Shore Triad Cyber Summit NAVFAC Cyber Strategy Update
|
|
- Della Marsh
- 5 years ago
- Views:
Transcription
1 Shore Triad Cyber Summit NAVFAC Cyber Strategy Update Brandon T. Jones NAVFAC CIO (Acting) 4 March 2016
2 Cyber Secure Definitions Protect Detect React (Mitigate) Recover Interim Secure (Mission Assurance): Initial actions taken to address Control System vulnerabilities as quickly as possible. Fully Secure: Following the six-step RMF process to completion and receiving an ATO for respective system. For the FEC, it means: PE and N-UMCS have been deployed Accomplished Facility Control System Assessments Developed Accreditation Packages Developed & Installed Facility Equipment Connected Facilities to PE & N-UMCS Actively monitoring the Control Systems Six-Step RMF Process 2
3 Cyber Strategy Accomplishments Notable cyber accomplishments and milestones include: Successful CYBERSAFE Audit: NAVFAC CIO worked with OPNAV to perform and pass a functional audit of policies and procedures to certify the CYBERSAFE Program Office. Interim secure tasks in Hawaii: Operational technology (OT) resources have completed interim secure tasks for Hawaii installations. PE Deployed: Performed initial deployment of Platform Enclave (PE) in support of operational technology cyber security architecture in Hawaii, Mid-Lant, Southwest, Southeast, Marianas, EURAFSWA. Far East will be complete in March Tri-Service TEM and Navy TEM: NAVFAC hosted and facilitated a Tri-Service (1 st of it s kind) and a Navy Technical Exchange Meeting (TEM) for Cyber security. Fleet R3B Brief: Communicated and partnered with Fleet Audience led by FFC Exec Director Fleet FCRC Brief: Communicating the risk of shore facilities to Fleet Commanders ADM Davidson and ADM Swift PDASN EIE Brief: Update to Mr. Iselin on the State of Control Systems 3
4 High Level Timeline for NAVFAC Cyber Initiatives Cyber Security Capabilities FY16 FY17 FY18 FY19 FY20 ICS-PE (Installed) AMI (Installed) N-UMCS (Installed) TCA (PRI1) Assessed, interim secure, RMF started SICA (PRI2) EIB (PRI3) ATFP Assessed, interim secure, RMF started Assessed, interim secure, RMF started Assessed, interim secure, RMF started Functional Audit CYBERSAFE Categorize Systems Assign Grade Cyber Hygiene RMF Ongoing AO/SCA NAVFAC Cybersecurity Resourcing (IT Staff only) 46 FTE Hired (31 DEC) 70 FTE Authorized 81 FTE Authorized 100 FTE Authorized Plan & Implement Activities Ongoing Activities Milestone 4
5 Commanding Officer Accountability Each CO will be responsible for completion of the following priority activities. This will require coordination between CNIC and NAVFAC. Activity Description Cyber Hygiene System Inventory Update hardware and software Change default passwords Inventory Leverage existing resources to begin inventory process (Maximo, DCIP if available; POC ISSM) Conduct manual inventory of buildings and assets with CIO4, PW6 and ISSM Criticality Assessment Group mission capabilities by relative importance Decompose mission capabilities into critical functions Map missions and critical functions to critical components Identify and include components that do not directly implement critical functions but have unmediated access to or protect critical functions Assign Criticality Levels to the identified critical components CYBERSAFE Assign CS Levels 1-4 Assign Grades A/B/C Assign Conditions of Readiness X/Y/Z RMF Categorize Information Systems Select Security Controls Implement Security Controls Remove unused accounts Train administrators and operators Assess Security Controls Receive ATO Monitor Security Controls 5
6 Cybersecurity Enterprise Dashboard 6
7 CYBERSAFE- SYSCOM Office Certification ADNS SPAWAR OPNAV 2-6 Nov 2015 Lessons Learned Lessons Learned SSDS ICS Platform Enclave NAVSEA NAVFAC Jan Jan 2016 Implementation Test- Drives will serve as a certifying event for CYBERSAFE processes at each SYSCOM Lessons Learned H60 & Unmanned Vehicle NAVAIR 8-10 Feb 2016 Lessons Learned GATOR MARCOR SYSCOM TBD HQMC Lead Lessons Learned Supply Chain Risk Mgmt NAVSUP SYSCOM Mar
8 Functional Audit Objectives Assess NAVFAC CS management processes are compliant with the Draft CS Instruction V.06 Conduct tabletop process review of NAVFAC CS Program to assess end-to-end program compliance This audit did NOT focus on technical assessment of Industrial Control System Platform Enclave 8
9 Functional Audit Outbrief Evident that this is a Commander s priority Mr. McLaurin 9-month detail to OPNAV CYBERSAFE Office & Navy Cybersecurity Division (formally TFCA); Ms. Deb Jordan was TFCA Deputies participant Two major findings Designation Letter for NAVFAC CYBERSAFE Program Director COMPLETED Designation Letter for CYBERSAFE ICS-PE Program COMPLETED Improvements People capacity for execution Processes sufficient and maturing while we learn Authorities - documentation revisions NAVFAC and ICS-PE Program commitment list Regular progress updates SECNAV/OPNAV Instructions Provided lessons learned for future audits NAVAIR: February 2016 NAVSUP: March 2016 Final Report upon completion of all audits Purpose: To assess if NAVFAC s CYBERSAFE (CS) management processes are compliant with the Draft CS Instruction v0.6 9
10 Rating Tri-Service TEM Metrics Audience Metrics Over 90 attendees over the course of the 4-day conference Attendees included 18 SES, 1 Flag Officer, and 4 Senior Officers Attendee feedback was collected on a scale of 1-5 (unsatisfied to very satisfied) via survey for a series of questions; overall satisfaction analyzed for Days 1-3 fell in the satisfied to very satisfied range RESPONDENT OVERALL SATISFACTION Organizations Present Audience: Air Force, Army, Marine Corps, Navy, DLA, National Labs, CYBERCOM, and OSD Day One Day Two Day Three Day Four Overall Speakers: NAVFAC, Air Force, Army, Navy, Office of Naval Research, SPAWAR, NAVSEA, USACE, AFCEC, DOD, National Labs UNCLASSIFIED/FOUO 10
11 Tri-Service TEM Agenda Facility Commands Cyber Overviews: NAVFAC Air Force USACE Enterprise Cyber Security: Holistic Approach to Cybersecurity The Unique Challenges to Secure Control Systems Navy s Task Force Cyber Awakening Air Force s Task Force Cyber Secure Cyber Security Science: Delivery Secure Facilities Planning Secure Facilities Johns Hopkins University/Applied Physics Lab Cyber Security Policy: Navy: OPNAV N2/N6 Air Force: AFCYBER ARCYBER/2nd Army OSD: Overview of Efforts Technical Discussion: Navy s Platform Enclave DoD Guidance: Risk Management Framework: Fundamentals, Process, and Issues New Instruction: Cyber UFC and UFGS Roundtable Discussions: Outcome of Army s Systematic CS Inspection Update on Control System Inventory Configuration Management Control Workforce Development Plan Strategy to Cyber Secure Facilities Navy Control Systems Test Bed TEM Day 1 TEM Day 2 TEM Day 3 TEM Day 4 UNCLASSIFIED/FOUO 11
12 Overarching Tri-Service TEM Themes The following themes were reiterated throughout the TEM: 1. Train the Workforce Provide training for the workforce which allows them to be successful given new requirements Consider the following trainings: control systems, cybersecurity, facility engineering, etc. 2. Address Policy Gaps Create DOD-level policy to provide standard direction across services Develop cradle to grave guidance which can be used to cyber secure facilities (RFP through build and maintenance) 3. Differentiate Compliance vs. Residual Risk Risk Management Framework is used as a compliance tool but should be leveraged to determine overall risk to the mission and to the shore domain Compliance does not equate to security 4. Reach Reciprocity through Inheritance Leverage service specific accreditations across DOD to reduce duplication of effort for similar systems Risk Management Framework process maximizes inheritance within the systems 5. Consolidate Assessments Consolidate existing assessments to one that meets varying needs Reduce level of effort to collect required information UNCLASSIFIED/FOUO 12
13 Rating Navy Ashore TEM Metrics Audience Metrics Over 80 attendees over the course of the 4-day conference Attendees included 13 SES, 2 Flag Officers, and 4 Senior Officers Attendee feedback was collected on a scale of 1-5 (unsatisfied to very satisfied) via survey for a series of questions; overall satisfaction analyzed for Days 1-3 fell in the satisfied to very satisfied range RESPONDENT OVERALL SATISFACTION Day One Day Two Day Three Day Four Overall Organizations Present Audience: SPAWAR, NAVSUP, NAVSEA, NAVFAC, Navy Information Forces, DOE, NAVMETOCCOM, ONI, OPNAV N46, CNIC, NAVMED, PNNL Speakers: CNIC, DISA, NAVAIR, NAVFAC, NAVMED, NAVMETOCCOM, NAVSUP, OPNAV, SPAWAR, USCYBERCOM, PNNL UNCLASSIFIED/FOUO 13
14 Navy Ashore TEM Agenda Navy Cyber Overview NAVFAC s Cyber Role Ashore NAVSUP Cyber Overview Tri-Service TEM Summary and Highlights Cybersecurity Technology in Action Cyber in Medical Technology Cybersecurity for the Naval Meteorology and Oceanography Comment Breaking Down Barriers and Modernizing Cyber in the Navy Ashore Environment Securing Building and Utility Systems Components of Cybersecurity IoT Vulnerability Research, Cyber Talent Gaps, and the Global CSIRT Community NAVFAC s Security Architecture Cyber Engineering Best Practices Cyber Hygiene Cyber UFC and UFGS Navy s Cybersecurity Landscape Navy Exchange Service Command Information Technology Overview Supply Chain Cyber Landscape Securing Power to the Navy Cybersecurity Architecture Shore Control Systems Test Bed Zoning and Anomaly Detection in a Low Entropy Environment IA / TA Update Command Cybersecurity Overview NAVSEA SPAWAR NAVAIR NAVFAC s Role as Shore AO / SCA Cybersecurity Strategic Approach Securing the Security Systems PSNET PSNet for Secure Transport Enabling the Fleet Cybersecurity Workforce Development TEM Day 1 TEM Day 2 TEM Day 3 TEM Day 4 UNCLASSIFIED/FOUO 14
15 Overarching Navy Ashore TEM Themes The following themes were reiterated throughout the TEM: 1. Fleet: One Team, One Fight Users must understand that cybersecurity is no longer an option, it s the way of life Cross-SYSCOM team working with Fleet, OPNAV, FCC and other stakeholders 2. Train the Workforce Provide training for the workforce which allows them to be successful given new requirements Understand the differences between HQ and Echelon personnel Workforce retention and insourcing inherently government roles is critical 3. Educate on Risk Management Framework Risk Management Framework offers a systems-engineering based approach to managing security controls Compliance does not equate to security; what risk is being assumed Selection of security controls presents an opportunity for inheritance 4. System Inter-relationships Ashore Recognize complexity of shore systems with other SYSCOMs back to NAVFAC Collaboration is paramount to accurately assess and secure control systems against adversaries UNCLASSIFIED/FOUO 15
16 Workforce Development Gaps realized with the need to cyber secure control systems: Business Systems security process is well defined and appropriately staffed; not applicable to control systems under old requirements Control Systems were installed without regard to cybersecurity; supported by facility engineers and last for decades with little change Traditional cyber staff lack control system experience and process knowledge Facility Operational personnel prioritize availability, not cybersecurity Accreditation: business focused; ashore control systems not required Solution to begin workforce development: Insert cyber into each step of Facility Life Cycle Train & Team with SME process owners Develop cyber criteria, specs, and guidance Take on SYSCOM TA role and AO/SCA mission Leverage SYSCOM partners courses Increase awareness with every opportunity Training dedicated cybersecurity staff onboard and along existing staff to become cyber-smart Control System Cyber Boot Camps DEC 15 and MAR/JUN 16 Standards, Guidance & Processes being created and updated 16
17 Workforce Training The following actions are being taken to develop workforce: Explore control system cyber security certification programs Increase Validator, Information Assurance training Obtain forensic, monitoring, and ethical hacking expertise Build expertise for IT and SCADA product programs Gain training on cyber security tools and supporting suite Partner with DoD Cyber Range and leverage National Labs Provide internal training (i.e. NAVFAC ICS Boot Camp Dec 15): Security Architecture, Threat, Control Systems, Substation, ICS OPS Center, Strategy Participation with NAVFAC Functional, OSD, Air Force, SECNAV, CNIC, USMC Utilize global cybersecurity support staff 9 Regions, Dev Lab and Test Bed NAVFAC Cybersecurity Staff FY14 FY15 FY16 FY17 FY18 Hired Authorized 17
18 Current Challenges NAVFAC also recognizes there are current challenges that may prevent organizations from reaching their ideal cybersecurity end state. 1 Risk Management Framework Knowledge gap of experience exists- makes the transition from DIACAP to RMF seem very daunting The application of RMF is not clearly defined; must identify shore critical assets in addition to TCAs There is disagreement surrounding how to measure risk vs. compliance 2 Workforce Education and Training Agility is something to insource Differences in training approaches in the cyber workforce, about cyber hygiene, and between the fleet vs. echelon staff 3 Coordination within and between Organizations Looking for more buy-in and support from external organizations Furthering partnerships within Navy, DoD, National Labs Continuing momentum with process after the TEM has concluded 4 Unified Presence and Stance Implementation of CYBERSAFE across the supply chain and all of Command IT ashore Standardized definitions and requirements Set expectations from Command to Users- one team, one fight Contradicting perspectives of secure systems between non-dod government leaders, who follow industry convention, and the DoD intelligence community UNCLASSIFIED/FOUO 18
19 RMF for IS and PIT Systems Step 6 Monitor Security Controls Determine impact of changes to the system and environment Assess selected controls annually Conduct needed remediation Update security plan, SAR and POA&M Report security station to AO AO reviews reported status Implement system decommissioning strategy Step 5 Authorize System Prepare the POA&M Submit Security Authorization Package to AO AO conducts final risk determination AO makes authorization decision Step 1 Categorize Systems Categorize the systems in accordance with the CNSSI 1253 Initiate the Security Plan Register the system with DoD Component Cybersecurity Program Assign qualified personnel to RMF roles Step 4 Assess Security Controls Develop and approve security assessment plan Assess security controls SCA prepares security assessment report (SAR) Conduct initial remediation actions Step 2 Select Controls Common control identification Select security controls Develop system-level continuous monitoring strategy Review and approve the security plan and continuous monitoring strategy Apply overlays and tailor Step 3 Implement Security Controls Implement Controls Solutions consistent with DoD component cybersecurity architectures Document security control implementation in the security plan Risk Management Framework (RMF) for DoD IT replaces previous DIACAP framework in providing DoD Information Assurance. The RMF POA&M for Operational Technology is currently being developed by NAVFAC with an expected implementation start date in FEC cybersecurity team members will use the RMF POA&M to implement controls based on the assessments and grading done during CYBERSAFE. 19
20 ICS-PE / N-UMCS Relationship Base A Base B Base C 20
21 Appendix 21
22 CYBERSAFE Assessment Components CYBERSAFE is the assessment of assets to determine criticality categorization and grade in preparation for controls assignment. The assessment consists of the following three components: Cyber System Levels CYBERSAFE Grades Cyber Conditions of Readiness Cyber System Level CSL 1: Platform Safety CSL 2: Platform Combat CSL 3: Networked Combat CSL4: Sustained Combat Design Functionality Hierarchy of system to end-to-end mission CYBERSAFE Grade Grade A: Mission Critical Grade B: Mission Essential Material Grade C: Non-Mission Essential Procure, Design & Build Level of cyber protection incorporated into system design X Y Z Cyber Condition FULL NET SEMI NET NO NET Operate T E C H N I C A L C A P A B I L I T I E S Operating mode of platform based on likelihood of cyber attack 22
23 NAVFAC CYBERSAFE Prioritization Approach NAVFAC will leverage existing Mission Assurance (MA) efforts and lessons learned from these efforts to execute CYBERSAFE across the command. NAVFAC will prioritize all assets to determine the order they will be assessed for CYBERSAFE compliance utilizing the following approach: Priority 1: Task Critical Assets. Priority 2: Supporting Infrastructure Critical Assets. Priority 3: Other priority assets as identified by CNIC s Commander and Combatant Commands. Priority 4: All remaining assets. FEC cybersecurity teams will contribute to CYBERSAFE categorization, grading, and documentation. 23
