1 Colonel Gene Tyler Director, Defense-wide Information Assurance Program Office of the Assistant Secretary of Defense, Networks and Information Integration.

Slides:



Advertisements
Similar presentations
AFCEA DC Cyber Security Symposium Military Joint Cyber Command Panel Harry Raduege Lieutenant General, USAF (Ret) Chairman, Center for Network Innovation.
Advertisements

Presented by the US Department of Education. More information at
Homeland Security at the FCC July 10, FCCs Homeland Security Focus Interagency Partnerships Industry Partnerships Infrastructure Protection Communications.
The Military Challenge of Cyber AOC Talk on Cyber, EW and IO Dr Gary Waters, 17 April 2012.
METRICS AND CONTROLS FOR DEFENSE IN DEPTH AN INFORMATION TECHNOLOGY SECURITY ASSESSMENT INITIATIVE.
Douglas Bass, Director Office of Emergency Management Fairfax County, VA.
Navy’s Operational Authority for Naval Networks, Information Operations, and FORCEnet 2004 Strike, Land Attack & Air Defense Annual Symposium Vice Admiral.
BENEFITS OF SUCCESSFUL IT MODERNIZATION
Keeping the War Fighter Informed
1 Continuity Planning for transportation agencies.
The U.S. Coast Guard’s Role in Cybersecurity
INFORMATION SYSTEMS & GLOBAL SERVICES Craig Solem, CISSP Lockheed Martin Information Systems and Global Services Program Manager, Joint Medical information.
DHS, National Cyber Security Division Overview
Distribution Statement A: Approved for Public Release; Distribution is unlimited. 1 Electronic Warfare Information Operations 29 MAR 2011 Val O’Brien.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
5/17/ SUPPORT THE WARFIGHTER DoD CIO 1 (U) FOUO DoD Transformation for Data and Information Sharing Version 1.0 DoD Net-Centric Data Strategy (DS)
National Space-Based Positioning, Navigation, and Timing (PNT) Federal Advisory Board DHS Challenges & Opportunities Captain Curtis Dubay, P.E. Department.
UNCLASSIFIED 1 Joint Net-Centric Operations Strawman Joint Net-Centric Operations: The ability to exploit all human and technical elements of the joint.
Connecting People With Information DoD Net-Centric Services Strategy Frank Petroski October 31, 2006.
Chapter 1 – Introduction
NATO Network Enabled Capabilities
DoD Systems and Software Engineering A Strategy for Enhanced Systems Engineering Kristen Baldwin Acting Director, Systems and Software Engineering Office.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Stephen S. Yau CSE465 & CSE591, Fall Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,
Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,
C4ISR and Information Warfare
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Stephen S. Yau CSE , Fall Security Strategies.
Session 121 National Incident Management Systems Session 12 Slide Deck.
Higher Education Cybersecurity Strategy, Programs, and Initiatives Rodney Petersen Policy Analyst & Security Task Force Coordinator EDUCAUSE.
Army Doctrine Publication (ADP) 3-37; and Army
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.
BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.
A Combat Support Agency Defense Information Systems Agency Expanding Non-DOD Partnerships 17 August 2011.
Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 DRAFT.
DoD Acquisition Domain (Sourcing) (DADS) Analysis of Alternatives (AoA) E-Business/SPS Joint Users’ Conference November 15-19, 2004 Houston, TX.
Connecting People With Information DoD Transformation to Net-Centric Operations via Net-Centric Strategies For further information OSD at:
I n t e g r i t y - S e r v i c e - E x c e l l e n c e Headquarters U.S. Air Force 1 Lt Gen Bill Lord, SAF/CIO A6 Chief of Warfighting Integration and.
Information Assurance Program Manager U.S. Army Europe and Seventh Army Information Assurance in Large-Scale Practice International Scientific NATO PfP/PWP.
Assessment Presentation Philip Robbins - July 14, 2012 University of Phoenix Hawaii Campus Fundamentals of Information Systems Security.
Air University: The Intellectual and Leadership Center of the Air Force Aim High…Fly - Fight - Win The AFIT of Today is the Air Force of Tomorrow. Distribution.
Center of Excellence for IT at Bellevue College. Cyber security and information assurance refer to measures for protecting computer systems, networks,
Army Net-Centric Data Strategy Center Of Excellence (ANCDS) Army Data Harmonization and Integration Working Group (ADHIWG) Sever Ciorlian ANCDS Team Lead.
Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.
FLTC Perspective Focused Long Term Challenges (FLTCs) are an innovative approach to match user requirements with relevant technology development, while.
Import of New Security Environment Keys to Transformation: Exploit Technology Exploit DOD ability to integrate processes Result: JV2010 Vision shall.
C4ISR and Information Warfare Naval Weapons Systems.
Air Force Strategy to Resources
Mr. Tom Matthews OUSD(I) The overall classification of this brief is UNCLASSIFIED Discussion with the Intelligence Community Officer Course 10 April 2006.
Paul A. Strassmann, Copyright Stevens Institute of Technology The Structure of I.T. Spending as Measure of Organizational Disorder Paul A. Strassmann,
A Global Approach to Protecting the Global Critical Infrastructure Dr. Stephen D. Bryen.
Enterprise Cybersecurity Strategy
1 1 Cybersecurity : Optimal Approach for PSAPs FCC Task Force on Optimal PSAP Architecture Working Group 1 Final Report December 10 th, 2015.
SYSTEM OF SYSTEMS (SOSSEC) CONSORTIUM
1 Power to the Edge Agility Focus and Convergence Adapting C2 to the 21 st Century presented to the Focus, Agility and Convergence Team Inaugural Meeting.
Latest Strategies for IT Security Margaret Myers Principal Director, Deputy CIO United States Department of Defense North American Day 2006.
JAEC Assessment Initiatives and Implications Julia Loughran ThoughtLink, Inc Presented to: NDIA’s Training Transformation.
1 Innovation & Transformation: Enabling Information Superiority for the Warfighter Mr. Arthur R. Friedman OASD(NII)/DoD CIO 4 October 2006.
Protecting Against Cyber Challenges Pacific Operational Science & Technology Conference 15 March 2011 Rob Wolborsky Chief Technology Officer Space and.
Sicherheitsaspekte beim Betrieb von IT-Systemen Christian Leichtfried, BDE Smart Energy IBM Austria December 2011.
Coast Guard Cyber Command
INFORMATION ASSURANCE POLICY. Information Assurance Information operations that protect and defend information and information systems by ensuring their.
Environment, Safety, and Occupational Health Opportunities in DoD Business Transformation May 4, 2006.
Risk Controls in IA Zachary Rensko COSC 481. Outline Definition Risk Control Strategies Risk Control Categories The Human Firewall Project OCTAVE.
Software Assurance Security Issues
8 Building Blocks of National Cyber Strategies
Engineering Autonomy Mr. Robert Gold Director, Engineering Enterprise
Information Operations Conditions (INFOCONs) In The Real World
Steering Committee Brief to the DoD M&S Conference 2008
Presentation transcript:

1 Colonel Gene Tyler Director, Defense-wide Information Assurance Program Office of the Assistant Secretary of Defense, Networks and Information Integration U.S. Department of Defense Information Assurance

2 Information Assurance (IA) IA (U.S. Definition) Measures that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation. This includes providing for restoration of information systems by incorporating protection, detection and reaction capabilities. Protect - Provides for the availability, integrity, authenticity, confidentiality, and non-repudiation of information or transactions Detect - Provides for the ability to detect efforts to disrupt and deny services React - Provides for reconstitution of information and services in case of a successful disruption or denial

3 Definitions Availability - Information and information systems are available when needed to support mission critical, mission support, and administrative purposes. Integrity - Data is unchanged from its source--has not been accidentally or maliciously altered. Authentication - Data, and their originators, are authentic, and that a recipient is eligible to receive specific categories of information Non-Repudiation - Strong and substantial evidence of an information exchange or transaction. Confidentiality - Information can be read only by authorized entities e.g. encryption

4 SECDEF’s Transformational Goals*:  First, to defend the U.S. homeland and other bases of operations, and defeat nuclear, biological and chemical weapons and their means of delivery;  Second, to deny enemies sanctuary—depriving them of the ability to run or hide—anytime, anywhere.  Third, to project and sustain forces in distant theaters in the face of access denial threats;  Fourth, to conduct effective operations in space;  Fifth, to conduct effective information operations; and,  Sixth, to leverage information technology to give our joint forces a common operational picture. “….Protect our information networks from attack”......Use information technology to link up different kinds of US forces so that they can in fact fight jointly...” * From Secretary Rumfeld’s speech to the National Defense University 21 Jan 2002 Information Assurance – Emphasis Starts at the Top

5 Our ability to leverage the power of information will be key to our success in the 21st Century. I am committed to: Make information available on a network that people depend on and trust Populate the network with new, dynamic sources of information to defeat the enemy Deny the enemy information advantages and exploit weakness to support Network Centric Warfare and the transformation of DoD business processes. John P. Stenbit ASD(NII) Information Assurance – Senior Leadership Emphasis

6 Information Security & Global Networks Global Economy Global Information Environment Electronic Security Must Be Global U.S. Cannot “Solve” Problem Unilaterally International Cooperation Required Think Global!

7 Detected “Events” As of 1 Jan ,844 22,144 23,662 40,076 46, ,000 10,000 15,000 20,000 25,000 30,000 35,000 40,000 45,000 50, Malicious Activity Continues to Climb "Information Networks must be controlled, protected, and managed as effectively as weapon systems” Lt Gen Harry D. Raduege, DISA Director Unauthorized DoD Intrusions (314 Category 1 & 2 Intrusions as of 1 Jan 03) IAVA/ Bulletins “New” Intrusion Method or Under Analysis “Poor Security Practices” “Multiple Vulnerabilities” Virus Growth Per Month (Internet - “Wild List”) Jan May NovSep Jul Mar As of 1 Jan 03 36% 30% 14% 20%

8 Net-Centric Warfare C2 Transportation / Logistics Sensors INTEL Weapons Systems Network In NCW, the Network is the center of gravity: the focus on which all elements of combat power depend

9 Scope of the IA Mission Sustaining base Systems and Business systems Weapon Systems Infrastructure Power projection platforms and communications Command & Control (C2) systems Situation awareness Information everywhere Information is used everywhere and is vital to Warfighters and Operational Readiness Sensor-to -Shooter Logistic systems

10 The Changing Technology Environment PAST – dedicated circuits – stovepiped systems – government developed and produced solutions – “risk avoidance” – limited cooperation with industry – government-owned and – controlled security mgt infrastructure (SMI) PRESENT – highly interconnected – interdependent – commercial technology forms the basis for solutions – “risk management” – full and open cooperation with industry – global interoperable public key-based SMI FUTURE – genetic algorithms – neural networks – intelligent agents – nano-technologies – distributed computing – wireless – changing architectures, operations, technology all aimed at leveraging the “richness and reach” of the internet – where are the boundaries? We cannot afford to “stay the course”

11 Goals Objectives Protect Information Protect Information Defend Systems & Networks Defend Systems & Networks Provide Situational Awareness / IA C2 Provide Situational Awareness / IA C2 Transform and Enable IA Capabilities Transform and Enable IA Capabilities Create an IA Empowered Workforce Create an IA Empowered Workforce Establish timely Intelligence and I&W information to enterprise SA Infuse IA into other disciplines Harmonize NETOPS, IO, CNA, CND relationships Develop & Enforce CND Policies Create SA Visualization capabilities Evaluate & Deploy CND Tools and Capabilities Establish GiG Network Defense Architecture & To Be Baseline Develop & Deploy Protection Capabilities Promulgate IA Architecture Define Protection Criteria for Netcentric Opns Enhance IA skill levels Provide trained/skilled personnel Standardize baseline certifications Enable Information sharing & collaboration Improve strategic decision making Expedite dynamic IA capabilities through innovation Ensure IA is integrated & sustained in all programs throughout the lifecycle IA Mission and Strategy Establish vertical & horizontal defense mechanisms w/I CND RAF Coordinate IA ops & decisions Transform SMI IA Mission Assure DoD’s Information, Information Systems and Information Infrastructure and Support DoD’s Transformation to Network and Data Centric Operations and Warfare

12 OPERATIONSTECHNOLOGY PERSONNEL No Single Solution! Solution requires a multidimensional approach Trained and disciplined personnel Improved operations (including updated policies) Innovations in technology Solutions must address importance of Information Technology in elements of the Critical Infrastructure, for example, Power, Transportation, other The DoD IA Strategy

13

14 BACKUP

15 Personnel Cyber security training and awareness –Platform Training –Computer Based Training (CBT) –Video Certification of information system operators, administrators, and maintainers Career field management - focus on retention Partnership with industry for cooperative internships National InfoSec Education & Training Program Academic Centers Of Excellence (36 today)

16 Operations Integrated Information Assurance Policy Information Assurance Vulnerability Alert (IAVA) Process –Positive Control Service and Agency Computer Emergency Response Teams Joint Task Force - Computer Network Operations (JTF-CNO) –Coordination within the Department of Defense, and with other government departments and agencies Continuous Vulnerability Analysis and Assessment Program Exercises to test protection, detection, and response capabilities

17 Technology Full spectrum Information Assurance solutions –Layered Information Assurance strategy (Defense-in-Depth) –Deployment of intrusion detection technology –Strategic partnership with industry Security-enabled commercial products Open security framework –National Information Assurance Partnership (NIAP) Common Criteria evaluations Global, interoperable Security Management Infrastructure R&D for highly assured products and systems R&D for real-time monitoring, data collection, analysis, and visualization

18 IA Strategy and Defense-in- Depth (DiD) Interface Defense-in- Depth: Establishes our defenses in place and gives DoD a basic defensive framework IA Strategy: Takes concepts of DiD and brings the warfighter into the IA arena

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.