Supplier Training Excellence Program

Similar documents
DFARS , NIST , CDI

DFARS Compliance. SLAIT Consulting SECURITY SERVICES. Mike D Arezzo Director of Security Services. SLAITCONSULTING.com

CYBER SECURITY AIR TRANSPORT IT SUMMIT

Cybersecurity in Higher Ed

ROADMAP TO DFARS COMPLIANCE

Rocky Mountain Cyberspace Symposium 2018 DoD Cyber Resiliency

Presented by Ingrid Fredeen and Pamela Passman. Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0

Partner Information Manager Supplier Guide October 2017

Cybersecurity in Acquisition

DEFENSE LOGISTICS AGENCY AMERICA S COMBAT LOGISTICS SUPPORT AGENCY. Cyber Security. Safeguarding Covered Defense Information.

Department of Defense Cybersecurity Requirements: What Businesses Need to Know?

Get Compliant with the New DFARS Cybersecurity Requirements

Click to edit Master title style

Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure

OFFICE OF THE UNDER SECRETARY OF DEFENSE 3000DEFENSEPENTAGON WASHINGTON, DC

Hacking and Cyber Espionage

Advanced Technology Academic Research Council Federal CISO Summit. Ms. Thérèse Firmin

DFARS Cyber Rule Considerations For Contractors In 2018

Greg Garcia President, Garcia Cyber Partners Former Assistant Secretary for Cyber Security and Communications, U.S. Department of Homeland Security

DEFENSE LOGISTICS AGENCY

ICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update)

Why you should adopt the NIST Cybersecurity Framework

Cybersecurity for Government Contractors: Preparing for Cyber Incidents in 2017

Governance Ideas Exchange

External Supplier Control Obligations. Cyber Security

Program Protection Implementation Considerations

TAN Jenny Partner PwC Singapore

CyberUSA Government Cyber Opportunities for your Region: The Federal Agenda - Federal, Grants & Resources Available to Support Community Cyber

Institute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO #IIACHI

Cyber-Threats and Countermeasures in Financial Sector

Take Risks in Life, Not with Your Security

NDIA SE Conference 2016 System Security Engineering Track Session Kickoff Holly Dunlap NDIA SSE Committee Chair Holly.

MANAGING CYBER RISK: THE HUMAN ELEMENTS OF CYBERSECURITY

ISA99 - Industrial Automation and Controls Systems Security

Another Cook in the Kitchen: The New FAR Rule on Cybersecurity

Cybersecurity Risk Mitigation: Protect Your Member Data. Introduction

Building Privacy into Cyber Threat Information Sharing Cyber Security Symposium Securing the Public Trust

LOA CYBER DISCUSSION. Mr Bob Picket Joint Staff J-4 19 October 2015 UNCLASSIFIED

DOD s New Cyber Requirements: Impacts on DOD Contractors and Subcontractors

Handbook Webinar

Strategy is Key: How to Successfully Defend and Protect. Session # CS1, February 19, 2017 Karl West, CISO, Intermountain Healthcare

Building a Resilient Security Posture for Effective Breach Prevention

A Common Cyber Threat Framework: A Foundation for Communication

Security Awareness Training Courses

Cybersecurity in the Age of Government Regulation

t a Foresight Consulting, GPO Box 116, Canberra ACT 2601, AUSTRALIA e foresightconsulting.com.

CYBER SOLUTIONS & THREAT INTELLIGENCE

Click to edit Master title style

PilieroMazza Webinar Preparing for NIST SP December 14, 2017

Dr. Emadeldin Helmy Cyber Risk & Resilience Bus. Continuity Exec. Director, NTRA. The African Internet Governance Forum - AfIGF Dec 2017, Egypt

Safeguarding company from cyber-crimes and other technology scams ASSOCHAM

Cyber (In)Security. What Business Leaders Need To Know. Roy Luebke Innovation and Growth Consultant. Presented by:

Securing Industrial Control Systems

Cybersecurity Risk Management

DFARS Safeguarding Covered Defense Information The Interim Rule: Cause for Confusion and Request for Questions

Cyber Security Panel Discussion Gary Hayes, SVP & CIO Technology Operations. Arkansas Joint Committee on Energy March 16, 2016

10 Cybersecurity Questions for Bank CEOs and the Board of Directors

NIST Special Publication

4/5/2017. April 5, 2017 CYBER-RISK: WHAT MANAGEMENT & BOARDS NEED TO KNOW

Cybersecurity in Government

Engaging Executives and Boards in Cybersecurity Session 303, Feb 20, 2017 Sanjeev Sah, CISO, Texas Children s Hospital Jimmy Joseph, Senior Manager,

Security Challenges and

Section One of the Order: The Cybersecurity of Federal Networks.

Verizon Software Defined Perimeter (SDP).

Implementing the Administration's Critical Infrastructure and Cybersecurity Policy

Cyber Security Updates and Trends Affecting the Real Estate Industry

Security & Phishing

CYBER SECURITY AND MITIGATING RISKS

2017 SAME Small Business Conference

COUNTERING CYBER CHAOS WITH HIPAA COMPLIANCE. Presented by Paul R. Hales, J.D. May 8, 2017

Adversary Playbooks. An Approach to Disrupting Malicious Actors and Activity

Department of Defense (DoD) Joint Federated Assurance Center (JFAC) Overview

Last Updated 12/11/2015. LM Procure to Pay Quick Reference Guide For Suppliers Completing a Registration Request

NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT?

Insider Threat Program: Protecting the Crown Jewels. Monday, March 2, 2:15 pm - 3:15 pm

Updated 09/16/2017. LM Procure to Pay Quick Reference Guide For Suppliers Completing a Registration Request

CYBER ASSISTANCE TEAM OVERVIEW BRIEFING

Electronic payments in the Netherlands

Safeguarding Controlled Unclassified Information and Cyber Incident Reporting. Kevin R. Gamache, Ph.D., ISP Facility Security Officer

Akin Gump Client Update Alert

Preparing for NIST SP January 23, 2018 For the American Council of Engineering Companies

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

CYBER SECURITY BRIEF. Presented By: Curt Parkinson DCMA

Compliance with NIST

2018 IT Priorities: Cybersecurity, Cloud Outsourcing & Risk Management. Follow Along

Cyber Security Challenges

Mike Spear, Ops Leader Greg Maciel, Cyber Director INDUSTRIAL CYBER SECURITY PROGRAMS

Sage Data Security Services Directory

December 10, Statement of the Securities Industry and Financial Markets Association. Senate Committee on Banking, Housing, and Urban Development

DIGITAL ACCOUNTANCY FORUM CYBER SESSION. Sheila Pancholi Partner, Technology Risk Assurance

ENISA & Cybersecurity. Dr. Udo Helmbrecht Executive Director, European Network & Information Security Agency (ENISA) 25 October 2010

UNCLASSIFIED. FY 2016 Base FY 2016 OCO

The Kill Chain for the Advanced Persistent Threat

(U) Cyber Threats to the Homeland

Advanced Cyber Risk Management Threat Modeling & Cyber Wargaming April 23, 2018

How to Prepare a Response to Cyber Attack for a Multinational Company.

TRAINING WEEK COURSE OUTLINE May RADISSON HOTEL TRINIDAD Port of Spain, Trinidad, W.I.

Cyber Security Summit 2014 USCENTCOM Cybersecurity Cooperation

Security Gaps from the Field

Today s cyber threat landscape is evolving at a rate that is extremely aggressive,

Transcription:

Supplier Training Excellence Program Cybersecurity Webinar February 9, 2017

Agenda Why must my company complete the Cyber Questionnaire(s)? What are the Cyber Questionnaire(s)? How do I get help? What do I focus on first? 2

Why am I being asked to complete a Cyber Questionnaire? 3

Problem I want to mention the serious problem of the loss of unclassified sensitive information to industrial espionage. Some have called the loss of this information through our networks the greatest transfer of wealth in history.providing potential adversaries with huge savings in time and money as they seek to develop weapon systems comparable, and even superior, to our own. Mr. Frank Kendall, former Undersecretary of Defense for Acquisition, Technology and Logistics (2013 LM Supply Chain Conference) 4

National Security Imperative The Director of National Intelligence has identified Supply Chain cyber risk as a threat to the National Security of the United States and released this video highlighting Supply Chain Cyber Risk. Office of the Director of National Intelligence s National Counterintelligence Video: Supply Chain Risk Management https://www.youtube.com/watch?v=oj5id0d7jsy&feature=youtu.be Office of the Director of National Intelligence s National Counterintelligence release of Supply Chain Risk Management Video: https://www.dni.gov/index.php/newsroom/press-releases/215-press-releases- 2016/1405-new-video-highlights-foreign-risks-to-private-sector-supply-chains Your Cyber Vigilance is Critical to our National Security 5

Understanding the Cyber Threat Scope Spear Phishing Nation State 2005 Core Network Espionage Mobile Social Media Hactivists Rogue Actors Watering Hole Web Server Nation States Anonymous Spear Phishing 2016 Criminal Supplier Espionage (IP Theft) Joint Venture Mobility Core Network Perimeter Cloud Espionage (Intel) Disruptive (DDoS) Financial Destructive Platform 6

What am I required to do for Lockheed Martin? 7

Supply Chain Cyber Initiative Strategy Collaboration Supplier Cyber Security Understand Posture (Questionnaires & Validations) Build Awareness Reduce Risk Supply Chain Cybersecurity Program Management Engineering End Goal Known Supplier Cybersecurity Posture Supplier Cybersecurity Validation Supplier Threat Awareness Supplier Cybersecurity Capability Improvements Move Defenses Up Stream 8

Industry Collaboration & Supplier Engagement Understand Supplier Posture Cybersecurity Questionnaire 180 questions APT and risk focus Developed by Exostar partners Based on standards: Center for Internet Security top Critical Security Controls COLLABORATIVE APPROACH LM chairs the Supply Chain Cybersecurity Working Group Exostar hosts cybersecurity questionnaires NIST 800-171 Questionnaire 110 questions Compliance for Covered Defense Info (CDI) as defined in DFARS 252.204-7012 Requires full compliance by 12/31/2017 Common supplier expectations Supplier inputs once, results shared across multiple primes 9

Lockheed Martin s Expectations of our Suppliers Suppliers self assess their cybersecurity maturity using Exostar questionnaire(s) Handling Sensitive Information Complete the Cybersecurity Questionnaire Result: Report with Rating/Scores and links to recommendations Define a remediation plan and work to close on open items Handling Covered Defense Information (CDI) as defined by DFARS Be aware of applicable DFARS clauses Flow DFARS requirements to sub-tier suppliers Complete the NIST 800-171 Questionnaire (110 questions) Be compliant with all 110 NIST controls by December 31, 2017 Notify DoD CIO of NIST 800-171 non-compliance In parallel notify LM of NIST 800-171 non-compliance Report cyber incidents within 72 hours to DoD CIO Report in parallel cyber incidents within 72 hours to LM 10

Exostar Cybersecurity Questionnaire 11

Exostar NIST Questionnaire 12

Where do I start? How do I get help? 13

Items to Consider Does remote access into my environment use Two-Factor Authentication? Can employees access my internal company email system from the Internet with a User ID and password? Does your company utilize email filtering to identify malicious links, attachments, etc.? Does your company use an Internet Proxy Capability to block web browsing to "uncategorized" Web sites? Does access to Internet-facing devices/web servers containing "unclassified sensitive data" require Two-Factor Authentication? 14

Resources Review Lockheed Martin Suppliers Cyber Web page http://www.lockheedmartin.com/us/suppliers/cyber-security.html Review Supplier Cyber FAQ http://myexostar.com/workarea/showcontent.aspx?id=2550 For existing Lockheed Martin Suppliers Complete the Cybersecurity questionnaire in your Exostar profile 15

Summary Aerospace and Defense contractors are targeted You are a target Lockheed Martin is working with suppliers To understand their cybersecurity posture To bring a heightened sense of cybersecurity awareness Suppliers are responsible To complete the Cybersecurity questionnaire To complete the DFARS/NIST 800-171 questionnaire if applicable To improve their cybersecurity posture as necessary To be compliant with NIST 800-171 by December 31, 2017 as necessary 16

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback