AMRDEC CYBER Capabilities

Transcription

1 Presented to: HAMA AMRDEC CYBER Capabilities Distribution Statement A: Approved for public release: distribution unlimited 08 July 16 Presented by: Julie Locker AMRDEC Cyber Lead U.S. Army Aviation and Missile Research, Development, and Engineering Center

2 AMRDEC Cyber Engineering Center (CEC) Academia Industry Joint Services Defense Advanced Research Projects Agency DARPA Other Gov t Agencies USD(P&R), USD(I); USD(ATL); DOT&E; USCENTCOM; USSTRATCOM; USTRANSCOM Assistant Secretary of the Army (Acquisition, Logistics and Technology) ASA(ALT) Other DECs 30 Gov t Experts 150+ Contractor Experts PEO MS PEO AVN RTC PEO STRI TSMO Redstone Arsenal Community Supporting Cyber Across the Acquisition Life Cycle SMDC MDA MSIC AMCOM LEVERAGING OFASSETS ENSURES NON-DUPLICATION OF EFFORTS AMC NASA 2 AMRDEC-CyberCapabilities_Locker_FEB2016.pptx

3 AMRDEC Cyber Functional Support Areas ENGINEERING System Owner Support (SOS) Software Assurance (SwA) Supply Chain Risk Mgmt Risk Mgmt Framework Protective Technologies Cyber S&T Green Teams Vulnerability Assessment Eng. TEST AND EVALUATION ACA/SCA-V (Security Control Assessor/Validator) Virtualization/Impact-Effects Cyber Security Testbed Blue Teams Red Teams Computer Network Defense INSTITUTIONAL TRAINING / EDUCATION Institutional Training Interns DAU National Guard Training SOS: Since 2006, have helped 155 systems achieve their accreditation; personnel embedded in PEO/PM site SwA: Since 2009, have scanned more than 350 million Lines of source code in support of more than 700 analysis projects; 31 million scanned in FY15 Has an SCA-V Assessor (only 11 total for Army) 100 SCA-V Assessments per year Red Team Coop for TSMO CND: Extension of ARL Network Defense Blue Team Certification Process/PEO STRI-ARL 842 NGB/AR military trained since CY12; 454 in CY15 3 AMRDEC-CyberCapabilities_Locker_FEB2016.pptx

4 Holistic Approach Services Applied Across Life Cycle A B C FRP Decision Review Cyber Burned into DNA RISK REDUCTION Build 0.1 Build 1.1 Build 1.2 Build 1.3 Build 1.4 Build 1.5 LIMITED DEPLOYMENT INTEGRATION Build 2.1* OT&E SUSTAINMENT DISPOSAL Material Solution Analysis Technology Maturation & Risk Reduction Engineering & Manufacturing Development Production & Deployment Operations & Support Engineering Test and Evaluation Education and Training Cyber Design Team/Cyber Integrator Software Assurance System Owner Support Vulnerability Assessment and Engineering RMF SCA-V Event Driven Blue Team Green Team Red Team Cyber Institutional Training, Intern Development CYBER INTEGRATED ACROSS DOMAINS Cyber R & D/Aviation and Missile System Focused 4 AMRDEC-CyberCapabilities_Locker_FEB2016.pptx

5 Mission Software Assurance Mission Mission Objective: To ensure software conforms to the requirements established by system owners and accrediting authorities to achieve trustworthiness and predictable execution. Flaws - Errors in the design or implementation of software. Vulnerabilities - Exploitable software flaws. Malicious Features - Software designed with malicious intent. 5 AMRDEC-CyberCapabilities_Locker_FEB2016.pptx

6 RMF Lifecycle 6 AMRDEC-CyberCapabilities_Locker_FEB2016.pptx

7 Vulnerability Assessment Shift Left Iterative process where assessments are conducted at the beginning of the lifecycle and repeated throughout all phases Begins with system architecture review Baselines assessed and scanned for each update Easier and cheaper to correct deficiencies 7 AMRDEC-CyberCapabilities_Locker_FEB2016.pptx

8 Supply Chain Risk Management Across Each Program Lifecycle Institutional Training / Education Criticality Assessment Supply Chain Threat and Vulnerability Assessment Supply Chain Risk Assessment (SCRM Effectiveness) Validate / Publish Project Office SCRM Efforts SCRM Awareness Familiarization Intense SCRM Working Group Training Roles Responsibilities SCRM Incident Response Hardware Software CC Technical Threats and Vulnerabilities Malw are Insertion Counterfeit Parts Lack of Software / Hardw are assurance Lack of Secure Design / SSE Supply Chain Threats and Vulnerabilities Insider Agents Non-Trusted Vendors No traceability No Physical / Personnel Security CC Mitigations Hardw are / Software Assurance Secure Design Cyber Security NIST NISPOM Policy Supply Chain Mitigations Trusted Vendors CC Accountability and Traceability Supply Chain Controls Security Information Assurance Enterprise Policy Program Protection Plan Program Protection Implementation plan Firmware Incident Coordination SCRM Incident Response AMRDEC SHAREHOLDER INTEGRATION CYBER VULNERABILITY ASSESSMENT / ENGINEERING RMF SOFTWARE ASSURANCE HARDWARE / SOFTWARE / FIRMWARE TESTING (CTSB) 8 AMRDEC-CyberCapabilities_Locker_FEB2016.pptx

9 Missile S&T Cyber Snapshot Performed outreach to recognized experts in the community The mission areas of CERDEC and AMRDEC overlap when considering responsibility of Cyber for US Army weapons systems Collaborate with CERDEC where possible and inform CERDEC of research topics within their mission area Primary Research Areas tend to be: Software Assurance Cyber Physical Systems Risk Management Process Supply Chain Risk Management FPGA Defense Big Data Analytics Potential Future Research Areas: CEMA Defense Science Board recommends spending $2B/yr in EW to catch up Active Defense Proactive, not reactive Understanding cyber effects within a System of Systems using M&S The Purpose of this Effort is to Research and Develop Technologies that "Weave Cyber Defense into the DNA of Army Systems" CEMA : Cyber/Electromagnetic Activities (FM 3-38) 9 AMRDEC-CyberCapabilities_Locker_FEB2016.pptx

10 Cyber Strategy Development DoD Cyber Strategy 2014 Army Cyber Strategy Build and maintain ready forces and capabilities to conduct cyberspace operations. Defend the DoD information netw ork, secure DoD data, and mitigate risks to DoD missions. Be prepared to defend the U.S. homeland and U.S. vital interests from disruptive or destructive cyber attacks of significant consequence. Build and maintain viable cyber options and plan to use those options to control conflict escalation and to shape the conflict environment at all stages. Build and maintain robust international alliances and partnerships to deter shared threats and increase international security and stability. A cyber-proficient total force that operates effectively in and through cyberspace to meet joint and service requirements Army formations and netw orks support Army & Joint operations Rapidly-Delivered Cyberspace Capabilities to the Total Force Adaptive facilities and installation resources fully capable of supporting cyberspace operations and developing a 21 st century force Developed partnerships w ith US and international Academia, Industry, Defense Departments/Ministries, and other Agencies to enhance cyberspace operations AM RDEC Strategic Plan Under Development and will tie To DoD and Army Strategies Other Instructional Documents DoDI , Operation of the Defense Acquisition System DoDI , Cybersecurity DoDI , Risk Management Framework 10 AMRDEC-CyberCapabilities_Locker_FEB2016.pptx

11 Summary AMRDEC s Cyber Engineering Center is the focal point for leveraging of knowledge and personnel resources to support PEO MS and PEO AVN systems Critical efforts are ongoing to support weapon system developers in Cyber Resiliency Limited personnel resources within Government and Industry to address Cyber issues AMRDEC is aggressively working to build the Government bench through programs such as Scholarship for Service 11 AMRDEC-CyberCapabilities_Locker_FEB2016.pptx