Download presentation
Presentation is loading. Please wait.
1
QUANTICO POTOMAC AFCEA
19 APRIL 2016
2
CYBER OBSERVATIONS “THE NATION THAT HAS THE MOST TO GAIN FROM TECHNOLOGY HAS THE MOST TO LOSE IF THAT TECHNOLOGY IS DENIED OR ADVERSELY ALTERED.” NOT ENOUGH MONEY TO DO WHAT NEEDS TO BE DONE, SO FOCUS ON THE MISSION; THE “MUST HAVES” NOT THE “NICE TO HAVES”. PUBLIC POLICY IS ADRIFT. LACK OF BI-PARTISANSHIP: PRIVACY VS SECURITY INDUSTRY GROWING IMPATIENT CONSTITUTIONAL RIGHT TO DEFEND ROME IS BURNING AND WE ARE FIDDLING! NEED NATIONAL LEADERSHIP ON THE ORDER OF GENERAL GEORGE MARSHALL.
3
CYBER OBSERVATIONS (CONT.)
GOVERNMENT NEEDS TO OPEN THE KIMONO MUCH WIDER TO INDUSTRY ON THE MATTER OF CYBER THREATS,…THERE IS GREATER RISK IN WITHHOLDING INFORMATION THAN SHARING IT. TRUST FACTOR IMPACT ON RESOURCING THERE HAS NEVER BEEN A TIME WHERE THE ETHICAL EXCHANGE OF INFORMATION AND IDEAS BETWEEN INDUSTRY, GOVERNMENT AND ACADEMIA HAS BEEN MORE NEEDED. BUDGET PRESSURES CONTRACTING DEFENSE INDUSTRIAL BASE COMPLEX GLOBAL SECURITY ENVIRONMENT AS A NATION WE ARE FALLING SHORT!!! .
4
CYBER OBSERVATIONS (CONT.)
HACKS IN THE PRIVATE SECTOR ARE WORSE THAN IN GOVERNMENT, BUT NOT WIDELY ADVERTISED. UNNECESSARY AND IMPRUDENT BARRIERS HAVE BEEN PLACED IN THE WAY OF DIALOG BETWEEN INDUSTRY & GOVERNMENT PARTICIPANTS… CONTRAST WITH EUROPEAN MODEL RESPONSIBILITY AND ACCOUNTABILITY? LPTA IS INAPPROPRIATE VEHICLE FOR most IT, NETWORKING SERVICES AND SECURITY CONTRACTS. DON’T DISGUISE LPTA AS BEST VALUE. Users and capability sponsors mUST STAY continually engaged with ACQUISITION COMMUNITY.
5
CYBER OBSERVATIONS (CONT.)
GOVERNMENT WILL HAVE A DIFFICULT TIME COMPETING WITH INDUSTRY FOR TALENT!!! THE SKILL REQUIREMENT BAR IS PRESENTLY TOO LOW!!! IMPACT OF GLOBALIZATION AND THE INDUSTRY VIEW. BUDGET CHALLENGES ALMOST ALWAYS BRING CUTS TO TRAINING… UNDERFUNDED TO BEGIN… MASS IS NOT THE KEY IN CYBER; INTELLECT, SKILL, PRECISION AND SPEED ARE THE KEYS. TRAINING MUST BE CONTINUOUS…LOOK AT NUCLEAR REACTOR MODEL.
6
CYBER OBSERVATIONS (CONT.)
OUR CYBER THOUGHT IS ENCUMBERED BY TRADITIONAL LINEAR THINKING…WE ARE DEALING WITH A THINKING, RATIONAL ADVERSARY IN AN ASYMETRICAL WORLD THAT IS PROGRESSING EXPOTENTIALY. ENORMITY OF THE GOVERNMENT ENTERPRISE MAKES IT NEARLY IMPOSSIBLE TO RESOURCE AND KEEP WITH GROWTH OF TECHNOLOGY. SHEER SCALE OF DoD (GOVT.) UNDER APPRECIATED.
7
CYBER OBSERVATIONS (CONT.)
Intelligence resources need to be expanded to PROVIDE a focused effort ON CYBER. The trend in convergence is a double edged sword. EFFICIENCY ≠ EFFECTIVENESS. Be careful!!! SCADA systems used to be physically separated. Now they are often logically converged…must be secure before converging…adversaries are sharpening their skills on scada systems.
8
CYBER OBSERVATIONS (CONT.)
RISK MANAGEMENT: THERE IS A NEED FOR A RIGOROUS MISSION ANALYSIS OF CYBER SECURITY ISSUES. FOCUS ON THE MISSION THREADS!!! RISK IS MEASURED BY THE CONSEQUENCES OF THINGS THAT GO WRONG AND THE CORRESPONDING LIKELIHOOD OF THEIR OCCURRENCE. WHEN CONSEQUENCES ARE EXTREME, THE LIKELIHOOD OF OCCURRENCE NEEDS TO BE DRIVEN TOWARD ZERO. The same level of rigor is needed in cyber risk assessment as we place on other key areas such as aircraft design, nuclear power and space system deSIGN.
9
“A MODEL” “THE NOISE” FOCUS MANAGE FOCUSED/SAVVY LEADERSHIP
MISSION FOCUS CULTURE CHANGE EFFECTIVE C2 STRUCTURE ACCOUNTABILITY AND RESPONSIBILITY OPERATIONALIZE THE NETWORK SOFTWARE ASSURANCE CIP SYSTEMS ENGINEERING CERTIFICATION EDUCATION- TRAINING- RETENTION CONFIGURATION MANAGEMENT / CONTROL ROLES AND RESPONSIBILITIES POLICY DISCIPLINE POLICY AND POLICY ENFORCEMENT SUPPLY CHAIN SECURITY RISK MANAGEMENT STRATEGY “THE NOISE”
Similar presentations
