Looking Forward: USACE MILCON Cybersecurity Integration

Similar documents
T&E Workforce Development

Integration of the Energy Industry

Air Force Civil Engineer Center. Director s View. Randy Brown Director 4 May Battle Ready Built Right! 1

Build Your Cybersecurity Program in Minutes: Click, Copy, Modify, Implement

Shift Left: Putting the Process Into Action

Cyber Update Mr. Paul Phillips AFLCMC/WNSA (937) May 17

Maritime Cyber Security Project Work Plan. Maritime Cyber Security. Work Plan Draft

Protecting Buildings Operational Technology (OT) from Evolving Cyber Threats & Vulnerabilities

UNIFIED FACILITIES GUIDE SPECIFICATIONS

Track 4: Session 6 Cybersecurity Program Review

Cybersecurity Testing

Test and Evaluation Methodology and Principles for Cybersecurity

Risk Management Framework for DoD Medical Devices

DOD Medical Device Cybersecurity Considerations

Maintaining Efficiency using Your Building Controls and Automation

UNCLASSIFIED. FY 2016 Base FY 2016 OCO

Joint Federated Assurance Center (JFAC): 2018 Update. What Is the JFAC?

DoD Environmental Security Technology Certification Program (ESTCP) Tim Tetreault DoD August 15, 2017

Antiterrorism / Force Protection (AT/FP) Assessment Tool Training. Module 1: Policy Drivers for MARMS & AT/FP Assessments

FPM-IT-420B: FAC-P/PM-IT Planning & Acquiring Operations of IT Systems Course Details

FR2 Quick Reference Sheet Civilian Injuries Dashboards

UNIFIED FACILITIES CRITERIA (UFC)

Cybersecurity for Department of Defense Microgrids: An Army Perspective

Access Control and Physical Security Management. Contents are subject to change. For the latest updates visit

IT Governance ISO/IEC 27001:2013 ISMS Implementation. Service description. Protect Comply Thrive

Mission Aware Cybersecurity

I n t e g r i t y - S e r v i c e - E x c e l l e n c e

Air Force Test Center

Cybersecurity is a team sport that requires Program Management, Cyber/ Including Cybersecurity in the Contract Mix

Army MMRP RI/FS Guidance

RFQ OIT-1 Q&A. Questions and Answers, in the order received.

Department of Defense. Installation Energy Resilience

Synergistic Efforts Between Financial Audit and Cyber Security

Cybersecurity Test and Evaluation Achievable and Defensible Architectures

An Accelerated Approach to Business Capability Acquisition for the Montgomery IT Summit. Presented by: Mr. Paul Ketrick May 19, 2009

STUDENT GUIDE Risk Management Framework Step 1: Categorization of the Information System

Framework for Improving Critical Infrastructure Cybersecurity

RFQ OIT-1 Q&A. Questions and Answers, in the order received.

Cybersecurity (CS) (as a Risk Based Approach) & Supply Chain Risk Management (SCRM) (Levels of Assurance for HwA, SwA & Assured Services?

DISA CLOUD CLOUD SYMPOSIUM

Task Force Cyber Secure

The Perfect Storm Cyber RDT&E

CompTIA Project+ (2009 Edition) Certification Examination Objectives

Achieving DoD Software Assurance (SwA)

Rocky Mountain Cyberspace Symposium 2018 DoD Cyber Resiliency

AMRDEC CYBER Capabilities

CYBER RESILIENT AND SECURE WEAPON SYSTEMS ACQUISITION / PROPOSAL DISCUSSION

FISMA Cybersecurity Performance Metrics and Scoring

UNCLASSIFIED R-1 ITEM NOMENCLATURE FY 2013 OCO

Operationalizing Cyber Security Risk Assessments for the Dams Sector

Cybersecurity vs. Cyber Survivability: A Paradigm Shift

Workshop 71: Is Your Financial System Ready? An Overview of Effective Federal Information System Controls Audit Manual (FISCAM) Assessments

Evaluation Criteria. 1) Evidence of Credentials / Certifications in all 4 Fields (Energy, GIS, Master Planning, and Real Property): 10 PTS

DFARS Compliance. SLAIT Consulting SECURITY SERVICES. Mike D Arezzo Director of Security Services. SLAITCONSULTING.com

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

DFARS Cyber Rule Considerations For Contractors In 2018

AUDIT UNITED NATIONS VOLUNTEERS PROGRAMME INFORMATION AND COMMUNICATION TECHNOLOGY. Report No Issue Date: 8 January 2014

Chapter 18 SaskPower Managing the Risk of Cyber Incidents 1.0 MAIN POINTS

IT-CNP, Inc. Capability Statement

Using Metrics to Gain Management Support for Cyber Security Initiatives

The Operational Test & Evaluation Cybersecurity Terrain

NIST RISK ASSESSMENT TEMPLATE

RISK MANAGEMENT FRAMEWORK COURSE

IoT & SCADA Cyber Security Services

Test Resource Management Center Directed Energy T&E Conference A Joint DEPS ITEA Event

Solutions Technology, Inc. (STI) Corporate Capability Brief

DISDI Plenary Session

Medical Device Cybersecurity: FDA Perspective

Electronic Security Systems Process Overview

existing customer base (commercial and guidance and directives and all Federal regulations as federal)

Writing Proposals that Win 1

ISA 201 Intermediate Information Systems Acquisition

NDIA SE Conference 2016 System Security Engineering Track Session Kickoff Holly Dunlap NDIA SSE Committee Chair Holly.

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

NW NATURAL CYBER SECURITY 2016.JUNE.16

ENGINEERING AND CONSTRUCTION BULLETIN

April 25, 2018 Version 2.0

ASRC Federal Mission Solutions LRDR Overview 08 March, 2017

OSD RDT&E BUDGET ITEM JUSTIFICATION (R2 Exhibit)

UNIFIED FACILITIES GUIDE SPECIFICATIONS

ITG. Information Security Management System Manual

NDAA Section 804 Accelerated Test, Evaluation and Certification What is it and How Will it Impact IT Acquisitions?

NERC Staff Organization Chart Budget 2018

Information Security Program Audit Introduction and Survival Guide

EXPERT SERVICES FOR IoT CYBERSECURITY AND RISK MANAGEMENT. An Insight Cyber White Paper. Copyright Insight Cyber All rights reserved.

MILCON CENTERS OF STANDARDIZATION AND TRANSITION TO ADAPT/BUILD

CollabNet. Case Study: Building Agile ALM in the Cloud. Mike Kochanik Vice President CollabNet Federal. Agile ALM for Distributed Development

It s just software Or It s all software and it s the new normal

ITG. Information Security Management System Manual

FFIEC Cyber Security Assessment Tool. Overview and Key Considerations

Cyber Security Industry Day PEO Submarines

Career Center for Development of Security Excellence (CDSE) Pre-Approved for CompTIA CEUs

COURSE LISTING. Courses Listed. with SAP Hybris Marketing Cloud. 24 January 2018 (23:53 GMT) HY760 - SAP Hybris Marketing Cloud

FedRAMP: Understanding Agency and Cloud Provider Responsibilities

Fidelis Overview. 15 August 2016 ISC2 Cyber Defense Forum

Appendix 12 Risk Assessment Plan

Responsibilities of the Contracting Government

Shore Triad Cyber Summit NAVFAC Cyber Strategy Update

IMPROVING CYBERSECURITY AND RESILIENCE THROUGH ACQUISITION

WELCOME ISO/IEC 27001:2017 Information Briefing

Transcription:

Energy Exchange 2017 - Track 4 - Cyber and Control System Technologies, Session 2 - Understanding and implementing the RMF Process Looking Forward: USACE MILCON Cybersecurity Integration Mr. Daniel Shepard US Army Corps of Engineers, Engineering & Support Center, Huntsville August [XX], 2017 Tampa Convention Center Tampa, Florida

What We Did DOD & ARMY LEVEL CYBERSECURITY GUIDANCE ACSIM Cybersecurity Strategy for Facility-Related Control Systems (FEB2017) OSD Memo, DoD Cybersecurity Campaign (JUN2015) DASD, Managing Cyber Risks to Facility-Related Control Systems (MAR2014) DoDI 8510.01, Risk Management Framework (RMF) (MAR2014) Developed Inventory Methodology Used by ACSIM, Navy, Marines, and Air Force. Completed Proof of Concept of Control Systems Inventory Methodology at Redstone Arsenal. the United Facility Criteria 04-010-06. Supported OACSIM in the Development of the Army s Strategic Plan for the Implementation of Cybersecurity for Facility-Related Control Systems.

USACE Control Systems Inventory Methodology 3

What We Do ICS-CS TCX Technical Team Planning Established January 2015, the ICS-CS TCX Army Accountability CYBER STRONG!! Army Ownership CYBER THREAT Was to Fill a GAP in the Army s Ownership & Accountability for Facility Control Systems. Planning Participate in Planning Charrettes/DD-1391 Development Prepare Cybersecurity Cost Estimates for Control Systems Design Design/Technical Submittal Reviews for Compliance Validation of UFC Design Requirements for Inclusion/Compliance Acquisition Assist in SOW Development Participate in Source Selection Boards Execution Monitoring of Risk Management Framework Requirements Ensure Control Systems are Cyber-Secure and are ATO Ready

What We Missed PLANNING CHARRETTE / DD-1391 PREP Where s Cyber? CYBERSECURITY Without Mandates to Use the ICS-CS TCX for Project Oversight on Cybersecurity Requirements for Control Systems REPRESENTATIVE CYBER THREAT CRITICAL ISSUES TO ADDRESS Not Including Cybersecurity Requirement Costs In DD-1391 Lack of Early Engagement in Project Development Process Lack of Technical Understanding & Expert Know-How Army Accountability CYBER STRONG?? GULP!!! Army Ownership Our Project Delivery Process for Control Systems Became Obsolete and Vulnerable. Minimal Engagement for Design/Technical Reviews

RMF Process to MILCON

RMF In The MILCON Process STEP 1 CATEGORIZE - System STEP 1 - CATEGORIZE - System STEP 2 SELECT - Security Controls STEP 3 IMPLEMENT - Security Controls STEP 3 IMPLEMENT - Security Controls STEP 4 ASSESS - Security Controls STEP 5 AUTHORIZE - System STEP 5 AUTHORIZE - System STEP 6 MONITOR - Security Controls

Looking Forward: USACE MILCON Cybersecurity Integration Planning: Budgeting for Cybersecurity in Project Scope (250k per identified platform) Control System Cybersecurity TCX DD1391 Review at Code 3 prior to 3086 certification. TCX assistance to Districts in Design RFP Acquisition req s (if requested) Design: Utilize guidance set forth in UFC 4-010-06, Cybersecurity of Facility-Related Control Systems & Pending UFGS 01 35 53.01, Cybersecurity of Facility-Related Control Systems (Est. Q2 FY 18) TCX provides design submittal reviews (if requested) by District Construction: Assist Districts in developing Construction Acquisition RFP req s Ensure project associated control systems are inventoried and categorized Include submittal requirements for Final Inventory System Categorization Authorization to operate Authorization to connect to the network Include Requirement To attach to the network and operate PITs upon facility turnover Modify contract as requirements are updated Requirements will NOT remain static

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback