Cyber Challenges and Acquisition One Corporate View

Similar documents
An Integrative Framework for Secure and Resilient Mission Assurance

UNCLASSIFIED R-1 ITEM NOMENCLATURE FY 2013 OCO

UNCLASSIFIED R-1 ITEM NOMENCLATURE

THE POWER OF TECH-SAVVY BOARDS:

Systems 2020 Strategic Initiative Overview

AMRDEC CYBER Capabilities

New Horizons. Dr. Bryant Wysocki Chief Engineer AFRL Information Directorate. 13 March 2017

UNCLASSIFIED R-1 ITEM NOMENCLATURE FY 2013 OCO

UNCLASSIFIED FY 2016 OCO. FY 2016 Base

Space Cyber: An Aerospace Perspective

Challenges and Opportunities in Cyber Physical System Research

Department of Defense Fiscal Year (FY) 2014 IT President's Budget Request Defense Advanced Research Projects Agency Overview

Boston Chapter AGA 2018 Regional Professional Development Conference Cyber Security MAY 2018

Systems Engineering and System Security Engineering Requirements Analysis and Trade-Off Roles and Responsibilities

DELIVERING MISSION BASED OUTCOMES TO THE INTELLIGENCE COMMUNITY SINCE 2002 MISSION-DRIVEN SOLUTIONS 1

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

Department of Defense (DoD) Joint Federated Assurance Center (JFAC) Overview

CSD Project Overview DHS SCIENCE AND TECHNOLOGY. Dr. Ann Cox. March 13, 2018

Greg Garcia President, Garcia Cyber Partners Former Assistant Secretary for Cyber Security and Communications, U.S. Department of Homeland Security

Cybersecurity in Acquisition

I n t e g r i t y - S e r v i c e - E x c e l l e n c e

Industry role moving forward

Mission Aware Cybersecurity

NATIONAL DEFENSE INDUSTRIAL ASSOCIATION Homeland Security Symposium

Information Solutions

M2M Zone Conference Thursday, September 8, :30-2pm

Cisco Connected Factory Accelerator Bundles

Angela McKay Director, Government Security Policy and Strategy Microsoft

Acquisition and Intelligence Community Collaboration

UNCLASSIFIED R-1 ITEM NOMENCLATURE FY 2013 OCO

UNCLASSIFIED. R-1 Program Element (Number/Name) PE D8Z / Software Engineering Institute (SEI) Applied Research. Prior Years FY 2013 FY 2014

UNCLASSIFIED. FY 2016 Base FY 2016 OCO

Cyber Intelligence Professional Certificate Program Booz Allen Hamilton 2-Day Seminar Agenda September 2016

UNCLASSIFIED R-1 ITEM NOMENCLATURE. FY 2014 FY 2014 OCO ## Total FY 2015 FY 2016 FY 2017 FY 2018

Cyber Security Technologies

What We Can Learn from Other s Cybersecurity Failures. Keith Price BBus, MSc, CGEIT, CISM, CISSP

Space and Naval Warfare Systems Center Atlantic Information Warfare Research Project (IWRP)

It s just software Or It s all software and it s the new normal

The UK s National Cyber Security Strategy

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

Integrated C4isr and Cyber Solutions

National Cyber R&D Framework: Changing The Game Recommendations from the NITRD Senior Steering Group on Cybersecurity R&D

General Framework for Secure IoT Systems

French-American Foundation Conference on cyber issues. Opening remarks. 25 October 2017

Cybersecurity (CS) (as a Risk Based Approach) & Supply Chain Risk Management (SCRM) (Levels of Assurance for HwA, SwA & Assured Services?

UNCLASSIFIED. FY 2016 Base FY 2016 OCO

DoD Software Assurance Initiative. Mitchell Komaroff, OASD (NII)/DCIO Kristen Baldwin, OUSD(AT&L)/DS

Department of Homeland Security Science and Technology Directorate

PA TechCon. Cyber Wargaming: You ve been breached: Now what? April 26, 2016

Cybersecurity Best Practices

COMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN

Today s cyber threat landscape is evolving at a rate that is extremely aggressive,

The University of Queensland

Taking a Business Risk Portfolio (BRP) Approach to Information Security

Shaping the Department of Defense Engineering Workforce

Rethinking Cybersecurity from the Inside Out

Data to Decisions Terminate, Tolerate, Transfer, or Treat

IT Consulting and Implementation Services

Practical Guide to Securing the SDLC

Consortium Industry Day

SUMMARY DEPARTMENT OF DEFENSE CYBER STRATEGY

Systems Engineering for Software Assurance

Israel and ICS Cyber Security

HQ 754 th Electronic Systems Group. Application Software Assurance Center of Excellence (ASACoE) Maj Michael Kleffman, CTO ASACoE

ISA 201 Intermediate Information Systems Acquisition

Quality Collaboration Across Government and Industry in a Time of Profound Changes

Joint Federated Assurance Center (JFAC): 2018 Update. What Is the JFAC?

U.S. Army Cyber Center of Excellence and Fort Gordon

DoDD DoDI

Larry Clinton President & CEO (703)

DEFENSE LOGISTICS AGENCY

Implementing the Administration's Critical Infrastructure and Cybersecurity Policy

RED HAT ENTERPRISE LINUX. STANDARDIZE & SAVE.

Advanced Concepts & Technologies International, LLC

Cyber Security Summit 2014 USCENTCOM Cybersecurity Cooperation

2 nd Cybersecurity Workshop Test and Evaluation to Meet the Advanced Persistent Threat

Critical Infrastructure Protection (CIP) as example of a multi-stakeholder approach.

Solutions Technology, Inc. (STI) Corporate Capability Brief

Cyber Security of Industrial Control Systems (ICSs)

Panelists. Moderator: Dr. John H. Saunders, MITRE Corporation

National Policy and Guiding Principles

White Paper. View cyber and mission-critical data in one dashboard

WHITE PAPER. Title. Managed Services for SAS Technology

DEFENSE LOGISTICS AGENCY AMERICA S COMBAT LOGISTICS SUPPORT AGENCY. Cyber Security. Safeguarding Covered Defense Information.

Transformation in Technology Barbara Duck Chief Information Officer. Investor Day 2018

Cyber Security and Cyber Fraud

Securing Digital Transformation

Control Systems Cyber Security Awareness

Secure Development Lifecycle

The Perfect Storm Cyber RDT&E

Presented by Ingrid Fredeen and Pamela Passman. Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0

Cyber Security Congress 2017

UNCLASSIFIED. UNCLASSIFIED Office of Secretary Of Defense Page 1 of 8 R-1 Line #18

Achieving DoD Software Assurance (SwA)

21ST CENTURY CYBER SECURITY FOR MEDIA AND BROADCASTING

Cybersecurity. Securely enabling transformation and change

Manufacturing Cybersecurity Cooperative Overview

NIST Security Certification and Accreditation Project

UNCLASSIFIED FY 2016 OCO. FY 2016 Base

Airmen & community support missions. Two decades of taking risk in infrastructure created a fiscally unsustainable posture.

Transcription:

Sentar Inc 315 Wynn Dr Huntsville, AL 35805 256-430-0860 www.sentar.com Cyber Challenges and Acquisition One Corporate View Defense Acquisition University Conference Huntsville, AL February 22-23, 2011 2/24/2011 1

Content Why is Sentar here? Some Customer Challenges Thoughts on Cyberspace and Security One Contractor s View of Acquisition in Cyber One Concept for Future Acquisition 2/24/2011 2

Mission & Focus Sentar is a Women- Owned Small Business focused on Combating the dynamic national cyber threat through leap-ahead end-to-end secure solutions Focused on leveraging our expertise across three business areas to provide comprehensive solutions that address customer cyber needs 2/24/2011 3

Likelihood CS Means M-5 M-4 M-3 M-2 M-1 Opportunity O-1 O-2 O-3 O-4 O-5 i l i Almost Certain Likely Possible Unlikely Very Unlikely Consequence CS Negligible Minor Moderate Major Catastrophic Tool/Impact Component Criticality Code C-1 C-2 C-3 C-4 C-5 I-5 I-4 I-3 I-2 I-1 Game Changing Innovation Cyber Mission Resilience Cyber Security SDLC Operational Risk Assessment Automated decision support Simplifying Security Assessment Assessing Software Trustworthiness Securing Untrusted Boundaries Means Computer Security - Likelihood Opportunity Impact Computer Security - Consequence Criticality Failures Attacks Faults Cyber Threats D7I Deny Inspect / Observe Disrupt Destroy Distract Degrade Decieve Disable Potentially Harmful Cyber Effects CMR Conceptual Baseline Mission Function 1 Mission Function 2 Mission Function 3 Cyber Mission Awareness CMR Engineering Process CMR Metrics Cyber Mission Resilience Operational Assurance Information Assurance / Security Operational Readiness Quality Assurance (of mission) Confidentiality Availability Integrity Authentication Non- Repudiation Recuperability Diversity Durability Time Accuracy Confidence / Trust Fault/Failure Tolerant Robust Reliability Dependability 1 1 lower risk criteria 2 2 3 3 higher risk criteria 4 4 5 5 Likelihood Determination Almost Certain Likely Possible Unlikely Very Unlikely 1 lower 1 lower lower risk criteria risk criteria 2 2 risk criteria 3 higher 3 higher higher risk criteria risk criteria risk criteria 4 4 5 5 L k e h o o d Consequence Consequence Determination Catastrophic Major Moderate Minor Negligible 2/24/2011 4

Customer Challenges Shifting Perspectives - Cyber Security as a long-term strategic approach» Integral part of the lifecycle Re-framing Cyber Security as a mission enabler Ignore it and It will go away! ~1990s- ~2003 Darn it! We Have to do This C&A Stuff. ~2003- ~2006 Geez, there Is a lot more to this than Just C&A! ~2006- ~2009 Its all about The MISSION! ~2009 TODAY Budget Crisis As a whole, the threat is not taken seriously enough Cyber demands agility in solution development In Cyberspace, it is 8:45 AM on 9/11/2001 -Erik Mettala, former DARPA PM and VP at MacAfee Research 2/24/2011 5

Thoughts on Cyberspace and Security Cyberspace can be thought of as a 5 th dimension-changes everything Security is an Illusion We have more information then we can process or know what to do with Offense (125 SLOC) and Defense (10M SLOC) are asymmetric We cannot go back or shut it off (at least not in the US) The more connected we are, the more vulnerable we are It is big and complex-like an elephant. We are the blind men» Hardware (PCs, Mobil phones, printers,..)» Software (Operating systems, COTS applications,..)» Networks (wired, wireless)» Operations and humans in the loop» Policies and Procedures» Weapon/Mission Critical systems 2/24/2011 6

Responsibilities/Authorities in Cyberspace NSA: Knows the threats and gathers information CYBERCOM: Defend the DoD networks (Systems?) DHS: Defend the Government Networks (Systems?) Services: Assure their weapon systems carry out their missions Commercial sector: Each company protects it s own interests Who Protects the Civil Networks and Systems? And, by the way, Most (all?) are connected 2/24/2011 7

A Contractor s View of Acquisition US Government acquisition systems is geared to programs with life cycles of years and decades Also geared to Large contracts with large companies Cyberspace and threats have life cycles of days and weeks The bad guys are innovating continuously Our acquisition systems responds with» Analyze the threat» Determine defense requirements» Define program to counter» Etc. etc. This dynamic reminds me of the laws of thermodynamics» You cannot win» You cannot break even» You will loose 2/24/2011 8

Some needed changes Continuous Innovation Engagement of Small Innovative Companies directly Engagement of Non-Traditional players (e.g. hackers) Collaboration and integration across the board (academia, LB, SB, Govt. Labs, etc.) Extremely rapid acquisition New models for contracting New views of cost/benefit and risks 2/24/2011 9

One Idea Small open-ended contracts for R&D» Have a funded base for each team (e.g. $1M/year) Enables continuous innovation Provides stability for team» Have Task Orders for specific needs as they arise» Use Task Orders to mature innovations as they show promise» Can award competitively or Sole Source to proven R&D teams Potential ROI» 10 fold increase in innovative ideas and products» 10 fold increase in time to implementation 2/24/2011 10

What is hard for SBs Continuing Resolution IDIQs that eat up all the B&P Long waits for selections and awards while we keep talent on bench and pay from OH Bundling for Large Business for easier acquisition IP under large business subcontracts for R&D Long acquisition cycles In-sourcing by government Pricing Squeeze 2/24/2011 11

POC s Peter A. Kiss Founder- peter.kiss@sentar.com Chris Peake Cyber Assurance Strategist chris.peake@sentar.com Sentar, Inc. 315 Wynn Drive, Suite 1 Huntsville, Alabama, 35805 256 430-0860 2/24/2011 12

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback