Cybersecurity T&E and the National Cyber Range
|
|
- Lambert Barnett
- 5 years ago
- Views:
Transcription
1 Cleared for Public Release 23 March 2017 Case # 17-S-1267 Cybersecurity T&E and the National Cyber Range Prepared for 2nd ITEA Cyber Security Workshop "Challenges Facing Test and Evaluation 24 March 2017 Prepared by National Cyber Range Team Peter H. Christensen Range Director, NCR Cleared for Public Release 23 March 2017 Case # 17-S-1267
2 What, Why, How? What do we want to accomplish? Look back to where we were Provide insight into TRMC Cybersecurity Test and Evaluation Infrastructure and the National Cyber Range Highlight Lessons learned and NCR successes Make some predictions about the future! Why is this important? Cyberspace T&E is extremely challenging TRMC has Operationalized the NCR over six years of intense operations NCR Team has delivered significant value added to DOD customers The future looks promising! How will we do it? Look back to 2009 IA Policy Crosswalk and 2010 IT Acquisition Reform Highlight TRMC/NCR progress and new T&E capabilities Look ahead to the future 2
3 Looking Back 2009: Information Assurance (IA) Policy Cross Walk Proposed by DISA T&E Exec Chartered by DOT&E and DASD DT&E Examine current IA related T&E policies, directives, instructions and guidance Provide findings and recommendations 3
4 Key Findings Key Findings from 2009 Information Assurance Policy Cross Walk Focus on coordinating IA Test and Evaluation Activities Form Integrated Test Teams Early and enable test by one, use by many Promote Collaboration among Acquisition, Engineering and Test Teams Operationally Realistic IA Test Environment is Crucial to Successful Testing Threat Portrayal During Testing Must Reflect Current Threat Information Provide Adequate Resources & Expertise Essential for Testing Promote Acquisition-Related IA and Computer Network Defense (CND) T&E as Critical to Ensure Secure DOD Systems IA and CND testing in acquisition is a critical activity and can only be accomplished with adequate resources and threat characterization! 4
5 2010 NDAA Section 804 IT Acquisition Reform Congress directed DoD to develop a new IT Acquisition Process DCMO Section 804 Task Force established T&E and Certification Government Lead Principal Deputy DASD DT&E Test Evaluation and Certification (TE&C) Process collaboratively developed Supported an 18-month release goal, embraced both SE discipline and Agile Methods Delivered to DCMO 01 Oct 2010 Industry and DOD have embraced Agile DOD 5000 incorporates Incrementally Fielded Software Intensive Programs Agile methods influenced proposed Cybersecurity T&E process 2010: Strong Leadership is required to progress forward! 5
6 Key Elements of 2010 Draft TE&C Policy/Process Agile TE&C execution Tailored to the IT acquisition Responsive to evolving requirements Risk based and mission focused TE&C infrastructure and tools Provides testing as a service Development, deployment, and sustainment Verified, Validated, and Accredited (VV&A) Infrastructure Replicates an operational/production environment Provides repeatable and defensible test results 6
7 March 2017 TRMC Organization Under Secretary of Defense for Acquisition, Technology & Logistics Mr. Jimmy MacStravic (Acting) Dir, TRMC Updated 12 Dec 2016 Chief Financial Officer Chief Operating Officer ** Mr. Derrick Hinton (Acting) Principal Deputy, TRMC Mr. Paul Mann (Acting) Deputy EA for Cyber Test Ranges Range Director, NCR Sr. Security Advisor Admin. Officer Dr. Robert N. Tamburello Deputy Range Director, NCR DD, T&E Range Oversight * PM, CTEIP DD, Major Initiatives and Technical Analyses * Agency RO ** AF RO ** PM, REP Deputy PM, CTEIP PM, T&E/S&T PM, JMETC Army RO ** Navy RO ** * Supervisor ** Team lead Deputy PM, T&E/S&T Director, TENA SDA 7
8 TRMC Team Includes Government, FFRDC, SETA And Contractor Infrastructure and Services Include: Test Bed Design Support Integration of Custom Assets Software Hardware Wired and Wireless Remote Red/Blue Team Support Cyber and Testing Expertise Threat Vector Development Custom Traffic Generation Custom Sensor and Visualization Support Custom Data Analysis End-to-End Test Support Customers Identify Cyber T&E Requirements TRMC Provides Infrastructure And Services To Satisfy Them! 8
9 TRMC Cybersecurity T&E Infrastructure Components: JMETC MILS and Regional Service Delivery Points (RSDPs) JMETC MILS provides secure connectivity for Cybersecurity T&E MILS VPN hosted on Defense Research and Engineering Network Peers with Joint Information Operations range Regional Service Delivery Points (RSDP) Computing and Storage Assets that host virtual Cyberspace Environments TRMC provides tools and services and instrumentation for traffic generation, visualization, integrated event management, collaboration Geographically dispersed to minimize latency and maximize usability Modular/Flexible architecture evolves with requirements TRMC provides Support Staff Available to help plan, design and execute events TRMC will provision the right Cyber T&E Infrastructure based upon your needs! 9
10 What Is The National Cyber Range? NCR Provides Cybersecurity Testing And Training As A Service! 10
