Combat Effectiveness Testing of System of Systems in the Face of Cyber Threat

Similar documents
Overview of Infrastructure for Cyber, Interoperability, and Distributed Test

The Perfect Storm Cyber RDT&E

Air Force Test Center

Test Resource Management Center Directed Energy T&E Conference A Joint DEPS ITEA Event

Avionics Cyber T&E Examples Testing Cyber Security Resilience to support Operations in the 3rd Offset Environment

FAA Cybersecurity Test Facility (CyTF) By: Enterprise Information Security Team ANG-B31 Patrick Hyle, William J Hughes Technical Center

UNCLASSIFIED. Exhibit R-2, RDT&E Budget Item Justification Date February 2007 Appropriation/Budget Activity RDT&E Defense-Wide, BA 7

UNCLASSIFIED R-1 ITEM NOMENCLATURE FY 2013 OCO

JOINT MISSION ENVIRONMENT TEST CAPABILITY (JMETC)

UNCLASSIFIED UNCLASSIFIED

An Operational Cyber Security Perspective on Emerging Challenges. Michael Misumi CIO Johns Hopkins University Applied Physics Lab (JHU/APL)

UNCLASSIFIED R-1 ITEM NOMENCLATURE FY 2013 OCO

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

Cybersecurity Test and Evaluation at the National Cyber Range

Canada Life Cyber Security Statement 2018

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

UNCLASSIFIED R-1 ITEM NOMENCLATURE FY 2013 OCO

Cyber, Command, Control, Communications, and Computers Assessments Division (C5AD)

Creating a Dynamic Serial Edge For Integrated Industrial Networks

Marine Corps Tactical System Support Activity

Naval Surface Warfare Center,

Department of Management Services REQUEST FOR INFORMATION

UNCLASSIFIED. FY 2016 Base FY 2016 OCO

Cybersecurity Testing

UNCLASSIFIED FY 2016 OCO. FY 2016 Base

AUTHORITY FOR ELECTRICITY REGULATION

Joint Mission Environment Test Capability (JMETC)

Air Force Test Center

Service. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution

INFORMATION SECURITY. One line heading. > One line subheading. A briefing on the information security controls at Computershare

How to Underpin Security Transformation With Complete Visibility of Your Attack Surface

Cyberspace: New Frontiers in Technology Insertion

Twilio cloud communications SECURITY

Accelerate Your Enterprise Private Cloud Initiative

Information Solutions

Industry role moving forward

AMRDEC CYBER Capabilities

NERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS

2 nd Cybersecurity Workshop Test and Evaluation to Meet the Advanced Persistent Threat

Critical Infrastructure Protection for the Energy Industries. Building Identity Into the Network

CYBER SECURITY AIR TRANSPORT IT SUMMIT

EEI Fall 2008 Legal Conference Boston, Massachusetts Stephen M. Spina November 1,

It s just software Or It s all software and it s the new normal

DEVELOP YOUR TAILORED CYBERSECURITY ROADMAP

NextGen Interagency Experimentation Hub

CCISO Blueprint v1. EC-Council

Directed Energy S&T. Challenges Overview. L. Bruce Simpson, SES Director Directed Energy Directorate Kirtland AFB, New Mexico

Protecting your data. EY s approach to data privacy and information security

Dr. Steven J. Hutchison Principal Deputy Developmental Test and Evaluation

Sustainable Security Operations

UNCLASSIFIED FY 2016 OCO. FY 2016 Base

Advanced Security Tester Course Outline

NEN The Education Network

Future Trends and Needs for Distributed T&E Infrastructure

UNCLASSIFIED. UNCLASSIFIED Office of Secretary Of Defense Page 1 of 8 R-1 Line #18

CompTIA CASP (Advanced Security Practitioner)

Test and Evaluation Methodology and Principles for Cybersecurity

IoT & SCADA Cyber Security Services

Agile Coalition Environment (ACE) Freedom within a Framework. Michele McGuire Space & Naval Warfare Systems Command Office of Chief Engineer (056)

M&S Strategic Initiatives to Support Test & Evaluation

UNCLASSIFIED. R-1 ITEM NOMENCLATURE PE D8Z: Data to Decisions Advanced Technology FY 2012 OCO

Verizon Software Defined Perimeter (SDP).

Cybersecurity Auditing in an Unsecure World

Improving SCADA System Security

Hacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK

INFORMATION RESOURCE SECURITY CONFIGURATION AND MANAGEMENT

Industrial Network Trends & Technologies

Innovation policy for Industry 4.0

MONITORING OBLIGATIONS. FULFiL CSP REQUIREMENTS FOR COMMUNICATIONS MONITORING.

Streamlined FISMA Compliance For Hosted Information Systems

New Guidance on Privacy Controls for the Federal Government

Security Survey Executive Summary October 2008

Information Technology General Control Review

ENDNOTE SECURITY OVERVIEW INCLUDING ENDNOTE DESKTOP AND ONLINE

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

Multiprotocol Label Switching MPLS 101 Global Packet Transport Rollout

The Joint Live Virtual Constructive Data Translator Framework Interoperability for a Seamless Joint Training Environment

SMR Deployment Enablers

Understanding Holistic Effects of Cyber Events on Critical Infrastructure

Securing the AF Intranet. NIKSUN World-Wide Security and Mobility Conference Col (ret.) Russ Fellers

Firewalls (IDS and IPS) MIS 5214 Week 6

WORKSHARE SECURITY OVERVIEW

Defense Security Service. Strategic Plan Addendum, April Our Agency, Our Mission, Our Responsibility

Test & Evaluation of the NR-KPP

Moonv6 Update NANOG 34

UNCLASSIFIED. FY 2016 Base FY 2016 OCO

Cisco SD-WAN. Intent-based networking for the branch and WAN. Carlos Infante PSS EN Spain March 2018

CERT Overview. Jeffrey J. Carpenter 2008 Carnegie Mellon University

Summary of Cyber Security Issues in the Electric Power Sector

ALTITUDE DOESN T MAKE YOU SAFE. Satcom Direct s Comprehensive Cyber Security Portfolio for Business Aviation

Security Readiness Assessment

New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines

The Success of the AMRAAM DBMS/DAS

Digital Wind Cyber Security from GE Renewable Energy

HPH SCC CYBERSECURITY WORKING GROUP

Google Cloud & the General Data Protection Regulation (GDPR)

External Supplier Control Obligations. Cyber Security

Engineered Resilient Systems Advanced Analytics and Modeling in Support of Acquisition

CompTIA Exam CAS-002 CompTIA Advanced Security Practitioner (CASP) Version: 6.0 [ Total Questions: 532 ]

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

Transcription:

Combat Effectiveness Testing of System of Systems in the Face of Cyber Threat Presented at National Defense Industrial Association Conference March 3, 2010 Jon Payne USJFCOM IO Range 256.842.0156 Jonathon.payne@jfcom.mil 1

Overview What Combat Effective vs Regulatory Compliant When Early and Often Why Risk Assessment Where Closed Environment How Operationally Realistic, Distributed LVC 2

What: Combat Effective vs Regulatory Compliant Compliance is necessary Fiduciary and ethical obligation Framework for Configuration Management Supports enterprise management but insufficient... Combat Effectiveness is essential Survivable in the face of attack Able to complete mission Adds value to arsenal 3

When: Early and Often Cost of failure is too high if the system is already built find and fix early Survivability of a system against a cyber threat must be considered during: Requirement generation Concept development System design and engineering Developmental Testing Operational Testing 4

Why: Risk Assessment Cost/benefit of cyber defense is a risk assessment (A) What is the likelihood of failure? (B) What is the impact of failure? What are the costs to mitigate (A) or (B)? Risk analysis must be completed iteratively on modules, components, system, and system of systems X High Risk Impact Concept Design Testing Likelihood Requirement 5

Where: Closed Environment Early assessment is whiteboard and paper process Testing begins in a controlled environment where variables are understood Testing environment must evolve early into operationally realistic sandbox Threat must be employed throughout the development and testing lifecycle Threat must be employed in a closed loop environment 6

How: Operationally Realistic Distributed LVC Use existing test ranges and assets Network capabilities at appropriate level of classification Use mission thread and operational TTPs Employ threat with likely capabilities, intent, and TTPs Whiteboard Paper Test Bench Laboratory Test Range Distributed Ranges 7

IO Range Provides The only sustained capability to operate a distributed environment at multiple independent levels of security Standing infrastructure capable of supporting CNO, cyber testing, training and exercise Operationally realistic and technically representative environment Traffic Generation Systems provide realistic network activity CNO Labs CNO tool development, testing, and operations (servers, routers, firewalls) Large Computing Environments computers, switches, hubs, routers, and firewalls Telecom Environments Public Switched Telephone Network (PSTN), Public Land Mobile Network (PLMN), Global System for Mobile Communications (GSM) EW platforms Threat systems and Red Teams Communications Tactical C2, GPS, 802.11, LAN, WAN systems Supervisory Control and Data Acquisition (SCADA)/Critical Infrastructure Control Systems Using major vendors hardware Models and Simulations 8

