I n t e g r i t y - S e r v i c e - E x c e l l e n c e

Similar documents
Task Force Cyber Secure

Rocky Mountain Cyberspace Symposium 2018 DoD Cyber Resiliency

Defense Security Service. Strategic Plan Addendum, April Our Agency, Our Mission, Our Responsibility

Air Force Digital Strategy

Navy Cyber Resilience

UNCLASSIFIED. FY 2016 Base FY 2016 OCO

Advanced Technology Academic Research Council Federal CISO Summit. Ms. Thérèse Firmin

UNCLASSIFIED R-1 ITEM NOMENCLATURE FY 2013 OCO

Cybersecurity (CS) (as a Risk Based Approach) & Supply Chain Risk Management (SCRM) (Levels of Assurance for HwA, SwA & Assured Services?

Airmen & community support missions. Two decades of taking risk in infrastructure created a fiscally unsustainable posture.

White Paper. View cyber and mission-critical data in one dashboard

Information Security Continuous Monitoring (ISCM) Program Evaluation

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

Rethinking Cybersecurity from the Inside Out

NDIA SE Conference 2016 System Security Engineering Track Session Kickoff Holly Dunlap NDIA SSE Committee Chair Holly.

DEFENSE LOGISTICS AGENCY

INFORMATION ASSURANCE DIRECTORATE

RBI GUIDELINES ON CYBER SECURITY AND RAKSHA APPROACH

Enterprise Risk Management (ERM) and Cybersecurity. Na9onal Science Founda9on March 14, 2018

Space Cyber: An Aerospace Perspective

Evolving the Security Strategy for Growth. Eric Schlesinger Global Director and CISO Polaris Alpha

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

Advanced Cyber Risk Management Threat Modeling & Cyber Wargaming April 23, 2018

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

Cyber Challenges and Acquisition One Corporate View

CyberUSA Government Cyber Opportunities for your Region: The Federal Agenda - Federal, Grants & Resources Available to Support Community Cyber

Cyber Security Summit 2014 USCENTCOM Cybersecurity Cooperation

Cybersecurity for Security Personnel

Introducing Cyber Observer

Cybersecurity & Privacy Enhancements

Cybersecurity in Acquisition

IT Security vs. Defensive Cyber Operations: The evolution of CAF Cyber

DoD Strategy for Cyber Resilient Weapon Systems

AMRDEC CYBER Capabilities

Cyber T&E Standards Panel

Cyber Security Program

Cyber Resilience. Think18. Felicity March IBM Corporation

National Initiative for Cyber Education (NICE) and the Cybersecurity Workforce Framework: Attract and Retain the Best in InfoSec.

Awareness as a Cyber Security Vulnerability. Jack Whitsitt Team Lead, Cyber Security Awareness and Outreach TSA Office of Information Technology

Air Force Civil Engineer Center. Director s View. Randy Brown Director 4 May Battle Ready Built Right! 1

New DoD Approach on the Cyber Survivability of Weapon Systems

Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013

Acquisition Reform Summary... 54

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

CISO as Change Agent: Getting to Yes

The University of Queensland

Certified Information Security Manager (CISM) Course Overview

Headquarters U.S. Air Force

UNCLASSIFIED FY 2016 OCO. FY 2016 Base

DISA Cybersecurity Service Provider (CSSP)

Achieving DoD Software Assurance (SwA)

SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP)

ARC VIEW. Critical Industries Need Continuous ICS Security Monitoring. Keywords. Summary. By Sid Snitkin

DOD Medical Device Cybersecurity Considerations

Application Security Kung-Fu Competitive Advantage from Threat Modeling

DELIVERING SIMPLIFIED CYBER SECURITY JOURNEYS

Cybersecurity Capabilities Overview

ISA 201 Intermediate Information Systems Acquisition

UNCLASSIFIED. FY 2016 Base FY 2016 OCO

Aligning IT, Security and Risk Management Programs. Ahmed Qurram Baig, CISSP, CBCP, CRISC, CISM Information Security & GRC Expert

Avionics Cyber T&E Examples Testing Cyber Security Resilience to support Operations in the 3rd Offset Environment

AC2 CTC Investment Strategy. Capt Brandon Keller, AFRL/RIS Acting CTC Lead

April 25, 2018 Version 2.0

UNCLASSIFIED R-1 ITEM NOMENCLATURE FY 2013 OCO

The Operational Test & Evaluation Cybersecurity Terrain

TEL2813/IS2621 Security Management

Cybersecurity vs. Cyber Survivability: A Paradigm Shift

Transformation in Technology Barbara Duck Chief Information Officer. Investor Day 2018

DLA Energy Panel: Energy Resiliency and Assurance

How to Underpin Security Transformation With Complete Visibility of Your Attack Surface

Connecting the dots: A proactive approach to cybersecurity oversight in the boardroom. kpmg.ca

Providing Cybersecurity Inventory, Compliance Tracking, and C2 in a Heterogeneous Tool Environment

Today s cyber threat landscape is evolving at a rate that is extremely aggressive,

T&E Workforce Development

24 AF Requirements and Cyber Proving Ground Col Chad Nite Le Maire Col Timothy Chewy Franz 8 Dec 16

Department of Defense (DoD) Joint Federated Assurance Center (JFAC) Overview

Cybersecurity Test and Evaluation at the National Cyber Range

CYBER SOLUTIONS & THREAT INTELLIGENCE

The Perfect Storm Cyber RDT&E

NCSF Foundation Certification

Cybersecurity Test and Evaluation

DoDD DoDI

Department of Defense. Installation Energy Resilience

SPECIALIST CYBER SECURITY SERVICES & CYBER VULNERABILITY HEALTH CHECK FOR SMALLER COMPANIES

Department of Management Services REQUEST FOR INFORMATION

The Fine Art of Creating A Transformational Cyber Security Strategy

UNCLASSIFIED R-1 ITEM NOMENCLATURE FY 2013 OCO

Boston Chapter AGA 2018 Regional Professional Development Conference Cyber Security MAY 2018

CYBER SECURITY AIR TRANSPORT IT SUMMIT

SDDC CAMPAIGN PLAN OVERVIEW MILITARY SURFACE DEPLOYMENT AND DISTRIBUTION COMMAND

A New Cyber Defense Management Regulation. Ophir Zilbiger, CRISC, CISSP SECOZ CEO

New Horizons. Dr. Bryant Wysocki Chief Engineer AFRL Information Directorate. 13 March 2017

Virtustream Cloud and Managed Services Solutions for US State & Local Governments and Education

COMPLIANCE WITH THIS PUBLICATION IS MANDATORY

Nebraska CERT Conference

Balancing Compliance and Operational Security Demands. Nov 2015 Steve Winterfeld

Solutions Technology, Inc. (STI) Corporate Capability Brief

USAF Environmental Management System Update

Joint Federated Assurance Center (JFAC): 2018 Update. What Is the JFAC?

Rhode Island Air National Guard. Current Cyber Landscape

Transcription:

I n t e g r i t y - S e r v i c e - E x c e l l e n c e

Headquarters U.S. Air Force I n t e g r i t y - S e r v i c e - E x c e l l e n c e AF Chief Information Security Officer (CISO) Mr. Pete Kim (SES) AF Chief Information Security Officer peter.e.kim2.civ@mail.mil (703) 695-1835 2

CISO Mission Statement Transform the Air Force from reactive to proactive cybersecurity through policy, processes, and strategic communications and Cyber Secure Airmen. Implement and enable a cybersecurity governance structure to inform senior leaders of cybersecurity challenges leading to agile, effective, and informed decisions regarding cybersecurity risk mitigation. Continuing journey (work in progress ever adapting and constantly improving) I n t e g r i t y - S e r v i c e - E x c e l l e n c e 3

CISO What Do I Focus On? It s about flying, fighting and winning. I n t e g r i t y - S e r v i c e - E x c e l l e n c e 4

CISO Guiding Principles Enterprise Perspective Education on the Risk Share Information Connect the Dots Make Decisions I n t e g r i t y - S e r v i c e - E x c e l l e n c e 5

My Approach for Cybersecurity Compliance Mindset Adversary Mindset Policy Compliance Performance Optimization Configuration Baseline and Standardization Administrator Perspective Synergy Hacker Perspective Identify Vulnerabilities Identify Intruders Assess Defensive Response New Cybersecurity Paradigm: You need both mindsets on your mission systems 24/7 I n t e g r i t y - S e r v i c e - E x c e l l e n c e 5

AFCYBER leverages static and active defenses to identify, mitigate and remediate cyber vulnerabilities and detect/defeat cyber threats. USCYBERCOM, JFHQ DODIN, NSA, Cyber Protection Teams, AFCYBER, and Comm Squadron Next work together to defend AF Core Missions AFCYBER currently defends Key Terrain & critical assets for AF Core Mission (Air, Space, C2) DCO-RA OCO USCYBERCOM NSA/DISA OV-1 of AF Cyber Defense-in-Depth (Cyber Mission Assurance of AF Core Missions) AFCYBER Comm Sq Next AF Core Mission Owner and critical weapons systems Cyber Threat I n t e g r i t y - S e r v i c e - E x c e l l e n c e 7

CISO Framework and Priorities 1. Enterprise Approach: Sets enterprise priorities, guidance and policy on cybersecurity for the Air Force...for Core Missions and the information technologies that enable those missions. 2. Team: Orchestrates the AF Team approach to field cyber-resilient capabilities and enhance the protection of critical warfighter/business information with public and private industry for enterprise cybersecurity and coordinated response actions. 3. Educate: Trained and educated CyberSafe Airmen who understand cybersecurity implications and linkages to mission assurance in, through and from cyberspace. 4. Innovate: Innovative approaches to critical cyber defense and resiliency challenges for air, space and cyberspace. 5. Manage Risk: Enable executive discussions on risk management to protect Airmen, Core Missions and to defeat adversaries effectiveness. I n t e g r i t y - S e r v i c e - E x c e l l e n c e 8

Enduring Cybersecurity Missions, Functions & Tasks SAF/CIO A6 Lt Gen William Bender Deputy CIO: Mr. Bill Marion (SES) Chief Information Security Officer Mr. Peter Kim (SES) JIE Governance ITGEG / ITGEB / WFI - GOSG Information Dominance Flight Plan Cybersecurity Program Cybersecurity Oversight Effective RMF Performance Implement DoD s Cybersecurity Program Establish risk executive (function) for comprehensive, AF-wide risk management Establish risk management roles/responsibilities Implement risk management strategy Oversee consistent enterprise risk mgt activities Manage threat & vulnerability information Lead Cybersecurity Forums (AFCTAG & AFRMC) Risk Posture Policy & Strategy Guidance Develop/maintain policy & guidance (Risk Management Framework, COMSEC, TEMPEST, PKI, COMPUSEC, Crypto/Mod, etc.) Review/approve Cybersecurity strategies, H/VH, PIA and AFDAMO packages Culture Cybersecurity Support Shape Air Force Culture Develop recurring & robust cybersecurity training Inject standard cyberspace curriculum into all accession programs Inform the force about realistic cyber threats Develop strategic risk understanding (IDFP) Strategy/Policy Holistic Cybersecurity Strategy Develop AF Cybersecurity strategy Cybersecurity architecture liaison Gather aggregated risks (Balanced Scorecard, Enterprise Dashboard, Metrics, etc.) Support implementation of advanced defensive tools on Air Force networks Support improved protection of weapons and mission systems Secretariat AO Summit & Cybersecurity Scorecard Cybersecurity Coordination Core Mission Liaisons Experts on Key Cyber Terrain for Core Missions Oversee compliance with cybersecurity program within info systems, PIT-control systems, threat analysis, policy, PPBE Transform mission needs into achievable cybersecurity requirements Mission Assurance Fly, Fight and Win Assess cybersecurity posture Oversee requirements within core missions and capabilities (RGM, ISR, C2, AS, SS, CS, GS, ACS) Criteria Does not duplicate work Spans entire AF I n t e g r i t y - S e r v i c e - E x c e l l e n c e 9

I n t e g r i t y - S e r v i c e - E x c e l l e n c e 10

CISO Initiative Linkages IDFP Goal: Objective : Initiative: 3.6.1 Clarify responsibilities for AFIN 1 Infrastructure 2 Manpower 3 Freedom of Action 4 Governance/ Resources 3.6 Introduce new policy instruments or update existing policies to accomplish the five core missions in a contested cyberspace environment 3.7 Shape Air Force culture so that Airmen understand the importance of the cyberspace domain in accomplishing the five core missions and their role in mission assurance in, through, and from cyberspace 4.5 Sustain appropriate levels of Air Force funding to enable the defense of the five core missions in, through, and from cyberspace 3.6.2 Centralized mission analysis 3.6.3 Clarify roles and responsibilities for mission assurance in cyberspace 3.6.4 Codify cyberspace lexicon 3.6.5 Support development of a cyberspace dashboard 3.6.6 Support implementation of advanced defensive tools on AF Networks 3.6.7 Support implementation of Communications Squadron-Next 3.6.8 Support improved protection of weapons and mission systems 3.6.9 Implement the Risk Management Framework (RMF) 3.6.10 Assign control systems to IMSC 3.6.11 Update AFI 33-200 to include responsibilities of new CISO office 3.6.12 Update DODI to Operationalize CCRIs 3.7.1 Develop recurring robust cybersecurity awareness training 3.7.2 ID and review existing cybersecurity training and education programs 3.7.3 Inject standard cyberspace curriculum into all accession programs 3.7.4 Inform the force about realistic cyberspace threats 4.5.1 POM/UFR/Rapid Acquisition I n t e g r i t y - S e r v i c e - E x c e l l e n c e 11

I n t e g r i t y - S e r v i c e - E x c e l l e n c e

To ask questions during or after the presentation, please email them to: AFITC2016QA@gmail.com Your questions will be read aloud for the audience and speaker

14

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback