Information Assurance and DoD: A Partnership with Industry

Similar documents
DoD Common Access Card Information Brief. Smart Card Project Managers Group

Center for Infrastructure Assurance and Security (CIAS) Joe Sanchez AIA Liaison to CIAS

Service Level Agreements: An Approach to Software Lifecycle Management. CDR Leonard Gaines Naval Supply Systems Command 29 January 2003

COUNTERING IMPROVISED EXPLOSIVE DEVICES

Architecting for Resiliency Army s Common Operating Environment (COE) SERC

C2-Simulation Interoperability in NATO

Guide to Windows 2000 Kerberos Settings

Data to Decisions Terminate, Tolerate, Transfer, or Treat

Preventing Insider Sabotage: Lessons Learned From Actual Attacks

2013 US State of Cybercrime Survey

Kathleen Fisher Program Manager, Information Innovation Office

Use of the Common Vulnerabilities and Exposures (CVE) Vulnerability Naming Scheme

A Review of the 2007 Air Force Inaugural Sustainability Report

Components and Considerations in Building an Insider Threat Program

Information Assurance Technology Analysis Center (IATAC)

Multi-Modal Communication

Cyber Threat Prioritization

Information, Decision, & Complex Networks AFOSR/RTC Overview

Vision Protection Army Technology Objective (ATO) Overview for GVSET VIP Day. Sensors from Laser Weapons Date: 17 Jul 09 UNCLASSIFIED

Concept of Operations Discussion Summary

DoDD DoDI

Dana Sinno MIT Lincoln Laboratory 244 Wood Street Lexington, MA phone:

Towards a Formal Pedigree Ontology for Level-One Sensor Fusion

Coalition Interoperability Ontology:

Directed Energy Using High-Power Microwave Technology

Headquarters U.S. Air Force. EMS Play-by-Play: Using Air Force Playbooks to Standardize EMS

2011 NNI Environment, Health, and Safety Research Strategy

Using Templates to Support Crisis Action Mission Planning

Office of Global Maritime Situational Awareness

Technological Advances In Emergency Management

By Derrick H. Karimi Member of the Technical Staff Emerging Technology Center. Open Architectures in the Defense Intelligence Community

Open Systems Development Initiative (OSDI) Open Systems Project Engineering Conference (OSPEC) FY 98 Status Review 29 April - 1 May 1998

Energy Security: A Global Challenge

75th Air Base Wing. Effective Data Stewarding Measures in Support of EESOH-MIS

DoD M&S Project: Standardized Documentation for Verification, Validation, and Accreditation

Current Threat Environment

FUDSChem. Brian Jordan With the assistance of Deb Walker. Formerly Used Defense Site Chemistry Database. USACE-Albuquerque District.

COMPUTATIONAL FLUID DYNAMICS (CFD) ANALYSIS AND DEVELOPMENT OF HALON- REPLACEMENT FIRE EXTINGUISHING SYSTEMS (PHASE II)

U.S. Army Research, Development and Engineering Command (IDAS) Briefer: Jason Morse ARMED Team Leader Ground System Survivability, TARDEC

Greg Garcia President, Garcia Cyber Partners Former Assistant Secretary for Cyber Security and Communications, U.S. Department of Homeland Security

DISN Forecast to Industry. Ms. Cindy E. Moran Director for Network Services 8 August 2008

Empirically Based Analysis: The DDoS Case

Dr. Stuart Dickinson Dr. Donald H. Steinbrecher Naval Undersea Warfare Center, Newport, RI May 10, 2011

AFRL Defensive IO Programs

4. Lessons Learned in Introducing MBSE: 2009 to 2012

Today s cyber threat landscape is evolving at a rate that is extremely aggressive,

Corrosion Prevention and Control Database. Bob Barbin 07 February 2011 ASETSDefense 2011

ENVIRONMENTAL MANAGEMENT SYSTEM WEB SITE (EMSWeb)

Cyber Security Summit 2014 USCENTCOM Cybersecurity Cooperation

Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013

Topology Control from Bottom to Top

Space and Missile Systems Center

Accuracy of Computed Water Surface Profiles

The C2 Workstation and Data Replication over Disadvantaged Tactical Communication Links

THE NATIONAL SHIPBUILDING RESEARCH PROGRAM

A Distributed Parallel Processing System for Command and Control Imagery

Unclassified. GIG Technologies. Rich Williams Acting Principal Director, GIG Engineering 8 August 2008

Solutions Technology, Inc. (STI) Corporate Capability Brief

Defense Security Service. Strategic Plan Addendum, April Our Agency, Our Mission, Our Responsibility

INFORMATION ASSURANCE DIRECTORATE

Running CyberCIEGE on Linux without Windows

US Army Industry Day Conference Boeing SBIR/STTR Program Overview

ARINC653 AADL Annex Update

High-Assurance Security/Safety on HPEC Systems: an Oxymoron?

Col Jaap de Die Chairman Steering Committee CEPA-11. NMSG, October

M&S Strategic Initiatives to Support Test & Evaluation

INFORMATION ASSURANCE DIRECTORATE

73rd MORSS CD Cover Page UNCLASSIFIED DISCLOSURE FORM CD Presentation

Smart Data Selection (SDS) Brief

Secure FAST: Security Enhancement in the NATO Time Sensitive Targeting Tool

Cyber Warfare. Maj Mark Reith, Ph.D. Software Professional Development Program Air Force Institute of Technology

REPORT DOCUMENTATION PAGE

Cyber Challenges and Acquisition One Corporate View

Washington University

Spacecraft Communications Payload (SCP) for Swampworks

Information Systems Security Requirements for Federal GIS Initiatives

OSD Product Support BCA Guidebook. Joseph Colt Murphy Senior Financial Analyst ODASD Materiel Readiness 9 May 2011

Using Model-Theoretic Invariants for Semantic Integration. Michael Gruninger NIST / Institute for Systems Research University of Maryland

0 I. c mm. m - = co. a,0 13) c s. il r

National Information Assurance Partnership. Common Criteria Evaluation and Validation Scheme Validation Report

Evolving the Security Strategy for Growth. Eric Schlesinger Global Director and CISO Polaris Alpha

Monte Carlo Techniques for Estimating Power in Aircraft T&E Tests. Todd Remund Dr. William Kitto EDWARDS AFB, CA. July 2011

Speaker Verification Using SVM

Architectural Implications of Cloud Computing

Defense Hotline Allegations Concerning Contractor-Invoiced Travel for U.S. Army Corps of Engineers' Contracts W912DY-10-D-0014 and W912DY-10-D-0024

Securing Content in the Department of Defense s Global Information Grid

Introducing I 3 CON. The Information Interpretation and Integration Conference

INFORMATION ASSURANCE DIRECTORATE

INFORMATION ASSURANCE DIRECTORATE

ASSEMBLY, No STATE OF NEW JERSEY. 217th LEGISLATURE INTRODUCED FEBRUARY 4, 2016

ASSESSMENT OF A BAYESIAN MODEL AND TEST VALIDATION METHOD

Department of Defense (DoD) Joint Federated Assurance Center (JFAC) Overview

Computer Aided Munitions Storage Planning

Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure

Distributed Real-Time Embedded Video Processing

Cyber Attacks & Breaches It s not if, it s When

Space and Missile Systems Center

VULNERABILITY AND RISK ANALYSIS PROGRAM. Overview of Assessment Methodology. U.S. Department of Energy Office of Critical Infrastructure Protection

DIACAP and the GIG IA Architecture. 10 th ICCRTS June 16, 2005 Jenifer M. Wierum (O) (C)

PEO C4I Remarks for NPS Acquisition Research Symposium

Transcription:

Information Assurance and DoD: A Partnership with Industry Presented By: Robert Lentz Director, Information Assurance OASD(C3I) for the ITAA InfoSec Committee Meeting March 26, 2002

REPORT DOCUMENTATION PAGE Form Approved OMB No. 0704-0188 Public reporting burder for this collection of information is estibated to average 1 hour per response, including the time for reviewing instructions, searching existing data sources, gathering and maintaining the data needed, and completing and reviewing this collection of information. Send comments regarding this burden estimate or any other aspect of this collection of information, including suggestions for reducing this burder to Department of Defense, Washington Headquarters Services, Directorate for Information Operations and Reports (0704-0188), 1215 Jefferson Davis Highway, Suite 1204, Arlington, VA 22202-4302. Respondents should be aware that notwithstanding any other provision of law, no person shall be subject to any penalty for failing to comply with a collection of information if it does not display a currently valid OMB control number. PLEASE DO NOT RETURN YOUR FORM TO THE ABOVE ADDRESS. 1. REPORT DATE (DD-MM-YYYY) 2. REPORT TYPE 26-03-2002 Briefing 4. TITLE AND SUBTITLE Information Assurance and DoD: A Partnership with Industry Unclassified 6. AUTHOR(S) Lentz, Rpbert ; 7. PERFORMING ORGANIZATION NAME AND ADDRESS OASD(C3I) xxxxx, xxxxxxx 9. SPONSORING/MONITORING AGENCY NAME AND ADDRESS OASD(C3I), 12. DISTRIBUTION/AVAILABILITY STATEMENT APUBLIC RELEASE, 13. SUPPLEMENTARY NOTES 14. ABSTRACT See report. 15. SUBJECT TERMS IATAC Collection 16. SECURITY CLASSIFICATION OF: 17. LIMITATION OF ABSTRACT Public Release a. REPORT Unclassified b. ABSTRACT Unclassified c. THIS PAGE Unclassified 18. NUMBER OF PAGES 22 3. DATES COVERED (FROM - TO) xx-xx-2002 to xx-xx-2002 5a. CONTRACT NUMBER 5b. GRANT NUMBER 5c. PROGRAM ELEMENT NUMBER 5d. PROJECT NUMBER 5e. TASK NUMBER 5f. WORK UNIT NUMBER 8. PERFORMING ORGANIZATION REPORT NUMBER 10. SPONSOR/MONITOR'S ACRONYM(S) 11. SPONSOR/MONITOR'S REPORT NUMBER(S) 19. NAME OF RESPONSIBLE PERSON email from Booz, Allen & Hamilton (IATAC), (blank) lfenster@dtic.mil 19b. TELEPHONE NUMBER International Area Code Area Code Telephone Number 703767-9007 DSN 427-9007 Standard Form 298 (Rev. 8-98) Prescribed by ANSI Std Z39.18

REPORT DOCUMENTATION PAGE Form Approved OMB No. 074-0188 Public reporting burden for this collection of information is estimated to average 1 hour per response, including the time for reviewing instructions, searching existing data sources, gathering and maintaining the data needed, and completing and reviewing this collection of information. Send comments regarding this burden estimate or any other aspect of this collection of information, including suggestions for reducing this burden to Washington Headquarters Services, Directorate for Information Operations and Reports, 1215 Jefferson Davis Highway, Suite 1204, Arlington, VA 22202-4302, and to the Office of Management and Budget, Paperwork Reduction Project (0704-0188), Washington, DC 20503 1. AGENCY USE ONLY (Leave blank) 2. REPORT DATE 3/26/2002 3. REPORT TYPE AND DATES COVERED Briefing 3/26/2002 4. TITLE AND SUBTITLE Information Assurance and DoD: A Partnership with Industry 5. FUNDING NUMBERS 6. AUTHOR(S) Lentz, Robert 7. PERFORMING ORGANIZATION NAME(S) AND ADDRESS(ES) 8. PERFORMING ORGANIZATION REPORT NUMBER OASD(C3I) 9. SPONSORING / MONITORING AGENCY NAME(S) AND ADDRESS(ES) 10. SPONSORING / MONITORING AGENCY REPORT NUMBER OASD(C3I) 11. SUPPLEMENTARY NOTES 12a. DISTRIBUTION / AVAILABILITY STATEMENT Approved for public release; Distribution unlimited 12b. DISTRIBUTION CODE A 13. ABSTRACT (Maximum 200 Words) This briefing presents the information assurance environment, DoD's vision, the DoD IA community response and challenges, the DoD Industry Relationship, key influences on the DoD and a summary. 14. SUBJECT TERMS IATAC Collection, information assurance 15. NUMBER OF PAGES 21 16. PRICE CODE 17. SECURITY CLASSIFICATION OF REPORT UNCLASSIFIED 18. SECURITY CLASSIFICATION OF THIS PAGE UNCLASSIFIED 19. SECURITY CLASSIFICATION OF ABSTRACT UNCLASSIFIED 20. LIMITATION OF ABSTRACT UNLIMITED NSN 7540-01-280-5500 Standard Form 298 (Rev. 2-89) Prescribed by ANSI Std. Z39-18 298-102

Briefing Overview The environment-->push & pull; the evolution of threats & technology DoD s vision-->decision Dominance enabled by network centric operations netcentricity The DoD IA Community response & challenges The DoD - Industry Relationship Key Influences on the DoD - Industry Relationship Policies Summary Slide 2

The Changing Face of Cyber Threat Current Situation Assessment Global access to information Networks emerging as centers of gravity Geographic and infrastructure boundaries meaningless Critical infrastructures/ sectors are targets Cyber response problematic Anonymity makes tracing difficult Technology has given rise to new threats High Potential Damage Low State Sponsored Low Terrorist 2005 2002 2000 Espionage Criminal Probability of occurrence Hacker High Source: 1996 DSB Summer Study Individual Hacker Intrusion Crime Attack Access Theft Exploitation Challenge Alteration Degradation Ego Destruction Destruction Most Likely Annoyance Criminal / Disgruntled Employee Terrorist / Nation-State Least Likely Strategic Impact Slide 3

Gartner s Top 10 Technologies 2002-2007 Gartners top 10 technologies (2002-2007) Biometric authentication Speech recognition web services portals always-on wireless data & communications converged networks digital wallets & interest portfolios wireless LAN privacy management technology instant messaging Venture Capital hot investment areas for 2002: INFRASTRUCTURE network, systems, security and data infrastructure What are the security implications of these technologies?! Slide 4

DoD Vision Enabling Full Spectrum Dominance Dedicated individuals and innovative organizations transforming the joint force for the 21st Century to achieve Full Spectrum Dominance: Persuasive in peace Decisive in war Preeminent in any form of conflict Full Spectrum Dominance One Team One Vision Information Assurance People Business Sectors State & Local Operations DoD Private Citizens International Technology & Solutions Slide 5

Future DoD Operations NetCentricity Defines future warfare transformed by information technology Focuses on battlefield entities, information flows, and their interactions Describes strategy, operations, tactics & doctrine that takes advantage of information technology Requires a Global Information Grid Massed effects not forces Delivers Power to the Edge Highly aware forces Increased operational speed & agility Optimized environment for improved decision making (C2) Seeks to reduce or eliminate the constraints of space & time Slide 6

Netcentricity Increases Demand for New & Improved IA Capabilities Embedded IA services/management in nodes/links Adaptive, automated configuration and remote operation of components/systems High confidence, scaleable supporting infrastructures New skill sets of flexibility, coping with higher levels of ambiguity and uncertainty and to operate under growing levels of pressure Well integrated assurance tools into development, deployment, employment, support mechanisms ID need/opportunity Define response Design implementations Develop capabilities Deploy (deliver) result Employ (use) Support (maintain, sustain) Enforce, assess-evaluate, insight-oversight Slide 7

DoD Information Assurance Model Information Assurance enables Information Dominance Attack and Sensing Alert and Warning Network Centric Operations Operations DoD Vision Information Assurance Security Enabled Solutions Global Grid Public Key Infrastructure Science and Technology Technology Sectors DoD Business Sectors Private Citizens State/Local International Information Dominance Centers of Excellence Attract, Retain, Sustain (Leverage Industry Experts) Training and Awareness People Slide 8

Vision & Goals VISION: Mission Dominance through Dynamic IA KEY TENETS: Globalization mandates partnerships (Allies & Industry) Consumer IT markets heavily influence operational requirements (develop proactive IA solutions) IA is an enterprise-wide capability that demands decisions from an enterprise perspective (process change) Users demand agility, transparency, & intrinsic trust in the global information grid. (user driven) GOALS: PROTECT INFORMATION: Maintaining the essential qualities of information. DEFEND NETWORKS: Assure vulnerabilities are not exploited; we are aware of exploitation attempts AND take action to avert risks. CREATE IA SITUATIONAL AWARENESS/C2: Build Confidence in our ways & means; respond faster than our adversaries. MAINTAIN ROBUST INFRASTRUCTURES: Enable the ability to adapt to uncertainties and ambiguities in the environment. Slide 9

IA Strategic Focus (By Domain) Major Focus GLOBAL Domain US Domain FEDERAL Domain DEFENSE Domain Assured collaboration with Allies and in Coalition operations Appropriate ventures with the private sector - maintaining cutting edge solutions vis a vis privacy issues Influence information assurance in homeland defense Protect Information, Defend Networks, Create IA Situational Awareness/C2, Maintain Robust Infrastructures Develop policies concurrently with the implementation of a capability Slide 10

A New IA Strategic Framework Consumer Focused, Collaborative Base, Dynamic in Nature E N D U R I N G G O A L S I N V E S T M E N T S T R A T E G I ES Sustain Transform Leap-Ahead Protect Information Defend Networks Create IA Situational Awareness/C2 Maintain Robust Infrastructures Slide 11

Information Dominance - Operations Alert and Warning The Challenge: To share critical vulnerability information rapidly with international and domestic partners. Attack and Sensing The Challenge: Early detection of malicious activities. Network Centric Operations The Challenge: To establish a common operational picture and avoid information stovepipes. Slide 12

Information Dominance - People Centers of Academic Excellence in IA Education The Challenge: To develop the future workforce and increase the number of professionals with IA expertise. GOAL: ATTRACT, SUSTAIN, AND RETAIN IA PROFESSIONALS Training and Awareness The Challenge: To keep the current workforce ahead of the IT curve with new educational programs and professional IA training. Slide 13

Information Dominance - Technology Science and Technology The Challenge: To rapidly develop and implement innovative security solutions Global Grid The Challenge: To keep pace with information demands while ensuring security. Slide 14

Information Dominance - Technology Security Enabled Solutions The Challenge: To acquire products and applications that contain security robustness. Remote Dial-In User Telephone Defend Networks and Infrastructure Defend Computing Switched Environment Tele Network Local Enclave Wireless Defend Enclave Data Network Boundary Desktop Combat Radio Server Public Key Infrastructure Public Key Infrastructure The Challenge: To provide authentication, confidentiality, inter-operability, and access control throughout the enterprise. Slide 15

Many Players, Many Perspectives Products & Services Technology Industry Product Vendors System Integrators Testers/Evaluators Network/Information Service Providers Professional Service Providers Infrastructure Owners/Operators IA Establishment Joint Staff NSA OSD NSA Requirements IA Establishment Joint Staff OSD DoD IA Market DISA Services DISA Services Consumers CINCS/Services OSD Defense Agencies Intel Community Other Federal Agencies Allies/Coalition Partners Policy/Requirements $$$ Technology Policy, Guidance, Direction Approval/Accreditation Solutions Slide 16

DoD s View of Industry Commercial users willing to field systems with less than adequate security Don t publicize computer security problems Most decisions are cost-driven Cost/benefit Insurance Write-off losses Pass loss on to customer Not a lot of leading edge R&D -market focused CAVEAT EMPTOR Many vendors lack long-term R&D Vision necessary to solve the hard problems (evolutionary advances - function vice new capabilities) Commercial world utilizes high-cost workarounds to implement security solutions Virtually all commercial work based on previous DoD research Slide 17

DoD IA Policy DoDD 8500.aa - Information Assurance (Roles & Responsibilities) DoDI 8500.bb - IA Implementation Managing information assurance as a quality across the IT life cycle - are achieved through core IA initiatives such as the NIAP and the development and use of CCPP and evaluation methods for COTS; through the DITSCAP for all government and contractor information systems connected to the GIG; education, training and awareness for IA and IT professionals and GIG users; the IAVA and other vulnerability management processes; incident response; continuity planning; and consequence management. Establishes threshold assurance levels for connection to the GIG Slide 18

National Information Assurance Partnership NSTISSIP-11 Common Criteria (CC) Evolution Common Criteria Test Program Commercial Lab Accreditation CC Security Target & Protection Profile Generation Support Validated Product List Publication Test Methods & Tools Development NIST / NSA JOINT INITIATIVE Slide 19

Strengthening the Links to Enable IA Four areas where we can help each other... Create Consolidate Assist in our efforts to innovate (e.g., DARPA, Service Labs) Leverage industry s market research w/our resource base Help us develop the tools, techniques, procedures for mutual protection Assess IA-related efforts in a broader nation-wide context Focus on priorities Be part of our solutions Find the common ground in combating terrorism; Commit Conduct Implement community solutions proven effective for a given environment Share best practices and lessons learned Technology & Solutions Operations People Slide 20

You are a Critical Piece of the Information Dominance Puzzle Department of Defense Business Sector INFORMATION ASSURANCE Private Citizens Government - State, Local, Federal Slide 21

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback