CYBERSAFE Overview AFCEA C4ISR Symposium 28 April 2015

CYBERSAFE Overview AFCEA C4ISR Symposium 28 April 2015

CYBERSAFE Overview AFCEA C4ISR Symposium 28 April 2015 Presented by: Mr. Brian Marsh Assistant Chief Engineer (Certification & Mission Assurance) SPAWAR 5.0 Statement A: Approved for public release, distribution is unlimited (27 APRIL 2015) CYBERSAFE BLUF The CYBERSAFE Program is focused on ensuring effective cybersecurity design, procurement, and operation of the Navys most critical warfighting systems SPAWAR will play multiple key roles from both a Navy Enterprise and a SYSCOM perspective CYBERSAFE will bring heightened consideration to the cybersecurity elements of many SPAWAR Programs But first, lets discuss CYBERSAFE in the context of Navy cybersecurity 2 Current Cyber Environment Source: Symantec 2015 Internet Security Threat Report Extreme challenge to keep pace with exponential increase in cybersecurity requirements 3 SPAWARs Role in Navy Cybersecurity Information Technology / Information Assurance Technical Authority Board (IT/IA TAB)

Joint Regional Security Stack (JRSS) Task Force Cyber Awakening Technical Specs/Standards Developer Authority to Operate (ATO) Security Control Assessor (SCA) As Navys IA Technical Authority, SPAWAR will assume additional roles in CYBERSAFE 4 CYBERSAFE Overview Objective Objective Scope Scope Establish Establish aa CYBERSAFE CYBERSAFE Program Program to to provide provide maximum maximum reasonable reasonable assurance assurance of of aa hardened hardened subset subset of of critical critical warfighting warfighting components components Construct Construct Navy Navy Cybersecurity

Cybersecurity CYBERSAFE Platform PMs PEOs Focused on limited subset of select network components that enable Mission Critical capabilities CYBERSAFE CERTIFICATION AUTHORITY CYBERSAFE PMO Technical Authority IT/IA TA CYBERSAFE components may require Security & QA Authority SYSCOMs additional controls beyond RMF CYBERSAFE Office to become an element within the overall Navy cybersecurity construct CYBERSAFE Program will focus on Mission Assurance of critical warfighting capabilities 5 CYBERSAFE Facets Cyber System Level CSL 2: Platform Combat CSL4: Sustained Combat Grade A: Mission Critical X FULL NET

------------- -------------- Grade B: Mission Essential Y SEMI NET ------------- -------------- Material Grade C: Non-Mission Essential Z NO NET ------------- -------------- C A PA B I L I T I E S CSL 3: Networked Combat Cyber Condition TECHNICAL CSL 1: Platform Safety CYBERSAFE Grade Design Procure & Build Operate Functionality Hierarchy of system to end-to-end mission Level of cyber protection incorporated into system design Operating mode of platform based on likelihood of cyber attack

IT/IA TAB to develop criteria for leveraging facets to identify CYBERSAFE critical items 6 SPAWARs Role in CYBERSAFE Enterprise Role Role Enterprise SPAWAR SPAWAR is is Technical Technical Authority Authority for for CYBERSAFE CYBERSAFE Cross-Enterprise Cross-Enterprise Role Role Define Define criteria criteria to to identify identify CYBERSAFE CYBERSAFE Critical Critical Items Items Develop Develop specs specs && standards standards for for CYBERSAFE CYBERSAFE Critical Critical Items Items Interface Interface with with SYSCOM SYSCOM TAs TAs to to resolve resolve CYBERSAFE CYBERSAFE issues issues SYSCOM Role Role

SYSCOM SPAWAR SPAWAR to to establish establish aa CYBERSAFE CYBERSAFE Entity Entity Cross-SPAWAR Cross-SPAWAR Role Role (Led (Led by by SPAWAR SPAWAR 5.0) 5.0) Identify Identify SPAWARs SPAWARs CYBERSAFE CYBERSAFE Critical Critical Items Items Ensure Ensure specs specs && standards standards are are incorporated incorporated into into acquisition acquisition and implemented into capabilities and implemented into capabilities Perform Perform certification certification of of SPAWAR SPAWAR CYBERSAFE CYBERSAFE Critical Critical Items Items COMSPAWAR assigned CHENG as SPAWARs Lead for CYBERSAFE 7

SPAWAR IA Standards Plan FY14 Host Level Protection Network Firewall Network Intrusion Detection System (IDS) / Intrusion Protection System (IPS) DFIA Afloat Continuous Monitoring FY15 FY16 FY17 Security Information Event Management (SIEM) Vulnerability Scanning Information Sharing-Cross Domain Solution Account Management Boundary Protection Cyber Risk Assessment Cyber Configuration Management Software Assurance Event Management-Incident Management, Contingency Planning, Disaster Recovery, and Incident Response Authentication and Authorization / IdAM Web Security Email Security BIOS Protection / T PM / Embedded Firmware Key Management / Exchange Wireless Communications Wireless Enclave Access Control Patch Management

Unified Capability - VoIP, T elecom DFIA Airborne Asset Management Cyber Situational Awareness Supply Chain Risk Management DFIA Ashore IA TA Glossary DFIA and Standards POR Implementation Guidance (includes Controls / Standards mapping) Information Tagging - Data T agging Public Key Enabling Data Encryption - DIT, Link Data Encryption - DAR Remote Access DNS Security Virtualization Security Assured Cloud Computing IA Standards Work Plan approved by the IT/IA TAB 8 SPAWAR IA Standards Plan FY14 Host Level Protection Network Firewall Network Intrusion Detection System (IDS) / Intrusion Protection System (IPS) DFIA Afloat FY15 FY16 Security Information Event Management (SIEM) Vulnerability Scanning Information Sharing-Cross Domain Solution Account Management

Boundary Protection Cyber Risk Assessment Cyber Configuration Management Wireless Communications Software Assurance Wireless Enclave Access Control Event Management-Incident Management, Contingency Planning, Disaster Recovery, and Incident CYBERSAFE Standards Response Data Encryption - DIT, Link Authentication and Authorization / CYBERSAFE Certification Criteria IdAM Data Encryption - DAR Web Security Remote Access CYBERSAFE Grade A/B/C Criteria Email Security DNS Security BIOS Protection / T PM / Embedded Requirements for CYBERSAFEVirtualization Grades A/B/C Systems Firmware Security Key Management / Exchange Assured Cloud Computing Plus Plus New New task task to to develop develop initial initial CYBERSAFE CYBERSAFE Standards Standards Continuous Monitoring FY17

DFIA Airborne Asset Management Cyber Situational Awareness Supply Chain Risk Management DFIA Ashore IA TA Glossary DFIA and Standards POR Implementation Guidance (includes Controls / Standards mapping) Information Tagging - Data T agging Public Key Enabling Inspection and Audit Criteria for CYBERSAFE Patch Management Unified Capability - VoIP, T elecom SPAWAR will play a lead role in developing the technical underpinnings for CYBERSAFE 9 SPAWAR Equities SPAWAR 5.0 work with PEOs to identify SPAWAR CYBERSAFE Items Baseline Configuration Pilot will assist in identifying Control Points Potential Programs with CYBERSAFE components: CANES BFTN JALN ADNS DCGS-N GCCS-M/J NMT MUOS CANES

CANES aligns aligns with with CYBERSAFE CYBERSAFE Grade Grade AA criteria criteria as as itit provides provides networking, networking, compute, compute, and and storage storage for for mission mission critical critical applications applications and and data data Due Due to to its its role role as as entryway entryway to to the the ship, ship, ADNS ADNS isis aa critical critical Control Control Point Point that that enables enables connectivity connectivity for for mission mission critical critical systems systems and and components components NMTs

NMTs vital vital SATCOM SATCOM capabilities capabilities provide provide assured assured C2 C2 to to Naval Naval Commanders Commanders inin support support of of Ballistic Ballistic Missile Missile Defense Defense SPAWAR will not identify CYBERSAFE Critical Items until TAB issues selection criteria 10 CYBERSAFE Way Ahead CYBERSAFE Implementation Plan approved by CNO on 21 April CYBERSAFE Office to release CYBERSAFE Instruction and 100-Day Plan IT/IA TAB begin work on criteria development CYBERSAFE 2015 Timeline Aug Submit CYBERSAFE POA&M Establish SPAWAR Tiger Team Led by SPAWAR 5.0 Cross-SYSCOM representation Apr CYBERSAFE Instruction and 100Day Plan Apr - FOC IT/IA TAB develop criticality criteria. SPAWAR Tiger Team develops implementation approach.

Leverage TAB criteria and Baseline Pilot to identify CYBERSAFE Items Develop POA&M for developing implementing, and maintaining CYBERSAFE Entity at SPAWAR FOC FOC Oct CYBERSAFE FOC Apr CNO Approval 11 Summary Building upon the foundation provided by IA TA, CYBERSAFE is a key component of a common Navy plan for Cyber that: Promotes a holistic approach to securing critical warfighting capabilities Mandates use of common specifications and standards in acquisition and implementation Ensures compliance with common specifications and standards through certification process CYBERSAFE will increase awareness of cybersecurity requirements for many SPAWAR Programs IT/IA TAB will set criteria for identifying CYBERSAFE Critical Items SPAWAR 5.0 will work with PEOs to identify CYBERSAFE Critical Items within Programs 12 13

Recently Viewed Presentations

  • Visualizing and Exploring Data - Columbia University

    Visualizing and Exploring Data - Columbia University

    Need to specify k, the number of clusters, in advance Unable to handle noisy data and outliers Not suitable to discover clusters with non-convex shapes Variations of the K-Means Method A few variants of the k-means which differ in Selection...
  • History of Jews in Europe

    History of Jews in Europe

    With the oppression of Jews came the re-establishment of ghettos in European cities. These ghettos were in worse condition than any others in history. Jews were cramped, starving, and dirty . Jews were kept there as though they were imprisoned....
  • www.programajama.com

    www.programajama.com

    ASSIGNMENT ANNOUNCEMENTS. REMINDER: Submit via . StudentTracker. If you haven't already done so, you will . need. to set up a . StudentTracker. account in order to upload your Ass
  • Recognizing Abuse & Neglect in Your Clients

    Recognizing Abuse & Neglect in Your Clients

    Caregiver is verbally aggressive or demeaning, controlling, overly concerned about spending money, or uncaring. Unexplained withdrawal from normal activities, change in alertness, unusual depression. Indicators of Abuse from the Family/Caregiver.
  • University of Louisville Strategic Planning

    University of Louisville Strategic Planning

    University of Louisville Tuition Recommendation to CPE April 30, 2008 UofL Proposal Justification 1. Justification Mandate - "The University of Louisville shall become a preeminent nationally recognized metropolitan research university" - Postsecondary Education Improvement Act of 1997 Progress - Despite...
  • What Every Inside Counsel Needs to Know About the FCPA and ...

    What Every Inside Counsel Needs to Know About the FCPA and ...

    What Every Inside Counsel Needs to Know About the FCPAPresented for the Association of Corporate Counsel, Washington Chapter, March 31, 2015. ... Neil . Moir, Director, Business Ethics and Compliance, Legal and Corporate Affairs, Starbucks Corporation.
  • Choosing in Groups - Michael Munger

    Choosing in Groups - Michael Munger

    Condorcet winner. X is a Condorcet winner if it wins majority vote against any alternative. If there is a Condorcet winner, there is no cycling or Condorcet paradox. In Apples / Broccoli / Carrots example, there is no Condorcet winner....
  • Understanding Knowledge Management concept Dr. Rajendra Suwal Management

    Understanding Knowledge Management concept Dr. Rajendra Suwal Management

    Acknowledgements Peter Senge Art Kleiner Blaise Zerega Charlotte Roberts Richard Ross George Roth Bryan Smith James Brian Quinn William Truran J Michael Pemberton Sarah Cliffe David A. Nadler Rick Mullin Ellen M. Lapp Thomas Stewart Peter Feltham Howard Rheingold Nick...