11 NCR Executed 140 Events in Six Years Note: FY-16: NCR unavailable for 9 Weeks during A&A NCR 2016 Aviation Week Program Excellence Winner! Helping developing programs understand, mitigate cyber-attack and prepare people to defend U.S. systems 11
12 1. Start Small and grow Cybersecurity Testing Lessons Learned 2. Testing is an important Engineering and Design Tool that can be used to refine requirements 3. Cyber Table Top is an effective tool to understand Mission Risks and prioritize testing 4. Focus Cybersecurity Testing on the Mission! 5. Cybersecurity Testing must be executed with key IT Staff, Incident Responders and Protection Teams 6. Customers need Cybersecurity T&E As a Service 7. Collaborative Approach to Coordinate Test Planning Critical 8. Effective Test Teams understand Cyber Offense and Defense 9. Automated Tool Suite creates efficiencies in event design, development and deployment 10. Connectivity makes range location irrelevant Lessons Learned from NCR Events 12
13 Cyber Testing Engineering and Design Tool Cybersecurity Testing is Systems Engineering Tool Reduces technical debt, Identifies exposed vulnerabilities and provides engineering alternatives Identifies New Cyber Requirements, exposes Residual Vulnerabilities! No System will ever be 100% Secure! What is the Mission Risk? 13
14 Cybersecurity T&E Helps Manage Mission Risk Phases are iterative and incremental! Initial Phases reduce Type 1 Debt! Complements System Security Engineering and Risk Management Framework SE and RMF Activities Later Phases reduce Type 2 Debt! Promotes Understanding of Mission Risk! RMF Manages Acquisition Program Risk.Cybersecurity T&E Manages Mission Risk 14
15 Cyber Table Top (CTT) Effective Tool To Prioritize Cybersecurity T&E What is a Cyber Table Top? Low technology, low cost, intellectually intensive wargame Introduces and explores Mission Effects of Offensive Cyber Ops Helps estimate Mission Risk to System, SoS or FoS Why is it used? Identifies Threat Vectors, Potential Vulnerabilities and Mission Risk Identifies new Functional and Non Functional Requirements Scopes the size and scale of Cybersecurity Testing Provides actionable recommendations What does it produce? Prioritization of vulnerabilities based upon likelihood of exploitation and consequences to the mission High Risk Vulnerabilities must be evaluated first Medium Risk Vulnerabilities can be evaluated subsequently Low Risk Vulnerabilities may be deferred for later Cybersecurity Risk Matrices and Recommendations for Cybersecurity Testing and Vulnerability Mitigation CTTs Informed Several Events At The NCR! 15
16 Customers Need Cybersecurity T&E As A Service Cyber Testing and Training Demand is for Customer Centric Services (predominantly) Customers come to the TRMC/NCR for Higher Tier Live Cyber Environments, Cyber T&E expertise, and event support 16
17 Automated Tools Simplify Event Design, Development, Deployment/Redeployment! Reusable Content Includes: ADNS Emulation Round-robin NTP Full DNS infrastructure Whois Various Exchange Server versions and architectures DNS registrar Webmail ecommerce sites Content Management Systems (CMS) Model Reuse Is Creating Efficiencies! 17
18 Connectivity Makes Range Location Irrelevant! NCR demonstrated ability to support Major Training Exercises! Remotely supported 1000 s of Users Connected numerous Logical Ranges 100 s of Enclaves & Subnets Thousands of Nodes RSDPs PSDPs Realistic Mission Environments JMN NCR demonstrated ability to support remote Testing NCR has both JMN and JIOR Connectivity! Used remotely for multiple customers Connectivity Enables Customers To Create A Virtual Enterprise For Testing And Training! 18
19 NCR Objective Pathfinder Event: Avionics Bus Architectures Emulate Non IP Based Networks, Bus Architectures: MIL Std 1553, ARINC 429 for Cyberspace T&E Relevance Cyber Threats demonstrated ability to exploit vulnerabilities in systems, subsystems and components Some testing cannot/should not be conducted w/ actual aircraft, particularly in-flight Outcomes TRMC/NCR collaborated with NAVAIR to conduct a Cyber Table Top to understand Cyber Risks NCR built-out Avionics Management System to execute Risk Reduction Event Collaborated with Aircraft Cyber Threat Working Group 19
20 Pathfinder Event: Control Systems Cyber Security (CS 2 ) Challenge NCR Objective Demonstrate ability to emulate representative Industrial Control Systems Architecture Relevance Internet of Things makes Control Systems connected and exploitable Developers fail to consider Cybersecurity Control Systems need to be tested in real-world environments Outcome OSD Energy, Installations and Environment (E&EI) requested NCR implement a representative DOD Building Environmental Control System NCR successfully developed environment Follow on demonstrations will evaluate commercial products Image Source: Mario Morales (IDC) The Internet of Everything Exposes Control Systems to Attacks Not Previously Considered! 20
21 What Does the Future Look Like for Infrastructure? Demand for Cybersecurity T&E Infrastructure will continue to increase NCR/RSDP/JMN Complex being provisioned to satisfy increasing demand Way Ahead: Leverage TRMC Investment Ensure future investments in automation tools are Interoperable/Compatible/Un-encumbered Move Legacy SILs HW&SW, ICS/SCADA Labs, etc. to JMN 21
22 What Does the Future Look Like for Workforce? Demand for Cybersecurity T&E Workforce will continue to increase People are the most valuable and limited resource Workforce must have Acquisition and Cyberspace Skills Capabilities Development, Program Management, Contracting, Systems Security Engineering, Risk Management Framework and Cybersecurity T&E, Cyber Defense and Offense Way Ahead: Invest in Wet Ware Enhance Government Cybersecurity T&E Workforce Enable them with robust FFRDC, SETA and Industry Personnel Procuring Cybersecurity T&E Infrastructure Is Easy Greater Challenge: Developing The Cybersecurity T&E Workforce! 22
23 What Does the Future Look Like In Practice? Investments in T&E Infrastructure reduce Technical Debt : PMs realizing schedule/performance improvements Way Ahead: Provision infrastructure to support full spectrum testing Not just one Program of Record Use incremental/iterative T&E to evaluate System Functional and Non Functional Requirements Autonomous Systems could adopt a similar approach Adversarial Assessments should be Mission Based Events Fully exercise Systems of Systems Include Cybersecurity Defense Providers TRMC Is making Essential Investments! 23
24 What Does the Future Look Like For The Adversary? Adversaries are sophisticated, persistent and getting better Conduct extended and sophisticated Cyber Campaigns Speed and agility enables them to get inside the Acquisition Lifecycle DOD Acquisition systems and approaches lack agility to keep up with the threat Industry has adopted Agile Methods/DEVOPS! Robust DEV/Test Infrastructure essential to support continuous innovation Increases efficiency and Delivery Velocity enhances Cybersecurity Posture and reduces ownership costs Enables Industry to evolve at the same pace as the adversary Infrastructure Investments Enable Agile Methods/DEVOPS! 24
25 What Does the Future Look Like For The Adversary? (cont.) Way Ahead: Investment in Cybersecurity T&E Infrastructure is having positive impact TRMC S&T and CTEIP Programs enablers to help disrupt the Adversary Lifecycle Enable Agile Methods and DEVOPS with High Fidelity reusable emulations/models of Systems and Enterprise Exploit virtualization, Software Containers Consider provisioning Digital Twins Evolve with system as it matures Promote closer community engagement Development Community, Cybersecurity Defense Providers and Cyber Mission Forces Effort Needed To Bring Together Development, Testing And Training Communities! 25
26 Summary Since 2009: DOD T&E Community has significantly advanced the practice of Cybersecurity T&E Past approaches to address Cybersecurity have created Technical Debt! Shift Left is Helping Programs improve Cybersecurity Posture Other Federal Agencies are adopting similar approaches! TRMC and the NCR are helping Testing and Training Customers! Deliver unique cybersecurity test, evaluation, and training capabilities Enable DOD to conduct focused cybersecurity test and evaluation Events are tailored to meet program requirements throughout the systems acquisition lifecycle TRMC is investing in the future! Workforce and Infrastructure investments are key enablers Without them advances in practice process cannot be achieved! TRMC/NCR Team Are Making It Harder For The Adversary! 26
27 Cleared for Public Release 23 March 2017 Case # 17-S-1267 Special Thanks! PROGRAM CHAIR - Ms. Chris Susman SURVICE Engineering Company PROGRAM TECHNICAL CHAIRS Mr. Robert Laughman, US Army Evaluation Center Duane Wilson, Ph.D., Wilson Innovative Solutions LLC EXHIBITS & SPONSORSHIPS Ms. Cathy Pritts and Mr. Jim Myers Superb effort organizing this workshop! Cleared for Public Release 23 March 2017 Case # 17-S
28 The 2017 CG Classic In Honor of Seaman Aaron N. Redd, USCG Please join the Chief Petty Officers Association Alexandria Chapter and the family & friends of Aaron N. Redd, on Friday, June 16th, as we host a fun filled day of golf at the Potomac Shores Golf Club. All proceeds will be donated to the Coast Guard Enlisted Memorial Foundation. 28
29 Cleared for Public Release 23 March 2017 Case # 17-S-1267 Questions? Peter H. Christensen Range Director, National Cyber Range TRMC Office Phone: TRMC peter.h.christensen.civ@mail.mil Dr. Robert N. Tamburello Deputy Range Director, National Cyber Range TRMC robert.n.tamburello.civ@mail.mil Address: 4800 Mark Center Drive Suite 07J22 Alexandria, Va Cleared for Public Release 23 March 2017 Case # 17-S-1267
The Perfect Storm Cyber RDT&E
The Perfect Storm Cyber RDT&E NAVAIR Public Release 2015-87 Approved for public release; distribution unlimited Presented to: ITEA Cyber Workshop 25 February 2015 Presented by: John Ross NAVAIR 5.4H Cyberwarfare
More informationCybersecurity Test and Evaluation at the National Cyber Range
Cybersecurity Test and Evaluation at the National Cyber Range 17 November 2015 Dr. Robert N. Tamburello Deputy Director National Cyber Range robert.n.tamburello.civ@mail.mil 571-372-2753 What is a Cyber
More informationNDAA Section 804 Accelerated Test, Evaluation and Certification What is it and How Will it Impact IT Acquisitions?
NDAA Section 804 Accelerated Test, Evaluation and Certification What is it and How Will it Impact IT Acquisitions? Prepared for 14 th Annual NDIA Systems Engineering Conference Integrated Test Strategies
More informationTest Resource Management Center Directed Energy T&E Conference A Joint DEPS ITEA Event
Test Resource Management Center Directed Energy T&E Conference A Joint DEPS ITEA Event Mr. George Rumford Deputy Director Major Initiatives and Technical Analyses Test Resource Management Center January
More informationJOINT MISSION ENVIRONMENT TEST CAPABILITY (JMETC)
JOINT MISSION ENVIRONMENT TEST CAPABILITY (JMETC) Cyber T&E Initiatives AJ Pathmanathan JMETC Deputy PM for Engineering NCR Technical Director November 14, 2013 GET CONNECTED to LEARN, SHARE, and ADVANCE
More informationTest and Evaluation Methodology and Principles for Cybersecurity
Test and Evaluation Methodology and Principles for Cybersecurity Andrew Pahutski Deputy Director; Cyber & Information Systems Office of the Secretary of Defense (OSD) Developmental Test and Evaluation
More informationCybersecurity T&E and the National Cyber Range Top 10 Lessons Learned
Cleared for Public Release 12 Feb 2016 Cybersecurity T&E and the National Cyber Range Top 10 Lessons Learned Prepared for 31ST ANNUAL NATIONAL TEST & EVALUATION CONFERENCE 2-3 March 2016 Prepared by National
More informationCyber T&E Standards Panel
Cyber T&E Standards Panel Why Cyber T&E Standards? Mr. George Wauer, Touchstone POCs, LLc Test and Training Enabling Architecture (TENA) Mr. Gene Hudgins, TRMC Cyber Range Environment VV&A Mr. Ryan Kelly,
More informationPlanning and Executing an Integration Test Strategy for a Complex Aerospace System
Planning and Executing an Integration Test Strategy for a Complex Aerospace System Mr. Derrick Hinton Principal Deputy Director, Test Resource Management Center Complex Aerospace Systems Exchange September
More informationUNCLASSIFIED. FY 2016 Base FY 2016 OCO
Exhibit R-2, RDT&E Budget Item Justification: PB 2016 Office of the Secretary Of Defense : February 2015 0400: Research, Development, Test & Evaluation, Defense-Wide / BA 7: Operational Systems Development
More informationT&E Workforce Development
T&E Workforce Development 2016 ITEA Cyber Security Workshop Mr. Thomas W. Simms Deputy Director, T&E Competency & Development Deputy Assistant Secretary of Defense (DT&E) March 17, 2016 Agenda Policy Overview
More informationAvionics Cyber T&E Examples Testing Cyber Security Resilience to support Operations in the 3rd Offset Environment
Avionics Cyber T&E Examples Testing Cyber Security Resilience to support Operations in the 3rd Offset Environment 26 January 2017 Presented by: Mr. Chad Miller NAVAIR Cyber T&E What: Replicate Cyber Battlespace
More informationCyber, Command, Control, Communications, and Computers Assessments Division (C5AD)
Cyber, Command, Control, Communications, and Computers Assessments Division (C5AD) 1 C5AD Presentation (Approved for Public Release: 20150219) ITEA 26 March 2019 Greg Curth J6/DDC5I/C5AD/ENG Cyber Capability
More information6/18/ ACC / TSA Security Capabilities Workshop THANK YOU TO OUR SPONSORS. Third Party Testing Program Overview.
2015 ACC / TSA Security Capabilities Workshop June 16-18, 2015 #SecurityCapabilities THANK YOU TO OUR SPONSORS 2015 ACC/TSA Security Capabilities Workshop June 24-26 Arlington, VA #SecurityCapabilities
More informationJoint Mission Environment Test Capability (JMETC)
Joint Mission Environment Test Capability (JMETC) Distributed Testing for Cyber Security Marty Arnwine JMETC, Deputy for Plans and Operations February 26, 2015 Agenda JMETC Overview JMETC Networks National
More informationDr. Steven J. Hutchison Principal Deputy Developmental Test and Evaluation
Nov 2012 Page-1 Dr. Steven J. Hutchison Principal Deputy Developmental Test and Evaluation November 2012 Nov 2012 Page-2 DT&E for Complex Systems Performance Reliability Interoperability Information Security
More informationUNCLASSIFIED R-1 ITEM NOMENCLATURE FY 2013 OCO
COST ($ in Millions) FY 2011 FY 2012 Base OCO Total FY 2014 FY 2015 FY 2016 FY 2017 Cost To Complete Total Cost Total Program Element 8.306 7.299 10.429-10.429 11.464 12.492 12.840 13.010 Continuing Continuing
More informationSpace Cyber: An Aerospace Perspective
Space Cyber: An Aerospace Perspective USAF Cyber Vision 2025 AFSPC 19-21 March 2012 Frank Belz and Joe Betser The Aerospace Corporation Computers and Software Division 20 March 2012 frank.belz@aero.org
More informationCybersecurity in Acquisition
Kristen J. Baldwin Acting Deputy Assistant Secretary of Defense for Systems Engineering (DASD(SE)) Federal Cybersecurity Summit September 15, 2016 Sep 15, 2016 Page-1 Acquisition program activities must
More informationINFORMATION ASSURANCE DIRECTORATE
National Security Agency/Central Security Service INFORMATION ASSURANCE DIRECTORATE CGS Risk Monitoring Risk Monitoring assesses the effectiveness of the risk decisions that are made by the Enterprise.
More informationAir Force Test Center
Air Force Test Center Avionics Cyber Range (ACR) Mark Erickson 46 TS/OGE 26 January 2017 DISTRIBUTION STATEMENT A: Approved for public release: distribution is unlimited. 96TW-2017-0005 1 What is the Avionics
More informationUNCLASSIFIED FY 2016 OCO. FY 2016 Base
Exhibit R-2, RDT&E Budget Item Justification: PB 2016 Office of the Secretary Of Defense Date: February 2015 0400: Research, Development, Test & Evaluation, Defense-Wide / BA 3: Advanced Technology Development
More informationTest & Evaluation/Science & Technology (T&E/S&T) Cyberspace Test Technology (CTT) Project Overview. 2nd Annual ITEA Cyber Security Workshop
Test & Evaluation/Science & Technology (T&E/S&T) Cyberspace Test Technology (CTT) Project Overview 2nd Annual ITEA Cyber Security Workshop 17 March 2016 Mr. Mark Erickson Phone: 850-882-8110 Email: mark.erickson.2@us.af.mil
More informationJoint Federated Assurance Center (JFAC): 2018 Update. What Is the JFAC?
21 st Annual National Defense Industrial Association Systems and Mission Engineering Conference Joint Federated Assurance Center (JFAC): 2018 Update Thomas Hurt Office of the Under Secretary of Defense
More informationImplementing a Modular Open Systems Approach (MOSA) to Achieve Acquisition Agility in Defense Acquisition Programs
Implementing a Modular Open Systems Approach (MOSA) to Achieve Acquisition Agility in Defense Acquisition Programs Philomena Zimmerman Office of the Deputy Assistant Secretary of Defense for Systems Engineering
More informationDepartment of Defense (DoD) Joint Federated Assurance Center (JFAC) Overview
Department of Defense (DoD) Joint Federated Assurance Center (JFAC) Overview Kristen Baldwin Principal Deputy, Office of the Deputy Assistant Secretary of Defense for Systems Engineering (DASD(SE)) 17
More informationWhite Paper. View cyber and mission-critical data in one dashboard
View cyber and mission-critical data in one dashboard Table of contents Rising cyber events 2 Mitigating threats 2 Heighten awareness 3 Evolving the solution 5 One of the direct benefits of the Homeland
More informationDefense Engineering Excellence
Defense Engineering Excellence Kristen J. Baldwin Principal Deputy Office of the Deputy Assistant Secretary of Defense for Systems Engineering, OUSD(AT&L) 18th Annual NDIA Systems Engineering Conference
More informationDepartment of Defense Fiscal Year (FY) 2014 IT President's Budget Request Defense Media Activity Overview
Mission Area Department of Defense Overview Business System Breakout Appropriation BMA 0.163 Total 24.846 Defense Business Systems 0.163 All Other Resources 24.683 EIEMA 24.683 FY 2014 ($M) FY 2014 ($M)
More informationUNCLASSIFIED. R-1 Program Element (Number/Name) PE D8Z / Software Engineering Institute (SEI) Applied Research. Prior Years FY 2013 FY 2014
Exhibit R-2, RDT&E Budget Item Justification: PB 2015 Office of Secretary Of Defense Date: March 2014 0400: Research, Development, Test & Evaluation, Defense-Wide / BA 2: COST ($ in Millions) Prior Years
More informationUNCLASSIFIED. FY 2016 Base FY 2016 OCO
Exhibit R-2, RDT&E Budget Item Justification: PB 2016 Office of the Secretary Of Defense Date: February 2015 0400: Research, Development, Test & Evaluation, Defense-Wide / BA 2: COST ($ in Millions) Prior
More informationDoD Strategy for Cyber Resilient Weapon Systems
DoD Strategy for Cyber Resilient Weapon Systems Melinda K. Reed Office of the Deputy Assistant Secretary of Defense for Systems Engineering NDIA Systems Engineering Conference October 2016 10/24/2016 Page-1
More informationRocky Mountain Cyberspace Symposium 2018 DoD Cyber Resiliency
Rocky Mountain Cyberspace Symposium 2018 DoD Cyber Resiliency Mr. Ed Brindley Acting Deputy Cyber Security Department of Defense 7 March 2018 SUPPORT THE WARFIGHTER 2 Overview Secretary Mattis Priorities
More informationStrengthening the Cybersecurity of Federal Networks and Critical Infrastructure
Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure Executive Order 13800 Update July 2017 In Brief On May 11, 2017, President Trump issued Executive Order 13800, Strengthening
More informationNCSF Foundation Certification
NCSF Foundation Certification Overview This ACQUIROS accredited training program is targeted at IT and Cybersecurity professionals looking to become certified on how to operationalize the NIST Cybersecurity
More informationOffice of Acquisition Program Management (OAPM)
Office of Acquisition Program Management (OAPM) Ron Gallihugh Assistant Administrator Airport Consultants Council July 18, 2017 Acquisition Reform Historically, Transportation Security Administration (TSA)
More informationAMRDEC CYBER Capabilities
Presented to: HAMA AMRDEC CYBER Capabilities Distribution Statement A: Approved for public release: distribution unlimited 08 July 16 Presented by: Julie Locker AMRDEC Cyber Lead U.S. Army Aviation and
More informationDATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI
DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI EXECUTIVE SUMMARY The shortage of cybersecurity skills Organizations continue to face a shortage of IT skill
More informationCybersecurity Testing
Cybersecurity Testing Tim Palmer Chief Technical Advisor, SAS Business Unit Torch Technologies, Inc. EXPERTISE // INNOVATION // CUSTOMER FOCUS // EXCELLENCE // INTEGRITY // COOPERATION // RELIABILITY About
More informationCyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.
Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK. In today s escalating cyber risk environment, you need to make sure you re focused on the right priorities by
More informationShift Left: Putting the Process Into Action
U.S. ARMY EVALUATION CENTER Shift Left: Putting the Process Into Action March 30, 2017 Agenda The Evaluator s Motivation Where We Were Guidance and Policy Putting it into Action 2 The Evaluator s Motivation
More informationOASD(R&E) HBCU/MI Workshop Test Resource Management Center Opening Remarks. Ms. Denise De La Cruz June 29, 2017
OASD(R&E) HBCU/MI Workshop Test Resource Management Center Opening Remarks Ms. Denise De La Cruz June 29, 2017 Briefing Outline TRMC Organization and Responsibilities TRMC Priorities Challenges and Solutions
More informationUNCLASSIFIED R-1 ITEM NOMENCLATURE FY 2013 OCO
Exhibit R-2, RDT&E Budget Item Justification: PB 2013 Office of Secretary Of Defense DATE: February 2012 0400: Research,, Test & Evaluation, Defense-Wide BA 3: Advanced Technology (ATD) COST ($ in Millions)
More informationDATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE
DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE EXECUTIVE SUMMARY ALIGNING CYBERSECURITY WITH RISK The agility and cost efficiencies
More informationUNCLASSIFIED R-1 ITEM NOMENCLATURE FY 2013 OCO
Exhibit R-2, RDT&E Budget Item Justification: PB 2013 Office of Secretary Of Defense DATE: February 2012 COST ($ in Millions) FY 2011 FY 2012 Base OCO Total FY 2014 FY 2015 FY 2016 FY 2017 Cost To Complete
More informationToday s cyber threat landscape is evolving at a rate that is extremely aggressive,
Preparing for a Bad Day The importance of public-private partnerships in keeping our institutions safe and secure Thomas J. Harrington Today s cyber threat landscape is evolving at a rate that is extremely
More informationNDIA SE Conference 2016 System Security Engineering Track Session Kickoff Holly Dunlap NDIA SSE Committee Chair Holly.
NDIA SE Conference 2016 System Security Engineering Track Session Kickoff Holly Dunlap NDIA SSE Committee Chair Holly. Dunlap@Raytheon.com This document does not contain technology or Technical Data controlled
More informationU.S. Army Cyber Center of Excellence and Fort Gordon
U.S. Army Cyber Center of Excellence and Fort Gordon W BUILDING A WORLD CLASS CYBER WORKFORCE TECHNET 2018 Cyberspace Capabilities in Support of Unified Land Operations- Outpacing Our Adversaries This
More informationThe DoD T&E/S&T Program
The DoD T&E/S&T Program George Rumford Program Manager Test Resource Management Center Test & Evaluation / Science & Technology Program (TRMC, T&E/S&T) NDIA 16 TH Annual Science & Engineering Technology
More informationDOE and Test Automation for System of Systems T&E
DOE and Test Automation for System of Systems T&E Larry Harris, Navy SPAWAR PMW-120 APM T&E Luis Cortes, MITRE Corporation Jim Wisnowski, Adsurgo Darryl Ahner, OSD STAT COE Jim Simpson, JK Analytics Bottom
More informationAdvanced Cyber Risk Management Threat Modeling & Cyber Wargaming April 23, 2018
Advanced Cyber Risk Management Threat Modeling & Cyber Wargaming April 23, 2018 The Homeland Security Systems Engineering and Development Institute (HSSEDI ) is a trademark of the U.S. Department of Homeland
More informationSecuring the Internet of Things (IoT) at the U.S. Department of Veterans Affairs
Securing the Internet of Things (IoT) at the U.S. Department of Veterans Affairs Dominic Cussatt Acting Deputy Assistant Secretary / Chief Information Security Officer (CISO) February 20, 2017 The Cyber
More informationHP Fortify Software Security Center
HP Fortify Software Security Center Proactively Eliminate Risk in Software Trust Your Software 92% of exploitable vulnerabilities are in software National Institute for Standards and Technology (NIST)
More informationRevitalizing Education and Training in Systems Engineering
Revitalizing Education and Training in Systems Engineering Don S. Gelosh, PhD Sr. Systems Engineer Office of Deputy Director for Enterprise Development Systems and Software Engineering Office of the Deputy
More informationAchieving DoD Software Assurance (SwA)
Achieving DoD Software Assurance (SwA) Thomas Hurt Office of the Deputy Assistant Secretary of Defense for Systems Engineering 20th Annual NDIA Systems Engineering Conference Springfield, VA October 26,
More informationDepartment of Defense Fiscal Year (FY) 2014 IT President's Budget Request Defense Advanced Research Projects Agency Overview
Mission Area Business System Breakout Appropriation BMA 0.027 Total 35.003 Defense Business Systems 0.027 All Other Resources 34.976 EIEMA 34.976 FY 2014 ($M) FY 2014 ($M) 35.003 FY 2014 ($M) FY13 to FY14
More informationNCSF Foundation Certification
NCSF Foundation Certification Overview This ACQUIROS accredited training program is targeted at IT and Cybersecurity professionals looking to become certified on how to operationalize the NIST Cybersecurity
More informationAdvancing the Role of DT&E in the Systems Engineering Process:
Advancing the Role of DT&E in the Systems Engineering Process: An Update on the NDIA Systems Engineering Division DT&E Committee Co-Chair: Dr. George Ka iliwai, AFFTC Technical Advisor Co-Chair: John Lohse,
More informationAirmen & community support missions. Two decades of taking risk in infrastructure created a fiscally unsustainable posture.
Airbases are a determining factor in the success of air operations. The two-legged stool of men and planes would topple over without this equally important third leg. General Henry H. Hap Arnold PURPOSE
More informationUNCLASSIFIED FY 2016 OCO. FY 2016 Base
Exhibit R-2, RDT&E Budget Item Justification: PB 2016 Air Force : February 2015 3600: Research, Development, Test & Evaluation, Air Force / BA 7: Operational Systems Development COST ($ in Millions) (+)
More informationYour Challenge. Our Priority.
Your Challenge. Our Priority. Building trust and Confidence. When Federal managers and military leaders face tough challenges in cyber, data collection & analytics, enterprise IT or systems and software
More informationEvaluating and Improving Cybersecurity Capabilities of the Electricity Critical Infrastructure
Evaluating and Improving Cybersecurity Capabilities of the Electricity Critical Infrastructure March 2015 Pamela Curtis Dr. Nader Mehravari Katie Stewart Cyber Risk and Resilience Management Team CERT
More informationIT Risk & Compliance Federal
Dell UnisysSoftware Modernization Revolution Survey IT Risk & Compliance Federal Summary Report PulsePoll Results September 2017 JULY 10, 2014 RESPONDENT CLASSIFICATIONS 2 Current Employer From June 19,
More informationData to Decisions Terminate, Tolerate, Transfer, or Treat
I N S T I T U T E F O R D E F E N S E A N A L Y S E S Data to Decisions Terminate, Tolerate, Transfer, or Treat Laura A. Odell 25 July 2016 Approved for public release; distribution is unlimited. IDA Non-Standard
More informationPREPARE FOR TAKE OFF. Accelerate your organisation s journey to the Cloud.
PREPARE FOR TAKE OFF Accelerate your organisation s journey to the Cloud. cloud. Contents Introduction Program & Governance BJSS Cloud Readiness Assessment: Intro Platforms & Development BJSS Cloud Readiness
More informationICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update)
ICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update) June 2017 INSERT YEAR HERE Contact Information: Jeremy Dalpiaz AVP, Cyber and Data Security Policy Jeremy.Dalpiaz@icba.org ICBA Summary
More informationThe University of Queensland
UQ Cyber Security Strategy 2017-2020 NAME: UQ Cyber Security Strategy DATE: 21/07/2017 RELEASE:0.2 Final AUTHOR: OWNER: CLIENT: Marc Blum Chief Information Officer Strategic Information Technology Council
More informationCybersecurity Test and Evaluation Achievable and Defensible Architectures
Cybersecurity Test and Evaluation Achievable and Defensible Architectures October 2015, ITEA Francis Scott Key Chapter Mr. Robert L. Laughman for COL Scott D. Brooks, Director, Survivability Evaluation
More informationAFCEA BELVOIR. Industry Day. Joint Service Provider Overview. Victor O. Shirley Chief of Staff Joint Service Provider April 4, 2018
AFCEA BELVOIR Industry Day Joint Service Provider Overview Victor O. Shirley Chief of Staff Joint Service Provider April 4, 2018 UNCLASSIFIED Agenda JSP Background/History Service to DoD Headquarters Mission
More informationThe Operational Test & Evaluation Cybersecurity Terrain
The Operational Test & Evaluation Cybersecurity Terrain William Budman Redmond AFOTEC/ED Approved for public release; distribution is unlimited. AFOTEC Public Affairs Public Release Number 2018-03 1 BLUF:
More informationDepartment of Management Services REQUEST FOR INFORMATION
RESPONSE TO Department of Management Services REQUEST FOR INFORMATION Cyber-Security Assessment, Remediation, and Identity Protection, Monitoring, and Restoration Services September 3, 2015 250 South President
More informationHeadquarters U.S. Air Force
Headquarters U.S. Air Force From Plugfest Plus to Open System Acquisitions Evolving the Air Force Acquisition System 19 May 2015 1 Need for Change AF leadership is committed to maintaining global vigilance,
More informationIntegrated C4isr and Cyber Solutions
Integrated C4isr and Cyber Solutions When Performance Matters L3 Communication Systems-East provides solutions in the C4ISR and cyber markets that support mission-critical operations worldwide. With a
More informationMarine Corps Tactical System Support Activity
Marine Corps Tactical System Support Activity Information Brief Marine Corps Enterprise Network (MCEN) Planning Yard February 2019 Purpose: Provide Overview of the MCEN Planning Yard MCEN Planning Yard
More informationSOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT
RSA ARCHER IT & SECURITY RISK MANAGEMENT INTRODUCTION Organizations battle growing security challenges by building layer upon layer of defenses: firewalls, antivirus, intrusion prevention systems, intrusion
More informationTransformation in Technology Barbara Duck Chief Information Officer. Investor Day 2018
Transformation in Technology Barbara Duck Chief Information Officer Investor Day 2018 Key Takeaways 1Transformation in Technology driving out cost, supporting a more technologyenabled business Our new
More informationALIGNING CYBERSECURITY AND MISSION PLANNING WITH ADVANCED ANALYTICS AND HUMAN INSIGHT
THOUGHT PIECE ALIGNING CYBERSECURITY AND MISSION PLANNING WITH ADVANCED ANALYTICS AND HUMAN INSIGHT Brad Stone Vice President Stone_Brad@bah.com Brian Hogbin Distinguished Technologist Hogbin_Brian@bah.com
More informationAdvanced Technology Academic Research Council Federal CISO Summit. Ms. Thérèse Firmin
Advanced Technology Academic Research Council Federal CISO Summit Ms. Thérèse Firmin Acting Deputy DoD CIO Cyber Security Department of Defense 25 January 2018 2 Overview Secretary Mattis Priorities Cybersecurity
More informationAir Force Test Center
Air Force Test Center Avionics Cyber Range (ACR) DISTRIBUTION STATEMENT A. Approved for public release; distribution is unlimited. Bill L'Hommedieu ACR Chief Engineer 96 th Cyber Test Group 7 May 2018
More informationDISA CLOUD CLOUD SYMPOSIUM
DISA CLOUD P L A Y B O O K CLOUD SYMPOSIUM DISA Cloud Adoption Cycle LEARN CHOOSE BUY CONFIGURE TRANSITION UTILIZE CLOUD CONSUMER What Mission Partners Should Know and Do Cloud Policies Goals (Fit, Leverage,
