. 8
10 Facets of Cybersecurity Governance Enterprise Risk Legal, Regulations, Policy, Orders, Investigations & Compliance Management Doctrine & Strategy Enterprise Portfolio Management Financial Resource Management Observe Organizational Training & Awareness Act Orient Enterprise Acquisition & Materiel Management Decide Organizational Structure Management Human Resources Management & Leader Development Warfighter Business DoD portion of Intelligence Enterprise Information Environment Mission Area Mission Area Mission Area Mission Area 9
11 Using Data to Support Both Governance & Operations Cycles Administration priorities Strategy, budgets, policy and procedures, organization, HR, t raining, enterprise architecture, facilities Administration and organizational priorities GOVERNANCE (6-36 month time OBSERVE ORIENT DECIDE hori~onl End State: Data-driven, integrat ed and ' Indices, t rends, assessments, visualizations NISTRMF, CERT-RMM Governing bodies Reports, feedback, forums complimentary operat ions and governance cycles. Standards (i.e., CPE, CVE, CCE) Administration and organizational priorities OPERATIONS (0-,6 month time OBSERVE ORIENT DECIDE ACT ho:ri~on( ISCM, CDM, other I automated sources, observations, assessments NISTRMF, CERT-RMM Change management Formal and ;nformal I plans of action & milestones (POA&M) Q I ~ Software Engineering Institute I Carnegie ~lellon Uniwrsity 10 10
12 Enabling Data-Driven Decision Making A faster, more effective OODA Loop 11
13 Measure to Support Action Observe Data Collection Data Analysis Requirements Goals Identify requirements from mandates, doctrine, strategy Group requirements into categories Develop one or more goals for each category Question Develop one or more questions that, if answered, help determine if the goal is met. Indicators Identify the information requirements to answer the question Metrics Identify the metrics that will measure the indicator to answer the question Use new metrics to mature current metrics 12
14 Collecting Situational Awareness Data and Information Observe Data Collection Data Analysis Automated vulnerability sensor information Hardware & Software Behavioral Observables (Insider Threat) Unstructured Data Machine Learning Text Analysis Trend Analysis Correlation Threat Information Threat Actor Analysis Prevailing Attack Patterns Management Information Budget Information Demographic Information Legal & Administrative Investigation Statuses Mission Impact Analysis Data Fusion Activities Orient Qualitative Assessment Inspections/Assessments Professional Sentiments Analysis 13
15 Sources of Constraints and Mandates Orient Strategy & Policies Norms & Practices Legislative Authority Appropriation FISMA NDAA Judicial Case law (If applicable) Google v. United States United States v. Councilman Executive Executive Order OMB Mandate FIPS Regulations/Military Orders Doctrine & Strategy Recommendations/Guides DODD 8570.X/ 8140 Executive Order STIGs/ NIST SPs DISA CRMS 14
16 Government Strategy Landscape Orient Strategy & Policies Norms & Practices Nested Overarching Strategy Cyber-Related Strategy Critical Infrastructure Strategy National Security Strategy (POTUS) Quadrennial Defense Review (SECDEF) HSPD-7 National Strategy to Secure Cyberspace Quadrennial Homeland Security Review (SECDHS) National Defense Strategy (SECDEF) DHS Strategic Plan Digital Government Strategy Blueprint for a Secure Cyber Future National Military Strategy (CJCS) NPPD & CS&C Strategic Plans National Cybersecurity Initiative Service Component Strategy Combatant Command Strategy Unified Command Strategy FNR Strategic Plan 15
17 Use Behavioral Models to Target Stakeholder Information Needs Orient Strategy & Policies Norms & Practices information Executives: Elected leaders, appointees, GOs, FOs, SESs Target data with eye toward organizational mission and stakeholders Middle Management: Staff officers, analysts Target data with eye toward routines, procedures Source: Allison, G. T., & Zelikow, P. (1999). Essence of Decision: Explaining the Cuban Missile Crisis (2nd ed.) (Kindle Edition). New York: Longman. 16
18 Key Planning & Decision-Making Factors Decide CoA Development Planning Theory or hypothesis? Hypothesis analyze through subsequent OODA loop Theory develop action plan to effect change Identify and prioritize governance-level risks; identify metricsupported thresholds of acceptability and unacceptability Support solutions. Go beyond name and shame. Use metrics to identify key trends and corrective governance-level actions Tie metrics to a resulting set of possible risk management outcomes Identify enablers such as SMEs, funding, contract vehicles Identify organizations that exceed expectations in certain areas and their lessons learned Identify what expected changes in metric values should be and how to avoid bias/gaming Prioritize and identify metric thresholds where costs will exceed benefits. 17
19 Leveraging Enablers to Achieve Desired Effects Act Execution Follow-Up Update Enterprise Risk Assessment Decision Based on Theory Decision I 1 ' I \ \ \ \ \ ' / I I I, J I I ' I \ \ \ / / ~1!!!"' !!!~ -~---- I /, -- I I I Enabler 1: I 1 J3/G3/A3/N3..-,., Update Strate&v...,. Update Doctrine -- ~!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!,.,... Ena bler 2: / / DoctrinE! W riters / ~ -----~.,.:; -- ' // ',., '... _...,. Update Standards \, "\, ' Enabler 3:... '... Budget Reallocate Funding... - ~ -+-"'!!!!!!!!!!!!!!!!!!!!!!!!l!!!!!!!!!!!!!!!!!!!! ~ ', Enabler 4: Update Cont ract '... - _ KOs/PEOs Suppor t lljiiiiiiiiii-iiiiiiiiiil--iiiiiiiiiiii~ _..,...iiiiiiiiiiii iiiiiiiiiiii~ '' Enabler 5: Schools/MTTs Co nduct Traini ng ~~~~~~~ ~~~~~~~ Q I ~ Software Engineering Institute I Carnegie ~lellon Uniwrsity 18
20 Success at the Point of Execution Leverage enablers at the proper organizational level; avoid the 3,000-mile screwdriver Governance sets the direction through governance facets. Operations executes through disciplined project management Avoid numerous, rapid changes that cause enterprise turbulence Tie actions to expected outcomes and expected timeframes; socialize and communicate expectations Set decision points to check progress against expectations Build knowledge base to make for faster and more effective OODA loop Act Execution Follow-Up 19
21 How to Implement Observe Inventory on-hand data Inventory metrics Develop data fusion capabilities Orient Refine metrics based on constraints, mandates, threat patterns Define stakeholders based on behavioral models Develop quantitative and qualitative analysis engines Develop visualization capabilities Decide Inventory enablers and their capabilities Identify desired outcomes for metrics (i.e. thresholds) Develop decision support TTPs Develop decision-support systems Act Develop knowledge base Simulate and practice new decision-making TTPs Develop and refine process control mechanisms Develop, refine and leverage communications channels 20
22 Outcomes of Data Driven Governance Act Observe Decide Orient Faster, more accurate decision making Better use of resources Better enterprise cohesion and synchronization Data-driven outcomes Improved information sharing Adaptable to change 21
23 Questions 22
24 Back-Up Slides 23
25 The OODA Loop Mental model for conceptualizing how individuals, organizations make decisions Origins in the DoD; used in legal and business communities Describes the ability to acquire, process and act up on information with respect that that of one s adversary Act Execution Follow-Up Observe Data Collection Data Analysis Decide CoA Development Planning Orient Strategy & Policies Norms & Practices 24
26 The OODA Loop Observe: Gathering sensory inputs from the environment of the observer Orient: Make sense of the observational data to create a mental picture of the situational reality Used to make sense of the input data in light of what is known Provides the basis for decisions Decide: Deciding on a course of action based on Orientation Act: Bringing decision to fruition at point of execution. Source: Angerman (2004) 25
27 References Angerman, W.S., (2004). Coming Full Circle with Boyd s OODA Loop Ideas: An Analysis of Innovation Diffusion and Evolution, Mar 2004 Caralli, R.A., Allen, J.H., White, D.W. (2010). CERT Resilience Management Model: A Maturity Model for Managing Operational Resilience Walton, M, Deming, W.E. (1988). The Deming Management Method NIST SP Guide for Applying the Risk Management Framework to Federal Information Systems: A Life Cycle Approach (2010). Department of Commerce (NIST) NIST SP Managing Information Security Risk: Organization, Mission, and Information System View (2011). Department of Commerce (NIST) Blueprint for a Secure Cyber Future (2011). Department of Homeland Security Quadrennial Homeland Security Review Report (2010). Department of Homeland Security Allison, G. T., & Zelikow, P. (1999). Essence of Decision: Explaining the Cuban Missile Crisis (2nd ed.) (Kindle Edition). New York: Longman. 26
Cyber Threat Prioritization
Cyber Threat Prioritization FSSCC Threat and Vulnerability Assessment Committee Jay McAllister Report Documentation Page Form Approved OMB No. 0704-0188 Public reporting burden for the collection of information
More information2013 US State of Cybercrime Survey
2013 US State of Cybercrime Survey Unknown How 24 % Bad is the Insider Threat? Insiders 51% 2007-2013 Carnegie Mellon University Report Documentation Page Form Approved OMB No. 0704-0188 Public reporting
More informationARINC653 AADL Annex Update
ARINC653 AADL Annex Update Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 Julien Delange AADL Meeting February 15 Report Documentation Page Form Approved OMB No. 0704-0188
More informationComponents and Considerations in Building an Insider Threat Program
Components and Considerations in Building an Insider Threat Program Carly Huth Insider Threat Researcher, CEWM Carly L. Huth is an insider threat researcher in the Cyber Enterprise and Workforce Management
More informationCurrent Threat Environment
Current Threat Environment Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213, PhD Technical Director, CERT mssherman@sei.cmu.edu 29-Aug-2014 Report Documentation Page Form
More informationCOTS Multicore Processors in Avionics Systems: Challenges and Solutions
COTS Multicore Processors in Avionics Systems: Challenges and Solutions Dionisio de Niz Bjorn Andersson and Lutz Wrage dionisio@sei.cmu.edu, baandersson@sei.cmu.edu, lwrage@sei.cmu.edu Report Documentation
More informationService Level Agreements: An Approach to Software Lifecycle Management. CDR Leonard Gaines Naval Supply Systems Command 29 January 2003
Service Level Agreements: An Approach to Software Lifecycle Management CDR Leonard Gaines Naval Supply Systems Command 29 January 2003 Report Documentation Page Form Approved OMB No. 0704-0188 Public reporting
More informationEmpirically Based Analysis: The DDoS Case
Empirically Based Analysis: The DDoS Case Jul 22 nd, 2004 CERT Analysis Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 The CERT Analysis Center is part of the
More informationA Review of the 2007 Air Force Inaugural Sustainability Report
Headquarters U.S. Air Force A Review of the 2007 Air Force Inaugural Sustainability Report Lt Col Wade Weisman SAF/IEE 703-693-9544 wade.weisman@pentagon.af.mil Ms. Krista Goodale Booz Allen Hamilton 757-466-3251
More informationFall 2014 SEI Research Review Verifying Evolving Software
Fall 2014 SEI Research Review Verifying Evolving Software Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 Arie Gurfinkel October 28, 2014 Report Documentation Page Form Approved
More informationDefining Computer Security Incident Response Teams
Defining Computer Security Incident Response Teams Robin Ruefle January 2007 ABSTRACT: A computer security incident response team (CSIRT) is a concrete organizational entity (i.e., one or more staff) that
More informationArchitecting for Resiliency Army s Common Operating Environment (COE) SERC
Architecting for Resiliency Army s Common Operating Environment (COE) SERC 5 October 2011 Mr. Terry Edwards Director, ASA(ALT) Office of the Chief Systems Engineer (OCSE) (703) 614-4540 terry.edwards@us.army.mil
More informationCOUNTERING IMPROVISED EXPLOSIVE DEVICES
COUNTERING IMPROVISED EXPLOSIVE DEVICES FEBRUARY 26, 2013 Report Documentation Page Form Approved OMB No. 0704-0188 Public reporting burden for the collection of information is estimated to average 1 hour
More informationDoD Common Access Card Information Brief. Smart Card Project Managers Group
DoD Common Access Card Information Brief Smart Card Project Managers Group 12 July, 2001 REPORT DOCUMENTATION PAGE Form Approved OMB No. 0704-0188 Public reporting burder for this collection of information
More informationInformation, Decision, & Complex Networks AFOSR/RTC Overview
Information, Decision, & Complex Networks AFOSR/RTC Overview 06 MAR 2013 Integrity Service Excellence Robert J. Bonneau, Ph.D. Division Chief AFOSR/RTC Air Force Research Laboratory Report Documentation
More informationArchitectural Implications of Cloud Computing
Architectural Implications of Cloud Computing Grace Lewis Research, Technology and Systems Solutions (RTSS) Program Lewis is a senior member of the technical staff at the SEI in the Research, Technology,
More informationSoftware, Security, and Resiliency. Paul Nielsen SEI Director and CEO
Software, Security, and Resiliency Paul Nielsen SEI Director and CEO Dr. Paul D. Nielsen is the Director and CEO of Carnegie Mellon University's Software Engineering Institute. Under Dr. Nielsen s leadership,
More informationKathleen Fisher Program Manager, Information Innovation Office
Kathleen Fisher Program Manager, Information Innovation Office High Assurance Systems DARPA Cyber Colloquium Arlington, VA November 7, 2011 Report Documentation Page Form Approved OMB No. 0704-0188 Public
More informationPreventing Insider Sabotage: Lessons Learned From Actual Attacks
Preventing Insider Sabotage: Lessons Learned From Actual Attacks Dawn Cappelli November 14, 2005 2005 Carnegie Mellon University Report Documentation Page Form Approved OMB No. 0704-0188 Public reporting
More information4. Lessons Learned in Introducing MBSE: 2009 to 2012
4. Lessons Learned in Introducing MBSE: 2009 to 2012 Abstract A. Peter Campbell University of South Australia An overview of the lessons that are emerging from recent efforts to employ MBSE in the development
More informationVision Protection Army Technology Objective (ATO) Overview for GVSET VIP Day. Sensors from Laser Weapons Date: 17 Jul 09 UNCLASSIFIED
Vision Protection Army Technology Objective (ATO) Overview for GVSET VIP Day DISTRIBUTION STATEMENT A. Approved for public release. Vision POC: Rob Protection Goedert, ATO: TARDEC Protection ATO manager
More informationData to Decisions Terminate, Tolerate, Transfer, or Treat
I N S T I T U T E F O R D E F E N S E A N A L Y S E S Data to Decisions Terminate, Tolerate, Transfer, or Treat Laura A. Odell 25 July 2016 Approved for public release; distribution is unlimited. IDA Non-Standard
More informationBe Like Water: Applying Analytical Adaptability to Cyber Intelligence
SESSION ID: HUM-W01 Be Like Water: Applying Analytical Adaptability to Cyber Intelligence Jay McAllister Senior Analyst Software Engineering Institute Carnegie Mellon University @sei_etc Scuttlebutt Communications
More informationMulti-Modal Communication
Multi-Modal Communication 14 November 2011 Victor S. Finomore, Jr., Ph.D. Research Psychologist Battlespace Acoustic Branch Air Force Research Laboratory DISTRIBUTION STATEMENT D. Distribution authorized
More informationFUDSChem. Brian Jordan With the assistance of Deb Walker. Formerly Used Defense Site Chemistry Database. USACE-Albuquerque District.
