Presentation is loading. Please wait.

Presentation is loading. Please wait.

CNCI-SCRM STANDARDIZATION Discussion Globalization Task Force OASD-NII / DoD CIO Unclassified / FOUO.

Published byEileen Mathews Modified over 8 years ago

Similar presentations

Presentation on theme: "CNCI-SCRM STANDARDIZATION Discussion Globalization Task Force OASD-NII / DoD CIO Unclassified / FOUO."— Presentation transcript:

1 CNCI-SCRM STANDARDIZATION Discussion Don.Davidson@osd.mil Globalization Task Force OASD-NII / DoD CIO Unclassified / FOUO

2 Globalization brings challenges The government has suppliers that it may not know and may never see –Less insight into suppliers’ security practices –Less control over business practices –Increased vulnerability to adversaries “Scope of Supplier Expansion and Foreign Involvement” graphic in DACS www.softwaretechnews.com Secure Software Engineering, July 2005 article “Software Development Security: A Risk Management Perspective” synopsis of May 2004 GAO-04-678 report “Defense Acquisition: Knowledge of Software Suppliers Needed to Manage Risks” www.softwaretechnews.com

3 3 Trusted Internet Connections Focus Area 1 Deploy Passive Sensors Across Federal Systems Pursue Deployment of Intrusion Prevention System (Dynamic Defense) Pursue Deployment of Intrusion Prevention System (Dynamic Defense) Coordinate and Redirect R&D Efforts Connect Current Centers to Enhance Cyber Situational Awareness Increase the Security of the Classified Networks Develop a Government Wide Cyber Counterintelligence Plan Define and Develop Enduring Leap Ahead Technology, Strategies & Programs Expand Education Define the Federal Role for Extending Cybersecurity into Critical Infrastructure Domains Develop Multi-Pronged Approach for Global Supply Chain Risk Management Define and Develop Enduring Deterrence Strategies & Programs Focus Area 2 Focus Area 3 Establish a front line of defense Demonstrate resolve to secure U.S. cyberspace & set conditions for long-term success Shape the future environment to demonstrate resolve to secure U.S. technological advantage and address new attack and defend vectors Comprehensive National Cybersecurity Initiative (CNCI)

4 Systems Assurance TRADESPACE Higher COST can buy Risk Reduction Lower Cost usually means Higher RISK Slippery Slope / Unmeasurable Reqts SCRM Standardization and Levels of Assurance will enable Acquirers to better communicate requirements to Systems Integrators & Suppliers, so that the “supply chain” can demonstrate good/best practices and enable better overall risk measurement and management. Unique Requirements COTS products Suppliers Acquirers Systems Integrators

5 SCRM Stakeholders CIP DoD DHS & IA Commercial Industry SCRM STANDARDIZATION Enabled by Information Sharing Other Users SCRM “commercially acceptable global standard(s)” must be derived from Commercial Industry Best Practices. US (CNCI ) has vital interest in the global supply chain. SCRM Standardization Requires Public-Private Collaborative Effort

6 Back-up Slides Unclassified / FOUO

7 SDO Landscape: SCRM Perspective

8 SCRM Study Periods: Nov’09 – Apr’10 / May-Oct’10 SCRM Ad Hoc WG SCRM Ad Hoc WG Potential ICT SCRM ISO Standard Development 2010-2013 Adoption 2013-2016

Download ppt "CNCI-SCRM STANDARDIZATION Discussion Globalization Task Force OASD-NII / DoD CIO Unclassified / FOUO."

Similar presentations

Chapter 3 E-Strategy.

Chapter 3 E-Strategy.
Trusted Computing in Government Networks May 16, 2007 Richard C. (Dick) Schaeffer, Jr. Information Assurance Director National Security Agency.

Trusted Computing in Government Networks May 16, 2007 Richard C. (Dick) Schaeffer, Jr. Information Assurance Director National Security Agency.
Public B2B Exchanges and Support Services

Public B2B Exchanges and Support Services
AFCEA DC Cyber Security Symposium Military Joint Cyber Command Panel Harry Raduege Lieutenant General, USAF (Ret) Chairman, Center for Network Innovation.

AFCEA DC Cyber Security Symposium Military Joint Cyber Command Panel Harry Raduege Lieutenant General, USAF (Ret) Chairman, Center for Network Innovation.
The Military Challenge of Cyber AOC Talk on Cyber, EW and IO Dr Gary Waters, 17 April 2012.

The Military Challenge of Cyber AOC Talk on Cyber, EW and IO Dr Gary Waters, 17 April 2012.
Tenace FRAMEWORK and NIST Cybersecurity Framework Block IDENTIFY.

Tenace FRAMEWORK and NIST Cybersecurity Framework Block IDENTIFY.
CUBIC DEFENSE APPLICATIONS Security Summit Discussions Jeff Snyder Vice President, Cyber Programs Cubic Defense Applications.

CUBIC DEFENSE APPLICATIONS Security Summit Discussions Jeff Snyder Vice President, Cyber Programs Cubic Defense Applications.
UNCLASSIFIED December 2010 Is N.I.C.E.. UNCLASSIFIED THE PRESENT Comprehensive National Cybersecurity Initiative Initiative #8, Expand Cyber Education.

UNCLASSIFIED December 2010 Is N.I.C.E.. UNCLASSIFIED THE PRESENT Comprehensive National Cybersecurity Initiative Initiative #8, Expand Cyber Education.
Classification The Threat Environment Joyce Corell, NCSC Assistant Director for Supply Chain National Defense Industrial Association Global Supply Chain.

Classification The Threat Environment Joyce Corell, NCSC Assistant Director for Supply Chain National Defense Industrial Association Global Supply Chain.
1 Moderated by Gordon Gillerman National Institute of Standards & Technology November 10, 2010 Ninth Annual ANSI-HSSP Plenary: U.S. European Collaboration.

1 Moderated by Gordon Gillerman National Institute of Standards & Technology November 10, 2010 Ninth Annual ANSI-HSSP Plenary: U.S. European Collaboration.
U.S. General Services Administration Presentation to: Software and Supply Chain Assurance Forum Improving Cybersecurity through Acquisition December 17,

U.S. General Services Administration Presentation to: Software and Supply Chain Assurance Forum Improving Cybersecurity through Acquisition December 17,
CYBERSPACE A Global War-fighting Domain Every minute of every day, Airmen in the United States Air Force are flying and fighting in cyberspace.

CYBERSPACE A Global War-fighting Domain Every minute of every day, Airmen in the United States Air Force are flying and fighting in cyberspace.
The U.S. Coast Guard’s Role in Cybersecurity

The U.S. Coast Guard’s Role in Cybersecurity
INFORMATION SYSTEMS & GLOBAL SERVICES Craig Solem, CISSP Lockheed Martin Information Systems and Global Services Program Manager, Joint Medical information.

INFORMATION SYSTEMS & GLOBAL SERVICES Craig Solem, CISSP Lockheed Martin Information Systems and Global Services Program Manager, Joint Medical information.
DHS, National Cyber Security Division Overview

DHS, National Cyber Security Division Overview
South Carolina Cyber.

South Carolina Cyber.
UNCLASSIFIED Shaping the Future of Cybersecurity Education October 2010 NATIONAL INITIATIVE FOR CYBERSECURITY EDUCATION (NICE) Is N.I.C.E.

UNCLASSIFIED Shaping the Future of Cybersecurity Education October 2010 NATIONAL INITIATIVE FOR CYBERSECURITY EDUCATION (NICE) Is N.I.C.E.
29 May 2006RNSA Workshop 1 Social Implication of National Security RNSA Workshop The risk of public data availability on critical infrastructure protection.

29 May 2006RNSA Workshop 1 Social Implication of National Security RNSA Workshop The risk of public data availability on critical infrastructure protection.
Developing Information Security Policy. Why is Developing Good Security Policy Difficult? Effective Security/IA Policy is more than locking doors and.

Developing Information Security Policy. Why is Developing Good Security Policy Difficult? Effective Security/IA Policy is more than locking doors and.
SECR 5140-FL Critical Infrastructure Protection Dr. Barry S. Hess Spring 2 Semester Week 3: 1 April 2006.

SECR 5140-FL Critical Infrastructure Protection Dr. Barry S. Hess Spring 2 Semester Week 3: 1 April 2006.

Similar presentations

Ads by Google