IO Range Mission Areas Supports all life cycle activities in the following mission areas, as tasked by USD(I) and original stakeholders: Basic and advanced research and development (R&D) Experimentation Modeling and Simulation (M&S) Developmental test and evaluation (DT&E) Operational test and evaluation (OT&E) Exercises Training Certification Studies and Analyses Battle lab demonstrations, Advanced Concept Technology Demonstrations (ACTDs), Advanced Technology Demonstrations (ATDs), and other experiments Tactics, techniques, and procedures (TTP) development Rules of engagement (ROE) approvals and authorities Legal reviews and assessments Tool and weapon system operations Joint Munitions Effectiveness Manual (JMEM) validation Mission rehearsal Targeting and battle damage assessment (BDA) development 9

Key IO Range Concepts Standing infrastructure Supports execution of events at multiple independent levels of security Closed loop network Encrypted backbone to support secure tailored customer events Multiple VPN tunnels within each circuit to segregate traffic Streamline event approval process Comprehensive Event Agreements Short and long term Interconnection Security Agreements (ISA) Leverage existing DoD policies and processes Centralized management, security and coordination IO Range Operations Center (IOROC) at JWFC provides single point for the distributed IO Range 10

Segregation of IO Range Activities IO Range architecture supports multiple segregated activities at different classification levels Patch panels enable sites to control connections to IO Range One-for-one relationship between ports and VPNs 11

IO Range Network Topology The IO Range utilizes a fullmesh VPN network topology DREN is primary provider of site to site connectivity Provides point to point encryption across a highperformance and low latency wide area network Utilize JTEN where DREN is not feasible Utilize ESnet to connect to DOE labs and facilities 12

IO Range Service Delivery Points IO Range Service Delivery Points (SDP) are equipment suites located at each member site Encrypts all site-to-site traffic using appropriate COMSEC Provide persistent connectivity between all IO Range sites Supports the rapid creation of logical ranges between the participating sites Facilitates the participation of additional organizations colocated at or near the participating site Segregates/Isolates user communities to mitigate the risks associated with co-mingling multiple classification levels Support integration of the necessary technologies/services required by the IO Range 13

Whidbey Island Information Operations Range Ft Lewis PNNL INL PT Mugu Anaheim Edwards AFB 29 Palms San Diego, CA Pearl City, HI Canberra, AU Ft Irwin China Lake Schofield Brks, HI Camp Smith, HI UTTR Schriever AFB Nellis AFB Yuma Kirtland AFB Ft Huachuca Lackland AFB Offutt AFB Ft Leavenworth Crane ORNL WPAFB Lakehurst, NJ Alexandria Dahlgren Va Beach MIT LL Ft Monmouth Aberdeen, MD Ft Meade Ft Belvior PAX River JWFC NAS Norfolk USNS Prevail Redstone Arsenal SPAWAR Charleston Eglin AFB London, UK Hurlburt AFB MacDill AFB IO Range: 1. Increases COCOM awareness and confidence in IO capabilities 2. Increases integration of non-kinetic effects with kinetic warfare 3. Supports emerging IO technologies 4. Facilitates training against IO targets sets 5. Integrates IO capabilities into Joint training, testing, and experimentation Installed In Progress Planned Legend Persistent Transactional Micro Current as of: 01 Dec 09 14

IO Range Service Delivery Point Design Nominal configuration consists of two 19in fullheight racks with separate external patch panels Full-height rack support growth and new requirements 15

Summary The IO Range: Increases COCOM awareness and confidence in IO capabilities Increases integration of non-kinetic effects with kinetic warfare Supports emerging IO technologies Facilitates training against IO targets sets Integrates IO capabilities into Joint training, testing, and experimentation 16

Points of Contact Chief: LTC John Ballard Comm 757-836-9785 DSN 836-9785 Email Contacts Future Ops ior-reqs@jfcom.mil Current Ops ior-ops@jfcom.mil Security IOJMO-Sec@jfcom.mil Technical ior-nosc@jfcom.mil 17

Questions? Information Operations Range Dare to Know 18

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback