DEFENSE LOGISTICS AGENCY AMERICA S COMBAT LOGISTICS SUPPORT AGENCY Cyber Resilience Integration Mr. Linus Baker DLA Information Operations Director, Cybersecurity 1
Mission Assurance/Cybersecurity Concern Indicators In line with the DOD s Cyber Strategy.DLA s primary cyberspace mission is 1) Provide integrated cyberspace capabilities in support of DLA s global logistics mission; and 2) Defend DLA s cyberspace operating environment-cyber terrain landscape that enables critical business processes Thousands of non-it suppliers contributing to the operational resilience of DLA s global supply chain operations 9 Supply Chains all with extended non-it vendor reliant or operated IT/OT dependencies and enabling capabilities beyond the.mil domain Concerns with the lack of opacity in some operationally critical demand signals linked to CONUS/OCONUS logistics operations extending to vendors
Cyber Resilience Integration Initiative Cyber Program Management Office Cyber Resilience Integration Plan Key Cyber Terrain Enhance Workforce Awareness and Education Collaborating with key Commercial Suppliers/Defense Industrial Base (DIB) Partners Opportunities to partner with DOD organizations in enhancing our Cyber Resilience Integration capability ISAC/ISAO Measuring Cyber Risk and Operational Readiness of DLA Supply Chains USTRANSCOM U.S. Navy DISA Binding Bi-lateral Cybersecurity Requirements Cyber Laws, Policy, Directives, & Instructions
Cyber Resilience achieved through a DLA Cybersecurity Framework Workforce Identify People Recover Governance Protect Processes Customers Technology Respond Detect Suppliers
Mission Assurance - Cyber Resilience Cyber Terrain: Those physical and logical elements of the cyber domain that enable mission essential warfighting functions Cyber Resilience Integration: Defining the Key Cyber Terrain and Operational Risks to DLA s Core Supply Chain Mission Partnering with Industry to Increase Information Sharing and Decrease Cybersecurity Vulnerabilities Merging Cyber Resiliency and Mission Assurance Best Practices to Obtain Operational Resilience Operational Technology (OT): Centralizing Programmatic Control of OT (e.g., ICS, SCADA) Assets under the CIO for Increased Cybersecurity Contingency Planning & IT COOP: Aligning Contingency Planning and IT COOP Efforts to Broader Cyber Resilience Strategy Prioritizing Supply Chain Criticality: Operationally Critical Contractor s/supplier s IT Infrastructure Security Postures Energy/Fuels Pipeline Control systems, Refinery Control Systems, Fuel Transport Systems Medical/Subsistence Prime Vendors Land Systems e.g., LTC Tire Production Cyber Resilience Mitigation Strategies: Upfront Cybersecurity Engagement in Acquisition Processes Alternate Business Process Planning IT Contingency Planning 3 rd Party Assessments Collaborative Information/Cyber Threat Intel Exchanges w/industry
Establishing and Securing DLA s Key Cyber Terrain Agency level coordination with Enterprise Process Owners and Supply Chain Owners to Identify Key DLA Cyber Assets that Directly Support DLA s Critical Business Processes Focus Critical Business Processes, Mission Essential Functions/Tasks & the identification of Critical Suppliers Establishment of DLA s Key Cyber Terrain Subsequently identifying & prioritizing Cyberrelated risk to DLA s global logistics mission Analyze DLA Key Cyber Assets - Determine Critical Infrastructure related assets and Mission Essential Task related assets
Partnerships - Information Sharing/Collaboration Defense Industrial Base Collaboration Information Sharing Environment (DCISE) Information Sharing and Analysis Organizations (IASOs) Information Sharing and Analysis Centers (ISACs): Defense Industrial Base ISAC Maritime Security ISAC Supply Chain ISAC Surface Transportation ISAC Cyber Information Sharing and Collaboration Program FBI Infragard DHS Cyber Security Evaluation Tool/NSA GRASSMARLIN
Key Defense Industrial Base Partners Defining Cyber Defense Standards Assurance of Key Terrain in Cyberspace Prioritize supply chain related risks and address applicable cybersecurity concerns with industry partners Security control implementation Blue Team/Penetration Testing 3 rd Party Assessors DFARS Clauses/Contractual Requirements
DEFENSE LOGISTICS AGENCY AMERICA S COMBAT LOGISTICS SUPPORT AGENCY 10