Dr. Steven J. Hutchison Principal Deputy Developmental Test and Evaluation

Similar documents
Test and Evaluation Methodology and Principles for Cybersecurity

The Perfect Storm Cyber RDT&E

T&E Workforce Development

Shift Left: Putting the Process Into Action

Cybersecurity is one of the most important challenges for our military today. Cyberspace. Cybersecurity. Defending the New Battlefield

Program Protection Implementation Considerations

The Operational Test & Evaluation Cybersecurity Terrain

Air Force Test Center

DEPARTMENT OF THE NAVY CHIEF INFORMATION OFFICER (DON CIO) CYBERSECURITY STRATEGY TEMPLATE

Test & Evaluation of the NR-KPP

April 25, 2018 Version 2.0

OFFICE OF THE SECRETARY OF DEFENSE DEFENSE PENTAGON WASHINGTON, DC MEMORANDUM FOR MEMBERS OF THE ACQUISITION WORKFORCE

Cybersecurity Test and Evaluation at the National Cyber Range

6/18/ ACC / TSA Security Capabilities Workshop THANK YOU TO OUR SPONSORS. Third Party Testing Program Overview.

DoD Joint Federated Assurance Center (JFAC) Update

Planning and Executing an Integration Test Strategy for a Complex Aerospace System

Cybersecurity T&E and the National Cyber Range Top 10 Lessons Learned

New DoD Approach on the Cyber Survivability of Weapon Systems

UNCLASSIFIED. FY 2016 Base FY 2016 OCO

Cyberspace T&E Drivers and Initiatives

NDAA Section 804 Accelerated Test, Evaluation and Certification What is it and How Will it Impact IT Acquisitions?

BY ORDER OF THE ELECTRONIC SYSTEMS CENTER/ ESC/ENI INSTRUCTION ENGINEERING INTEGRATION (ESC/ENI) CHIEF Date: 8 August, 2011

Cyber, Command, Control, Communications, and Computers Assessments Division (C5AD)

INFORMATION ASSURANCE DIRECTORATE

M&S Strategic Initiatives to Support Test & Evaluation

Cybersecurity Test and Evaluation Achievable and Defensible Architectures

CYBER SECURITY BRIEF. Presented By: Curt Parkinson DCMA

Rocky Mountain Cyberspace Symposium 2018 DoD Cyber Resiliency

Test and Evaluation. The Key to Successful Acquisition Outcomes DHS SCIENCE AND TECHNOLOGY. Steve Hutchison. 20 April 2017

Avionics Cyber T&E Examples Testing Cyber Security Resilience to support Operations in the 3rd Offset Environment

Cybersecurity Test and Evaluation

JOINT MISSION ENVIRONMENT TEST CAPABILITY (JMETC)

Test and Evaluation. The Key to Successful Acquisition Outcomes. Steve Hutchison. 3 October Director Office of Test and Evaluation

Test Resource Management Center Directed Energy T&E Conference A Joint DEPS ITEA Event

Risk Management Framework for DoD Medical Devices

Defense Information Systems Network (DISN) Test and Evaluation Network (DTEN)

Innovate Integrate Standardize Improving the C&A Process to Deliver Today s Technology Tomorrow

Joint Mission Environment Test Capability (JMETC)

U.S. FLEET CYBER COMMAND U.S. TENTH FLEET Managing Cybersecurity Risk

INFORMATION ASSURANCE DIRECTORATE

AMRDEC CYBER Capabilities

DOE and Test Automation for System of Systems T&E

Joint Federated Assurance Center (JFAC): 2018 Update. What Is the JFAC?

DoDD DoDI

RISK MANAGEMENT FRAMEWORK COURSE

Test and Evaluation in the Department of Homeland Security

Department of Defense (DoD) Joint Federated Assurance Center (JFAC) Overview

STUDENT GUIDE Risk Management Framework Step 1: Categorization of the Information System

An Accelerated Approach to Business Capability Acquisition for the Montgomery IT Summit. Presented by: Mr. Paul Ketrick May 19, 2009

UNCLASSIFIED UNCLASSIFIED

Cybersecurity vs. Cyber Survivability: A Paradigm Shift

Department of Defense INSTRUCTION

Achieving DoD Software Assurance (SwA)

Cybersecurity in Acquisition

Data Management & Test Scenarios Exercise

Advancing the Role of DT&E in the Systems Engineering Process:

T&E IN CYBERSPACE (UCR TESTING)

INFORMATION ASSURANCE DIRECTORATE

Struggles at the Frontiers: Persistent Pursuit of Software Assurance in the Development and Sustainment of Defense Systems Dr. Kenneth E.

THE UNDER SECRETARY OF DEFENSE 3010 DEFENSE PENTAGON WASHINGTON, DC ACQUISITION, TECHNOLOGY AND LOGISTICS January 11, 2017

Ready for Scrum? Steve Hutchison DISA T&E

Cybersecurity (CS) (as a Risk Based Approach) & Supply Chain Risk Management (SCRM) (Levels of Assurance for HwA, SwA & Assured Services?

Cybersecurity Testing

Cybersecurity Planning Lunch and Learn

FPM-IT-420B: FAC-P/PM-IT Planning & Acquiring Operations of IT Systems Course Details

Naval Surface Warfare Center,

Streamlined FISMA Compliance For Hosted Information Systems

INFORMATION ASSURANCE DIRECTORATE

Instructions for Completing a Key Leadership Position Joint Qualification Board Application

THE POWER OF TECH-SAVVY BOARDS:

Revitalizing Education and Training in Systems Engineering

Mission Thread Market (MTM): A Faster, Cheaper, Better Path to Netcentricity (A JITC - W2GOG Project)

System Security Engineering for Program Protection and Cybersecurity

Biometric Enabling Capabilities Increment 1 (BEC Inc 1) Information Exchange. LTC Eric Pavlick PM, Biometric Enabling Capabilities

Job Aid: Introduction to the RMF for Special Access Programs (SAPs)

UNCLASSIFIED FY 2016 OCO. FY 2016 Base

DoD Strategy for Cyber Resilient Weapon Systems

ISA 201 Intermediate Information Systems Acquisition

NIST Security Certification and Accreditation Project

Cybersecurity T&E and the National Cyber Range

DEFENSE LOGISTICS AGENCY

DOD Medical Device Cybersecurity Considerations

DEFENSE INFORMATION SYSTEMS AGENCY P. O. BOX 549 FORT MEADE, MARYLAND Joint Interoperability Test Command (JTE) 26 Mar 13

Cybersmart Buildings: Securing Your Investments in Connectivity and Automation

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

I n t e g r i t y - S e r v i c e - E x c e l l e n c e

Cyber T&E Standards Panel

FISMAand the Risk Management Framework

Cybersecurity & Privacy Enhancements

Defense Information Services Agency (DISA) Training Pre-Approved for CompTIA CEUs

PCTE Program Management Update. Liz Bledsoe Acting Product Manager Cyber Resiliency and Training

DEFENSE INFORMATION SYSTEMS AGENCY P. O. BOX 549 Fort Meade, Maryland

General Framework for Secure IoT Systems

INFORMATION ASSURANCE DIRECTORATE

Appendix 2B. Supply Chain Risk Management Plan

NCSF Foundation Certification

CYBER RESILIENT AND SECURE WEAPON SYSTEMS ACQUISITION / PROPOSAL DISCUSSION

DEFENSE INFORMATION SYSTEMS AGENCY P. O. BOX 549 FORT MEADE, MARYLAND Joint Interoperability Test Command (JTE) 23 Oct 12

Advanced Technology Academic Research Council Federal CISO Summit. Ms. Thérèse Firmin

COMPASS FOR THE COMPLIANCE WORLD. Asia Pacific ICS Security Summit 3 December 2013

Transcription:

Nov 2012 Page-1 Dr. Steven J. Hutchison Principal Deputy Developmental Test and Evaluation November 2012

Nov 2012 Page-2 DT&E for Complex Systems Performance Reliability Interoperability Information Security Operations Test & Evaluation Training Experimentation Modeling & Simulation System Integration Labs JIOR Cyber Range JMETC Persistent, rapidly composable, secure representation of the Joint Information Environment

Nov 2012 Page-3 The DoD Acquisition Model

Nov 2012 Page-4 Test, Evaluation, Certification Security T&E DIACAP Late to Need!

Hindsight is 20-20 Compliance with IA Controls and Interoperability Standards and Profiles are necessary but not sufficient DISTRIBUTION STATEMENT A Cleared for Open Publication by OSR on What did we test? What did we know? Fielded systems: Interoperability issues IA Vulnerabilities To reduce discovery late in the acquisition lifecycle, test in mission context, against realistic threat, and..! DOT&E COCOM/Service Interop & IA Assessments Nov 2012 Page-5

Net Ready KPP New Role for DASD(DT&E) Nov 2012 Page-6 New Language DISA will ensure JITC leverages previous, planned and executed DT&E and OT&E tests and results to support joint interoperability test certification and eliminate test duplication. DASD(DT&E) shall approve Developmental Test and Evaluation plans in support of Joint Interoperability Test Certification as documented in the TEMP. JITC shall advise DASD (DT&E) regarding the adequacy of test planning in support of Joint Interoperability Test Certification. CJCSI 6212 DASD(DT&E) approves adequacy of Interoperability test planning

Nov 2012 Page-7 Information Assurance Policy Information Assurance compliance activities need to be integrated into DT&E and included in the TEMP

Information Assurance What s Changing? Nov 2012 Page-8 Implements Risk Management Framework (RMF) instead of Mission Assurance Category/Confidentiality Level (MAC/CL) Adopts new guidance from the National Institute of Standards and Technology (NIST) and Committee on National Security Systems Instruction (CNSSI) documents on Cybersecurity Goes beyond IA and adopts the term: Cybersecurity Lexicon Changes Certification and Accreditation becomes Assessment and Authorization Designated Approving Authority (DAA) becomes Authorizing Official (AO) Certifying Authority becomes Security Control Assessor Threat = Any event with potential to cause harm to the network Vulnerability = Absence/weakness of safeguards to protect the network Risk = Likelihood that a threat will realize or exploit a vulnerability

Implementing Cybersecurity What s Being Proposed? Nov 2012 Page-9 DASD(DT&E): Oversight of test planning in support of Cybersecurity C&A(A&A) Establish procedures to ensure that DT&E authorities for acquisition programs verify that adequate DT&E is planned and resourced to address Cybersecurity Confirm DT&E can be executed in a timely manner prior to approval of program Test and Evaluation Master Plans (TEMPs) DASD(DT&E) will ensure adequate Cybersecurity test planning

Nov 2012 Page-10 DT&E in the Cyberspace Domain Process Methodology Desired Federated Cyberspace T&E Capability Systems Under Test Instrumentation ACETEF BAF SDREN JPRIMES CDS TSMO IO Range Test Tools Cyberspace Threat Representations Workforce Infrastructure An Integrated T&E Enterprise Capable of Creating a Realistic Cyberspace Test Environment at All Required Security Levels Persistent, rapidly composable, secure representation of the Joint Information Environment

DT&E Cybersecurity Process Summary Nov 2012 Page-11 Step 1 Cybersecurity Test Requirements Evaluation Focus on initiating an approach to Cybersecurity DT&E at Milestone A or B, with update at Milestone C. Step 2 Cybersecurity System Integration Evaluation Focus is assessment of Cybersecurity in component and system integration vulnerability testing, between MS B and C. Step 3 Cyber Kill Chain Evaluation Focus is assessment of Cybersecurity of the system under test, in a realistic mission and cyber environment, using exploitation testing techniques, post-cdr. Step 4 Cybersecurity Test in Realistic Cyber Environment Focus is on Cybersecurity readiness in an operational mission environment to understand capabilities and limitations of the SUT and interconnections against a cyber threat using Red Team testing.

Nov 2012 Page-12 Cybersecurity Testing in the Acquisition Lifecycle AOTR MS A MS B MS C Full Rate Production Decision Review Strategic Guidance (OSD/JCS) Joint Concepts (COCOMs) CBA ICD MDD Materiel Solution Analysis Technology Development CDD Engineering & Manufacturing Development CPD Production and Deployment O&S JCIDS Process AoA ASR SRR SFR PDR CDR TRR SVR IOT&E TDS TEMP SEP SRD STAR TRA AS *TEMP *SEP PPP OTR STAR * *PPP TEMP * STAR * Cyber Test Step 1 Cyber Test Step 1 Step 2 Cyber Test Step 1 Step 2 Step 3 Cyber Test Step 1 Step 2 Step 3 Step 4 Reduce the Cyber Attack Surface

Nov 2012 Page-13 Conclusion DT&E in mission context Improve Interoperability Improve Cybersecurity Reduce discovery in IOT&E Improve Acquisition Outcomes To ensure rapid fielding of enhanced capabilities to the Warfighter!

Nov 2012 Page-14 Questions?

DoD Test, Evaluation, & Certification Nov 2012 Page-15 Multiple Test Orgs DT, OT, Iop, IA Multiple Decision Makers MDA, CIO, DAA DT&E Test Concept Brief Operational Test Plan User Training AOTR OTRR Test Plan Approved Tester Training Support Implemented DIACAP Pilot IAC&A OT&E OTRR Interop Testing Record Interop Cert Eval Report Full Deployment Decision Review 60 days 60 days 14 days 60 days T&E Plan Test Report cycle can exceed six months!

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback