The Perfect Storm Cyber RDT&E

Size: px
Start display at page:

Download "The Perfect Storm Cyber RDT&E"

Transcription

1 The Perfect Storm Cyber RDT&E NAVAIR Public Release Approved for public release; distribution unlimited Presented to: ITEA Cyber Workshop 25 February 2015 Presented by: John Ross NAVAIR 5.4H Cyberwarfare Lead

2 BLUF Weaponization of the Cyber domain has created a "perfect storm" of new requirements and challenges for the Research Development Test and Evaluation (RDT&E) community Programs and Platforms must now consider and test for: Offensive and defensive Cyber effects in realistic battlespace scenarios Operational resilience against Cyber threats Mission impact of Cyber effect in System of Systems (SoS) These new requirements necessitate innovative Modeling and Simulation (M&S) solutions and creation of RDT&E environments that include effects of both offensive and defensive Cyber Warfare 1

3 RDT&E Cyber STORM Proliferation of software systems into weapons systems creates new vulnerabilities Integrated SoS drives increased use of networking Dynamic and complex Battle-space environment Interoperability and integration Advanced Persistent threat Commercial Software Widely Exploited Obsolescence Common Weaknesses Zero Day Exploits cc Cybersecurity Patch Management Develop and test mitigations and patches before deployment Multiple Versions and configurations Legacy Systems Keep interoperable with newer fielded systems Sustainment Non-proprietary and open architecture Increased Cyber vulnerabilities and exposure based on open concept Attack Surface: A system s exposure to reachable and exploitable cyber vulnerabilities Source: SANS Attack Surface Problem: 2

4 System Design and Development Simulations (DoD, Ctr) Systems Integration Labs (DoD, Ctr) Installed Systems Test Facilities (DoD, Ctr) Open Air Ranges (DoD) Battlespace Integration Joint Complex Integrated - Collaborative Multiple Cyber Attack Surfaces Acquisition Process System Focused Each System Developed to Program Requirements without assurance of System Interoperability at Fleet Introduction Live Assets (DoD, coalition, other agency) Fleet Introduction Fleet Interoperable Systems of Systems Environment Requires New and Innovative Approaches throughout Development to ensure Systems are Interoperable Interoperability Must be Built In SYSTEMS OF SYSTEMS 3

5 Cybersecurity Testing Traditional Cybersecurity framework must be applied differently for weapon systems Categorize system and operational environment Select required Cybersecurity controls Implement Cybersecurity Assess Cybersecurity controls Perform Security scans to verify compliance with mitigations Authorize system Develop supporting documentation for accreditation Monitor Cybersecurity controls Security scans and patches to address vulnerabilities cc Weapon systems are NOT adequately addressed 4

6 Cyber Hardening Strategy Enable Testing of Cybersecurity defensive measures during concept, design, development and deployment Perform vulnerability assessments against defined standards early in development cycle Assess the Cyber defense capability of the System Under Test (SUT) in a realistic combat environment enabled by Live, Virtual, Constructive (LVC) Perform Cybersecurity assessment of Operational Test (OT) readiness in context of Protect, Detect, React and Restore (PDRR) Emulate the system or critical components that are susceptible to Cyber threat Not practical to expose fielded weapon systems to malicious code Develop capability to simulate Cyber threat against systems and platforms Develop instrumentation capable of distinguishing between performance issues and malicious code Collect data to assess operator, system, and malicious activity 5

7 Cybersecurity T&E Test early and often to prevent proliferation of vulnerable designs Cybersecurity T&E of real-time systems with unique bus interfaces Cybersecurity hardening and non-traditional testing methods Non-networked and intermittent connectivity Unique domain issues Holistic approach to Cybersecurity testing to requirements, influences areas to be tested based on potential attack surfaces and impacts to mission from a Cyber attack Concurrent Cyber System Engineering System lifecycle Cybersecurity T&E Developers must design in cybersecurity measures Perform risk reduction events Identify mission effectiveness measures MDD T&E Phases Materiel Solution Analysis Understand Cybersecurity Requirements MS A Req Decision Pre- EMD Characterize Cyber Attack Surface MS B Cooperative Vulnerability Identification IATT MS C ATO Technology DRAFT Engineering & Maturation & CDD Manufacturing Risk Reduction Development CPD DT&E ASR SRR SFR PDR CDR TRR Event SVR DT&E Assessment Adversarial Cybersecurity DT&E DT&E Assessment Full Rate Production Decision Review Production and Deployment OTRR IOT&E Vulnerability and Penetration Assessment O&S Adversarial Assessment 6

8 Cyber Initiatives Supporting RDT&E NAVAIR Cyber Warfare Detachment (CWD) Federated (Red) Penetration Team Partnerships Navy Information Operations Command (NIOC) Norfolk Threat Systems Management Office (TSMO) - Army Cyber Test Analysis and Simulation Environment (CyberTASE) National Cyber Range (NCR) Regional Service Delivery Points (RSDP) 7

9 NAVAIR Cyber Warfare Detachment NAVAIR Cyber Warfare Detachment established to address Cyber requirements and gaps Create a Cyber-aware workforce with right mix of Cyber and domain system expertise Create integrated Cyber policies, processes, best practices and standards Smart make/buy Cyber infrastructure decisions to support our weapons systems and business systems Deliver Cyber-resilient integrated warfighting capabilities Partner - leverage external Cyber expertise Cyber Infrastructure / R&D Investments 8

10 NAVAIR Cyber Warfare Detachment Efforts Conduct prioritized risk assessments of deployed weapon systems Cross-competency teams Identify access points Maintenance connections, removable media, intermittent connections, apertures, supply chain Influence Cyber Security System Engineering Cyber resiliency Mission Analysis Kill chain mission effects Field Response System Design Build adequate Systems-of-Systems (SoS) architecture / system documentation Cyber hygiene does not fully mitigate sophisticated attacks 9

11 CyberTASE Cyber Test Analysis and Simulation Environment Development of testing instrumentation to assess how defensive mechanisms perform against an ongoing cyber attack and the correlation of data gathered across Cyber stacks Live-Virtual-Constructive (LVC) environment capable of mimicking large scale operational scenarios with Cyber instrumentation Support evaluation of operational resilience against Cyber threats utilizing instrumentation, models, and simulations that perform data collection, monitoring, near real-time and post-test analysis, storage, and visualization of test data SUT Red Team - Portray Advanced Persistent Threat Operators Exercise SUT, Mission Threads - Protect, Detect, React, Restore 10

12 National Cyber Range (NCR) NCR provides secure facilities, innovative technologies, repeatable processes, and the skilled workforce necessary to rapidly create hifidelity, mission representative Cyberspace environments Computing Assets/Facility Encapsulation Architecture & Operational Procedures Integrated Cyber Event Tool Suite Cyber Test Team 11

13 RSDP Regional Service Delivery Points (RSDPs): Provide enterprise resources to generate virtualized representative cyber environments Provide increased capacity and scalability to create persistent, representative cyber-threat environments Provide common range services (i.e., traffic generation, simulation, instrumentation, visualization, and integrated event management) Flexible and adaptable to evolving users requirements Leverage the latest technology to deliver cost and performance efficiencies Key component of the JMETC MILS Network (JMN) Address Cyber T&E Capacity & Capability Gaps 12

14 M&S and LVC for Cyber Testing Linking system-of-systems and families-of-systems in distributed test environment to assess cyber resilience Deliver Cyber resilient integrated warfighting capabilities Determine mission critical components necessary to achieve objective Assessment of kill chain impact and Cyber effects on mission Performance of SUT subjected to Cyber effects to inform further detailed Cyber testing Adding Cyber components to the existing cc modeling and simulation that model and capture the Cyber effects and capture mission impact Ability to operate system and in presence of Cyber attack Design and Development Reconstruction and Regression Analysis Live Virtual Constructive System of Systems Evaluation Survivability and Resiliency Kill Chain Assessment 13

15 Installed Systems Cyber Testing Installed Systems Cyber testing supports identifying susceptibilities of attack surfaces within the system or system of systems Key Elements of Cyber M&S for Mission Level Testing Authoritative cyber data model to emulate in M&S realistic environment Assess Cyber effect propagation throughout the system or system of systems Perform analysis of Cyber effects and ability of systems and operators to detect and mitigate Repeatable methodology for evaluation of the Cyber test results Effect of Cyber attack on mission outcome 14

16 Cyber Needs and Gaps Ability to assess kill chain and mission impact Realistic models for constructive T&E Threat vectors and behaviors Engineering level models of SUT feeding higher level models Authoritative data sources for cyber threats Development of autonomous defensive measures to mitigate Cyber effects Warning indications that the system is under attack 15

17 Key Take Away Conduct M&S to assess Cyber effects Perform Cyber risk assessments Develop Cyber laboratories and tools for offensive and defensive techniques and measures Increase investments in Cyber workforce, processes, and infrastructure 16

18 Questions Think like a Hacker Insights - Ideas 17

Avionics Cyber T&E Examples Testing Cyber Security Resilience to support Operations in the 3rd Offset Environment

Avionics Cyber T&E Examples Testing Cyber Security Resilience to support Operations in the 3rd Offset Environment Avionics Cyber T&E Examples Testing Cyber Security Resilience to support Operations in the 3rd Offset Environment 26 January 2017 Presented by: Mr. Chad Miller NAVAIR Cyber T&E What: Replicate Cyber Battlespace

More information

Test and Evaluation Methodology and Principles for Cybersecurity

Test and Evaluation Methodology and Principles for Cybersecurity Test and Evaluation Methodology and Principles for Cybersecurity Andrew Pahutski Deputy Director; Cyber & Information Systems Office of the Secretary of Defense (OSD) Developmental Test and Evaluation

More information

Dr. Steven J. Hutchison Principal Deputy Developmental Test and Evaluation

Dr. Steven J. Hutchison Principal Deputy Developmental Test and Evaluation Nov 2012 Page-1 Dr. Steven J. Hutchison Principal Deputy Developmental Test and Evaluation November 2012 Nov 2012 Page-2 DT&E for Complex Systems Performance Reliability Interoperability Information Security

More information

T&E Workforce Development

T&E Workforce Development T&E Workforce Development 2016 ITEA Cyber Security Workshop Mr. Thomas W. Simms Deputy Director, T&E Competency & Development Deputy Assistant Secretary of Defense (DT&E) March 17, 2016 Agenda Policy Overview

More information

Air Force Test Center

Air Force Test Center Air Force Test Center Avionics Cyber Range (ACR) Mark Erickson 46 TS/OGE 26 January 2017 DISTRIBUTION STATEMENT A: Approved for public release: distribution is unlimited. 96TW-2017-0005 1 What is the Avionics

More information

Cybersecurity Test and Evaluation at the National Cyber Range

Cybersecurity Test and Evaluation at the National Cyber Range Cybersecurity Test and Evaluation at the National Cyber Range 17 November 2015 Dr. Robert N. Tamburello Deputy Director National Cyber Range robert.n.tamburello.civ@mail.mil 571-372-2753 What is a Cyber

More information

UNCLASSIFIED R-1 ITEM NOMENCLATURE FY 2013 OCO

UNCLASSIFIED R-1 ITEM NOMENCLATURE FY 2013 OCO Exhibit R-2, RDT&E Budget Item Justification: PB 2013 Office of Secretary Of Defense DATE: February 2012 COST ($ in Millions) FY 2011 FY 2012 Base OCO Total FY 2014 FY 2015 FY 2016 FY 2017 Cost To Complete

More information

Shift Left: Putting the Process Into Action

Shift Left: Putting the Process Into Action U.S. ARMY EVALUATION CENTER Shift Left: Putting the Process Into Action March 30, 2017 Agenda The Evaluator s Motivation Where We Were Guidance and Policy Putting it into Action 2 The Evaluator s Motivation

More information

Cyberspace T&E Drivers and Initiatives

Cyberspace T&E Drivers and Initiatives Cyberspace T&E Drivers and Initiatives ITEA Cyber Security Workshop Dr. C. David Brown, PE, CTEP Deputy Assistant Secretary of Defense (DT&E) Director, Defense Test Resource Management Center Residence

More information

UNCLASSIFIED R-1 ITEM NOMENCLATURE FY 2013 OCO

UNCLASSIFIED R-1 ITEM NOMENCLATURE FY 2013 OCO Exhibit R-2, RDT&E Budget Item Justification: PB 2013 Office of Secretary Of Defense DATE: February 2012 0400: Research,, Test & Evaluation, Defense-Wide BA 3: Advanced Technology (ATD) COST ($ in Millions)

More information

UNCLASSIFIED. FY 2016 Base FY 2016 OCO

UNCLASSIFIED. FY 2016 Base FY 2016 OCO Exhibit R-2, RDT&E Budget Item Justification: PB 2016 Office of the Secretary Of Defense : February 2015 0400: Research, Development, Test & Evaluation, Defense-Wide / BA 7: Operational Systems Development

More information

Naval Surface Warfare Center,

Naval Surface Warfare Center, CAPT Brian R. Durant Commander NSWCDD Technical Director - (540) 653-8103 Dennis M. McLaughlin Technical Director Naval Surface Warfare Center, Dahlgren Naval Undersea DivisionWarfare Center The The Leader

More information

The Operational Test & Evaluation Cybersecurity Terrain

The Operational Test & Evaluation Cybersecurity Terrain The Operational Test & Evaluation Cybersecurity Terrain William Budman Redmond AFOTEC/ED Approved for public release; distribution is unlimited. AFOTEC Public Affairs Public Release Number 2018-03 1 BLUF:

More information

Test Resource Management Center Directed Energy T&E Conference A Joint DEPS ITEA Event

Test Resource Management Center Directed Energy T&E Conference A Joint DEPS ITEA Event Test Resource Management Center Directed Energy T&E Conference A Joint DEPS ITEA Event Mr. George Rumford Deputy Director Major Initiatives and Technical Analyses Test Resource Management Center January

More information

Cybersecurity T&E and the National Cyber Range Top 10 Lessons Learned

Cybersecurity T&E and the National Cyber Range Top 10 Lessons Learned Cleared for Public Release 12 Feb 2016 Cybersecurity T&E and the National Cyber Range Top 10 Lessons Learned Prepared for 31ST ANNUAL NATIONAL TEST & EVALUATION CONFERENCE 2-3 March 2016 Prepared by National

More information

JOINT MISSION ENVIRONMENT TEST CAPABILITY (JMETC)

JOINT MISSION ENVIRONMENT TEST CAPABILITY (JMETC) JOINT MISSION ENVIRONMENT TEST CAPABILITY (JMETC) Cyber T&E Initiatives AJ Pathmanathan JMETC Deputy PM for Engineering NCR Technical Director November 14, 2013 GET CONNECTED to LEARN, SHARE, and ADVANCE

More information

DoD Strategy for Cyber Resilient Weapon Systems

DoD Strategy for Cyber Resilient Weapon Systems DoD Strategy for Cyber Resilient Weapon Systems Melinda K. Reed Office of the Deputy Assistant Secretary of Defense for Systems Engineering NDIA Systems Engineering Conference October 2016 10/24/2016 Page-1

More information

UNCLASSIFIED FY 2016 OCO. FY 2016 Base

UNCLASSIFIED FY 2016 OCO. FY 2016 Base Exhibit R-2, RDT&E Budget Item Justification: PB 2016 Office of the Secretary Of Defense Date: February 2015 0400:,, Test & Evaluation, Defense-Wide / BA 3: Advanced Technology (ATD) COST ($ in Millions)

More information

Cyber, Command, Control, Communications, and Computers Assessments Division (C5AD)

Cyber, Command, Control, Communications, and Computers Assessments Division (C5AD) Cyber, Command, Control, Communications, and Computers Assessments Division (C5AD) 1 C5AD Presentation (Approved for Public Release: 20150219) ITEA 26 March 2019 Greg Curth J6/DDC5I/C5AD/ENG Cyber Capability

More information

Joint Mission Environment Test Capability (JMETC)

Joint Mission Environment Test Capability (JMETC) Joint Mission Environment Test Capability (JMETC) Distributed Testing for Cyber Security Marty Arnwine JMETC, Deputy for Plans and Operations February 26, 2015 Agenda JMETC Overview JMETC Networks National

More information

UNCLASSIFIED. FY 2016 Base FY 2016 OCO

UNCLASSIFIED. FY 2016 Base FY 2016 OCO Exhibit R-2, RDT&E Budget Item Justification: PB 2016 Office of the Secretary Of Defense Date: February 2015 0400: Research, Development, Test & Evaluation, Defense-Wide / BA 2: COST ($ in Millions) Prior

More information

UNCLASSIFIED R-1 ITEM NOMENCLATURE. FY 2014 FY 2014 OCO ## Total FY 2015 FY 2016 FY 2017 FY 2018

UNCLASSIFIED R-1 ITEM NOMENCLATURE. FY 2014 FY 2014 OCO ## Total FY 2015 FY 2016 FY 2017 FY 2018 Exhibit R-2, RDT&E Budget Item Justification: PB 2014 Office of Secretary Of Defense DATE: April 2013 BA 3: Advanced (ATD) COST ($ in Millions) All Prior Years FY 2012 FY 2013 # Base OCO ## Total FY 2015

More information

Test & Evaluation/Science & Technology (T&E/S&T) Cyberspace Test Technology (CTT) Project Overview. 2nd Annual ITEA Cyber Security Workshop

Test & Evaluation/Science & Technology (T&E/S&T) Cyberspace Test Technology (CTT) Project Overview. 2nd Annual ITEA Cyber Security Workshop Test & Evaluation/Science & Technology (T&E/S&T) Cyberspace Test Technology (CTT) Project Overview 2nd Annual ITEA Cyber Security Workshop 17 March 2016 Mr. Mark Erickson Phone: 850-882-8110 Email: mark.erickson.2@us.af.mil

More information

UNCLASSIFIED. UNCLASSIFIED Office of Secretary Of Defense Page 1 of 8 R-1 Line #18

UNCLASSIFIED. UNCLASSIFIED Office of Secretary Of Defense Page 1 of 8 R-1 Line #18 Exhibit R-2, RDT&E Budget Item Justification: PB 2015 Office of Secretary Of Defense Date: March 2014 0400: Research, Development, Test & Evaluation, Defense-Wide / BA 2: Applied Research COST ($ in Millions)

More information

PCTE Program Management Update. Liz Bledsoe Acting Product Manager Cyber Resiliency and Training

PCTE Program Management Update. Liz Bledsoe Acting Product Manager Cyber Resiliency and Training PCTE Program Management Update Liz Bledsoe Acting Product Manager Cyber Resiliency and Training elizabeth.e.bledsoe.civ@mail.mil PCTE Stakeholder Landscape TRAINING TEST US CYBER COMMAND CYBER RANGE EXECUTIVE

More information

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE 1 WHAT IS YOUR SITUATION? Excel spreadsheets Manually intensive Too many competing priorities Lack of effective reporting Too many consultants Not

More information

Evaluating and Improving Cybersecurity Capabilities of the Electricity Critical Infrastructure

Evaluating and Improving Cybersecurity Capabilities of the Electricity Critical Infrastructure Evaluating and Improving Cybersecurity Capabilities of the Electricity Critical Infrastructure March 2015 Pamela Curtis Dr. Nader Mehravari Katie Stewart Cyber Risk and Resilience Management Team CERT

More information

Program Protection Implementation Considerations

Program Protection Implementation Considerations Program Protection Implementation Considerations Melinda Reed Deputy Director for Program Protection Office of the Deputy Assistant Secretary of Defense for Systems Engineering NDIA Program Protection

More information

Space and Naval Warfare Systems Center Atlantic Information Warfare Research Project (IWRP)

Space and Naval Warfare Systems Center Atlantic Information Warfare Research Project (IWRP) Space and Naval Warfare Systems Center Atlantic Information Warfare Research Project (IWRP) SSC Atlantic is part of the Naval Research & Development Establishment (NR&DE) Information Warfare Research Project

More information

align security instill confidence

align security instill confidence align security instill confidence cyber security Securing data has become a top priority across all industries. High-profile data breaches and the proliferation of advanced persistent threats have changed

More information

Information Warfare Industry Day

Information Warfare Industry Day Information Warfare Industry Day 20180510 RDML Barrett, OPNAV N2N6G TRANSPORT COMMERCIAL INTERNET DISN SCI Coalition Networks ADNS TELEPORT NMCI & ONE-NET JRSS MOC GNOC NCDOC USMC ISNS / CANES / SUBLAN

More information

Air Force Test Center

Air Force Test Center Air Force Test Center Avionics Cyber Range (ACR) DISTRIBUTION STATEMENT A. Approved for public release; distribution is unlimited. Bill L'Hommedieu ACR Chief Engineer 96 th Cyber Test Group 7 May 2018

More information

A Supply Chain Attack Framework to Support Department of Defense Supply Chain Security Risk Management

A Supply Chain Attack Framework to Support Department of Defense Supply Chain Security Risk Management A Supply Chain Attack Framework to Support Department of Defense Supply Chain Security Risk Management D r. J o h n F. M i l l e r T h e M I T R E C o r p o r a t i o n P e t e r D. K e r t z n e r T h

More information

AMRDEC CYBER Capabilities

AMRDEC CYBER Capabilities Presented to: HAMA AMRDEC CYBER Capabilities Distribution Statement A: Approved for public release: distribution unlimited 08 July 16 Presented by: Julie Locker AMRDEC Cyber Lead U.S. Army Aviation and

More information

Achieving DoD Software Assurance (SwA)

Achieving DoD Software Assurance (SwA) Achieving DoD Software Assurance (SwA) Thomas Hurt Office of the Deputy Assistant Secretary of Defense for Systems Engineering 20th Annual NDIA Systems Engineering Conference Springfield, VA October 26,

More information

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS Continual disclosed and reported

More information

EXPERT SERVICES FOR IoT CYBERSECURITY AND RISK MANAGEMENT. An Insight Cyber White Paper. Copyright Insight Cyber All rights reserved.

EXPERT SERVICES FOR IoT CYBERSECURITY AND RISK MANAGEMENT. An Insight Cyber White Paper. Copyright Insight Cyber All rights reserved. EXPERT SERVICES FOR IoT CYBERSECURITY AND RISK MANAGEMENT An Insight Cyber White Paper Copyright Insight Cyber 2018. All rights reserved. The Need for Expert Monitoring Digitization and external connectivity

More information

Evolving the Security Strategy for Growth. Eric Schlesinger Global Director and CISO Polaris Alpha

Evolving the Security Strategy for Growth. Eric Schlesinger Global Director and CISO Polaris Alpha Evolving the Security Strategy for Growth Eric Schlesinger Global Director and CISO Polaris Alpha Evolving the Security Strategy for Growth Where Do We Start? Our History, Making History In late 2016,

More information

UNCLASSIFIED UNCLASSIFIED

UNCLASSIFIED UNCLASSIFIED : February 6 Exhibit R, RDT&E Budget Item Justification: PB : Research,, Test & Evaluation, / BA 5: System & Demonstration (SDD) COST ($ in Millions) FY 5 FY 6 R Program Element (Number/Name) PE 65A /

More information

Cybersecurity Test and Evaluation Achievable and Defensible Architectures

Cybersecurity Test and Evaluation Achievable and Defensible Architectures Cybersecurity Test and Evaluation Achievable and Defensible Architectures October 2015, ITEA Francis Scott Key Chapter Mr. Robert L. Laughman for COL Scott D. Brooks, Director, Survivability Evaluation

More information

Cybersecurity Metrics: A Red Team Perspective

Cybersecurity Metrics: A Red Team Perspective UNCLASSIFIED Cybersecurity Metrics: A Red Team Perspective Distribution Statement A Distribution: Approved for public release; distribution is unlimited. Bradley R. Horton CISSP-ISSMP, CEH, CISA Chief,

More information

Space Cyber: An Aerospace Perspective

Space Cyber: An Aerospace Perspective Space Cyber: An Aerospace Perspective USAF Cyber Vision 2025 AFSPC 19-21 March 2012 Frank Belz and Joe Betser The Aerospace Corporation Computers and Software Division 20 March 2012 frank.belz@aero.org

More information

Cybersecurity vs. Cyber Survivability: A Paradigm Shift

Cybersecurity vs. Cyber Survivability: A Paradigm Shift U.S. ARMY EVALUATION CENTER Cybersecurity vs. Cyber Survivability: A Paradigm Shift March 8, 2018 BLUF The T&E community should stop using the term cybersecurity when what we mean is cyber survivability

More information

RiskSense Attack Surface Validation for IoT Systems

RiskSense Attack Surface Validation for IoT Systems RiskSense Attack Surface Validation for IoT Systems 2018 RiskSense, Inc. Surfacing Double Exposure Risks Changing Times and Assessment Focus Our view of security assessments has changed. There is diminishing

More information

UNCLASSIFIED. FY 2016 Base FY 2016 OCO

UNCLASSIFIED. FY 2016 Base FY 2016 OCO Exhibit R-2, RDT&E Budget Item Justification: PB 2016 Office of the Secretary Of Defense Date: February 2015 0400: Research, Development, Test & Evaluation, Defense-Wide / BA 2: Applied Research COST ($

More information

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE EXECUTIVE SUMMARY ALIGNING CYBERSECURITY WITH RISK The agility and cost efficiencies

More information

Joint Federated Assurance Center (JFAC): 2018 Update. What Is the JFAC?

Joint Federated Assurance Center (JFAC): 2018 Update. What Is the JFAC? 21 st Annual National Defense Industrial Association Systems and Mission Engineering Conference Joint Federated Assurance Center (JFAC): 2018 Update Thomas Hurt Office of the Under Secretary of Defense

More information

IoT & SCADA Cyber Security Services

IoT & SCADA Cyber Security Services RIOT SOLUTIONS PTY LTD P.O. Box 10087 Adelaide St Brisbane QLD 4000 BRISBANE HEAD OFFICE Level 22, 144 Edward St Brisbane, QLD 4000 T: 1300 744 028 Email: sales@riotsolutions.com.au www.riotsolutions.com.au

More information

Integrated C4isr and Cyber Solutions

Integrated C4isr and Cyber Solutions Integrated C4isr and Cyber Solutions When Performance Matters L3 Communication Systems-East provides solutions in the C4ISR and cyber markets that support mission-critical operations worldwide. With a

More information

Security by Default: Enabling Transformation Through Cyber Resilience

Security by Default: Enabling Transformation Through Cyber Resilience Security by Default: Enabling Transformation Through Cyber Resilience FIVE Steps TO Better Security Hygiene Solution Guide Introduction Government is undergoing a transformation. The global economic condition,

More information

6/18/ ACC / TSA Security Capabilities Workshop THANK YOU TO OUR SPONSORS. Third Party Testing Program Overview.

6/18/ ACC / TSA Security Capabilities Workshop THANK YOU TO OUR SPONSORS. Third Party Testing Program Overview. 2015 ACC / TSA Security Capabilities Workshop June 16-18, 2015 #SecurityCapabilities THANK YOU TO OUR SPONSORS 2015 ACC/TSA Security Capabilities Workshop June 24-26 Arlington, VA #SecurityCapabilities

More information

Cyber T&E Standards Panel

Cyber T&E Standards Panel Cyber T&E Standards Panel Why Cyber T&E Standards? Mr. George Wauer, Touchstone POCs, LLc Test and Training Enabling Architecture (TENA) Mr. Gene Hudgins, TRMC Cyber Range Environment VV&A Mr. Ryan Kelly,

More information

Cybersecurity in Acquisition

Cybersecurity in Acquisition Kristen J. Baldwin Acting Deputy Assistant Secretary of Defense for Systems Engineering (DASD(SE)) Federal Cybersecurity Summit September 15, 2016 Sep 15, 2016 Page-1 Acquisition program activities must

More information

UNCLASSIFIED R-1 ITEM NOMENCLATURE FY 2013 OCO

UNCLASSIFIED R-1 ITEM NOMENCLATURE FY 2013 OCO COST ($ in Millions) FY 2011 FY 2012 Base OCO Total FY 2014 FY 2015 FY 2016 FY 2017 Cost To Complete Total Cost Total Program Element 8.306 7.299 10.429-10.429 11.464 12.492 12.840 13.010 Continuing Continuing

More information

Next Generation Distribution Automation Phase III, Intelligent Modern Pole (IMP) Field Demonstration

Next Generation Distribution Automation Phase III, Intelligent Modern Pole (IMP) Field Demonstration Next Generation Distribution Automation Phase III, Intelligent Modern Pole (IMP) Field Demonstration EPIC Workshop Fresno California November 09, 2018 Southern California Edison Background (Innovation

More information

UNCLASSIFIED FY 2016 OCO. FY 2016 Base

UNCLASSIFIED FY 2016 OCO. FY 2016 Base Exhibit R-2, RDT&E Budget Item Justification: PB 2016 Office of the Secretary Of Defense Date: February 2015 0400: Research, Development, Test & Evaluation, Defense-Wide / BA 3: Advanced Technology Development

More information

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION BREACH & ATTACK SIMULATION THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION Cymulate s cyber simulation platform allows you to test your security assumptions, identify possible security gaps and receive

More information

Cybersecurity Testing

Cybersecurity Testing Cybersecurity Testing Tim Palmer Chief Technical Advisor, SAS Business Unit Torch Technologies, Inc. EXPERTISE // INNOVATION // CUSTOMER FOCUS // EXCELLENCE // INTEGRITY // COOPERATION // RELIABILITY About

More information

Planning and Executing an Integration Test Strategy for a Complex Aerospace System

Planning and Executing an Integration Test Strategy for a Complex Aerospace System Planning and Executing an Integration Test Strategy for a Complex Aerospace System Mr. Derrick Hinton Principal Deputy Director, Test Resource Management Center Complex Aerospace Systems Exchange September

More information

Meeting PCI DSS 3.2 Compliance with RiskSense Solutions

Meeting PCI DSS 3.2 Compliance with RiskSense Solutions Meeting PCI DSS 3.2 Compliance with Solutions Platform the industry s most comprehensive, intelligent platform for managing cyber risk. 2018, Inc. What s Changing with PCI DSS? Summary of PCI Business

More information

Cybersecurity is one of the most important challenges for our military today. Cyberspace. Cybersecurity. Defending the New Battlefield

Cybersecurity is one of the most important challenges for our military today. Cyberspace. Cybersecurity. Defending the New Battlefield Cybersecurity Defending the New Battlefield Steven J. Hutchison, Ph.D. Cybersecurity is one of the most important challenges for our military today. Cyberspace is a new warfighting domain, joining the

More information

Industry role moving forward

Industry role moving forward Industry role moving forward Discussion with National Research Council, Workshop on the Resiliency of the Electric Power Delivery System in Response to Terrorism and Natural Disasters February 27-28, 2013

More information

UNCLASSIFIED. R-1 Program Element (Number/Name) PE D8Z / Software Engineering Institute (SEI) Applied Research. Prior Years FY 2013 FY 2014

UNCLASSIFIED. R-1 Program Element (Number/Name) PE D8Z / Software Engineering Institute (SEI) Applied Research. Prior Years FY 2013 FY 2014 Exhibit R-2, RDT&E Budget Item Justification: PB 2015 Office of Secretary Of Defense Date: March 2014 0400: Research, Development, Test & Evaluation, Defense-Wide / BA 2: COST ($ in Millions) Prior Years

More information

White Paper. View cyber and mission-critical data in one dashboard

White Paper. View cyber and mission-critical data in one dashboard View cyber and mission-critical data in one dashboard Table of contents Rising cyber events 2 Mitigating threats 2 Heighten awareness 3 Evolving the solution 5 One of the direct benefits of the Homeland

More information

DOE and Test Automation for System of Systems T&E

DOE and Test Automation for System of Systems T&E DOE and Test Automation for System of Systems T&E Larry Harris, Navy SPAWAR PMW-120 APM T&E Luis Cortes, MITRE Corporation Jim Wisnowski, Adsurgo Darryl Ahner, OSD STAT COE Jim Simpson, JK Analytics Bottom

More information

THE UNDER SECRETARY OF DEFENSE 3010 DEFENSE PENTAGON WASHINGTON, DC ACQUISITION, TECHNOLOGY AND LOGISTICS January 11, 2017

THE UNDER SECRETARY OF DEFENSE 3010 DEFENSE PENTAGON WASHINGTON, DC ACQUISITION, TECHNOLOGY AND LOGISTICS January 11, 2017 THE UNDER SECRETARY OF DEFENSE 3010 DEFENSE PENTAGON WASHINGTON, DC 20301-3010 ACQUISITION, TECHNOLOGY AND LOGISTICS January 11, 2017 MEMORANDUM FOR SECRETARIES OF THE MILITARY DEPARTMENTS CHAIRMAN OF

More information

April 25, 2018 Version 2.0

April 25, 2018 Version 2.0 April 25, 2018 Version 2.0 Table of Contents Introduction... 1 1.1 Organization of This Guidebook... 1 1.2 Audience... 2 1.3 Applicability... 2 1.4 Terminology... 2 Cybersecurity Policies and Guidance

More information

DEFENSE LOGISTICS AGENCY

DEFENSE LOGISTICS AGENCY DEFENSE LOGISTICS AGENCY AMERICA S COMBAT LOGISTICS SUPPORT AGENCY Cyber Resilience Integration Mr. Linus Baker DLA Information Operations Director, Cybersecurity 1 Mission Assurance/Cybersecurity Concern

More information

Cybersecurity T&E and the National Cyber Range

Cybersecurity T&E and the National Cyber Range Cleared for Public Release 23 March 2017 Case # 17-S-1267 Cybersecurity T&E and the National Cyber Range Prepared for 2nd ITEA Cyber Security Workshop "Challenges Facing Test and Evaluation 24 March 2017

More information

DHS Cybersecurity: Services for State and Local Officials. February 2017

DHS Cybersecurity: Services for State and Local Officials. February 2017 DHS Cybersecurity: Services for State and Local Officials February 2017 Department of Established in March of 2003 and combined 22 different Federal departments and agencies into a unified, integrated

More information

An Operational Cyber Security Perspective on Emerging Challenges. Michael Misumi CIO Johns Hopkins University Applied Physics Lab (JHU/APL)

An Operational Cyber Security Perspective on Emerging Challenges. Michael Misumi CIO Johns Hopkins University Applied Physics Lab (JHU/APL) An Operational Cyber Security Perspective on Emerging Challenges Michael Misumi CIO Johns Hopkins University Applied Physics Lab (JHU/APL) Johns Hopkins University Applied Physics Lab (JHU/APL) University

More information

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security SYMANTEC: SECURITY ADVISORY SERVICES Symantec Security Advisory Services The World Leader in Information Security Knowledge, as the saying goes, is power. At Symantec we couldn t agree more. And when it

More information

Introducing Cyber Resiliency Concerns Into Engineering Education

Introducing Cyber Resiliency Concerns Into Engineering Education Introducing Cyber Resiliency Concerns Into Engineering Education Mr. Tom McDermott Georgia Tech Research Institute Mr. Barry Horowitz University of Virginia NDIA 20 th Annual Systems Engineering Conference

More information

Automating the Top 20 CIS Critical Security Controls

Automating the Top 20 CIS Critical Security Controls 20 Automating the Top 20 CIS Critical Security Controls SUMMARY It s not easy being today s CISO or CIO. With the advent of cloud computing, Shadow IT, and mobility, the risk surface area for enterprises

More information

Cyber Security Maturity Model

Cyber Security Maturity Model Cyber Security Maturity Model Robert Lentz Former DoD CISO / Deputy Assistant Secretary Cyber Facts Facts About About Intrusions Intrusions 2 Verizon 2010 Data Breach Investigation Report WHO IS BEHIND

More information

Advancing the Role of DT&E in the Systems Engineering Process:

Advancing the Role of DT&E in the Systems Engineering Process: Advancing the Role of DT&E in the Systems Engineering Process: An Update on the NDIA Systems Engineering Division DT&E Committee Co-Chair: Dr. George Ka iliwai, AFFTC Technical Advisor Co-Chair: John Lohse,

More information

DoD Joint Federated Assurance Center (JFAC) Update

DoD Joint Federated Assurance Center (JFAC) Update DoD Joint Federated Assurance Center (JFAC) Update Thomas D. Hurt Office of the Deputy Assistant Secretary of Defense for Systems Engineering 19th Annual NDIA Systems Engineering Conference Springfield,

More information

DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI

DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI EXECUTIVE SUMMARY The shortage of cybersecurity skills Organizations continue to face a shortage of IT skill

More information

Overview of Infrastructure for Cyber, Interoperability, and Distributed Test

Overview of Infrastructure for Cyber, Interoperability, and Distributed Test Overview of Infrastructure for Cyber, Interoperability, and Distributed Test For LTC Richard Dixon Mission Control Complex, Bde Modernization Command The JMETC Mission JMETC provides the persistent, robust

More information

INFORMATION ASSURANCE DIRECTORATE

INFORMATION ASSURANCE DIRECTORATE National Security Agency/Central Security Service INFORMATION ASSURANCE DIRECTORATE CGS Risk Monitoring Risk Monitoring assesses the effectiveness of the risk decisions that are made by the Enterprise.

More information

Department of Defense (DoD) Joint Federated Assurance Center (JFAC) Overview

Department of Defense (DoD) Joint Federated Assurance Center (JFAC) Overview Department of Defense (DoD) Joint Federated Assurance Center (JFAC) Overview Kristen Baldwin Principal Deputy, Office of the Deputy Assistant Secretary of Defense for Systems Engineering (DASD(SE)) 17

More information

FPM-IT-420B: FAC-P/PM-IT Planning & Acquiring Operations of IT Systems Course Details

FPM-IT-420B: FAC-P/PM-IT Planning & Acquiring Operations of IT Systems Course Details FPM-IT-420B: FAC-P/PM-IT Planning & Acquiring Operations of IT Systems Course Details 2 FPM IT 420B: FAC P/PM IT Planning & Acquiring Operations of IT Systems FPM-IT-420B: FAC-P/PM-IT PLANNING & ACQUIRING

More information

Machine-Based Penetration Testing

Machine-Based Penetration Testing Always in Control CyBot Suite Machine-Based Penetration Testing CyBot PRODUCT SUITE Unique, patented Machine-based Penetration Testing Software with Global Attack Path Scenarios (APS) product suite: CyBot

More information

2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager

2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager 2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager NIST Cybersecurity Framework (CSF) Executive Order 13636 Improving Critical Infrastructure Cybersecurity tasked the National

More information

NERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS

NERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS NERC CIP VERSION 6 COMPLIANCE BACKGROUND The North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Reliability Standards define a comprehensive set of requirements

More information

Test and Evaluation. The Key to Successful Acquisition Outcomes. Steve Hutchison. 3 October Director Office of Test and Evaluation

Test and Evaluation. The Key to Successful Acquisition Outcomes. Steve Hutchison. 3 October Director Office of Test and Evaluation Test and Evaluation The Key to Successful Acquisition Outcomes 3 October 2017 Steve Hutchison Director Office of Test and Evaluation DHS Test & Evaluation Year in Review USCG Fast Response Cutter FOT&E

More information

The NIS Directive and Cybersecurity in

The NIS Directive and Cybersecurity in The NIS Directive and Cybersecurity in ehealth Dr. Athanasios Drougkas Officer in NIS Belgian Hospitals Meeting on Security Brussels 13 th October European Union Agency For Network And Information Security

More information

Transformation in Technology Barbara Duck Chief Information Officer. Investor Day 2018

Transformation in Technology Barbara Duck Chief Information Officer. Investor Day 2018 Transformation in Technology Barbara Duck Chief Information Officer Investor Day 2018 Key Takeaways 1Transformation in Technology driving out cost, supporting a more technologyenabled business Our new

More information

Sachin Shetty Old Dominion University April 10, Cyber Risk Scoring and Mitigation(CRISM)

Sachin Shetty Old Dominion University April 10, Cyber Risk Scoring and Mitigation(CRISM) Sachin Shetty Old Dominion University sshetty@odu.edu April 10, 2019 Cyber Risk Scoring and Mitigation(CRISM) Customer Need - Life in the Security Operation Center Intrusion Detection System alerts Prioritized

More information

Rethinking Cybersecurity from the Inside Out

Rethinking Cybersecurity from the Inside Out Rethinking Cybersecurity from the Inside Out An Engineering and Life Cycle-Based Approach for Building Trustworthy Resilient Systems Dr. Ron Ross Computer Security Division Information Technology Laboratory

More information

How to Underpin Security Transformation With Complete Visibility of Your Attack Surface

How to Underpin Security Transformation With Complete Visibility of Your Attack Surface How to Underpin Security Transformation With Complete Visibility of Your Attack Surface YOU CAN T SECURE WHAT YOU CAN T SEE There are many reasons why you may be considering or engaged in a security transformation

More information

Eirene Sceptre Cyber Defense Services

Eirene Sceptre Cyber Defense Services Eirene Sceptre Cyber Defense Services Nick Cohen Cyber Defense Solutions Department 26 February 2019 2019 The Aerospace Corporation Overview Eirene Sceptre (E-Sceptre) Overview E-Sceptre Mission Benefits

More information

Mike Spear, Ops Leader Greg Maciel, Cyber Director INDUSTRIAL CYBER SECURITY PROGRAMS

Mike Spear, Ops Leader Greg Maciel, Cyber Director INDUSTRIAL CYBER SECURITY PROGRAMS Mike Spear, Ops Leader Greg Maciel, Cyber Director INDUSTRIAL CYBER SECURITY PROGRAMS Can You Answer These Questions? 1 What s my company s exposure to the latest industrial cyber threat? Are my plants

More information

Securing Digital Transformation

Securing Digital Transformation September 4, 2017 Securing Digital Transformation DXC Security Andreas Wuchner, CTO Security Innovation Risk surface is evolving and increasingly complex The adversary is highly innovative and sophisticated

More information

DOWNLOAD OR READ : THREAT AND VULNERABILITY MANAGEMENT COMPLETE SELF ASSESSMENT GUIDE PDF EBOOK EPUB MOBI

DOWNLOAD OR READ : THREAT AND VULNERABILITY MANAGEMENT COMPLETE SELF ASSESSMENT GUIDE PDF EBOOK EPUB MOBI DOWNLOAD OR READ : THREAT AND VULNERABILITY MANAGEMENT COMPLETE SELF ASSESSMENT GUIDE PDF EBOOK EPUB MOBI Page 1 Page 2 threat and vulnerability management complete self assessment guide threat and vulnerability

More information

Protecting the Nation s Critical Assets in the 21st Century

Protecting the Nation s Critical Assets in the 21st Century Protecting the Nation s Critical Assets in the 21st Century Dr. Ron Ross Computer Security Division Information Technology Laboratory OPM. Anthem BCBS. Ashley Madison. 2 Houston, we have a problem. Complexity.

More information

Cyber Resilience. Think18. Felicity March IBM Corporation

Cyber Resilience. Think18. Felicity March IBM Corporation Cyber Resilience Think18 Felicity March 1 2018 IBM Corporation Cyber Resilience Cyber Resilience is the ability of an organisation to maintain its core purpose and integrity during and after a cyber attack

More information

Shaping the Department of Defense Engineering Workforce

Shaping the Department of Defense Engineering Workforce Shaping the Department of Defense Engineering Workforce Ms. Aileen Sedmak Office of the Deputy Assistant Secretary of Defense for Systems Engineering 20th Annual NDIA Systems Engineering Conference Springfield,

More information

Machine-Based Penetration Testing

Machine-Based Penetration Testing Always in Control CyBot Suite Machine-Based Penetration Testing www.cronus-cyber.com - April 2016 CyBot PRODUCT SUITE Unique, patented Machine-based Penetration Testing Software with Global Attack Path

More information

UNCLASSIFIED. UNCLASSIFIED R-1 Line Item #49 Page 1 of 10

UNCLASSIFIED. UNCLASSIFIED R-1 Line Item #49 Page 1 of 10 Exhibit R-2, PB 2010 Office of Secretary Of Defense RDT&E Budget Item Justification DATE: May 2009 3 - Advanced Technology Development (ATD) COST ($ in Millions) FY 2008 Actual FY 2009 FY 2010 FY 2011

More information