Defensive Cyber Operations Industry Overview 3 APR 18

Similar documents
Consortium Industry Day

Fidelis Overview. 15 August 2016 ISC2 Cyber Defense Forum

UNCLASSIFIED UNCLASSIFIED

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

INFORMATION ASSURANCE DIRECTORATE

U.S. Army Cyber Center of Excellence and Fort Gordon

Managed Security Services - Endpoint Managed Security on Cloud

DISA Cybersecurity Service Provider (CSSP)

Cybersecurity in Acquisition

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

FFIEC Cyber Security Assessment Tool. Overview and Key Considerations

Forecast to Industry 2016

NDIA SE Conference 2016 System Security Engineering Track Session Kickoff Holly Dunlap NDIA SSE Committee Chair Holly.

Defense Security Service. Strategic Plan Addendum, April Our Agency, Our Mission, Our Responsibility

AMRDEC CYBER Capabilities

Rocky Mountain Cyberspace Symposium 2018 DoD Cyber Resiliency

Homeland Security Information Sharing Architecture

PCTE Program Management Update. Liz Bledsoe Acting Product Manager Cyber Resiliency and Training

locuz.com SOC Services

Incident Response Services to Help You Prepare for and Quickly Respond to Security Incidents

NEXT GENERATION SECURITY OPERATIONS CENTER

CyberSecurity Training and Capacity Building: A Starting Point for Collaboration and Partnerships. from the most trusted name in information security

deep (i) the most advanced solution for managed security services

Digital Forensics Readiness PREPARE BEFORE AN INCIDENT HAPPENS

White Paper. View cyber and mission-critical data in one dashboard

OSD Product Support BCA Guidebook. Joseph Colt Murphy Senior Financial Analyst ODASD Materiel Readiness 9 May 2011

Sustainable Security Operations

Service Management. What an Acquisition Practitioner Needs to Know. Karen Gomez Defense Information Systems Agency Mission Support Division

Are we breached? Deloitte's Cyber Threat Hunting

May the (IBM) X-Force Be With You

Cybersecurity Capabilities Overview

Continuous protection to reduce risk and maintain production availability

UNCLASSIFIED. FY 2016 Base FY 2016 OCO

INFORMATION ASSURANCE DIRECTORATE

The Insider Threat Center: Thwarting the Evil Insider

Cyber Security Solutions Mitigating risk and enhancing plant reliability

ATTIVO NETWORKS THREATDEFEND INTEGRATION WITH MCAFEE SOLUTIONS

Information Technology & Cybersecurity Services & Solutions

ISO/IEC Solution Brief ISO/IEC EventTracker 8815 Centre Park Drive, Columbia MD 21045

Federal Continuous Monitoring Working Group. March 21, DOJ Cybersecurity Conference 2/8/2011

Incorporating Hunt Teams To Defend Your Enterprise

Supply Chain Integrity and Security Assurance for ICT. Mats Nilsson

Boston Chapter AGA 2018 Regional Professional Development Conference Cyber Security MAY 2018

Integrated, Intelligence driven Cyber Threat Hunting

EFFECTIVELY TARGETING ADVANCED THREATS. Terry Sangha Sales Engineer at Trustwave

ICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update)

RSA INCIDENT RESPONSE SERVICES

DFARS Cyber Rule Considerations For Contractors In 2018

Defense Engineering Excellence

CYBER ASSISTANCE TEAM OVERVIEW BRIEFING

SIEM Solutions from McAfee

Managed Endpoint Defense

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Unauthorized Access

NERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS

Advanced Technology Academic Research Council Federal CISO Summit. Ms. Thérèse Firmin

IPS with isensor sees, identifies and blocks more malicious traffic than other IPS solutions

TRIAEM LLC Corporate Capabilities Briefing

DEFENSE LOGISTICS AGENCY AMERICA S COMBAT LOGISTICS SUPPORT AGENCY. Cyber Security. Safeguarding Covered Defense Information.

Shaping the Department of Defense Engineering Workforce

EXABEAM HELPS PROTECT INFORMATION SYSTEMS

Incident Response and Cybersecurity: A View from the Boardroom

the SWIFT Customer Security

Safeguarding unclassified controlled technical information (UCTI)

Symantec Security Monitoring Services

Achieving DoD Software Assurance (SwA)

Fidelis Overview. ISC 2 DoD and Industry Forum. Rapid Detection and Automated Incident Response DoD & Commercial Active Defense Use Cases

Water Information Sharing and Analysis Center

STAY ONE STEP AHEAD OF THE CRIMINAL MIND. F-Secure Rapid Detection & Response

RSA INCIDENT RESPONSE SERVICES

IT Risk & Compliance Federal

University of Pittsburgh Security Assessment Questionnaire (v1.7)

Cybersecurity Overview

An Operational Cyber Security Perspective on Emerging Challenges. Michael Misumi CIO Johns Hopkins University Applied Physics Lab (JHU/APL)

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

How Breaches Really Happen

SRS Overview. Dave Hepner. Looking toward the future of the Savannah River Site

Cyber Security Summit 2014 USCENTCOM Cybersecurity Cooperation

in collaboration with

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

Department of Defense Fiscal Year (FY) 2014 IT President's Budget Request Defense Media Activity Overview

Office of Acquisition Program Management (OAPM)

SOLUTION BRIEF ASSESSING DECEPTION TECHNOLOGY FOR A PROACTIVE DEFENSE

Traditional Security Solutions Have Reached Their Limit

FAA Cybersecurity Test Facility (CyTF) By: Enterprise Information Security Team ANG-B31 Patrick Hyle, William J Hughes Technical Center

Career Center for Development of Security Excellence (CDSE) Pre-Approved for CompTIA CEUs

Assessing Your Incident Response Capabilities Do You Have What it Takes?

Cyber Security For Business

UNCLASSIFIED FY 2016 OCO. FY 2016 Base

Security Operations 2018: What is Working? What is Not.

Airmen & community support missions. Two decades of taking risk in infrastructure created a fiscally unsustainable posture.

Today s cyber threat landscape is evolving at a rate that is extremely aggressive,

DoD Strategy for Cyber Resilient Weapon Systems

DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI

National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference

Cisco Incident Control System

The New Era of Cognitive Security

SANS Top 20 CIS. Critical Security Control Solution Brief Version 6. SANS Top 20 CIS. EventTracker 8815 Centre Park Drive, Columbia MD 21045

ITU-IMPACT Capacity Building for Least Developed & Developed Countries

UNCLASSIFIED. FY 2016 Base FY 2016 OCO

Cyber Security & Homeland Security:

Transcription:

Defensive Cyber Operations Industry Overview 3 APR 18 LTC Scott Helmore UNCLASSIFIED

Introduction Welcome Transforming I3C2 to DCO Themes: Innovation Secure Communications Collaboration WWII was won with American manufacturing Cold War was won with military industrial complex How will we win the cyber war? 4/23/2018 UNCLASSIFIED 2

Defensive Cyber Overview TRADOC Capability Manager Cyber Cyber Center of Excellence DCO IS ICD *11 Requirements Definition Packages Materiel Developers PdM DCO PM MC **TDI Only PdM TCNO **TDI ONS Only ARCYBER **Limited Acquisition Authority 11 Programs Operational Force U.S. Army Cyber Command (ARCYBER) CPTs 41 Army CPTs 20 Active Duty 21 USAR / ARNG U.S. Army Cyber Protection Brigade FT Gordon, GA USAR ARNG DCO ONSs UNCLASSIFIED / FOUO 3

Tailored Acquisition 1. Single Material Development Decision for suite of capabilities From Formal Acquisition 2. Reduced Documentation 3. Empower Leaders (0 6 Level Decision Makers) ACAT IVs 4. Flexible Resourcing allocated to Suite of Capabilities instead of specific programs 5. Continual Test Environment Forge Focused on Capability drop decisions vs traditional milestone decisions Prototyping MDD To Evolutionary Acquisition Capability Release Decisions Providing Acquisition Capabilities at the Speed of Relevance UNCLASSIFIED 4

DCO Evolutionary Acquisition Emerging Technologies Other Transactional Agreements Build our Cyber Industrial Bench Connect with Industry/Government ranges Pre emptive Risk Management Assistance Industry Recommends new Technology Shark Tank Rapid Pitches Crucible Assessment Events Constellation Tiered Industry Experts 30 Day Prototype Process C RAPID Forge Assess/Develop Technology Integrate Capabilities Anytime Training Innovation Integration System Integrator Contracts Programs of Record (Multiple) Five Year Efforts Integrate OTA Innovation Modularity Focused on Open Source and Open Architecture 30 Day Integration Fielding Stability Evolutionary Acquisition Armory Forward Deployed Support Latest Integrated Capabilities Mission Focused Training Sustaining

Securing Acquisitions Screening Questions Facility Clearance Experienced Integration capabilities No Foreign Supply Chain/Control Issues SIPR capabilities (communication) Monitoring Scanning of Equipment and Code UNCLASSIFIED 6

Constellation Industry Subject Matter Expert sub-consortiums Lead Members are given direct access to Operational Data and problems; Have weekly sync with PM and ARCYBER Must have TS/SCI facility clearance Constellation (example) Multiple Leads (No more than eight per topic) Recommend Technologies (1) Lead Can be rotated if not productive (20) Cleared Advisors Cleared Advisors have security Clearances and are selected by Lead Member Innovative Firms do not require clearances and (50) Innovative firms are selected by Cleared Advisors or Lead Members Constellation Leads may include: (1) Government, (1) Academia, (1) FFRDC, and (4) Industry Get Ahead of Threats; Building the Cyber Bench UNCLASSIFIED 7

Acquisition Steps April - Request for Proposal Garrison DCO Platform; Deployable DCO System April Consortium Management Firm selection April Forge Stand-up June Request for Proposal Analytics July Request for Proposal Mission Planning September User Activity Monitoring & Forensics/Malware Continual Technology Reviews using C RAPID and Forge UNCLASSIFIED 8

User Activity Monitoring Program Description User Activity Monitoring (UAM) is the primary capability within the Army s overall Insider Threat program. UAM will mitigate gaps that inhibit the Army s ability to identify anomalous or malicious user activity that may pose a threat to the Joint Worldwide Intelligence Communications System (JWICS) and Secure Internet Protocol Router Network (SIPRNet) networks. UAM is a software based, scalable solution that proactively identifies and mitigates internal risks associated with the theft or misuse of critical, mission essential data. It utilizes an integrated approach with a centralized UAM cell sending data to a core Insider Threat Hub. Capabilities Endpoint activity monitoring and control, capture and analysis of user actions (with the ability to replay), investigations, and the adaptation of an organization s Insider Threat countermeasures Identify individuals who are at higher risk for being targeted by foreign intelligence or more likely to misuse access privileges Provides audit and trigger data to designated cyber forces based on predefined policies The Army will implement UAM for all Soldiers, civilians, and contractors with access to JWICS and SIPRNet 2017 Assess Data Analytics Services to attach to Raytheon Innerview 2018 Employment of Securonix Big Data Platform Assessment 2019 Program of Record UNCLASSIFIED 9

Forensics and Malware Program Description The Forensics and Malware Analysis (F&MA) capability will be composed of a set of applications used to provide the enterprise level function to detect, analyze, mitigate and eradicate malicious IT threats (malware) on defended networks. F&MA will hunt for malware residing on processing components, including, clients, servers and network components. It will also provide information support on assessment of damages, and restoration. The applications will examine the operation of malware, isolate, and extract it from the contaminated network to a controlled environment. Capabilities Rapidly triage an incident and place the impacted system back in service Quickly review information stored on deployed computers in real time without altering or damaging it Assist in determining subsequent actions in order to collect, process, search, and analyze evidence from portable electronic devices, removable media, system hard drives, and random access memory 2017 Deployed as part of Tool Suite 2018 Enterprise Pilot 2019 Program of Record Automated and dynamic malware decomposition and behavior analysis to determine impacts UNCLASSIFIED 10

Discussion How should technologies be recommended? How can we make a better partnership? How can we be Open but Secure? How many Constellations? Can we buy solutions? Can we build a Cyber Coliseum? UNCLASSIFIED 11

Thank-you Anh Nguyen Executive Assistant to PdM and DPdM Defensive Cyber Operations (DCO) (O) 703.806.8549 anh.t.nguyen83.ctr@mail.mil LTC Scott Helmore Scott.e.Helmore.mil@mail.mil UNCLASSIFIED

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback