Presentation is loading. Please wait.

Presentation is loading. Please wait.

Integrated Program Protection Vision

Similar presentations


Presentation on theme: "Integrated Program Protection Vision"— Presentation transcript:

1 Integrated Program Protection Vision
11/2018 Acquisition Community Steve Kern, Cyber Warfare Chief Engineer Senior Scientific Technical Manager (SSTM)

2 Vision An integrated Program Protection Process to protect
advanced technology, safety of flight, mission critical functions, and components throughout the acquisition lifecycle, apply countermeasures and protections from malicious adversarial intent, illuminate and balance cyber risk and maximize resilience in a cyber contested environment.

3 Program Protection Instructions
Slide from DASD(SE) Melinda Reed briefing to NDIA on 25 Oct 2017 TSN/CA CYBERSAFE AT/CPI RMF

4 Observations Process and organizational structure has been developed to address the individual program protection instructions. There are redundancies and overlaps in tasks among the processes. There is an imbalance of Program Office effort across the processes. RMF and CPI/AT receive significant emphasis TSN/CA and the “cyber part” of SCRM receive less emphasis An integrated Program Protection Process will identify opportunities to include technical and procedural security measures at the beginning of Systems Engineering and throughout the lifecycle during updates and engineering changes, as opposed to selecting controls after susceptibilities have been designed into the system. One of the first steps in many processes is to decompose the mission of the platform/system into critical systems that are required to execute that mission. RMF from the data protection perspective (if NIST Control RA-3 is selected) CRA Step 1 is to “Decompose Mission Essential Functions” CPI Steps 1 & 2 are “Identify Mission Capability” and “Decompose System into components“ TSN/CA Step 1 process is “ID principle mission threads and mission system functions” CYBERSAFE is to implement TSN/CA and is based on “Mission Essential Functions”

5 Observations (cont.) The second (or third/fourth) step in many of the processes is to conduct some sort of criticality analysis/judgement of the identified subcomponents RMF Step 2 is to “Select Controls” – judge criticality of the data CRA Step 3 is to “Develop Attack Surface/ Attack Trees” CPI Step 3 process is to “Evaluate Criticality of each component (at least 3 levels)” TSN/CA Step 4 process is to “Assign criticality failure levels (I, II, III, IV) to components” An adversarial-based assessment is required by all of the processes RMF does NOT require a Threat Assessment but NIST control RA-3 could be implemented and is part of a Common Control Package (CCP) CRA’s require an intelligence-driven Threat Assessment CPI requires a intelligence (and Counter-Intelligence) driven Threat Assessment TSN/CA requires a (vendor) supply chain assessment (and CI assessment) for sources for components that are deemed critical level I/II components (not an adversarial based Threat Assessment ) We can do better

6 Integrated Program Protection Vision
SYSTEMS ENGINEERING PROCESS | Step Step 3 Step Step 9 Step | System Requirements High-Level Design | H/W S/W Development | System Validation | Changes/Upgrades FUNCTIONAL ANALYSIS AND ALLOCATION | DESIGN SYNTHESIS | VERIFICATION | DEPLOYMENT CRA Viewpoint 1 RMF Step 1 Intel Threat Assessment AT Step 1 CPI Assessment T&E Cybersecurity Requirements Analysis CRA Viewpoint 2 RMF Step 2 CTT CPI Assessment AT Steps 2 Intel Threat Assessment T&E Attack Surface Characterization CRA Viewpoint 3 RMF Step 2/3 AT Steps 3 & 4 TSN/Criticality Analysis SCRM Illumination Intel Threat Assessment CYBERSAFE Planning T&E Cooperative Vulnerability Identification CRA Viewpoint 4 RMF Step 4/5 SCRM Assessment Developmental Testing CYBERSAFE OQE & Risk Review Board OT CVPA OT Adversarial Assessment RMF Continuous Monitoring CYBERSAFE continuous Monitoring PROCESS STEP Cyber Attack Trees Cyber Risk Cube Categorization Letter PM Signature CPI Memo Intel Production Requests Threat Model Cyber VOLT Cyber T&E Strategy Cyber Attack Trees Cyber Risk Cube Initial RMF Control Selection & Security Assessment Plan AT Mission Essential Function AT Level of Protection Requirement AT Letter of Concurrence CYBERSAFE Mission Criticality Critical Intelligence Parameters Intel Production Requests Threat Model Cyber Attack Trees Cyber Risk Cube RMF Control Selection & Control Design Plan Initial/ Final AT Plan AT Attack Trees Critical ICT Components SCRM-TAC Request DT Test Plan CYBERSAFE EDRAP Intel Production Requests Threat Model Critical Component CVI Reports Cyber Attack Trees Cyber Risk Cube RMF Risk Assessment Report, Security Assessment Report, FSCA Endorsement & Authorization to Operate SCRM Supply Chain AT Implemented DT Test Report OT Test Report FINTEL CYBERSAFE Certification OUTPUTS


Download ppt "Integrated Program Protection Vision"

Similar presentations


Ads by Google