More informationSystems Engineering and System Security Engineering Requirements Analysis and Trade-Off Roles and Responsibilities
Systems Engineering and System Security Engineering Requirements Analysis and Trade-Off Roles and Responsibilities Melinda Reed Office of the Deputy Assistant Secretary of Defense for Systems Engineering
More informationOverview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013
Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 PPD-21: CI Security and Resilience On February 12, 2013, President Obama signed Presidential Policy Directive
More informationNERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS
NERC CIP VERSION 6 COMPLIANCE BACKGROUND The North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Reliability Standards define a comprehensive set of requirements
More informationCyber Challenges and Acquisition One Corporate View
Sentar Inc 315 Wynn Dr Huntsville, AL 35805 256-430-0860 www.sentar.com Cyber Challenges and Acquisition One Corporate View Defense Acquisition University Conference Huntsville, AL February 22-23, 2011
More information2 nd Cybersecurity Workshop Test and Evaluation to Meet the Advanced Persistent Threat
2 nd Cybersecurity Workshop Test and Evaluation to Meet the Advanced Persistent Threat Faye Francy Aviation ISAC February 2015 Company Organization Corporate Defense, Space & Security Boeing Capital Corporation
More informationEngineered Resilient Systems Advanced Analytics and Modeling in Support of Acquisition
Engineered Resilient Systems Advanced Analytics and Modeling in Support of Acquisition David R. Richards Lead Technical Director for ERS US Army Engineer Research and Development Center (ERDC) Research
More informationUNCLASSIFIED. UNCLASSIFIED Office of Secretary Of Defense Page 1 of 8 R-1 Line #18
Exhibit R-2, RDT&E Budget Item Justification: PB 2015 Office of Secretary Of Defense Date: March 2014 0400: Research, Development, Test & Evaluation, Defense-Wide / BA 2: Applied Research COST ($ in Millions)
More informationNaval Surface Warfare Center,
CAPT Brian R. Durant Commander NSWCDD Technical Director - (540) 653-8103 Dennis M. McLaughlin Technical Director Naval Surface Warfare Center, Dahlgren Naval Undersea DivisionWarfare Center The The Leader
More informationCyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS
Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS Continual disclosed and reported
More informationSYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security
SYMANTEC: SECURITY ADVISORY SERVICES Symantec Security Advisory Services The World Leader in Information Security Knowledge, as the saying goes, is power. At Symantec we couldn t agree more. And when it
More informationTX CIO Leadership Journey Texas CIOs Bowden Hight Texas Health and Human Services Commission Tim Jennings Texas Department of Transportation Mark
TX CIO Leadership Journey Texas CIOs Bowden Hight Texas Health and Human Services Commission Tim Jennings Texas Department of Transportation Mark Stone Texas A&M University System Moderator Anh Selissen
More informationISA 201 Intermediate Information Systems Acquisition
ISA 201 Intermediate Information Systems Acquisition 1 Lesson 8 (Part A) 2 Learning Objectives Today we will learn to: Overall: Apply cybersecurity analysis throughout acquisition lifecycle phases. Analyze
More informationDepartment of Defense. Installation Energy Resilience
Department of Defense Installation Energy Resilience Lisa A. Jung DASD (Installation Energy) OASD(Energy, Installations and Environment) 19 June 2018 Installation Energy is Energy that Powers Our Military
More informationPCTE Program Management Update. Liz Bledsoe Acting Product Manager Cyber Resiliency and Training
PCTE Program Management Update Liz Bledsoe Acting Product Manager Cyber Resiliency and Training elizabeth.e.bledsoe.civ@mail.mil PCTE Stakeholder Landscape TRAINING TEST US CYBER COMMAND CYBER RANGE EXECUTIVE
More informationTest and Evaluation. The Key to Successful Acquisition Outcomes. Steve Hutchison. 3 October Director Office of Test and Evaluation
Test and Evaluation The Key to Successful Acquisition Outcomes 3 October 2017 Steve Hutchison Director Office of Test and Evaluation DHS Test & Evaluation Year in Review USCG Fast Response Cutter FOT&E
More informationTHE POWER OF TECH-SAVVY BOARDS:
THE POWER OF TECH-SAVVY BOARDS: LEADERSHIP S ROLE IN CULTIVATING CYBERSECURITY TALENT SHANNON DONAHUE DIRECTOR, INFORMATION SECURITY PRACTICES 1 IT S A RISK-BASED WORLD: THE 10 MOST CRITICAL UNCERTAINTIES
More informationInformation Warfare Industry Day
Information Warfare Industry Day 20180510 RDML Barrett, OPNAV N2N6G TRANSPORT COMMERCIAL INTERNET DISN SCI Coalition Networks ADNS TELEPORT NMCI & ONE-NET JRSS MOC GNOC NCDOC USMC ISNS / CANES / SUBLAN
More informationDEFENSE LOGISTICS AGENCY
DEFENSE LOGISTICS AGENCY AMERICA S COMBAT LOGISTICS SUPPORT AGENCY Cyber Resilience Integration Mr. Linus Baker DLA Information Operations Director, Cybersecurity 1 Mission Assurance/Cybersecurity Concern
More informationChapter 18 SaskPower Managing the Risk of Cyber Incidents 1.0 MAIN POINTS
Chapter 18 SaskPower Managing the Risk of Cyber Incidents 1.0 MAIN POINTS The Saskatchewan Power Corporation (SaskPower) is the principal supplier of power in Saskatchewan with its mission to deliver power
More informationMapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective
Mapping Your Requirements to the NIST Cybersecurity Framework Industry Perspective 1 Quest has the solutions and services to help your organization identify, protect, detect, respond and recover, better
More information