24 FEC CYBERSAFE Process NAVFAC System Categorized process begins with FEC level system categorization. FEC cybersecurity teams will: Categorize the system using Navy s CYBERSAFE and RMF standards and guides. Assign CYBERSAFE grade using CYBERSAFE grade criteria and AO standards. Conduct criticality analysis. Assign CYBERSAFE controls based on grade. Tailor controls based on RMF Process. Document and justify security controls for RMF and CYBERSAFE. Documents generated at the ECH IV level will be reviewed and approved by ECH III and NAVFAC CYBERSAFE PMO. NAVFAC approved documents will be distributed to OPNAV, FFC/CPF/FCC, TYCOMS, and IDFOR. 24
25 CYBERSAFE Audit Team Members OPNAV N2/N6 (Theresa Everette, CDR Low, Paula Jackson) NAVFAC (Mike Kilcoyne, Marrio McLaurin, James Kim, Craig St. John) CNIC (Wendy McFadden, Kim Ellis) NAVSEA (Pat Hoff) SPAWAR (Charlie Nolan) IDFOR (CDR Fernandez, LCDR Fisher) MARCORSYSCOM (Erin Valliere) NAVAIR (Kafayat Kelani) NAVSUP (Steve Kozick) FCC (Alan Rickman) 25
Navy Cyber Resilience
Unclassified Navy Cyber Resilience 20160614 Mr. Troy Johnson From cybersecurity to cyber resilience 2 Disconnected response through stove-piped assessments & initiatives across the enterprise: Operation
More informationLooking Forward: USACE MILCON Cybersecurity Integration
Energy Exchange 2017 - Track 4 - Cyber and Control System Technologies, Session 2 - Understanding and implementing the RMF Process Looking Forward: USACE MILCON Cybersecurity Integration Mr. Daniel Shepard
More informationThe Perfect Storm Cyber RDT&E
The Perfect Storm Cyber RDT&E NAVAIR Public Release 2015-87 Approved for public release; distribution unlimited Presented to: ITEA Cyber Workshop 25 February 2015 Presented by: John Ross NAVAIR 5.4H Cyberwarfare
More informationSTUDENT GUIDE Risk Management Framework Step 5: Authorizing Systems
Slide 1 - Risk Management Framework RMF Module 5 Welcome to Lesson 5 - RMF Step 5 Authorizing Systems. Once the security controls are assessed, the POA&M and security authorization package must be finalized
More informationRisk Management Framework for DoD Medical Devices
Risk Management Framework for DoD Medical Devices Session 136, March 7, 2018 Lt. Col. Alan Hardman, Chief Operations Officer, Cyber Security Division, Office of the DAD IO/J-6 William Martin, Deputy of
More information6/18/ ACC / TSA Security Capabilities Workshop THANK YOU TO OUR SPONSORS. Third Party Testing Program Overview.
2015 ACC / TSA Security Capabilities Workshop June 16-18, 2015 #SecurityCapabilities THANK YOU TO OUR SPONSORS 2015 ACC/TSA Security Capabilities Workshop June 24-26 Arlington, VA #SecurityCapabilities
More informationInformation Warfare Industry Day
Information Warfare Industry Day 20180510 RDML Barrett, OPNAV N2N6G TRANSPORT COMMERCIAL INTERNET DISN SCI Coalition Networks ADNS TELEPORT NMCI & ONE-NET JRSS MOC GNOC NCDOC USMC ISNS / CANES / SUBLAN
More informationSynergistic Efforts Between Financial Audit and Cyber Security
DEPARTMENT OF THE NAVYCHIEF INFORMATION OFFICER Synergistic Efforts Between Financial Audit and Cyber Security Amira Tann, DON CIO IT Audit Readiness Lead Danny Chae, ASM FMC FMP IT Controls Lead June
More informationT&E Workforce Development
T&E Workforce Development 2016 ITEA Cyber Security Workshop Mr. Thomas W. Simms Deputy Director, T&E Competency & Development Deputy Assistant Secretary of Defense (DT&E) March 17, 2016 Agenda Policy Overview
More informationJob Aid: Introduction to the RMF for Special Access Programs (SAPs)
Contents Terminology... 2 General Terminology... 2 Documents and Deliverables... 2 Changes in Terminology... 3 Key Concepts... 3 Roles... 4 Cybersecurity for SAPs: Roles... 5 Support/Oversight Roles...
More informationRocky Mountain Cyberspace Symposium 2018 DoD Cyber Resiliency
Rocky Mountain Cyberspace Symposium 2018 DoD Cyber Resiliency Mr. Ed Brindley Acting Deputy Cyber Security Department of Defense 7 March 2018 SUPPORT THE WARFIGHTER 2 Overview Secretary Mattis Priorities
More informationI n t e g r i t y - S e r v i c e - E x c e l l e n c e
I n t e g r i t y - S e r v i c e - E x c e l l e n c e Headquarters U.S. Air Force I n t e g r i t y - S e r v i c e - E x c e l l e n c e AF Chief Information Security Officer (CISO) Mr. Pete Kim (SES)
More informationBUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE
BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE 1 WHAT IS YOUR SITUATION? Excel spreadsheets Manually intensive Too many competing priorities Lack of effective reporting Too many consultants Not
More informationNaval Surface Warfare Center,
CAPT Brian R. Durant Commander NSWCDD Technical Director - (540) 653-8103 Dennis M. McLaughlin Technical Director Naval Surface Warfare Center, Dahlgren Naval Undersea DivisionWarfare Center The The Leader
More informationFedRAMP: Understanding Agency and Cloud Provider Responsibilities
May 2013 Walter E. Washington Convention Center Washington, DC FedRAMP: Understanding Agency and Cloud Provider Responsibilities Matthew Goodrich, JD FedRAMP Program Manager US General Services Administration
More informationWorkshop 71: Is Your Financial System Ready? An Overview of Effective Federal Information System Controls Audit Manual (FISCAM) Assessments
Workshop 71: Is Your Financial System Ready? An Overview of Effective Federal Information System Controls Audit Manual (FISCAM) Assessments ASMC PDI 2015 New Orleans, LA May 28, 2015 Workshop 71: Agenda
More informationINFORMATION ASSURANCE DIRECTORATE
National Security Agency/Central Security Service INFORMATION ASSURANCE DIRECTORATE CGS Risk Monitoring Risk Monitoring assesses the effectiveness of the risk decisions that are made by the Enterprise.
More informationIn 2017, the Auditor General initiated an audit of the City s information technology infrastructure and assets.
REPORT FOR ACTION IT Infrastructure and IT Asset Management Review: Phase 1: Establishing an Information Technology Roadmap to Guide the Way Forward for Infrastructure and Asset Management Date: January
More informationAntiterrorism / Force Protection (AT/FP) Assessment Tool Training. Module 1: Policy Drivers for MARMS & AT/FP Assessments
Antiterrorism / Force Protection (AT/FP) Assessment Tool Training Module 1: Policy Drivers for MARMS & AT/FP Assessments Supporting Joint Staff J33 via US Army Armament, Research, Development and Engineering
More informationNCSF Foundation Certification
NCSF Foundation Certification Overview This ACQUIROS accredited training program is targeted at IT and Cybersecurity professionals looking to become certified on how to operationalize the NIST Cybersecurity
More informationEvaluating and Improving Cybersecurity Capabilities of the Electricity Critical Infrastructure
Evaluating and Improving Cybersecurity Capabilities of the Electricity Critical Infrastructure March 2015 Pamela Curtis Dr. Nader Mehravari Katie Stewart Cyber Risk and Resilience Management Team CERT
More informationMarine Corps Tactical System Support Activity
Marine Corps Tactical System Support Activity Information Brief Marine Corps Enterprise Network (MCEN) Planning Yard February 2019 Purpose: Provide Overview of the MCEN Planning Yard MCEN Planning Yard
More informationSolutions Technology, Inc. (STI) Corporate Capability Brief
Solutions Technology, Inc. (STI) Corporate Capability Brief STI CORPORATE OVERVIEW Located in the metropolitan area of Washington, District of Columbia (D.C.), Solutions Technology Inc. (STI), women owned
More informationChapter 18 SaskPower Managing the Risk of Cyber Incidents 1.0 MAIN POINTS
Chapter 18 SaskPower Managing the Risk of Cyber Incidents 1.0 MAIN POINTS The Saskatchewan Power Corporation (SaskPower) is the principal supplier of power in Saskatchewan with its mission to deliver power
More informationISO STANDARD IMPLEMENTATION AND TECHNOLOGY CONSOLIDATION
ISO STANDARD IMPLEMENTATION AND TECHNOLOGY CONSOLIDATION Cathy Bates Senior Consultant, Vantage Technology Consulting Group January 30, 2018 Campus Orientation Initiative and Project Orientation Project
More informationDOD Medical Device Cybersecurity Considerations
Enedina Guerrero, Acting Chief, Incident Mgmt. Section, Cyber Security Ops Branch 2015 Defense Health Information Technology Symposium DOD Medical Device Cybersecurity Considerations 1 DHA Vision A joint,
More informationDEFENSE LOGISTICS AGENCY
DEFENSE LOGISTICS AGENCY AMERICA S COMBAT LOGISTICS SUPPORT AGENCY Cyber Resilience Integration Mr. Linus Baker DLA Information Operations Director, Cybersecurity 1 Mission Assurance/Cybersecurity Concern
More informationDr. Steven J. Hutchison Principal Deputy Developmental Test and Evaluation
Nov 2012 Page-1 Dr. Steven J. Hutchison Principal Deputy Developmental Test and Evaluation November 2012 Nov 2012 Page-2 DT&E for Complex Systems Performance Reliability Interoperability Information Security
More informationInformation Security Continuous Monitoring (ISCM) Program Evaluation
Information Security Continuous Monitoring (ISCM) Program Evaluation Cybersecurity Assurance Branch Federal Network Resilience Division Chad J. Baer FNR Program Manager Chief Operational Assurance Agenda
More informationUNCLASSIFIED. FY 2016 Base FY 2016 OCO
Exhibit R-2, RDT&E Budget Item Justification: PB 2016 Office of the Secretary Of Defense : February 2015 0400: Research, Development, Test & Evaluation, Defense-Wide / BA 7: Operational Systems Development
More informationTest and Evaluation Methodology and Principles for Cybersecurity
Test and Evaluation Methodology and Principles for Cybersecurity Andrew Pahutski Deputy Director; Cyber & Information Systems Office of the Secretary of Defense (OSD) Developmental Test and Evaluation
More informationContinuous protection to reduce risk and maintain production availability
Industry Services Continuous protection to reduce risk and maintain production availability Managed Security Service Answers for industry. Managing your industrial cyber security risk requires world-leading
More informationU.S. FLEET CYBER COMMAND U.S. TENTH FLEET Managing Cybersecurity Risk
U.S. FLEET CYBER COMMAND U.S. TENTH FLEET Managing Cybersecurity Risk Neal Miller, Navy Authorizing Official December 13, 2016 UNCLASSIFIED 1 Some Inconvenient Truths The bad guys and gals still only work
More informationCyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS
Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS Continual disclosed and reported
More informationTEL2813/IS2621 Security Management
TEL2813/IS2621 Security Management James Joshi Associate Professor Lecture 4 + Feb 12, 2014 NIST Risk Management Risk management concept Goal to establish a relationship between aggregated risks from information
More informationState of South Carolina Interim Security Assessment
State of South Carolina Interim Security Assessment Deloitte & Touche LLP Date: October 28, 2013 Our services were performed in accordance with the Statement on Standards for Consulting Services that is
More informationIntegration of the Energy Industry
Session 2: Energy Integration Integration of the Energy Industry Tammie Gibson, PMP Schneider Electric August 9, 2016 Rhode Island Convention Center Providence, Rhode Island Overview Industry has become
More informationDepartment of Defense Fiscal Year (FY) 2014 IT President's Budget Request Defense Media Activity Overview
Mission Area Department of Defense Overview Business System Breakout Appropriation BMA 0.163 Total 24.846 Defense Business Systems 0.163 All Other Resources 24.683 EIEMA 24.683 FY 2014 ($M) FY 2014 ($M)
More informationTHE POWER OF TECH-SAVVY BOARDS:
THE POWER OF TECH-SAVVY BOARDS: LEADERSHIP S ROLE IN CULTIVATING CYBERSECURITY TALENT SHANNON DONAHUE DIRECTOR, INFORMATION SECURITY PRACTICES 1 IT S A RISK-BASED WORLD: THE 10 MOST CRITICAL UNCERTAINTIES
More informationContinuous Monitoring & Security Authorization XACTA IA MANAGER: COST SAVINGS AND RETURN ON INVESTMENT IA MANAGER
Continuous Monitoring & Security Authorization XACTA IA MANAGER: COST SAVINGS AND RETURN ON INVESTMENT IA MANAGER Continuous Monitoring & Security Authorization >> TOTAL COST OF OWNERSHIP Xacta IA Manager
More informationSOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT
RSA ARCHER IT & SECURITY RISK MANAGEMENT INTRODUCTION Organizations battle growing security challenges by building layer upon layer of defenses: firewalls, antivirus, intrusion prevention systems, intrusion
More informationCyber Resilience. Think18. Felicity March IBM Corporation
Cyber Resilience Think18 Felicity March 1 2018 IBM Corporation Cyber Resilience Cyber Resilience is the ability of an organisation to maintain its core purpose and integrity during and after a cyber attack
More informationDATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE
DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE EXECUTIVE SUMMARY ALIGNING CYBERSECURITY WITH RISK The agility and cost efficiencies
More informationIT-CNP, Inc. Capability Statement
Securing America s Infrastructure Security Compliant IT Operations Hosting Cyber Security Information FISMA Cloud Management Hosting Security Compliant IT Logistics Hosting 1 IT-CNP, Inc. is a Government
More informationNCSF Foundation Certification
NCSF Foundation Certification Overview This ACQUIROS accredited training program is targeted at IT and Cybersecurity professionals looking to become certified on how to operationalize the NIST Cybersecurity
More informationAvionics Cyber T&E Examples Testing Cyber Security Resilience to support Operations in the 3rd Offset Environment
Avionics Cyber T&E Examples Testing Cyber Security Resilience to support Operations in the 3rd Offset Environment 26 January 2017 Presented by: Mr. Chad Miller NAVAIR Cyber T&E What: Replicate Cyber Battlespace
More informationReviewed by ADM(RS) in accordance with the Access to Information Act. Information UNCLASSIFIED.
Assistant Deputy Minister (Review Services) Reviewed by in accordance with the Access to Information Act. Information UNCLASSIFIED. Security Audits: Management Action Plan Follow-up December 2015 1850-3-003
More informationRisk Management Framework (RMF) 101 for Managers. October 17, 2017
Risk Management Framework (RMF) 101 for Managers October 17, 2017 DoD Risk Management Framework (RMF) Process DoDI 8510.01, Mar 2014 [based on NIST SP 800-37] Architecture Description Components Firmware
More informationTexas Reliability Entity, Inc. Strategic Plan for 2017 TEXAS RE STRATEGIC PLAN FOR 2017 PAGE 1 OF 13
Texas Reliability Entity, Inc. Strategic Plan for 2017 TEXAS RE STRATEGIC PLAN FOR 2017 PAGE 1 OF 13 I. Vision A highly reliable and secure bulk power system in the Electric Reliability Council of Texas
More informationImproving Cybersecurity through the use of the Cybersecurity Framework
Improving Cybersecurity through the use of the Cybersecurity Framework March 11, 2015 Tom Conkle G2, Inc. Agenda Cybersecurity Framework Why it was created What is it Why it matters How do you use it 2
More informationRethinking Information Security Risk Management CRM002
Rethinking Information Security Risk Management CRM002 Speakers: Tanya Scott, Senior Manager, Information Risk Management, Lending Club Learning Objectives At the end of this session, you will: Design
More informationDell helps you simplify IT
Dell helps you simplify IT Workshops the first step. Reduce desktop and data center complexity. Improve productivity. Innovate. Dell IT Consulting Services New Edition 2011 Introduction Are you spending
More informationAppendix 3 Disaster Recovery Plan
Appendix 3 Disaster Recovery Plan DRAFT March 5, 2007 Revision XX Qwest Government Services, Inc. 4250 North Fairfax Drive Arlington, VA 22203 A3-i RFP: TQC-JTB-05-0002 March 5, 2007 REVISION HISTORY Revision
More informationStreamlined FISMA Compliance For Hosted Information Systems
Streamlined FISMA Compliance For Hosted Information Systems Faster Certification and Accreditation at a Reduced Cost IT-CNP, INC. WWW.GOVDATAHOSTING.COM WHITEPAPER :: Executive Summary Federal, State and
More informationNY DFS Cybersecurity Regulations August 8, 2017
NY DFS Cybersecurity Regulations August 8, 2017 23 NYCRR Part 500 Asking Questions Anti-Trust Policy As a CPCU approved education program related to The Institutes Chartered Property Casualty Underwriter
More informationCybersecurity for Security Personnel
Cybersecurity for Security Personnel September 2017 Center for Development of Security Excellence Lesson 1: Course Introduction Introduction Welcome The world of security has many areas that require our
More informationCyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.
Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK. In today s escalating cyber risk environment, you need to make sure you re focused on the right priorities by
More informationDEPARTMENT OF THE NAVY CHIEF INFORMATION OFFICER (DON CIO) CYBERSECURITY STRATEGY TEMPLATE
DEPARTMENT OF THE NAVY CHIEF INFORMATION OFFICER (DON CIO) CYBERSECURITY STRATEGY TEMPLATE AND INSTRUCTIONS MAY 2016 INTRODUCTION 1. Purpose: The Cybersecurity Strategy (CSS) ensures compliance with the
More informationNew York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines
New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines New York Department of Financial Services ( DFS ) Regulation 23 NYCRR 500 requires that entities
More informationBUSINESS CONTINUITY MANAGEMENT PROGRAM OVERVIEW
BUSINESS CONTINUITY MANAGEMENT PROGRAM OVERVIEW EXECUTIVE SUMMARY CenturyLink is committed to ensuring business resiliency and survivability during an incident or business disruption. Our Corporate Business
More informationEnhancing the Cybersecurity of Federal Information and Assets through CSIP
TECH BRIEF How BeyondTrust Helps Government Agencies Address Privileged Access Management to Improve Security Contents Introduction... 2 Achieving CSIP Objectives... 2 Steps to improve protection... 3
More informationDATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI
DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI EXECUTIVE SUMMARY The shortage of cybersecurity skills Organizations continue to face a shortage of IT skill
More informationFunction Category Subcategory Implemented? Responsible Metric Value Assesed Audit Comments
Function Category Subcategory Implemented? Responsible Metric Value Assesed Audit Comments 1 ID.AM-1: Physical devices and systems within the organization are inventoried Asset Management (ID.AM): The
More informationAir Force Digital Strategy
Air Force Digital Strategy Mr. Bill Marion Deputy Chief Information Officer 1 Protect IT Service Management Connect Compute/Store End Devices Data Workforce Compliance Business Innovation Next Gen Desktop
More informationUpdates to the NIST Cybersecurity Framework
Updates to the NIST Cybersecurity Framework NIST Cybersecurity Framework Overview and Other Documentation October 2016 Agenda: Overview of NIST Cybersecurity Framework Updates to the NIST Cybersecurity
More informationInformation Infrastructure and Security. The value of smart manufacturing begins with a secure and reliable infrastructure
Information Infrastructure and Security The value of smart manufacturing begins with a secure and reliable infrastructure The Case for Connection To be competitive, you must be connected. That is why industrial
More informationWill your application be secure enough when Robots produce code for you?
SESSION ID: ASD-W02 Will your application be secure enough when Robots produce code for you? Hasan Yasar Technical Manager, Faculty Member SEI CMU @securelifecycle With the speed of DevOps It is me! I
More informationOPUC Workshop March 13, 2015 Cyber Security Electric Utilities. Portland General Electric Co. Travis Anderson Scott Smith
OPUC Workshop March 13, 2015 Cyber Security Electric Utilities Portland General Electric Co. Travis Anderson Scott Smith 1 CIP Version 5 PGE Implementation Understanding the Regulations PGE Attended WECC
More informationCYBER SECURITY BRIEF. Presented By: Curt Parkinson DCMA
CYBER SECURITY BRIEF Presented By: Curt Parkinson DCMA September 20, 2017 Agenda 2 DFARS 239.71 Updates Cybersecurity Contracting DFARS Clause 252.204-7001 DFARS Clause 252.239-7012 DFARS Clause 252.239-7010
More informationLarry Clinton President & CEO (703)
For information about membership opportunities, please contact: Larry Clinton President & CEO lclinton@isalliance.org (703) 907-7028 For more information about the Internet Security Alliance, please visit
More informationJoint Federated Assurance Center (JFAC): 2018 Update. What Is the JFAC?
21 st Annual National Defense Industrial Association Systems and Mission Engineering Conference Joint Federated Assurance Center (JFAC): 2018 Update Thomas Hurt Office of the Under Secretary of Defense
More informationMedical Device Cybersecurity: FDA Perspective
Medical Device Cybersecurity: FDA Perspective Suzanne B. Schwartz MD, MBA Associate Director for Science and Strategic Partnerships Office of the Center Director (OCD) Center for Devices and Radiological
More informationIncident Response Services to Help You Prepare for and Quickly Respond to Security Incidents
Services to Help You Prepare for and Quickly Respond to Security Incidents The Challenge The threat landscape is always evolving and adversaries are getting harder to detect; and with that, cyber risk
More informationDoD Strategy for Cyber Resilient Weapon Systems
DoD Strategy for Cyber Resilient Weapon Systems Melinda K. Reed Office of the Deputy Assistant Secretary of Defense for Systems Engineering NDIA Systems Engineering Conference October 2016 10/24/2016 Page-1
More informationTX CIO Leadership Journey Texas CIOs Bowden Hight Texas Health and Human Services Commission Tim Jennings Texas Department of Transportation Mark
TX CIO Leadership Journey Texas CIOs Bowden Hight Texas Health and Human Services Commission Tim Jennings Texas Department of Transportation Mark Stone Texas A&M University System Moderator Anh Selissen
More information10 Cybersecurity Questions for Bank CEOs and the Board of Directors
4 th Annual UBA Bank Executive Winter Conference February, 2015 10 Cybersecurity Questions for Bank CEOs and the Board of Directors Dr. Kevin Streff Founder, Secure Banking Solutions 1 Board of Directors
More informationAdvanced Technology Academic Research Council Federal CISO Summit. Ms. Thérèse Firmin
Advanced Technology Academic Research Council Federal CISO Summit Ms. Thérèse Firmin Acting Deputy DoD CIO Cyber Security Department of Defense 25 January 2018 2 Overview Secretary Mattis Priorities Cybersecurity
More informationIoT & SCADA Cyber Security Services
RIOT SOLUTIONS PTY LTD P.O. Box 10087 Adelaide St Brisbane QLD 4000 BRISBANE HEAD OFFICE Level 22, 144 Edward St Brisbane, QLD 4000 T: 1300 744 028 Email: sales@riotsolutions.com.au www.riotsolutions.com.au
More informationHow AlienVault ICS SIEM Supports Compliance with CFATS
How AlienVault ICS SIEM Supports Compliance with CFATS (Chemical Facility Anti-Terrorism Standards) The U.S. Department of Homeland Security has released an interim rule that imposes comprehensive federal
More informationINTELLIGENCE DRIVEN GRC FOR SECURITY
INTELLIGENCE DRIVEN GRC FOR SECURITY OVERVIEW Organizations today strive to keep their business and technology infrastructure organized, controllable, and understandable, not only to have the ability to
More informationNational Information Assurance Partnership (NIAP) 2017 Report. PPs Completed in CY2017
National Information Assurance Partnership (NIAP) 2017 Report NIAP continued to grow and make a difference in 2017 from increasing the number of evaluated products available for U.S. National Security
More informationDepartment of Defense (DoD) Joint Federated Assurance Center (JFAC) Overview
Department of Defense (DoD) Joint Federated Assurance Center (JFAC) Overview Kristen Baldwin Principal Deputy, Office of the Deputy Assistant Secretary of Defense for Systems Engineering (DASD(SE)) 17
More informationISO / IEC 27001:2005. A brief introduction. Dimitris Petropoulos Managing Director ENCODE Middle East September 2006
ISO / IEC 27001:2005 A brief introduction Dimitris Petropoulos Managing Director ENCODE Middle East September 2006 Information Information is an asset which, like other important business assets, has value
More informationMETHODOLOGY AND CRITERIA FOR THE CYBERSECURITY REPORTS
METHODOLOGY AND CRITERIA FOR THE CYBERSECURITY REPORTS The cybersecurity maturity has been assessed against 25 criteria across five themes. Each of the criteria are given a Yes, No, Partial, or Not Applicable
More informationAir Force Civil Engineer Center. Director s View. Randy Brown Director 4 May Battle Ready Built Right! 1
Air Force Civil Engineer Center Director s View Randy Brown Director 4 May 2017 Battle Ready Built Right! 1 AFCEC Organization Local Partners AFCEC Director AFLOA/JACE Deputy (JBSA-Lackland) Deputy (Tyndall)
More informationAccelerate Your Enterprise Private Cloud Initiative
Cisco Cloud Comprehensive, enterprise cloud enablement services help you realize a secure, agile, and highly automated infrastructure-as-a-service (IaaS) environment for cost-effective, rapid IT service
More informationFederal Data Center Consolidation Initiative (FDCCI) Workshop III: Final Data Center Consolidation Plan
Federal Data Center Consolidation Initiative (FDCCI) Workshop III: Final Data Center Consolidation Plan August 10, 2010 FDCCI Agenda August 10 th, 2010 1. Welcome Katie Lewin GSA Director Cloud Computing
More informationIncident Response Services
Services Enhanced with Supervised Machine Learning and Human Intelligence Empowering clients to stay one step ahead of the adversary. Secureworks helps clients enable intelligent actions to outsmart and
More informationBuilding an Assurance Foundation for 21 st Century Information Systems and Networks
Building an Assurance Foundation for 21 st Century Information Systems and Networks The Role of IT Security Standards, Metrics, and Assessment Programs Dr. Ron Ross National Information Assurance Partnership
More informationUNCLASSIFIED. FY 2016 Base FY 2016 OCO
Exhibit R-2, RDT&E Budget Item Justification: PB 2016 Office of the Secretary Of Defense Date: February 2015 0400: Research, Development, Test & Evaluation, Defense-Wide / BA 2: COST ($ in Millions) Prior
More informationHealth Information Technology - Supporting Joint Readiness
Health Information Technology - Supporting Joint Readiness Session # 104, March 7, 2018 Mr. T. Pat Flanders, DADIO/J-6, CIO Kevin P. Seeley, Deputy CIO, Colonel, USAF, MSC 1 Speaker Introduction Pat Flanders
More informationSecurity and Privacy Governance Program Guidelines
Security and Privacy Governance Program Guidelines Effective Security and Privacy Programs start with attention to Governance. Governance refers to the roles and responsibilities that are established by
More informationPREPARE FOR TAKE OFF. Accelerate your organisation s journey to the Cloud.
PREPARE FOR TAKE OFF Accelerate your organisation s journey to the Cloud. cloud. Contents Introduction Program & Governance BJSS Cloud Readiness Assessment: Intro Platforms & Development BJSS Cloud Readiness
More informationIncentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO
White Paper Incentives for IoT Security May 2018 Author: Dr. Cédric LEVY-BENCHETON, CEO Table of Content Defining the IoT 5 Insecurity by design... 5 But why are IoT systems so vulnerable?... 5 Integrating
More informationCybersafety Culture Assessment
Kaspersky Enterprise Cybersecurity Cybersafety Culture Assessment Target-based learning program: culture & attitudes kaspersky.com/awareness #truecybersecurity Cybersafety Culture Assessment Focus Assessment
More informationWhy you should adopt the NIST Cybersecurity Framework
Why you should adopt the NIST Cybersecurity Framework It s important to note that the Framework casts the discussion of cybersecurity in the vocabulary of risk management Stating it in terms Executive
More informationSpace Cyber: An Aerospace Perspective
Space Cyber: An Aerospace Perspective USAF Cyber Vision 2025 AFSPC 19-21 March 2012 Frank Belz and Joe Betser The Aerospace Corporation Computers and Software Division 20 March 2012 frank.belz@aero.org
More informationSPAWAR FLEET READINESS DIRECTORATE STRATEGIC PLAN STATEMENT A: Approved for public release, distribution is unlimited (JANUARY 2017)
SPAWAR FLEET READINESS DIRECTORATE STRATEGIC PLAN 2017-2021 STATEMENT A: Approved for public release, distribution is unlimited (JANUARY 2017) 2 STRATEGIC PLAN 2017-2021 A MESSAGE FROM THE DEPUTY COMMANDER
More informationAAPA Smart Ports. Cyber Management for Ports Panel. Small Port Cyber Security Workshops. March 6, 2018
AAPA Smart Ports Cyber Management for Ports Panel Small Port Cyber Security Workshops March 6, 2018 1200 New Jersey Ave., SE Washington DC 20590 w w w. d o t. g o v Port Infrastructure Development More
More informationFDA & Medical Device Cybersecurity
FDA & Medical Device Cybersecurity Closing Keynote, February 19, 2017 Suzanne B. Schwartz, M.D., MBA Associate Director for Science & Strategic Partnerships Center for Devices and Radiological Health US
More information