Rocky Mountain Cyberspace Symposium 2018 DoD Cyber Resiliency

Similar documents
Advanced Technology Academic Research Council Federal CISO Summit. Ms. Thérèse Firmin

Cyber Security Challenges

THE POWER OF TECH-SAVVY BOARDS:

Cybersecurity in Acquisition

Defense Security Service. Strategic Plan Addendum, April Our Agency, Our Mission, Our Responsibility

Presented by Ingrid Fredeen and Pamela Passman. Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0

CYBER ASSISTANCE TEAM OVERVIEW BRIEFING

OFFICE OF THE UNDER SECRETARY OF DEFENSE 3000DEFENSEPENTAGON WASHINGTON, DC

DEFENSE LOGISTICS AGENCY

I n t e g r i t y - S e r v i c e - E x c e l l e n c e

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

NIST Special Publication

CyberUSA Government Cyber Opportunities for your Region: The Federal Agenda - Federal, Grants & Resources Available to Support Community Cyber

Safeguarding unclassified controlled technical information (UCTI)

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

Section One of the Order: The Cybersecurity of Federal Networks.

DFARS Cyber Rule Considerations For Contractors In 2018

UNCLASSIFIED. FY 2016 Base FY 2016 OCO

DoD Strategy for Cyber Resilient Weapon Systems

Cybersecurity (CS) (as a Risk Based Approach) & Supply Chain Risk Management (SCRM) (Levels of Assurance for HwA, SwA & Assured Services?

IT Risk & Compliance Federal

CYBER SECURITY BRIEF. Presented By: Curt Parkinson DCMA

State Governments at Risk: State CIOs and Cybersecurity. CSG Cybersecurity and Privacy Policy Academy November 2, 2017

Cyber Security Summit 2014 USCENTCOM Cybersecurity Cooperation

Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure

Department of Defense Cybersecurity Requirements: What Businesses Need to Know?

HELLO, MOSCOW. GREETINGS, BEIJING. ADDRESSING RISK IN YOUR IT SUPPLY CHAIN

Cyber Resilience. Think18. Felicity March IBM Corporation

Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013

2017 SAME Small Business Conference

Implementing Executive Order and Presidential Policy Directive 21

The NIST Cybersecurity Framework

Boston Chapter AGA 2018 Regional Professional Development Conference Cyber Security MAY 2018

Implementing the Administration's Critical Infrastructure and Cybersecurity Policy

NISP Update NDIA/AIA John P. Fitzpatrick, Director May 19, 2015

Framework for Improving Critical Infrastructure Cybersecurity

NCSF Foundation Certification

ROADMAP TO DFARS COMPLIANCE

DHS Cybersecurity: Services for State and Local Officials. February 2017

Cybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com

T&E Workforce Development

Cybersecurity & Privacy Enhancements

Cybersecurity Risk Management

INFORMATION ASSURANCE DIRECTORATE

Today s cyber threat landscape is evolving at a rate that is extremely aggressive,

Framework for Improving Critical Infrastructure Cybersecurity

Supplier Training Excellence Program

Cybersecurity for Government Contractors: Preparing for Cyber Incidents in 2017

STRATEGIC PLAN VERSION 1.0 JANUARY 31, 2015

STRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE

Department of Defense. Installation Energy Resilience

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

RBI GUIDELINES ON CYBER SECURITY AND RAKSHA APPROACH

AMRDEC CYBER Capabilities

Air Force Digital Strategy

Turning Risk into Advantage

NATIONAL DEFENSE INDUSTRIAL ASSOCIATION Homeland Security Symposium

Cyber Security Maturity Model

DFARS Compliance. SLAIT Consulting SECURITY SERVICES. Mike D Arezzo Director of Security Services. SLAITCONSULTING.com

Designing and Building a Cybersecurity Program

Cybersecurity and Program Protection

Cybersecurity, safety and resilience - Airline perspective

2016 Nationwide Cyber Security Review: Summary Report. Nationwide Cyber Security Review: Summary Report

Get Compliant with the New DFARS Cybersecurity Requirements

Cybersecurity Risk Management:

FISMA Cybersecurity Performance Metrics and Scoring

Mapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective

Balancing Compliance and Operational Security Demands. Nov 2015 Steve Winterfeld

IMPROVING CYBERSECURITY AND RESILIENCE THROUGH ACQUISITION

Risk: Security s New Compliance. Torsten George VP Worldwide Marketing and Products, Agiliance Professional Strategies - S23

Federal Continuous Monitoring Working Group. March 21, DOJ Cybersecurity Conference 2/8/2011

Safeguarding Unclassified Controlled Technical Information

Cybersecurity Challenges

Accelerate Your Enterprise Private Cloud Initiative

Cybersecurity in Higher Ed

DFARS Defense Industrial Base Compliance Information

PREPARE FOR TAKE OFF. Accelerate your organisation s journey to the Cloud.

UNCLASSIFIED. National and Cyber Security Branch. Presentation for Gridseccon. Quebec City, October 18-21

DEFENSE LOGISTICS AGENCY AMERICA S COMBAT LOGISTICS SUPPORT AGENCY. Cyber Security. Safeguarding Covered Defense Information.

The Office of Infrastructure Protection

Department of Management Services REQUEST FOR INFORMATION

SUMMARY DEPARTMENT OF DEFENSE CYBER STRATEGY

UNCLASSIFIED R-1 ITEM NOMENCLATURE FY 2013 OCO

Cybersecurity. Securely enabling transformation and change

Task Force Cyber Secure

Why you should adopt the NIST Cybersecurity Framework

Regional Resilience: Prerequisite for Defense Industry Base Resilience

Cyber and Supply Chain Policy Issues

DELIVERING MISSION BASED OUTCOMES TO THE INTELLIGENCE COMMUNITY SINCE 2002 MISSION-DRIVEN SOLUTIONS 1

Data to Decisions Terminate, Tolerate, Transfer, or Treat

align security instill confidence

Department of Defense (DoD) Joint Federated Assurance Center (JFAC) Overview

Cybersecurity vs. Cyber Survivability: A Paradigm Shift

New DoD Approach on the Cyber Survivability of Weapon Systems

Software & Supply Chain Assurance: Enabling Enterprise Resilience through Security Automation, Software Assurance and Supply Chain Risk Management

Defense Engineering Excellence

CYBERSECURITY RESILIENCE

UNCLASSIFIED. R-1 Program Element (Number/Name) PE D8Z / Software Engineering Institute (SEI) Applied Research. Prior Years FY 2013 FY 2014

DFARS Safeguarding Covered Defense Information The Interim Rule: Cause for Confusion and Request for Questions

Transcription:

Rocky Mountain Cyberspace Symposium 2018 DoD Cyber Resiliency Mr. Ed Brindley Acting Deputy Cyber Security Department of Defense 7 March 2018 SUPPORT THE WARFIGHTER

2 Overview Secretary Mattis Priorities CIO Cyber Top Priorities for 2018

3 Secretary Mattis Top 3 Priorities 1. Restore military readiness as we build a more lethal force. 2. Strengthen alliance and attract new partners. 3. Bring business reforms to the Department of Defense.

4 How do we establish and maintain Cyber Resiliency? Enterprise view of cybersecurity risk to highest priority missions, systems and networks. Streamline processes and policies throughout CIO Continue to grow the cyber workforce

5 Priority 1 Enterprise View of Cybersecurity Risk to Highest Priority Missions, Systems and Networks

6 Transition from CIO Scorecard 1.0 to 2.0 Scorecard 1.0 provides aggregation of existing data o o o Extensive survey to produce scorecard Limited to compliance (Yes and No) Tabular Data view Scorecard 2.0 shifts to Risk Management Heat Map o o o o Eliminate the human in the loop Integration of threat and impact with current vulnerability data Heat Map View Facilitates agility and rapid decision making by the CISO/CIOs Assists commander as a risk assessment tool for missions Scorecard 1.0 2.0: Threat / Risk View

DIB Cybersecurity Program The DIB Cybersecurity Program is a public-private partnership that: Provides a collaborative environment for sharing unclassified and classified cyber threat information Offers analyst-to-analyst exchanges, mitigation and remediation strategies Increases U.S. Government and industry understanding of cyber threat Eligibility: A contractor must be a Cleared Defense Contractor to participate in this program. Mission: Enhance and supplement Defense Industrial Base (DIB) participants capabilities to safeguard DoD information that resides on, or transits, DIB unclassified information systems SUPPORT THE WARFIGHTER 7

Protecting DoD s Unclassified Information DoD has a range of activities to include both regulatory and voluntary programs to improve the cybersecurity of the nation and protect U.S. interests including: Contractual requirements via the Defense Federal Acquisition Regulation Supplement (DFARS) clause 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting Leveraging security standards in National Institute of Standards and Technology (NIST) Special Publication 800-171 Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations DoD s DIB Cybersecurity Program for voluntary cyber threat information sharing Encouraging use of the voluntary NIST Cybersecurity Framework SUPPORT THE WARFIGHTER 8

9 Cyber Executive Order 13800 Cybersecurity responsibility is being placed on the heads of executive departments and agencies. This still holds the CIO/CISO chain of commands responsible, but also pivots and includes the non-cio executive leaders accountable. The Cybersecurity Scorecard is being used as a mechanism to begin to exert this accountability within DoD.

10 Priority 2 Streamline Processes and Policies Throughout CIO

11 Integrating the Cybersecurity Framework with the Risk Management Framework CS risk only part of organizational risk management procedures Cybersecurity Framework Organizational risk management requires multi-disciplinary teams Taxonomy allows IT/CS/Business personnel to communicate Risk Management Framework Implementation will vary between orgs based on their needs Goal: allocate scarce resources to address CS needs most efficiently Focus on Critical Assets First

12 Integrating CSF and RMF: Timeline of Activities CSF/RMF Fit Gap Analysis Nov. 17 Due to DEPSECDEF Highlights the areas of overlap and gaps Socialized via the RMF Technical Advisory Group (TAG) NIST Publish New RMF Jan. 18 Goal is to integrate the CSF and RMF to the greatest extent possible DoD Implementation Strategy March 18 Due to DEPSECDEF Simplify, Operationalize, and more effective Strategy socialized with: RMF TAG, DOD AO Summit and the ISRMC DoD Implementation Plan June 18 Due to DEPSECDEF Clarify roles and responsibilities Develop programmatic metrics and governance risk triggers Update DODI 8510.01 TBD Content will be developed with the input of the RMF TAG

13 Priority 3 Continue to Grow the Cyber Workforce

Cyber Workforce Trends & Challenges: - Growing Reliance on Technology - Increasingly Complex Operating Environment - Evolution of Skills and Expectations - Lack of Cyber Workforce Standards SUPPORT THE WARFIGHTER 14

15 Long-term Cyber Resiliency Increased Senior-level culture for cybersecurity as a mission imperative. Improve cloud security. Advocate use of tools based on common standards that allow us to exploit power of big data analytics. Increase collaboration with our partnerships within DoD, other government agencies, industry and our academic partners. Have more proactive, anticipatory and shortened response times.

16 What Needs to Change in 2018? Need to be more responsive move at speed of technology (or speed of need ) Continue to focus on long-term enterprise solutions and achievable outcomes. needs to accept more risk.

17

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback