Cybersecurity for Advanced Manufacturing

Similar documents
Cybersecurity for Advanced Manufacturing

Systems Approach for Cybersecurity for Advanced Manufacturing

CFAM Manufacturing Environment Team (MET) Update and Manufacturing Boundaries

Rocky Mountain Cyberspace Symposium 2018 DoD Cyber Resiliency

Defense Engineering Excellence

DoD Strategy for Cyber Resilient Weapon Systems

THE POWER OF TECH-SAVVY BOARDS:

Membership

Advanced Cyber Risk Management Threat Modeling & Cyber Wargaming April 23, 2018

Oregon Fire Service Conference Enterprise Security Office Update. October 26, 2018

DoD Software Assurance Initiative. Mitchell Komaroff, OASD (NII)/DCIO Kristen Baldwin, OUSD(AT&L)/DS

Advanced Technology Academic Research Council Federal CISO Summit. Ms. Thérèse Firmin

December 10, Statement of the Securities Industry and Financial Markets Association. Senate Committee on Banking, Housing, and Urban Development

Dynamic Transformation of the Energy Industry JUNE 25-27, 2019 COEUR D ALENE, IDAHO REGISTRATION

Cyber Resilience. Think18. Felicity March IBM Corporation

Defense Security Service. Strategic Plan Addendum, April Our Agency, Our Mission, Our Responsibility

An Operational Cyber Security Perspective on Emerging Challenges. Michael Misumi CIO Johns Hopkins University Applied Physics Lab (JHU/APL)

Systems Engineering Division

Systems Engineering for Software Assurance

State Governments at Risk: State CIOs and Cybersecurity. CSG Cybersecurity and Privacy Policy Academy November 2, 2017

Chapter X Security Performance Metrics

Adversary Playbooks. An Approach to Disrupting Malicious Actors and Activity

Electric Sector Security & Privacy Plans for 2011

CALIFORNIA CYBERSECURITY TASK FORCE

Cyber Intelligence Professional Certificate Program Booz Allen Hamilton 2-Day Seminar Agenda September 2016

FAA Cybersecurity Test Facility (CyTF) By: Enterprise Information Security Team ANG-B31 Patrick Hyle, William J Hughes Technical Center

Shaping the Department of Defense Engineering Workforce

NDIA SE Conference 2016 System Security Engineering Track Session Kickoff Holly Dunlap NDIA SSE Committee Chair Holly.

Joint Federated Assurance Center (JFAC): 2018 Update. What Is the JFAC?

Cybersecurity Risk Management Guide for Voluntary Use of the NIST Cybersecurity Framework

Cyber Partnership Blueprint: An Outline

Cybersecurity Fundamentals

Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure

Advancing the Role of DT&E in the Systems Engineering Process:

Chapter X Security Performance Metrics

Supplier Training Excellence Program

IMPROVING CYBERSECURITY AND RESILIENCE THROUGH ACQUISITION

Acquisition and Intelligence Community Collaboration

UNCLASSIFIED. National and Cyber Security Branch. Presentation for Gridseccon. Quebec City, October 18-21

Welcome to the Second Annual Intelligence & National Security Forum

Mitigation Framework Leadership Group (MitFLG) Charter DRAFT

Title: Cyber Table Top

Presented by Ingrid Fredeen and Pamela Passman. Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0

Supply Chain (In)Security

Introducing Cyber Resiliency Concerns Into Engineering Education

Systems Engineering Division

Instructions for Completing a Key Leadership Position Joint Qualification Board Application

Engineered Resilient Systems Advanced Analytics and Modeling in Support of Acquisition

UNCLASSIFIED. FY 2016 Base FY 2016 OCO

Cybersecurity in Acquisition

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

Researching New Ways to Build a Cybersecurity Workforce

ERO Reliability Risk Priorities Report. Peter Brandien, Reliability Issues Steering Committee Chair WECC Reliability Workshop March 21, 2018

Operationalizing Cyber Security Risk Assessments for the Dams Sector

Mission Aware Cybersecurity

IT Risk Management and Cybersecurity Summit

Dell helps you simplify IT

Cybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com

Systems Engineering: MITRE & SERC D r. J. P r o v i d a k e s D i r e c t o r, S E Te c h C e n t e r

NATIONAL DEFENSE INDUSTRIAL ASSOCIATION Homeland Security Symposium

Maintaining Resiliency Within the Defense Industrial Base Through Preparedness Response and Recovery

OFFICE OF THE UNDER SECRETARY OF DEFENSE 3000DEFENSEPENTAGON WASHINGTON, DC

G7 Bar Associations and Councils

Government-University-Industry Research Roundtable (GUIRR) Update FDP Meeting May 14-15, 2009 Irvine, CA

Evolving the Security Strategy for Growth. Eric Schlesinger Global Director and CISO Polaris Alpha

Implementing Executive Order and Presidential Policy Directive 21

INTEGRITY ASSURANCE: Safety/Security Extensions to CMMI and icmm

Public Power Forward Challenges & Opportunities

Cybersecurity Test and Evaluation at the National Cyber Range

SEAWALL EARTHQUAKE SAFETY & DISASTER PREVENTION PROGRAM

Integrated Cyber Defense Working Group (ICD WG) Introduction

Enterprise Risk Management (ERM) and Cybersecurity. Na9onal Science Founda9on March 14, 2018

PROTECTING ARIZONA AGAINST CYBER THREATS THE ARIZONA CYBERSECURITY TEAM

Hampton Roads Regional Broadband Strategy Briefing to Virginia Beach City Council Aug 15, Dave Hansen City Manager

GEORGIA CYBERSECURITY WORKFORCE ACADEMY. NASCIO 2018 State IT Recognition Awards

Creating a Cybersecurity Culture: (ISC)2 Survey Responses

National Cybersecurity Center of Excellence

CYBERSECURITY. The Intersection of Policy and Technology YOU RE HERE TO MAKE A DIFFERENCE ṢM

PIPELINE SECURITY An Overview of TSA Programs

Helping the Military Integrate, Innovate and Secure Networks across the Enterprise

Doug Couto Texas A&M Transportation Technology Conference 2017 College Station, Texas May 4, 2017

Quality Collaboration Across Government and Industry in a Time of Profound Changes

Office of Acquisition Program Management (OAPM)

CHIEF INFORMATION OFFICER

Department of Management Services REQUEST FOR INFORMATION

National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference

The US National Near-Earth Object Preparedness Strategy and Action Plan

Risk Management Framework for DoD Medical Devices

Insider Threat Program: Protecting the Crown Jewels. Monday, March 2, 2:15 pm - 3:15 pm

ALIGNING CYBERSECURITY AND MISSION PLANNING WITH ADVANCED ANALYTICS AND HUMAN INSIGHT

Cybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016

DoD Software Assurance (SwA) Update

ICS-CERT Year in Review. Industrial Control Systems Cyber Emergency Response Team

National Security Collaboration Center

January Disrupting the B2B. Cyber Security Market WHITEHAWK, Inc. All Rights Reserved Empowering a Fearless Internet

Larry Clinton President & CEO (703)

Advancing Sustainment through Public-Private Partnership

Copyright 2016 EMC Corporation. All rights reserved.

AIA /ATA/ ASD S1000D Users Forum

CSD Project Overview DHS SCIENCE AND TECHNOLOGY. Dr. Ann Cox. March 13, 2018

Transcription:

NDIA and DoD Joint Working Group Cybersecurity for Advanced Manufacturing Protecting the Digital Thread NDIA Manufacturing Division Meeting October 19th, 2016 Catherine Ortiz, Defined Business Solutions, LLC

Manufacturing is a Cyber-physical Business Common Visions Smart Manufacturing, Industrial Internet, Industry 4.0, The Internet of Things! Advanced Manufacturing is: Driven by a Digital Thread of product and process information valuable intellectual property (IP) Networked at every level to gain efficiency, speed and quality Targeted by global cyber threats Industry Week 2

The Threat is Global and Growing Manufacturing is an inviting target IBM Security Services Cyber Security Intelligence Index 2016 3 SANS 2016 ICS Survey

China s cyber-espionage group: APT1, Unit 61398 Once APT1 has established access, they periodically revisit the victim s network over several months or years and steal broad categories of intellectual property, including technology blueprints, proprietary manufacturing processes, test results, business plans, pricing documents, partnership agreements, and emails and contact lists from victim organizations leadership. -- Mandiant APT1 Report 2013 4

Why This is Important From Brian Hughes presentation at 2015 NDIA Systems Engineering Conference 5

NDIA White Paper Protecting the Digital Thread Manufacturing Concerns: Theft of technical info -- can compromise national defense and economic security Alteration of technical data -- can alter the part or the process, with physical consequences to mission and safety Disruption or denial of process control -- can shut down production A risk management problem. Need resilience! 6 www.ndia.org/divisions/divisions/manufacturing

CFAM JWG Objective Government and industry members of the CFAM JWG collaborate to build on recommendations in the 2014 NDIA white paper, Cybersecurity for Advanced Manufacturing Identify cybersecurity vulnerabilities in the manufacturing environment and mitigations... types and boundaries, highest impact near-term actions, culture changes Identify ways to incentivize and assist manufacturers to improve cybersecurity in manufacturing systems... policies and contract requirements, security practices, workforce cybersecurity training Develop implementation plans... coordinated with government and industry groups 7

Systems Approach 48 participants: 13 Government, 9 from membership or academic organizations, 24 company representatives and 2 FFRDCs Engaging discussion between Government and NDIA participants... current situation, desired outcomes, barriers, opportunities Teams formed to work on problem areas Policy Planning and Impacts Team Technology Solutions Team Manufacturing Environment Team Supported by Integration Team to ensure limited overlap and to resolve conflicts 8

Preliminary Questions to be Addressed Boundaries... What defines a manufacturing environment? What use cases are important across the life cycle of the manufacturing environment? Mitigations... What actions and activities can improve cybersecurity in the manufacturing environment? What types of education, training and cultural changes are required? Development... What technical solutions can increase cybersecurity in the manufacturing environment? Resources... What existing policies regulations, and standards are applicable and what needs to be augmented, and by whom? What activities implemented outside the Department of Defense can be leveraged? 9

NDIA Division Representation Cyber Dawn Beyer Lockheed Martin Corporation James Godwin BriteWerx, Inc Jason Gorey Six O'Clock Ops Michele Moss Booz Allen Hamilton Fran Zenzen Arizona State Enterprise Dean Bartles ASME Larry John ANSER Michael McGrath McGrath Analytics LLC Catherine Ortiz Defined Business Solutions Chris Peters The Lucrum Group Manufacturing Logistics Tim Shinbara The Association for Manufacturing Technology Devu Shila United Technologies Research Center Joseph Spruill Lockheed Martin Corp Rebecca Taylor Nat'l Center for Mfg. Sciences Systems Engineering Vicki Barbur MITRE David Huggins Georgia Tech Research Institute Thomas McCullough Lockheed Martin Corporation Thomas McDermott Georgia Tech Research Institute Heather Moyer (Team Leader) Consultant Frank Serna Draper Sarah Stern (Team Leader) Boeing Marilyn Gaska Lockheed Martin Corp Irv Varkonyi SCOPE 10

Government organizations: CFAM JWG is a Diverse Team 48 participants: Government, Academia, Industry, Associations and FFRDCs DoD Undersecretary for Acquisition, Technology & Logistics Joint Chiefs of Staff DoD Chief Information Officer Department of the Army Space and Naval Warfare Systems Command Air Force Research Laboratory Department of Energy National Institute of Standards and Technology FFDRCs: Institute for Defense Analyses Sandia National Laboratories Industry member organizations: National Defense Industrial Association (lead) Association for Manufacturing Technology ASME National Center for Manufacturing Sciences Industry company representation: ANSER ARAR Technology Boeing Booz Allen Hamilton Defined Business Solutions LLC DRAPER GLOBALFOUNDRIES IPDE Systems, Inc. Lockheed Martin McGrath Analytics LLC MTEQ PricewaterhouseCoopers Six O Clock Ops SCOPE The Lucrum Group United Technologies Research Center Academia: Arizona State University Research Enterprise Georgia Tech Research Institute Wichita State University 11

Integration Team This group will create the charter and scope of the CFAM JWG, and will support other teams as needed. Team Lead: Catherine Ortiz, Defined Business Solutions Robert Badgett IPDE Systems, LLC James Godwin PricewaterhouseCoopers Michele Moss Contract support to DOD Office of CIO James Poplin Defined Business Solutions Vicki Barbur MITRE Larry John ANSER Catherine Ortiz Defined Business Solutions Melinda Reed ODASD(SE) Dawn Beyer Lockheed Martin Corporation Michael McGrath McGrath Analytics LLC Chris Peters The Lucrum Group Stephanie Shankles Contract support to DOD Office of CIO Donald Davidson Office of the DoD CIO Joe Spruill Lockheed Martin Corporation 12

Manufacturing Environment Team This group will identify actions and activities that can have the greatest impact to improve cybersecurity in the manufacturing environment, and will recommend implementation processes Team Lead: Dr. Marilyn Gaska, Lockheed Martin Corporation Sean Atkinson Global Foundries Dan Green SPAWAR Sean Miles Defense Intelligence Agency Rebecca Taylor Nat'l Center for Mfg. Sciences Dean Bartles ASME Daryl Haegley OASD (EI&E) IE Chris Peters The Lucrum Group Irv Varkonyi SCOPE Michael Dunn ANSER Larry John ANSER Adele Ratcliff AT&L MIBP Mary Williams MTEQ Aman Gahoonia DMEA Greg Larsen Institute for Defense Analyses Haley Stevens / Andrew Watkins DMDII Fran Zenzen Arizona State University Research Enterprise Marilyn Gaska Lockheed Martin Corporation Thomas McCullough Keith Stouffer NIST 13

Technology Solutions Team This team will establish an initial baseline of available and emerging technology solutions to improve cybersecurity in the DIB and deliver a Recommendations Report suggesting additional technology-based concepts that should be explored. Team Lead: Heather Moyer, Consultant Robert Badgett IPDE Systems, LLC Anitha Raj ARAR Technology Devu Shila United Technologies Research Center Vicki Barbur MITRE Craig Rieger Idaho National Laboratory Tim Shinbara The Association for Manufacturing Technology Heather Moyer Consultant Frank Serna DRAPER Janet Twomey Wichita State University 14

Policy Planning & Impacts Team This team will assess existing policies and regulations for applicability to CFAM; will determine additional administrative actions that could strengthen manufacturing cybersecurity, and will assess breach reporting and communication processes for improvements. Team Lead: Sarah Stern, Boeing BCA Network Cyber Security Martha Charles-Vickers Sandia National Laboratories Daryl Haegley OASD (EI&E) IE Melinda Reed ODASD(SE) Stephanie Shankles Contract support to DOD Office of CIO Donald Davidson Office of the DoD CIO Thomas McDermott Georgia Tech Research Institute Joseph Spruill Lockheed Martin Corporation Bill Trautmann JSJ4, KBLD Jason Gorey Six O'Clock Ops Michele Moss Contract support to DOD Office of CIO Sarah Stern Boeing, BCA Network Cyber Security Melinda Woods AT&L MIBP 15

Status & Next Steps Each working group has broken their questions into research tasks... subject matter experts are being interviewed and reports are being written Website launched on NDIA portal... found under Industrial Working Groups Team reports due in mid-november... still time to contribute! Outreach plan developed to share progress... first public forum was in August, next one planned for November 15 th to share findings; CFAM session at DMC on November 29 th Goal is to brief senior OSD leadership in December 2016... Formal report will be coordinated within DoD, and other government agencies as appropriate, after new leadership team is in place 16

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback