Navy Cyber Resilience

Similar documents
Information Warfare Industry Day

Cyber Security Industry Day PEO Submarines

UNCLASSIFIED. FY 2016 Base FY 2016 OCO

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

Avionics Cyber T&E Examples Testing Cyber Security Resilience to support Operations in the 3rd Offset Environment

I n t e g r i t y - S e r v i c e - E x c e l l e n c e

Defense Security Service. Strategic Plan Addendum, April Our Agency, Our Mission, Our Responsibility

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

Naval Surface Warfare Center,

The Perfect Storm Cyber RDT&E

Why you should adopt the NIST Cybersecurity Framework

DoD Strategy for Cyber Resilient Weapon Systems

Cybersecurity Industry Day

Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013

Rocky Mountain Cyberspace Symposium 2018 DoD Cyber Resiliency

UNCLASSIFIED FY 2016 OCO. FY 2016 Base

Continuous protection to reduce risk and maintain production availability

PMW 790 Shore And Expeditionary Integration Program Office NDIA San Diego Fall Industry Forum

CYBERSECURITY MATURITY ASSESSMENT

THE POWER OF TECH-SAVVY BOARDS:

Department of Defense Fiscal Year (FY) 2014 IT President's Budget Request Defense Media Activity Overview

Task Force Cyber Secure

Information Security Continuous Monitoring (ISCM) Program Evaluation

UNCLASSIFIED. FY 2016 Base FY 2016 OCO

INFORMATION ASSURANCE DIRECTORATE

White Paper. View cyber and mission-critical data in one dashboard

Space Cyber: An Aerospace Perspective

Department of Management Services REQUEST FOR INFORMATION

INFORMATION ASSURANCE DIRECTORATE

UNCLASSIFIED R-1 ITEM NOMENCLATURE FY 2013 OCO

Rethinking Cybersecurity from the Inside Out

NCSF Foundation Certification

Security by Default: Enabling Transformation Through Cyber Resilience

Cyber Resilience. Think18. Felicity March IBM Corporation

AMRDEC CYBER Capabilities

UNCLASSIFIED. National and Cyber Security Branch. Presentation for Gridseccon. Quebec City, October 18-21

UNCLASSIFIED UNCLASSIFIED

Office of Infrastructure Protection Overview

Strategies for Maritime Cyber Security Leveraging the Other Modes

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

Federal Continuous Monitoring Working Group. March 21, DOJ Cybersecurity Conference 2/8/2011

Evolving Cybersecurity Strategies

General Framework for Secure IoT Systems

UNCLASSIFIED FY 2016 OCO. FY 2016 Base

ICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update)

Department of Defense. Installation Energy Resilience

DOE and Test Automation for System of Systems T&E

Evolving the Security Strategy for Growth. Eric Schlesinger Global Director and CISO Polaris Alpha

Statement for the Record

An Operational Cyber Security Perspective on Emerging Challenges. Michael Misumi CIO Johns Hopkins University Applied Physics Lab (JHU/APL)

align security instill confidence

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

DEFENSE LOGISTICS AGENCY

SDDC CAMPAIGN PLAN OVERVIEW MILITARY SURFACE DEPLOYMENT AND DISTRIBUTION COMMAND

DHS Cybersecurity Services and Resources

CompTIA CASP (Advanced Security Practitioner)

The NIST Cybersecurity Framework

Implementation Strategy for Cybersecurity Workshop ITU 2016

UNCLASSIFIED. UNCLASSIFIED Office of Secretary Of Defense Page 1 of 8 R-1 Line #18

Stephanie Zierten Associate Counsel Federal Reserve Bank of Boston

Accelerate Your Enterprise Private Cloud Initiative

TACIT Security Institutionalizing Cyber Protection for Critical Assets

NW NATURAL CYBER SECURITY 2016.JUNE.16

Protecting the Nation s Critical Assets in the 21st Century

Airmen & community support missions. Two decades of taking risk in infrastructure created a fiscally unsustainable posture.

K12 Cybersecurity Roadmap

existing customer base (commercial and guidance and directives and all Federal regulations as federal)

CONE 2019 Project Proposal on Cybersecurity

Business Continuity Management

PROVIDING THE WARFIGHTER S EDGE

The Office of Infrastructure Protection

Panelists. Moderator: Dr. John H. Saunders, MITRE Corporation

DoDD DoDI

Shift Left: Putting the Process Into Action

UNCLASSIFIED R-1 ITEM NOMENCLATURE. FY 2014 FY 2014 OCO ## Total FY 2015 FY 2016 FY 2017 FY 2018

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

Test and Evaluation Methodology and Principles for Cybersecurity

Forecast to Industry 2016

Critical Hygiene for Preventing Major Breaches

SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP)

DISA Cybersecurity Service Provider (CSSP)

DEVELOP YOUR TAILORED CYBERSECURITY ROADMAP

Industrial Defender ASM. for Automation Systems Management

Space and Naval Warfare Systems Center Atlantic Information Warfare Research Project (IWRP)

UNCLASSIFIED R-1 ITEM NOMENCLATURE FY 2013 OCO

Energy Integration Program Submarine Base New London, CT

UNCLASSIFIED R-1 ITEM NOMENCLATURE FY 2013 OCO

Security Monitoring Engineer / (NY or NC) Director, Information Security. New York, NY or Winston-Salem, NC. Location:

Cybersecurity Risk and Options Considered by IMO

Protecting Controlled Unclassified Information (CUI) in Nonfederal Systems and Organizations (NIST SP Revision 1)

NATIONAL DEFENSE INDUSTRIAL ASSOCIATION Homeland Security Symposium

NEXT GENERATION SECURITY OPERATIONS CENTER

Advanced Cyber Risk Management Threat Modeling & Cyber Wargaming April 23, 2018

ISA 201 Intermediate Information Systems Acquisition

Health Information Technology - Supporting Joint Readiness

NIST SP , Revision 1 CNSS Instruction 1253

MIS Week 9 Host Hardening

Marine Corps Tactical System Support Activity

DoD CIO s Areas of Focus. David A. Cotton Deputy CIO for Information Enterprise May 20, 2015

Testimony. Christopher Krebs Director Cybersecurity and Infrastructure Security Agency U.S. Department of Homeland Security FOR A HEARING ON

Transcription:

Unclassified Navy Cyber Resilience 20160614 Mr. Troy Johnson

From cybersecurity to cyber resilience 2

Disconnected response through stove-piped assessments & initiatives across the enterprise: Operation ROLLING TIDE (ORT) N81 Cyber Defense Studies Cyber Platform Risk Assessment Unified response through Task Force Cyber Awakening: NOT N2/N6-centric cyber platform spans the entire Navy Use existing mechanisms where possible Cybersecurity must be a resourcing and organizing principle Accountability and rigor are key POM-17 Cyber Resiliency BAM inclusive of full DOTMLPF Cybersecurity is as important as the next missile or platform 3

Identify and protect Ashore assets in the following priority order: Critical assets OPNAV priority buildings Utility Systems (UCS) which support OPNAV priority facilities Smart grid facilities Other Building Systems (BCS) and UCS Conduct cyber warfare workforce development Develop plan for aviation enclave Execute coordinated projects / partnerships Complete cyber risk assessments CYBERSAFE / incident response Develop facilities and tools to support programs Assess systems through RMF / CYBERSAFE Conduct training Continue platform installs / implement standards CONOPS development / operating / casualty procedures Develop cyber certification requirements Develop CYBERSAFE procedures and operating conditions NETCON TTPs Sharkcage, Cyber Mission Forces deployers Resilient C2 CONOPS Exercise EHF / Link 16 Train with Fleet Cyber Command Improve system baseline and inspection requirements Develop architecture and standards Develop cyber situational awareness capability Reduce attack surface and improve compliance Support incident response and recovery Complete vulnerability assessments / cyber upgrades Develop CYBERSAFE TTPs Back fit CYBERSAFE to earlier configurations Provide post-incident training / continue Technical Insertion (TI) cyber upgrades Assess systems using RMF, CYBERSAFE Conduct recurring assessment of assets Establish baseline for Platform IT Introduce situational awareness, incident response capabilities 4

Architecture Framework Initial consensus on Architecture Framework Synchronizes cybersecurity architectural strategies, standards and plans Requirements Developed collection of draft Key Systems Attributes (KSA) and other systems attributes Developing OPNAV Instruction (w/ KSAs) will be part of SECNAV Acquisition Manual Strategy Outlined cybersecurity strategy w/ focus on top-level strategic goals Develop operational concepts, cyber resiliency, workforce, organize for optimal effectiveness Investments Risk Posture Developing dashboard with FCC, IFOR, SYSCOMs Organized by views Operating Forces, Echelon II Developing measures for Navy Cyber Resilience Communications Navy cybersecurity communications campaign in coordination with stakeholders Released NAVADMIN, articles on navy.mil and Navy s Facebook page, videos, infographics Standards IT/IA Technical Authority Board (TAB) has 20 of 48 standards signed, or being reviewed 2 CYBERSAFE standards signed 4 of 16 FY16 standards being reviewed CYBERSAFE Developed CYBERSAFE Certification Guidance & Test Plan IT/IA TAB developed CYBERSAFE Selection Criteria & Requirements SYSCOMs developed Strategic Roadmap for their programs Training Working Group to synchronize training NETC User Working Group Leader SYSCOMs Enhanced User Collaboratively executing across Navy functions 5

C A N E S Defense-in-Depth Protection Levels Cyber Situation Awareness Level 0 DISN Ship-to-Ship Comms Level 1 Level 2 External Comms C2ISR / IO C4I NOC SCI C4I Pier side Comms IA and Agile Core Services External Interfaces SCI Level 3 UNCLASS SEC REL GENSER s Critical Functions Enclave Boundary Protection Incident Isolation Recovery Operations Agile Technology Insertion L16 CEC Radar / EW Level 4 Combat CS Navigation NAV HM&E MC Aviation Aviation Leverage common engineering across multiple ship classes CG Amphibs DDG CVN LCS SSBN 6

Cyber Resiliency Investment Reprioritized and Reprogrammed PB15 Enterprise and C4I enclave hardening actions to provide fortification for the tactical edge. PB16 USNO, NCSA, Aviation Systems, s (CP) for HM&E, Navigation, and Combat Systems PB17 CP Wholeness, CYBERSAFE Ashore, Cyber Hygiene ORT Wholeness, Sharkcage, Nuclear C3 POM-18 NCSA/Sharkcage, Enterprise Workforce, Building Systems Further Consideration Next POM / Execution Year: JRSS Navy Integration Surface Sustainment Aviation s ORT & Enterprise Workforce Wholeness Specifications and Standards Generation USS Secure 7

IA Standards Roadmap What are the leading approaches to securing and sensing Systems? How should we decide what data or systems to protect first and what we re willing to spend? How did you measure cybersecurity risk and establish a threshold of acceptance vs. mitigation? What are the best ways to minimize your attack surface? What are the best solutions for detecting anomalous activity? What are the best ways to create and maneuver an agile network of systems to frustrate would-be attackers? How do you approach the development and retention of a Cyber Smart workforce? (other than compensation) Achieving Cyber Resilience Will Be A Balance Between Government & Industry 8

Moving beyond protection to operationalize (detect, react, restore) Cyber resilience is guiding investments, actions Navy-wide risk will be measured using the cyber resilience framework Cyber resilience is the Navy s strategy for winning in the contested cyber environment 9

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback