CNCI-SCRM STANDARDIZATION Discussion Globalization Task Force OASD-NII / DoD CIO Unclassified / FOUO.

Slides:

Advertisements

Similar presentations

Chapter 3 E-Strategy.

Advertisements

Trusted Computing in Government Networks May 16, 2007 Richard C. (Dick) Schaeffer, Jr. Information Assurance Director National Security Agency.

Public B2B Exchanges and Support Services

AFCEA DC Cyber Security Symposium Military Joint Cyber Command Panel Harry Raduege Lieutenant General, USAF (Ret) Chairman, Center for Network Innovation.

The Military Challenge of Cyber AOC Talk on Cyber, EW and IO Dr Gary Waters, 17 April 2012.

Tenace FRAMEWORK and NIST Cybersecurity Framework Block IDENTIFY.

CUBIC DEFENSE APPLICATIONS Security Summit Discussions Jeff Snyder Vice President, Cyber Programs Cubic Defense Applications.

UNCLASSIFIED December 2010 Is N.I.C.E.. UNCLASSIFIED THE PRESENT Comprehensive National Cybersecurity Initiative Initiative #8, Expand Cyber Education.

Classification The Threat Environment Joyce Corell, NCSC Assistant Director for Supply Chain National Defense Industrial Association Global Supply Chain.

1 Moderated by Gordon Gillerman National Institute of Standards & Technology November 10, 2010 Ninth Annual ANSI-HSSP Plenary: U.S. European Collaboration.

U.S. General Services Administration Presentation to: Software and Supply Chain Assurance Forum Improving Cybersecurity through Acquisition December 17,

CYBERSPACE A Global War-fighting Domain Every minute of every day, Airmen in the United States Air Force are flying and fighting in cyberspace.

The U.S. Coast Guard’s Role in Cybersecurity

INFORMATION SYSTEMS & GLOBAL SERVICES Craig Solem, CISSP Lockheed Martin Information Systems and Global Services Program Manager, Joint Medical information.

DHS, National Cyber Security Division Overview

South Carolina Cyber.

UNCLASSIFIED Shaping the Future of Cybersecurity Education October 2010 NATIONAL INITIATIVE FOR CYBERSECURITY EDUCATION (NICE) Is N.I.C.E.

29 May 2006RNSA Workshop 1 Social Implication of National Security RNSA Workshop The risk of public data availability on critical infrastructure protection.

Developing Information Security Policy. Why is Developing Good Security Policy Difficult? Effective Security/IA Policy is more than locking doors and.

SECR 5140-FL Critical Infrastructure Protection Dr. Barry S. Hess Spring 2 Semester Week 3: 1 April 2006.

What is an Information System? Input of DataResourcesProcessing Data Data Control of System Performance Storage of Data Resources Output of InformationProducts.

James Ennis, Department of State, USA ITU-D Question 22/1 Rapporteur.

Information Assurance and Higher Education Clifton Poole National Defense University Carl Landwehr National Science Foundation Tiffany Olson Jones Symantec.

Health IT RESTful Application Programming Interface (API) Security Considerations Transport & Security Standards Workgroup March 18, 2015.

Supplier Selection & Evaluation

Software Assurance Software Acquisition Working Group Chairs: Stan Wisseman Booz Allen Hamilton Mary L. Polydys National Defense University Information.

Resiliency Rules: 7 Steps for Critical Infrastructure Protection.

Experiences from establishing a national Centre for Information Security in Norway TERENA Networking Conference 2003 Maria Bartnes Dahl &

Whitacre College of Engineering Panel Interdisciplinary Cybersecurity Education Texas Tech University NSF-SFS Workshop on Educational Initiatives in Cybersecurity.

Bill Newhouse Program Lead National Initiative for Cybersecurity Education Cybersecurity R&D Coordination National Institute of Standards and Technology.

Critical Emerging Network-Centric Applications Tele-control/tele-presence Defense Tele-medicine Remote plane/vehicle/robot control Distance learning Real-time.

9/11/ SUPPORT THE WARFIGHTER DoD CIO 1 Sample Template Community of Interest (COI) Steering Committee Kick-off Date: POC: V1.0.

Jeju, 13 – 16 May 2013Standards for Shared ICT CYBERSECURITY-RELATED STANDARDS ACTIVITY IN THE TELECOMMUNICATIONS INDUSTRY ASSOCIATION Eric Barnhart, Fellow.

Cloud Computing Zach Ciccone Claudia Rodriguez Annia Aleman Xiaoying Tu Nov 14, 2013.

Supporting a Healthy, Stable, Resilient Internet.

1 © 2003 Cisco Systems, Inc. All rights reserved. CIAG-HLS Security For Infrastructure Protection: Public-Private Partnerships KEN WATSON 15 OCT.

BOTSWANA NATIONAL CYBER SECURITY STRATEGY PROJECT

Critical Infrastructures CJ416 Unit 7 Seminar Eric Salvador.

International Cyber Warfare and Security Conference Cyber Defence Germany's Analysis of Global Threats 19th November 2013, Ankara.

Information Sharing Challenges, Trends and Opportunities

Halifax, 31 Oct – 3 Nov 2011ICT Accessibility For All SMART GRID ICT: SECURITY, INTEROPERABILITY & NEXT STEPS John O’Neill, Senior Project Manager CSA.

Radar Open Systems Architectures

Delivering results that endure Delivering Results that Endure Managing Risks in the Software Acquisition Process GFIRST Conference June 2007 Stan Wisseman.

Understanding Technology Stakeholders: Their Progress and Challenges John M. Gilligan Software Assurance Forum November 4, 2009.

Internet2 Health Sciences Mary Kratz Internet2 Health Science Manager March Spring Member Meeting International Session.

Innovation: The Key to the Future of Security  Douglas Maughan, Division Director, DHS S&T  Moderator: Illena Armstrong.

Randy Beavers CS 585 – Computer Security February 19, 2009.

A Global Approach to Protecting the Global Critical Infrastructure Dr. Stephen D. Bryen.

Issues Facing Suppliers and Users of IT Products and Services 4 Short term 4 Long term.

National Cybersecurity Center of Excellence Increasing the deployment and use of standards-based security technologies Mid-Atlantic Federal Lab Consortium.

Fax: (703) DoD BIOMETRICS PROGRAM DoD Biometrics Management Office Phone: (703)

1 1 Cybersecurity : Optimal Approach for PSAPs FCC Task Force on Optimal PSAP Architecture Working Group 1 Final Report December 10 th, 2015.

UNCLASSIFIED 1 National Security in Cyberspace: It Takes a Nation Sandra Stanar-Johnson NSA/CSS Representative to the Department of Homeland Security February.

Cyber Security Architecture of Georgia Giorgi Tielidze 0 Current Challenges and Future Perspectives Tbilisi 2015.

6 February 2004 Internet2 Priorities 2004 Internet2 Industry Strategy Council Douglas Van Houweling.

Latest Strategies for IT Security Margaret Myers Principal Director, Deputy CIO United States Department of Defense North American Day 2006.

Advancing Government through Collaboration, Education and Action Cybersecurity SIG Priority Area Project/Activity Report SIG Leadership Meeting July 17,

US CYBER COMMAND The overall classification of this brief is: UNCLASSIFIED 1 Perspectives from the Command to APEX LtGen Robert E. Schmidle USMC Deputy.

Protecting Against Cyber Challenges Pacific Operational Science & Technology Conference 15 March 2011 Rob Wolborsky Chief Technology Officer Space and.

Coast Guard Cyber Command

National Cybersecurity Strategies: Global Trends in Cyberspace Online Paper Presentation 2016 AU Graduate Student Conference September 17 Regner Sabillon,

Society for Maintenance and Reliability Professionals (SMRP)

DoD Cyberspace Workforce Definitions

Information Technology Sector

Improving Mission Effectiveness By Exploiting the Command’s Implementation Of the DoD Enterprise Services Management Framework - DESMF in the [name the.

DoD Cyberspace Workforce Definitions

Chief, ARSTAF Cyberspace Task Force

THE CYBER LANDSCAPE UNCLASSIFIED CROSS DOMAIN NETWORK & INFO SHARING

IoT and Supply Chain Risk Management

Anti-Counterfeit Policy Framework

Presentation transcript:

CNCI-SCRM STANDARDIZATION Discussion Globalization Task Force OASD-NII / DoD CIO Unclassified / FOUO

Globalization brings challenges The government has suppliers that it may not know and may never see –Less insight into suppliers’ security practices –Less control over business practices –Increased vulnerability to adversaries “Scope of Supplier Expansion and Foreign Involvement” graphic in DACS Secure Software Engineering, July 2005 article “Software Development Security: A Risk Management Perspective” synopsis of May 2004 GAO report “Defense Acquisition: Knowledge of Software Suppliers Needed to Manage Risks”

3 Trusted Internet Connections Focus Area 1 Deploy Passive Sensors Across Federal Systems Pursue Deployment of Intrusion Prevention System (Dynamic Defense) Pursue Deployment of Intrusion Prevention System (Dynamic Defense) Coordinate and Redirect R&D Efforts Connect Current Centers to Enhance Cyber Situational Awareness Increase the Security of the Classified Networks Develop a Government Wide Cyber Counterintelligence Plan Define and Develop Enduring Leap Ahead Technology, Strategies & Programs Expand Education Define the Federal Role for Extending Cybersecurity into Critical Infrastructure Domains Develop Multi-Pronged Approach for Global Supply Chain Risk Management Define and Develop Enduring Deterrence Strategies & Programs Focus Area 2 Focus Area 3 Establish a front line of defense Demonstrate resolve to secure U.S. cyberspace & set conditions for long-term success Shape the future environment to demonstrate resolve to secure U.S. technological advantage and address new attack and defend vectors Comprehensive National Cybersecurity Initiative (CNCI)

Systems Assurance TRADESPACE Higher COST can buy Risk Reduction Lower Cost usually means Higher RISK Slippery Slope / Unmeasurable Reqts SCRM Standardization and Levels of Assurance will enable Acquirers to better communicate requirements to Systems Integrators & Suppliers, so that the “supply chain” can demonstrate good/best practices and enable better overall risk measurement and management. Unique Requirements COTS products Suppliers Acquirers Systems Integrators

SCRM Stakeholders CIP DoD DHS & IA Commercial Industry SCRM STANDARDIZATION Enabled by Information Sharing Other Users SCRM “commercially acceptable global standard(s)” must be derived from Commercial Industry Best Practices. US (CNCI ) has vital interest in the global supply chain. SCRM Standardization Requires Public-Private Collaborative Effort

Back-up Slides Unclassified / FOUO

SDO Landscape: SCRM Perspective

SCRM Study Periods: Nov’09 – Apr’10 / May-Oct’10 SCRM Ad Hoc WG SCRM Ad Hoc WG Potential ICT SCRM ISO Standard Development Adoption