FUDSChem Formerly Used Defense Site Chemistry Database Brian Jordan With the assistance of Deb Walker USACE-Albuquerque District 31 March 2011 1 Report Documentation Page Form Approved OMB No. 0704-0188
More informationCorrosion Prevention and Control Database. Bob Barbin 07 February 2011 ASETSDefense 2011
Corrosion Prevention and Control Database Bob Barbin 07 February 2011 ASETSDefense 2011 Report Documentation Page Form Approved OMB No. 0704-0188 Public reporting burden for the collection of information
More informationEnergy Security: A Global Challenge
A presentation from the 2009 Topical Symposium: Energy Security: A Global Challenge Hosted by: The Institute for National Strategic Studies of The National Defense University 29-30 September 2009 By SCOTT
More informationUS Army Industry Day Conference Boeing SBIR/STTR Program Overview
US Army Industry Day Conference Boeing SBIR/STTR Program Overview Larry Pionke, DSc Associate Technical Fellow Product Standards - Technology & Services Boeing Research & Technology Ft. Leonard Wood (FLW)
More informationU.S. Army Research, Development and Engineering Command (IDAS) Briefer: Jason Morse ARMED Team Leader Ground System Survivability, TARDEC
U.S. Army Research, Development and Engineering Command Integrated Defensive Aid Suites (IDAS) Briefer: Jason Morse ARMED Team Leader Ground System Survivability, TARDEC Report Documentation Page Form
More informationCOMPUTATIONAL FLUID DYNAMICS (CFD) ANALYSIS AND DEVELOPMENT OF HALON- REPLACEMENT FIRE EXTINGUISHING SYSTEMS (PHASE II)
AL/EQ-TR-1997-3104 COMPUTATIONAL FLUID DYNAMICS (CFD) ANALYSIS AND DEVELOPMENT OF HALON- REPLACEMENT FIRE EXTINGUISHING SYSTEMS (PHASE II) D. Nickolaus CFD Research Corporation 215 Wynn Drive Huntsville,
More informationUsing Model-Theoretic Invariants for Semantic Integration. Michael Gruninger NIST / Institute for Systems Research University of Maryland
Using Model-Theoretic Invariants for Semantic Integration Michael Gruninger NIST / Institute for Systems Research University of Maryland Report Documentation Page Form Approved OMB No. 0704-0188 Public
More informationEvaluating and Improving Cybersecurity Capabilities of the Electricity Critical Infrastructure
Evaluating and Improving Cybersecurity Capabilities of the Electricity Critical Infrastructure March 2015 Pamela Curtis Dr. Nader Mehravari Katie Stewart Cyber Risk and Resilience Management Team CERT
More information2011 NNI Environment, Health, and Safety Research Strategy
2011 NNI Environment, Health, and Safety Research Strategy Sally S. Tinkle, Ph.D. Deputy Director National Nanotechnology Coordination Office Coordinator for NNI EHS stinkle@nnco.nano.gov 1 Report Documentation
More informationThe CERT Top 10 List for Winning the Battle Against Insider Threats
The CERT Top 10 List for Winning the Battle Against Insider Threats Dawn Cappelli CERT Insider Threat Center Software Engineering Institute Carnegie Mellon University Session ID: STAR-203 Session Classification:
More informationATCCIS Replication Mechanism (ARM)
ATCCIS Replication Mechanism (ARM) Fundamental Concepts Presented by Peter Angel, P.Eng. Advanced Systems Management Group 1 Report Documentation Page Form Approved OMB No. 0704-0188 Public reporting burden
More informationTechnological Advances In Emergency Management
Technological Advances In Emergency Management Closing the gap between Preparation and Recovery Will Fontan, P.E. Regional Director, ONRG Americas Office Report Documentation Page Form Approved OMB No.
More informationDirected Energy Using High-Power Microwave Technology
Directed Energy High-Power Microwave Directed Energy Using High-Power By Jacob Walker and Matthew McQuage 78 The Directed Energy Warfare Office (DEWO) and Directed Energy Division at the Naval Surface
More informationC2-Simulation Interoperability in NATO
C2-Simulation Interoperability in NATO Dr Hans Jense Chief, Capability Planning, Exercises and Training NATO UNCLASSIFIED 1 Report Documentation Page Form Approved OMB No. 0704-0188 Public reporting burden
More informationSpace and Missile Systems Center
Space and Missile Systems Center GPS Control Segment Improvements Mr. Tim McIntyre GPS Product Support Manager GPS Ops Support and Sustainment Division Peterson AFB CO 2015 04 29 _GPS Control Segment Improvements
More informationRunning CyberCIEGE on Linux without Windows
Running CyberCIEGE on Linux without Windows May, 0 Report Documentation Page Form Approved OMB No. 070-0 Public reporting burden for the collection of information is estimated to average hour per response,
More informationCyber Hygiene: A Baseline Set of Practices
[DISTRIBUTION STATEMENT A] Approved for public Cyber Hygiene: A Baseline Set of Practices Matt Trevors Charles M. Wallen Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 Copyright
More informationCloud Computing. Grace A. Lewis Research, Technology and Systems Solutions (RTSS) Program System of Systems Practice (SoSP) Initiative
Grace A. Lewis Research, Technology and Systems Solutions (RTSS) Program System of Systems Practice (SoSP) Initiative SEI Webinar November 12, 2009 Report Documentation Page Form Approved OMB No. 0704-0188
More informationBy Derrick H. Karimi Member of the Technical Staff Emerging Technology Center. Open Architectures in the Defense Intelligence Community
Open Architectures in the Defense Intelligence Community By Derrick H. Karimi Member of the Technical Staff Emerging Technology Center This blog post is co-authored by Eric Werner. In an era of sequestration
More informationM&S Strategic Initiatives to Support Test & Evaluation
DMSC 2008 March 11, 2008 M&S Strategic Initiatives to Support Test & Evaluation Mr. Richard Lockhart Principal Deputy Director Test Resource Management Center (TRMC) OUSD(AT&L) March 11, 2008 Report Documentation
More informationCENTER FOR ADVANCED ENERGY SYSTEM Rutgers University. Field Management for Industrial Assessment Centers Appointed By USDOE
Field Management for Industrial Assessment Centers Appointed By USDOE Report Documentation Page Form Approved OMB No. 0704-0188 Public reporting burden for the collection of information is estimated to
More informationJulia Allen Principal Researcher, CERT Division
Improving the Security and Resilience of U.S. Postal Service Mail Products and Services Using CERT -RMM (Case Study) Julia Allen Principal Researcher, CERT Division Julia Allen is a principal researcher
More informationSEI Webinar Series. Software Engineering Institute Carnegie Mellon University Pittsburgh, PA January 27, Carnegie Mellon University
Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 Report Documentation Page Form Approved OMB No. 0704-0188 Public reporting burden for the collection of information is estimated
More informationDana Sinno MIT Lincoln Laboratory 244 Wood Street Lexington, MA phone:
Self-Organizing Networks (SONets) with Application to Target Tracking Dana Sinno 244 Wood Street Lexington, MA 02420-9108 phone: 781-981-4526 email: @ll.mit.edu Abstract The growing interest in large arrays
More informationHeadquarters U.S. Air Force. EMS Play-by-Play: Using Air Force Playbooks to Standardize EMS
Headquarters U.S. Air Force EMS Play-by-Play: Using Air Force Playbooks to Standardize EMS Mr. Kerry Settle HQ AMC/A7AN Ms. Krista Goodale Booz Allen Hamilton 1 Report Documentation Page Form Approved
More informationENVIRONMENTAL MANAGEMENT SYSTEM WEB SITE (EMSWeb)
2010 ENGINEERING SERVICE CENTER ENVIRONMENTAL MANAGEMENT SYSTEM WEB SITE (EMSWeb) Eugene Wang NFESC -- Code 423 (805) 982-4291 eugene.wang@navy.mil Report Documentation Page Form Approved OMB No. 0704-0188
More informationResearching New Ways to Build a Cybersecurity Workforce
THE CISO ACADEMY Researching New Ways to Build a Cybersecurity Workforce Pamela D. Curtis, Summer Craze Fowler, David Tobar, and David Ulicne December 2016 Organizations across the world face the increasing
More information73rd MORSS CD Cover Page UNCLASSIFIED DISCLOSURE FORM CD Presentation
CD Cover Page UNCLASSIFIED DISCLOSURE FORM CD Presentation 712CD For office use only 41205 21-23 June 2005, at US Military Academy, West Point, NY Please complete this form 712CD as your cover page to
More informationConcept of Operations Discussion Summary
TSPG Common Dataset Standard Concept of Operations Discussion Summary Tony DalSasso 677 AESG/EN 15 May 2007 1 Report Documentation Page Form Approved OMB No. 0704-0188 Public reporting burden for the collection
More informationINFORMATION ASSURANCE DIRECTORATE
National Security Agency/Central Security Service INFORMATION ASSURANCE DIRECTORATE CGS Risk Monitoring Risk Monitoring assesses the effectiveness of the risk decisions that are made by the Enterprise.
More informationMODELING AND SIMULATION OF LIQUID MOLDING PROCESSES. Pavel Simacek Center for Composite Materials University of Delaware
MODELING AND SIMULATION OF LIQUID MOLDING PROCESSES Pavel Simacek Center for Composite Materials University of Delaware UD-CCM 1 July 2003 Report Documentation Page Form Approved OMB No. 0704-0188 Public
More informationUsing Templates to Support Crisis Action Mission Planning
Using Templates to Support Crisis Action Mission Planning Alice Mulvehill 10 Moulton Rd Cambridge, MA 02138 USA 617-873-2228 Fax: 617-873-4328 amm@bbn.com Michael Callaghan 695 Wanaao Rd Kailua, HI 96734
More informationSpace and Missile Systems Center
Space and Missile Systems Center M-Code Benefits and Availability Capt Travis Mills, SMC/GPEP 29 Apr 15 UNCLASSIFIED/APPROVED FOR PUBLIC RELEASE Report Documentation Page Form Approved OMB No. 0704-0188
More informationCoalition Interoperability Ontology:
Coalition Interoperability Ontology: Sharing Situational Awareness with Allies and Agents Erik Chaum Naval Undersea Warfare Center, Division Newport, TTCP, Maritime Systems Group, TP1 US National Leader
More informationDoD M&S Project: Standardized Documentation for Verification, Validation, and Accreditation
Department of Defense Modeling and Simulation Conference DoD M&S Project: Standardized Documentation for Verification, Validation, and Accreditation Thursday, 13 March 2008 2:30-3:00 p.m. Presented by
More informationASSESSMENT OF A BAYESIAN MODEL AND TEST VALIDATION METHOD
ASSESSMENT OF A BAYESIAN MODEL AND TEST VALIDATION METHOD Yogita Pai, Michael Kokkolaras, Greg Hulbert, Panos Papalambros, Univ. of Michigan Michael K. Pozolo, US Army RDECOM-TARDEC Yan Fu, Ren-Jye Yang,
More information75th Air Base Wing. Effective Data Stewarding Measures in Support of EESOH-MIS
75th Air Base Wing Effective Data Stewarding Measures in Support of EESOH-MIS Steve Rasmussen Hill Air Force Base (AFB) Air Quality Program Manager 75 CEG/CEVC (801) 777-0359 Steve.Rasmussen@hill.af.mil
More informationSetting the Standard for Real-Time Digital Signal Processing Pentek Seminar Series. Digital IF Standardization
Setting the Standard for Real-Time Digital Signal Processing Pentek Seminar Series Digital IF Standardization Report Documentation Page Form Approved OMB No 0704-0188 Public reporting burden for the collection
More informationMonte Carlo Techniques for Estimating Power in Aircraft T&E Tests. Todd Remund Dr. William Kitto EDWARDS AFB, CA. July 2011
AFFTC-PA-11244 Monte Carlo Techniques for Estimating Power in Aircraft T&E Tests A F F T C Todd Remund Dr. William Kitto AIR FORCE FLIGHT TEST CENTER EDWARDS AFB, CA July 2011 Approved for public release
More informationModel-Driven Verifying Compilation of Synchronous Distributed Applications
Model-Driven Verifying Compilation of Synchronous Distributed Applications Sagar Chaki, James Edmondson October 1, 2014 MODELS 14, Valencia, Spain Report Documentation Page Form Approved OMB No. 0704-0188
More informationAdvancing Cyber Intelligence Practices Through the SEI s Consortium
Advancing Cyber Intelligence Practices Through the SEI s Consortium SEI Emerging Technology Center Jay McAllister Melissa Kasan Ludwick Copyright 2015 Carnegie Mellon University This material is based
More informationCyber Warfare. Maj Mark Reith, Ph.D. Software Professional Development Program Air Force Institute of Technology
s c h o o l o f S Y S T E M S a n d L O G I S T I C S education service research Software Acquisition in the Age of Cyber Warfare Maj Mark Reith, Ph.D. Software Professional Development Program Air Force
More informationOSD Product Support BCA Guidebook. Joseph Colt Murphy Senior Financial Analyst ODASD Materiel Readiness 9 May 2011
OSD Product Support BCA Guidebook Joseph Colt Murphy Senior Financial Analyst ODASD Materiel Readiness 9 May 2011 Joseph.murphy@osd.mil Report Documentation Page Form Approved OMB No. 0704-0188 Public
More informationOffice of Global Maritime Situational Awareness
Global Maritime Awareness Office of Global Maritime Situational Awareness Capt. George E McCarthy, USN October 27 th 2009 Office of Global Maritime Situational Awareness A National Coordination Office
More informationDr. Stuart Dickinson Dr. Donald H. Steinbrecher Naval Undersea Warfare Center, Newport, RI May 10, 2011
Environment, Energy Security & Sustainability Symposium & Exhibition Dr. Stuart Dickinson Dr. Donald H. Steinbrecher Naval Undersea Warfare Center, Newport, RI Stuart.dickinson@navy.mil May 10, 2011 Approved
More informationThe C2 Workstation and Data Replication over Disadvantaged Tactical Communication Links
The C2 Workstation and Data Replication over Disadvantaged Tactical Communication Links Presentation held at the NATO RTO-IST Taskgroup 12 Workshop on September 11 th &12 th in Quebec, Canada TNO Physics
More informationAFRL-ML-WP-TM
AFRL-ML-WP-TM-2004-4157 NONDESTRUCTIVE EVALUATION (NDE) TECHNOLOGY INITIATIVES PROGRAM (NTIP) Delivery Order 0043: Upgrade of Computed Tomography Facility By: S. Trent Neel Advanced Research and Applications
More informationHigh-Assurance Security/Safety on HPEC Systems: an Oxymoron?
High-Assurance Security/Safety on HPEC Systems: an Oxymoron? Bill Beckwith Objective Interface Systems, Inc. Phone: 703-295-6519 Email Address: bill.beckwith@ois.com W. Mark Vanfleet National Security
More informationIntroducing I 3 CON. The Information Interpretation and Integration Conference
Introducing I 3 CON The Information Interpretation and Integration Conference Todd Hughes, Ph.D. Senior Member, Engineering Staff Advanced Technology Laboratories 10/7/2004 LOCKHEED MARTIN 1 Report Documentation
More informationQuanTM Architecture for Web Services
QuanTM Architecture for Web Services Insup Lee Computer and Information Science University of Pennsylvania ONR MURI N00014-07-1-0907 Review Meeting June 10, 2010 Report Documentation Page Form Approved
More informationNationwide Automatic Identification System (NAIS) Overview. CG 939 Mr. E. G. Lockhart TEXAS II Conference 3 Sep 2008
Nationwide Automatic Identification System (NAIS) Overview CG 939 Mr. E. G. Lockhart TEXAS II Conference 3 Sep 2008 Report Documentation Page Form Approved OMB No. 0704-0188 Public reporting burden for
More informationGoal-Based Assessment for the Cybersecurity of Critical Infrastructure
Goal-Based Assessment for the Cybersecurity of Critical Infrastructure IEEE HST 2010 November 10, 2010 NO WARRANTY THIS MATERIAL OF CARNEGIE MELLON UNIVERSITY AND ITS SOFTWARE ENGINEERING INSTITUTE IS
More informationFall 2014 SEI Research Review FY14-03 Software Assurance Engineering
Fall 2014 SEI Research Review FY14-03 Software Assurance Engineering Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 Carol Woody, Ph.D. October 28, 2014 Report Documentation
More informationTowards a Formal Pedigree Ontology for Level-One Sensor Fusion
Towards a Formal Pedigree Ontology for Level-One Sensor Fusion Christopher J. Matheus David Tribble Referentia Systems, Inc. Mieczyslaw M. Kokar Northeaster University Marion Ceruti and Scott McGirr Space
More informationWashington University
Washington University School of Engineering and Applied Science Power Consumption of Customized Numerical Representations for Audio Signal Processing Roger Chamberlain, Yen Hsiang Chew, Varuna DeAlwis,
More informationDefense Hotline Allegations Concerning Contractor-Invoiced Travel for U.S. Army Corps of Engineers' Contracts W912DY-10-D-0014 and W912DY-10-D-0024
Report No. DODIG-2013-056 March 15, 2013 Defense Hotline Allegations Concerning Contractor-Invoiced Travel for U.S. Army Corps of Engineers' Contracts W912DY-10-D-0014 and W912DY-10-D-0024 Report Documentation
More informationCol Jaap de Die Chairman Steering Committee CEPA-11. NMSG, October
Col Jaap de Die Chairman Steering Committee CEPA-11 NMSG, October 2002 22-1 Report Documentation Page Form Approved OMB No. 0704-0188 Public reporting burden for the collection of information is estimated
More informationDr. Kenneth E. Nidiffer Director of Strategic Plans for Government Programs
War Fighting Technologies: Enhance Advance - Modernize: -Technological/Acquisition Advances Enabling a More Responsive 24th Anniversary - Systems & Software Technology Conference April 23-26, 2012 Salt
More informationNext generation imager performance model
Next generation imager performance model Brian Teaney and Joseph Reynolds US Army RDECOM CERDEC Night Vision and Electronic Sensors Directorate ABSTRACT The next generation of Army imager performance models
More informationMoving Secure Software Assurance into Higher Education: A Roadmap for Change. Linda Laird, Nancy Mead, Dan Shoemaker
Moving Secure Software Assurance into Higher Education: A Roadmap for Change Linda Laird, Nancy Mead, Dan Shoemaker 1 Report Documentation Page Form Approved OMB No. 0704-0188 Public reporting burden for
More informationComputer Aided Munitions Storage Planning
Computer Aided Munitions Storage Planning Robert F. Littlefield and Edward M. Jacobs Integrated Systems Analysts, Inc. (904) 862-7321 Mr. Joseph Jenus, Jr. Manager, Air Force Explosives Hazard Reduction
More informationASPECTS OF USE OF CFD FOR UAV CONFIGURATION DESIGN
ASPECTS OF USE OF CFD FOR UAV CONFIGURATION DESIGN Presentation at UAV Workshop, Bath University, November 2002 Tim Pemberton, Senior Specialist, BAE SYSTEMS Report Documentation Page Form Approved OMB
More informationChemical, Biological, Radiological & Nuclear Defense Information Analysis Center CBRNIAC
Chemical, Biological, Radiological & Nuclear Defense Information Analysis Center Approved for Public Release U.S. Government Work (17 USC 105) Not copyrighted in the U.S. CBRNIAC Ron Evans Director evansrl@battelle.org
More informationUsing the SORASCS Prototype Web Portal
Using the SORASCS Prototype Web Portal Bradley Schmerl, Michael W. Bigrigg, David Garlan, Kathleen M. Carley September, 2010 CMU-ISR-10-123 Institute for Software Research School of Computer Science Carnegie
More informationA Distributed Parallel Processing System for Command and Control Imagery
A Distributed Parallel Processing System for Command and Control Imagery Dr. Scott E. Spetka[1][2], Dr. George O. Ramseyer[3], Dennis Fitzgerald[1] and Dr. Richard E. Linderman[3] [1] ITT Industries Advanced
More informationInformation Assurance Technology Analysis Center (IATAC)
Information Assurance Technology Analysis Center (IATAC) Gene Tyler, IATAC Director, 703/984-0744, tyler_gene@bah.com Approved for Public Release U.S. Government Work (17 USC 105) Not copyrighted in the
More informationTopology Control from Bottom to Top
Topology Control from Bottom to Top M. Steenstrup Stow Research L.L.C. Clemson University steenie@rcn.com This work was funded in part by DARPA and by ONR MURI. Report Documentation Page Form Approved
More informationPEO C4I Remarks for NPS Acquisition Research Symposium
Program Executive Office Command, Control, Communications, Computers and Intelligence (PEO C4I) PEO C4I Remarks for NPS Acquisition Research Symposium Statement A: Approved for public release; distribution
More informationAir Virtual At Sea (VAST) Platform Stimulation Analysis
Air Virtual At Sea (VAST) Platform Stimulation Analysis Final Report Concept for Support of ONR/JFCOM Contract N00014-04-M-0074 CLIN 0001AC January 2005 1 Report Documentation Page Form Approved OMB No.
More informationSecure FAST: Security Enhancement in the NATO Time Sensitive Targeting Tool
in the NATO Time Sensitive Targeting Tool Dr Orhan Cetinkaya, Dr Yakup Yildirim and Mr Michel Fortier NATO C3 Agency Oude Waalsdorperweg 61, 2597 AK The Hague NETHERLANDS {orhan.cetinkaya, yakup.yildirim,
More informationUnclassified. GIG Technologies. Rich Williams Acting Principal Director, GIG Engineering 8 August 2008
GIG Technologies Rich Williams Acting Principal Director, GIG Engineering 8 August 2008 Report Documentation Page Form Approved OMB No. 0704-0188 Public reporting burden for the collection of information
More informationGuide to Windows 2000 Kerberos Settings
Report Number: C4-018R-01 Guide to Windows 2000 Kerberos Settings Architectures and Applications Division of the Systems and Network Attack Center (SNAC) Author: David Opitz Updated: June 27, 2001 Version
More informationInformation Security Is a Business
Information Security Is a Business Continuity Issue: Are You Ready? Dr. Nader Mehravari Cyber Risk and Resilience Management Team CERT Division Software Engineering Institute Carnegie Mellon University
More informationVICTORY VALIDATION AN INTRODUCTION AND TECHNICAL OVERVIEW
2012 NDIA GROUND VEHICLE SYSTEMS ENGINEERING AND TECHNOLOGY SYMPOSIUM VEHICLE ELECTRONICS AND ARCHITECTURE (VEA) MINI-SYMPOSIUM AUGUST 14-16 TROY, MICHIGAN VICTORY VALIDATION AN INTRODUCTION AND TECHNICAL
More informationEngineering Improvement in Software Assurance: A Landscape Framework
Engineering Improvement in Software Assurance: A Landscape Framework Lisa Brownsword (presenter) Carol C. Woody, PhD Christopher J. Alberts Andrew P. Moore Agenda Terminology and Problem Scope Modeling
More informationInformation Assurance and DoD: A Partnership with Industry
Information Assurance and DoD: A Partnership with Industry Presented By: Robert Lentz Director, Information Assurance OASD(C3I) for the ITAA InfoSec Committee Meeting March 26, 2002 REPORT DOCUMENTATION
More information