Presentation is loading. Please wait.

Presentation is loading. Please wait.

Navy Cybersecurity Engineering 17 October 2017

Published bySusanna Allen Modified over 6 years ago

Similar presentations

Presentation on theme: "Navy Cybersecurity Engineering 17 October 2017"— Presentation transcript:

1 Navy Cybersecurity Engineering 17 October 2017
Presented to: DAU West Acquisition Training Day Presented by: RDML Ron Fritzemeier Chief Engineer Space and Naval Warfare Systems Command (SPAWAR) The overall classification of this brief is: UNCLASSIFIED//FOUO DISTRIBUTION C: Distribution authorized to the U.S. Government agencies and their contractors (Administrative or Operational Use). 18 Aug Other request for this document shall be referred to COMSPAWAR or SPAWAR 5.0.

2 SPAWAR Organization Chief of Naval Operations
Assistant Secretary of the Navy, Research, Development and Acquisition SPAWAR COMMANDER RADM C. D. Becker Executive Director Pat Sullivan PEO C4I RDML Carl Chebi John Pope, ED PEO Space Systems RDML Carl Chebi Fleet Readiness Directorate CAPT Ed Anderson Rob Wolborsky, ED SPAWAR Washington Operations Thresa Lang PEO EIS Ruth Youngs Lew CAPT Don Harder, DPEO 1.0 Comptroller Steve Dunn 2.0 Contracts Nancy Gunderson 3.0 Office of Counsel Amy Weisman 4.0 Logistics & Fleet Support William Luebke 5.0 Chief Engineer RDML Ron Fritzemeier Mike Spencer, DCHENG 6.0 Program Management Craig Madsen 7.0 Science & Technology Stephen Russell 8.0 Corporate Operations Kimberly Kesler Echelon III Activities SPAWAR Space Field Activity CAPT Eric Hendrickson, CO SPAWAR Systems Center Pacific CAPT Mel Yokoyama, CO Bill Bonwit, ED SPAWAR Systems Center Atlantic CAPT Scott Heller, CO Chris Miller, ED

3 SPAWAR: The Navy’s Information Warfare (IW) Systems Command (SYSCOM)
As the Navy’s Information Warfare Systems Command, SPAWAR develops advanced communications and information warfare capabilities Majority of systems developed at SPAWAR are software intensive systems As the Navy’s Information Warfare Systems Command, SPAWAR develops advanced communications and information warfare capabilities Software intensive systems Interoperability Cyber DoD Guidance related to SwA updated to account for recent changes in DoD policy and increased focused on cybersecurity DoD’s Trusted Systems and Networks strategy integrates Robust Systems Engineering Supply Chain Risk Management Security Counterintelligence & Intelligence Cybersecurity Hardware & Software Assurance

4 Overview Navy is using a holistic systems engineering process to enhance cybersecurity readiness RMF is a part of that holistic process Using Navy’s technical authority construct Cross-Navy SYSCOM team effort to define Navy’s implementation of security controls Maximize operational effectiveness Minimize Total Ownership Cost Ultimately about minimizing risk to successfully complete mission Articulate residual risk in fielded systems to support operations planning and development of TTPs to mitigate those risks RMF is being integrated into Navy’s holistic Systems Engineering process

5 Cyber Resilience to Address Continuously Evolving Cyber Threats
The Cyber Threat Increases in volume and sophistication at the speed of technology Continuously Evolves Will always remain a challenge, but… That doesn’t mean we don’t know what to do Designing for Cyber Resiliency Move to a defendable architecture by executing IT/IA TAB guidance Implement the Defense-in-Depth Functional Implementation Architecture (DFIA) Implement the IA TA (Cybersecurity) Standards

6 Anatomy of a Cyber Attack
Objective / Resources Data Gathering / Target Identification Identify Vulnerabilities / Scanning / Enumeration Gain Access / Create Foothold Gain Escalated Privileges / Root Access Multiple Footholds / Paths / Backdoors Obfuscate Presence Exploit / Exfiltration / Attack to Achieve Objective 1 2 3 4 5 6 7 8 Motive Discover Probe Penetrate Escalate Expand Persist Execute Identify Protect Detect Respond Recover

7 UNCLAS//FOUO Challenges to Improving Navy Cybersecurity Today’s Navy Cyber Environment The Collective Result of Individual Decisions Infrastructure: Too much Too varied Too old Software & Applications: Too many Too varied to maintain it all UNCLAS//FOUO Holistic Enterprise Approach to Drive Interoperability & Cybersecurity Infrastructure: Rapid hardware refresh as a requirement Decouple Hardware from Software & Applications Software & Applications: Quality Assurance Configuration Management Today’s Navy Infrastructure is Flat, Riddled with Seams and Flaws UNCLAS//FOUO

8 Holistic Implementation Strategy Designing for Cyber
Cyber Requirements: Higher level DoD guidance National Institute of Standards & Technology (NIST) Information Technology (IT) / Information Assurance (IA) Technical Authority Board (TAB) provides guidance tailored for Navy-specific implementation Navy Cybersecurity Architecture with Afloat, Ashore and Aviation instantiations NAVY PoRs/Projects Cyber Specifications and Standards guide POR/Project efforts toward common implementation of Security Controls

9 Requirements Flow Applicable Guidance TAB Products DoDI 8500.01
Requirements References: DoDI : Cybersecurity DoDI : Risk Management Framework for DoD IT CNSSI 1253: Committee on National Security Systems (CNSSI) 1253, “Security Categorization & Control Selection for National Security Systems” NIST SP : National Institute of Standards & Technology (NIST) Special Publication (SP) , “Security & Privacy Controls for Federal Information Systems & Organizations” NIST SP : National Institute of Standards & Technology (NIST) Special Publication (SP) , “Guide to Industrial Control Systems Security” DFIA: Defense-in-Depth Functional Implementation Architecture HLP: Host Level Protection ISCM: Information Systems Continuous Monitoring DoDI Applicable Guidance CNSSI 1253 NIST SP NIST SP (Applicable to NCS) DFIA (e.g. HLP, ISCM, Cyber SA, etc.) (e.g. HLP, ISCM, Cyber SA, etc.) TAB Products Standards (e.g. HLP, ISCM, Cyber SA, etc.) Individual System Cybersecurity Requirements * Flowchart is representative of the DFIA vision to satisfy the required Cybersecurity controls

10 Providing Technical Leadership to Guide the Navy’s Enterprise Approach to Cyber
SPAWAR chairs the Information Technology (IT) / Information Assurance (IA) Technical Authority Board (TAB) Cross-Navy governance board for reviewing, adjudicating & endorsing IT & IA TA products for use throughout the Naval Enterprise The authority, responsibility, and accountability to establish, monitor and approve technical standards, tools, and processes in conformance with DoD and DON policy, requirements, architectures, and standards STAKEHOLDERS PRINCIPAL MEMBERS NAVSEA NAVAIR NAVFAC NAVSUP MARCOR DASN RDT&E SPAWAR (TAB CHAIR) PEOs / PMs NAVSEA 08 HQMC C4 DDCIO (MC) FCC / C10F OPNAV N2N6 DON CIO DASN C4I / IO & Space WORKING GROUPS Information Assurance WG Information Technology WG Implementation WG Cyber Risk to Mission WG Driving Cybersecurity Consistently Across the Navy Enterprise

11 DFIA Standard Overview
DFIA: Defense-in-Depth Functional Implementation Architecture Off Platform Communications Provides Quality of Service and Data in Transit Encryption Manages connections (communication) that goes off the platform (e.g., connects to the WAN) Platform Boundary Defines the Navy’s Reference Cybersecurity Architecture for Afloat, Ashore, and Aviation for Defense-in-Depth approach to Cybersecurity Represents logical layers of requirements vice a physical implementation Defines the minimum set of standards required at the system level Increased connectivity drives additional cybersecurity requirements Provides inheritable functions/features Enclave Enclave Boundary Enclave Same security domain Continuous security perimeter Manages connections (communication) between enclaves on the same platform

12 Standards Mapped to the Architecture
*DFIA: Defense-in-Depth Functional Implementation Architecture

13 Anatomy of a Cyber Attack
IA Standards Aligned to NIST Framework Designed to Disrupt Cyber Kill Chain NIST Framework Anatomy of a Cyber Attack Security & Resiliency

14 Risk Management Framework Process Overview
ACAS, VRAM, etc. Cybersecurity Engineering Step 1 CATEGORIZE System Step 6 MONITOR Security Controls Step 2 SELECT Security Controls Categorize the system in accordance with the CNSSI 1253 Initiate the Security Plan Register system with DoD Component Cybersecurity Program Assign qualified personnel to RMF roles Determine impact of changes to the system and environment Assess selected controls annually Conduct needed remediation Update Security Plan, SAR, and POA&M Report security status to AO AO reviews reported status Implement system decommissioning strategy Common Control Identification Select security controls Develop system-level continuous monitoring strategy Review and approve Security Plan and continuous monitoring strategy Apply overlays and tailor RMF Authorizing Official (AO) / Functional Security Controls Assessor (SCA) Program Implementation Step 5 AUTHORIZE System Step 3 IMPLEMENT Security Controls Step 4 ASSESS Security Controls Prepare the POA&M Submit Security Authorization Package (Security Plan, SAR, and POA&M) to AO AO conducts final risk determination AO makes authorization decisions Implement control solutions consistent with DoD Component Cybersecurity architectures Document security control implementation in Security Plan Develop and approve Security Assessment Plan Assess security controls SCA prepares Security Assessment Report (SAR) Conduct initial remediation actions Risk Management Framework Intended to Provide Greater Insight into Cyber Risk Not DIACAP by Another Name!

15 Navy Approach to Cyber Engineering Top-Down Engineering Approach
Determine Controls Using Top-down Engineering Approach Maximizes RMF using a holistic SoS approach SYSCOM Engineering will assist systems with Steps 1 and 2 of RMF Categorization, Control Selection Alignment with CYBERSAFE Improved Inheritance Efficiency across programs Minimize Rework Desired end state is to monitor systems on a continuous basis (RMF Step 6) Leverage SYSCOM Engineering to Assist Programs with Cyber Requirements and RMF Transition

16 CYBERSAFE Grades & Controls
CYBERSAFE Grade A and B systems are CYBERSAFE Critical Items CYBERSAFE Grade C systems are not CYBERSAFE Critical items Applicable Security Controls CYBERSAFE Grade A Applies Grade B Controls and up to an additional 75 Enhanced Assurance Controls Grade A RMF + B + A Grade B RMF + B CYBERSAFE Grade B Applies up to 48 Assurance Controls (equivalent to high baseline for C/I/A) and 31 Enhanced Assurance Controls At the system level how does CYBERSAFE relate to RMF? The DRAFT OPNAVINST for CYBERSAFE states “The purpose of the CYBERSAFE Program is to provide maximum reasonable assurance of survivability and resiliency of critical warfighting IS and PIT systems…” To reiterate, CNSSI 1253 provides the “The MINIMUM required cybersecurity controls” to be used in the RMF, so we have a delta between CYBERSAFE’s “Maximum reasonable assurance” and RMF’s “Minimum required security control”. So what is that delta? Recall that NIST SP800-53Rev4 is the master catalogue of approximately 900 controls, and in those 900 controls are approximately 150 “High Assurance Controls” which are listed in Table E-4. So what are High Assurance controls?? High assurance controls are controls that should be used when one desires to have high assurance that the security controls selected in the categorization and controls selection process actually provide the desired security objectives. So the IAWG composed of NAVSEA/NAVAIR/NAVFAC/NAVSUP/SPAWAR reps decided that HIGH ASSURANCE CONTROLs would be an excellent means to articulate the delta between RMF’s minimum required controls and CYBERSAFE’s Maximum Reasonable Assurance. The IAWG formed a sub-working group to review the 150 High Assurance controls in NIST SP Rev4 and selected approximately 100 controls to be used in CYBERSAFE. The 100 controls were dispersed between GRADE A and GRADE B systems. But each system doesn’t typically bring all of the capabilities to satisfy all of the controls so they must rely on inheriting controls from other systems such as PKI to support Access Control, from their enclaves and platform boundaries or from other Processes such as training for IA Awareness, or physical security Grade C RMF CYBERSAFE Grade C No additional CYBERSAFE controls. Identifies RMF baseline set of controls from NIST applicable to all DoD IT, weapons systems, and controls systems Only CYBERSAFE Grade A and B Systems Require CYBERSAFE Security Controls

17 Systems Engineering Integrated with RMF and CYBERSAFE
Driving to a Single Integrated Synchronized Process with Multiple Authorities

18 Leadership Commitment to Improving Cyber Resilience A Key Consideration in All Navy Acquisition Activities Clear direction from Navy Leadership “We must implement these standards with a sense of urgency throughout the enterprise to counter the rapidly proliferating adversary cyber threats.” Cybersecurity Compliance of Information Assurance Technical Authority Standards Elevated priority of cybersecurity requirements → “a high priority when competed against other program requirements” “…where there are significant technical and financial obstacles from incorporating cybersecurity that impact the implementation of other valid mission capabilities, identify and execute feasible trade-offs within cost, schedule and performance to ensure the implementation of cybersecurity.” Signed 8 Nov 2016 VCNO ASN RDA Quarterly progress measurement and reporting reviews via the Cybersecurity EXCOM (VCNO and ASN RDA)

19 Addressing VCNO/ASN RDA Direction
SPAWAR’s approach for addressing Navy direction is DFIANT SPAWAR is using DFIANT to Align technical artifacts to drive design with POR schedules C4I DFIANT (Tactical Afloat) → CANES OB2 Shore Enterprise DFIANT → NGEN-R Support the development of CONOPs and TTPs Cybersecurity Compliance of Information Assurance Technical Authority Standards Signed 8 Nov 2016 VCNO ASN RDA

20 IA TA Cybersecurity Standards Provide High-Level Cybersecurity Requirements for Acquisition
Working across SYSCOMs to ensure consistency of technical guidance and implementation Coordinating with PEOs to provide the requirements for the PORs/Projects COMSPAWAR (RADM Dave Lewis): “Our intent in publishing these standards is for them to be included in design requirements, development and production contracts, or any other technical or engineering artifacts that touch on or influence cybersecurity designs for our various computer-based systems” - Working across SYSCOMs to ensure consistency of technical guidance and implementation - Coordinating with PEOs to provide the requirements for their Programs of Record and Projects Standards Lend Consistency to Cyber Acquisition Approach & Support Transition to RMF

21 Foundational Cybersecurity Artifacts Roadmap Completion Status
Revisions to Previously Completed Foundational Standards Required to Address Control Correlation Identifier (CCI) Mapping

22 Certification Building Blocks Cyber Risk to Mission (CRTM)
5.0 role in NWSCP/FRCB and opportunities to work together for better installation/deployment certification No existing, single certification process provides an end-to-end assessment of the cyber risk to the Fleet of fielded capabilities. We have processes in place to assess individual systems, and individual platforms. But our current platform assessments do not convey in a meaningful way the cyber risk to successfully carrying out warfighting missions. Where we think we need to get to, is putting into place the means to look at a delivered baseline, assess it across the adversary’s kill chain, and articulate the ability of the platform (or a Carrier Strike Group) to support Cyber Operations with appropriate Capabilities and Limitations (CAPS/LIMS). To start looking at how we might achieve this desired end state, the TAB has also established a Certification WG. The WG has been tasked to develop a certification approach that measures our holistic understanding of the cyber risk of our operational forces. End-to-End Cyber Certification approach that provides operational commanders with a bounded statement of cyber risk (CAPS/LIMS)

23 Summary The Cyber Threat Designing for Cyber Resiliency
Increases in volume and sophistication at the speed of technology Continuously Evolves Will always remain a challenge, but… Designing for Cyber Resiliency Move to a defendable architecture by executing IT/IA TAB guidance Implement the Defense-in-Depth Functional Implementation Architecture (DFIA) Implement the IA TA (Cybersecurity) Standards Implementation of IA TA architectures, specifications and standards narrows the cyber threat to more sophisticated adversaries

24

25 Cybersecurity Standard: Host Level Protection
UNCLASSIFIED//FOUO Cybersecurity Standard: Host Level Protection A “host” is defined by CNSSI 4009 as “any hardware device that has the capability of permitting access to a network via a user interface, specialized software, network address, protocol stack, or any other means.” Logically Layered Set of Requirements Off-Platform Communications Platform Boundary Enclave Boundary Enclave Host Level Protection establishes the capabilities necessary to defend against threats on client-facing systems in order to maintain a secure configuration Requirements this Standard addresses: Host Intrusion Detection/Prevention Host-Based Firewall Software Control Host Level Configuration Host Malicious Code Protection Device Management Tailored protective measures for Navy Information Systems and Navy Control Systems (NCS). Example– Host Level Protection Standard: Requirement (IATAHLP-001.7): Hosts shall detect, log, and report unauthorized data entering and exiting the host via all external interfaces (e.g., serial, USB, and network). Compensating Measures: In the event a host is unable to detect unauthorized data entering and exiting the host via all external interfaces, the system employs an intrusion detection mechanism external to the host. UNCLASSIFIED//FOUO

26 Cybersecurity Standard: Boundary Protection
UNCLASSIFIED//FOUO Cybersecurity Standard: Boundary Protection Boundary protections are applied to interfaces between enclaves and systems to prevent and detect malicious and other unauthorized communications Requirements this Standard addresses: Denial of Service (DoS) Protection Malicious Code Protection Communications-Traffic Management Access-Control and Management System Monitoring System Component Isolation Failure Control Cryptographic Protection Information Flow Logically Layered Set of Requirements Off-Platform Communications Platform Boundary Enclave Boundary Enclave This Standard is complimentary to the Network Firewall, Network Intrusion Detection System (IDS) and Intrusion Prevention Systems (IPS), Information Sharing – Cross- Domain Solution (CDS), and Remote Access Security Standards that satisfy Cybersecurity protections identified under DFIA. UNCLASSIFIED//FOUO

27 IT/IA TAB Way Forward Moving to Implementation and Compliance
Information Assurance WG Requirements NIST & DoD cybersecurity requirements tailored for standardized, Navy-specific implementation of security controls Cyber Risk to Mission WG Validation Provide operational commanders with an articulation of cyber risk to mission Information Technology WG Requirements Navy-specific implementation of IT solutions Implementation WG Implementation Operationally effective & cost efficient implementations of the standards System of Systems Engineering to Address Cyber End-to-End Moving Beyond Cyber Requirements

28 Performed at Least 1 Assessment with all PEO C4I System-Owning PMWs
RMF & CYBERSAFE Assessments Established an integrated assessment process for RMF & CYBERSAFE transition Addresses RMF Steps 1 & 2 and CYBERSAFE Phases 1 & 2 Ensures a consistent approach to cybersecurity engineering Establishes a system’s full set of cybersecurity requirements SPAWAR selected its Phase I systems to assess by identifying: Critical Inheritance Providers – CANES, NMCI, IA/CND, NEDCs Warfighting Enablers – GCCS-M, GPNTS, ADNS High-Visibility Systems – N-ERP, AWS, NTCSS CYBERSAFE Assessment status Completed Phase I systems Assessed an additional 86 systems beyond Phase I for a total of 142 SPAWAR systems Top 66 Progress Completed Scheduled Remaining 56 7 * *7 systems will decommission prior to RMF transition Performed at Least 1 Assessment with all PEO C4I System-Owning PMWs

29 IA TA Standards Integrate the RMF and the Systems Engineering Processes

30 IA Standards Mapped to NIST 800-53
IA Standards to NIST security controls matrix CNSSI 1253 Baselines CYBERSAFE Controls

31 Compensating Measure Example
UNCLASSIFIED//FOUO Accounting for Control Systems Challenges Cybersecurity Standards – Compensating Measures Standard Intent Requirement Example Compensating Measure Example Host Level Protection Establishes the capabilities necessary to defend against threats on client-facing systems in order to maintain a secure configuration Requirement (IATAHLP-001.7): Hosts shall detect, log, and report unauthorized data entering and exiting the host via all external interfaces (e.g., serial, USB, and network). In the event a host is unable to detect unauthorized data entering and exiting the host via all external interfaces, the system employs an intrusion detection mechanism external to the host. Requirement (IATAHLP-002.1): Hosts shall prevent unauthorized additions, removals, and modifications to the entire underlying file system and critical files and directories. In the event a host is unable to prevent unauthorized additions, removals, and modifications to the entire underlying file system and critical files and directories, it implements non-software-enforced write-protection mechanisms (e.g., hardware/firmware). Boundary Protection Defines the requirements and activities necessary for standardized implementation and configuration of boundary protection as part of the Defense-in-Depth Implementation Architecture (DFIA) Denial of Service Requirement (IATABP-003.2): Boundary protection capabilities shall restrict internal users from launching DoS attacks against other systems (i.e., connecting to and transmitting unauthorized communications on the transport medium [e.g., network, wireless spectrum]). Protections against the ability to launch DoS attacks may be implemented on specific systems or included in boundary protection capabilities. Malicious Code Protection Requirement (IATABP-005): Malicious code protection mechanisms shall be implemented and centrally managed. If centralized management capabilities are unavailable, increased auditing procedures may be utilized. UNCLASSIFIED//FOUO

32 System Assurance and Mission Assurance Efforts Must Happen in Parallel
CYBERSAFE Roadmap System Assurance Mission Assurance 6 Months Complete CYBERSAFE Grade determination and security control selection for high priority systems Complete cross-SYSCOM CYBERSAFE Mission Thread exercise (Trident Warrior 18) to demonstrate CYBERSAFE operational value 1 Year Complete CYBERSAFE Grade determination and control selection for all Navy systems. Focus on implementing CYBERSAFE controls. Determine and formalize CYBERSAFE operational requirements in parallel with Enclave and Platform determinations 3 Years Certify CYBERSAFE systems and perform continuous monitoring. Provide CYBERSAFE requirements feedback into acquisition. Certify Enclaves, Platforms, and Missions. Perform continuous monitoring. Provide feedback into future architecture planning. Focused on providing maximum assurance of CYBERSAFE systems and components across the life of the system Focused on providing maximum assurance of system-of-systems operations in support of warfighting missions System Assurance and Mission Assurance Efforts Must Happen in Parallel

33 VCNO and ASN RDA Executive Committee (EXCOM)
C4I DFIA Network Transformation (DFIANT) WG Implementing DFIA and the IA TA Standards Objective Determine a SPAWAR network redesign to ensure Cyber resiliency and to support the enclave/boundary control point architecture outlined in the DFIA Standard Scope Surface Afloat, Ashore (NCTS/NCTAMS and Fleet NOCs), Airborne and Sub-Surface Afloat Context VCNO and ASN RDA Executive Committee (EXCOM)

34 C4I Functional Domain Enclaves at OB2 / SW X
UNCLASSIFIED WAN Management LAN Management Critical Network Services Critical Multi-Mission Situational Awareness Embarkable End User Devices Mobile Devices Non-Critical Multi-Mission Experimentation MWR NGO SECRET WAN Management LAN Management Critical Network Services Critical Multi-Mission Situational Awareness METOC Multi-Mission Air Warfare Mission Mine Warfare Mission Strike Mission Embarkable End User Devices Mobile Devices Non-Critical Multi-Mission Experimentation SECREL WAN Management LAN Management Critical Network Services Critical Multi-Mission End User Devices Experimentation TS/SCI WAN Management LAN Management Critical Network Services Critical Multi-Mission Situational Awareness End User Devices Non-Critical Multi-Mission Experimentation Prod Enclaves Production Enclaves Production Enclaves Production Enclaves Some enclave consolidation done to keep SECREL lean and agile. Bolded enclaves require physical separation for highest resiliency Non-bolded enclaves will have logical separation / software defined firewalls for increased agility

35 C4I DFIANT Target Architecture Logical View Function Mapping
Provides ACLs to limit traffic and thwart DoS Off-Platform Communications Stores network data and provides analytics. 5 1 Platform Boundary Defensive Cyber Operations Enclave Boundary Protection Forensic Analysis Limits connections going on/off platform. Cyber SA 2 FW/IPS Provides awareness of IP traffic going on/off platform and within enclaves. Protects traffic between Platform/Enclave Boundaries. Boundary Protection 6 3 Combat Enclave Navigation Enclave CANES Protected Infrastructure Forwards traffic between various Boundaries. Protects traffic between Platform/Enclave Boundaries. H&ME Enclave Aviation Enclave 4 7 C4I Enclave Boundary Provides remote access to services within enclaves. Boundary Protection Remote Access Cross-Domain Services 9 Provides data guard between classification levels. 8 Management FW & IPS Production Firewalls and IPS (Virtualized) MWR FW & IPS NGO FW & IPS Limits connections going between enclaves. vFW 1 vFW 2 vFW 3 vFW 4 vFW N 10 Boundary Protection Production Enclaves Boundary Protection Boundary Protection Boundary Protection Provides ACLs to prevent traffic from circumventing boundary. Management Enclave Enclave 1 Enclave 2 Enclave 3 Enclave 4 EnclaveN MWR Enclave NGO Enclave C4I Enclaves 11

36 Technical Authority to Support a Disciplined Systems Engineering Approach
“Technical Authority is the authority, responsibility, and accountability to establish, monitor, and approve technical standards, tools, and processes in conformance with applicable DoD and DON policy, requirements, architectures and standards” SECNAVINST C Inherently governmental function assigned to the Naval SYSCOM Commanders Executed by all Navy SYSCOMs TA independently advises Programmatic Authority on: Technically acceptable options Comprehensive assessments of the technical risks prior to technical events Implementation of technical specifications, standards, architectures, and processes Authoritative and unbiased in providing an appropriate understanding of technical risk SPAWAR exercises TA through warranted individuals

37 Enterprise Architecture
AGB Target Architecture Efforts Model Based Systems Engineering Thin Line Architecture Enterprise Architecture is about mission capability, not system capability Mission capability requirements apply to system of systems, not single systems Document-based design and assessment of complex systems of systems is not efficient or effective → Model Based Systems Engineering can be Defense-in-Depth Functional Implementation Architecture (DFIA) Network Transformation (DFIANT) Thin Line Architecture Effort Captured complicated structure into architecture analysis tools to apply requirements based engineering rigor Selected and defined control points and system allocation using rigorous MBSE Exhibited collaboration across SPAWAR 5.0, PACFLT, PMW 160, and PMW 790 resulting in single solution Identified network and interface gaps / potential solutions

Download ppt "Navy Cybersecurity Engineering 17 October 2017"

Similar presentations

Trusted Computing in Government Networks May 16, 2007 Richard C. (Dick) Schaeffer, Jr. Information Assurance Director National Security Agency.

Trusted Computing in Government Networks May 16, 2007 Richard C. (Dick) Schaeffer, Jr. Information Assurance Director National Security Agency.
Life Science Services and Solutions

Life Science Services and Solutions
Navy’s Operational Authority for Naval Networks, Information Operations, and FORCEnet 2004 Strike, Land Attack & Air Defense Annual Symposium Vice Admiral.

Navy’s Operational Authority for Naval Networks, Information Operations, and FORCEnet 2004 Strike, Land Attack & Air Defense Annual Symposium Vice Admiral.
BENEFITS OF SUCCESSFUL IT MODERNIZATION

BENEFITS OF SUCCESSFUL IT MODERNIZATION
The U.S. Coast Guard’s Role in Cybersecurity

The U.S. Coast Guard’s Role in Cybersecurity
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
DoD Information Technology Security Certification and Accreditation Process (DITSCAP) Phase III – Validation Thomas Howard Chris Pierce.

DoD Information Technology Security Certification and Accreditation Process (DITSCAP) Phase III – Validation Thomas Howard Chris Pierce.
Information Assurance (IA) - Measures that protect and defend information and information systems by ensuring their availability, integrity, authentication,

Information Assurance (IA) - Measures that protect and defend information and information systems by ensuring their availability, integrity, authentication,
Security Controls – What Works

Security Controls – What Works
Information Security Policies and Standards

Information Security Policies and Standards
CYBERSAFE Overview AFCEA C4ISR Symposium 28 April 2015

CYBERSAFE Overview AFCEA C4ISR Symposium 28 April 2015
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Secure System Administration & Certification DITSCAP Manual (Chapter 6) Phase 4 Post Accreditation Stephen I. Khan Ted Chapman University of Tulsa Department.

Secure System Administration & Certification DITSCAP Manual (Chapter 6) Phase 4 Post Accreditation Stephen I. Khan Ted Chapman University of Tulsa Department.
Integrated Information Technology (IT) & Information Assurance (IA)

Integrated Information Technology (IT) & Information Assurance (IA)
Disciplined Engineering to Support Navy Cybersecurity: SPAWAR’s Integrated Information Technology & Cybersecurity Technical Authority American Society.

Disciplined Engineering to Support Navy Cybersecurity: SPAWAR’s Integrated Information Technology & Cybersecurity Technical Authority American Society.
DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.

DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.
Network security policy: best practices

Network security policy: best practices
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 DRAFT.

Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 DRAFT.

Similar presentations

Ads by Google