Latest Strategies for IT Security Margaret Myers Principal Director, Deputy CIO United States Department of Defense North American Day 2006.

Slides:

Advertisements

Similar presentations

AFCEA DC Cyber Security Symposium Military Joint Cyber Command Panel Harry Raduege Lieutenant General, USAF (Ret) Chairman, Center for Network Innovation.

Advertisements

1 Susan Alexander Chief Technology Officer for Information and Identity Assurance Office of the Assistant Secretary of Defense, Networks and Information.

Office of Warfighting Integration and Chief Information Officer

BENEFITS OF SUCCESSFUL IT MODERNIZATION

ARINC Overview Alliance Baltimore November 16, 2007.

A Combat Support Agency 1 Mission Assurance FY12 Opportunities Mission Assurance FY12 Opportunities.

Keeping the War Fighter Informed

National Infrastructure Protection Plan

DHS, National Cyber Security Division Overview

South Carolina Cyber.

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

5/17/ SUPPORT THE WARFIGHTER DoD CIO 1 (U) FOUO DoD Transformation for Data and Information Sharing Version 1.0 DoD Net-Centric Data Strategy (DS)

Information Assurance Efforts at the Defense Information Systems Agency & in the DoD Richard Hale Information Assurance Engineering Defense Information.

Connecting People With Information DoD Net-Centric Services Strategy Frank Petroski October 31, 2006.

Connecting People With Information Conclusions DoD Net-Centric Data Strategy (DS) and Community of Interest (COI) Training For further information .

1 Colonel Gene Tyler Director, Defense-wide Information Assurance Program Office of the Assistant Secretary of Defense, Networks and Information Integration.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Overview FAA IT & ISS R&D: Security Today Security Tomorrow Marshall Potter Chief Scientist for Information Technology Federal Aviation Administration.

Securing Content in the Department of Defense’s

Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.

Resiliency Rules: 7 Steps for Critical Infrastructure Protection.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

9/11/ SUPPORT THE WARFIGHTER DoD CIO 1 Sample Template Community of Interest (COI) Steering Committee Kick-off Date: POC: V1.0.

1 NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY Federal Government Perspectives on Secure Information Sharing Technology Leadership Series August 14,

Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 DRAFT.

DoD Acquisition Domain (Sourcing) (DADS) Analysis of Alternatives (AoA) E-Business/SPS Joint Users’ Conference November 15-19, 2004 Houston, TX.

Joseph Ferracin Director IT Security Solutions Managing Security.

Connecting People With Information DoD Transformation to Net-Centric Operations via Net-Centric Strategies For further information OSD at:

9/15/ SUPPORT THE WARFIGHTER DoD CIO 1 (U) FOUO Conclusions Version 1.2 DoD Net-Centric Data Strategy (DS) and Community of Interest (COI) Training.

© 2001 Carnegie Mellon University S8A-1 OCTAVE SM Process 8 Develop Protection Strategy Workshop A: Protection Strategy Development Software Engineering.

I n t e g r i t y - S e r v i c e - E x c e l l e n c e Headquarters U.S. Air Force 1 Lt Gen Bill Lord, SAF/CIO A6 Chief of Warfighting Integration and.

Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.

Security Overview  System protection requirements areas  Types of information protection  Information Architecture dimensions  Public Key Infrastructure.

Department of Defense Information Age Vision Linton Wells II ASD(NII)/DoD CIO-Acting United States DoD North American Day 2005.

Import of New Security Environment Keys to Transformation: Exploit Technology Exploit DOD ability to integrate processes Result: JV2010 Vision shall.

Catawba County Board of Commissioners Retreat June 11, 2007 It is a great time to be an innovator 2007 Technology Strategic Plan *

WELCOME CyberSecurity and Global Affairs Workshop Enhancing Situational Awareness Through Cyber Intelligence Henry Horton, CISM Partner, CyberSecurity.

Last Updated 1/17/02 1 Business Drivers Guiding Portal Evolution Portals Integrate web-based systems to increase productivity and reduce.

Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.

The DoD Information Enterprise Strategic Plan and Roadmap (SP&R)

UNCLASSIFIED NCES Net-Centric Enterprise Services Lynda D Myers DISA, Center for Enterprise Capabilites February 2003.

Identity Assurance Emory University Security Conference March 26, 2008.

Enterprise Cybersecurity Strategy

MPE – Enabling ALL to securely SEE, DECIDE, ACT MPE - Highlights  Establish Core Implementation Working Group  Build Joining, Membership, and Exiting.

Defense Security Service Joint Industrial Security Awareness Council March 20, 2015.

UNCLASSIFIED 1 National Security in Cyberspace: It Takes a Nation Sandra Stanar-Johnson NSA/CSS Representative to the Department of Homeland Security February.

1 Power to the Edge Agility Focus and Convergence Adapting C2 to the 21 st Century presented to the Focus, Agility and Convergence Team Inaugural Meeting.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Cyber in the Cloud & Network Enabling Offense and Defense Mark Odell April 28, 2015.

 Local commanders understand impact of IA on mission accomplishment  Standard allies and coalition partners can emulate  IA for other workforces (acquisition,

U N I T E D S T A T E S D E P A R T M E N T O F C O M M E R C E N A T I O N A L O C E A N I C A N D A T M O S P H E R I C A D M I N I S T R A T I O N.

Leadership Guide for Strategic Information Management Leadership Guide for Strategic Information Management for State DOTs NCHRP Project Information.

Coast Guard Cyber Command

OFFICE OF VA ENTERPRISE ARCHITECTURE VA EA Cybersecurity Content Line of Sight Report April 29, 2016.

UNCLASSIFIED The Open Group 01/07/10 Page-1 Kick-off Meeting for The Open Group Acquisition Cyber Security Initiative Ms. Kristen Baldwin Director, Systems.

Information Technology Sector

DISA Global Operations

Detection and Analysis of Threats to the Energy Sector (DATES)

Wenjing Lou Complex Networks and Security Research (CNSR) Lab

Software Assurance Security Issues

Cybersecurity at PJM Jonathon Monken

Threat Trends and Protection Strategies Barbara Laswell, Ph. D

Bush/Rumsfeld Defense Priorities/Objectives A Mandate For Change

DISN Evolution Mr. Charles Osborn

THE CYBER LANDSCAPE UNCLASSIFIED CROSS DOMAIN NETWORK & INFO SHARING

Cybersecurity at PJM Jonathon Monken

IT Management Services Infrastructure Services

NDIA DoD CIO Vision.

Presentation transcript:

Latest Strategies for IT Security Margaret Myers Principal Director, Deputy CIO United States Department of Defense North American Day 2006

How does the DoD define information assurance (IA)?  Availability  Confidentiality  Integrity  Identification & Authentication  Non-Repudiation  Secure the information and the information environment –Encryption and crypto keys –Computer network defense –Identify protection/PKI  Red team –Independent assessments of vulnerabilities  Educate/train –Building the IA- empowered workforce How it HappensWhat it is Information available to authorized users when and where they need it Trust in the information Confidence in the information environment

Why does it matter?  We rely on our information and information environment to: –Reduce decision-kill chain –Provide real-time access to mission relevant information –Facilitate functional integration of dispersed command, targeting, weapons delivery –Support operations with our Allies and other partners, government and non- government –Enable force projection and information reach back –Provide user defined common operational picture  Compromised information and information environment can lead to devastating consequences Information assurance cannot be the Achilles heel of the DoD

Reported Events on NIPRNet Information is foundational for all DoD missions  DoD depends on information sharing across the enterprise (warfighting, intelligence, and business mission areas) and with our external partners (government, coalition, commercial, and non-government organizations)  Our network infrastructure is vulnerable –Attacks are increasing and time to exploitation is decreasing (shorter “flash to bang”) –Reported security events on DoD networks are rapidly increasing –There is HW / SW of unknown pedigree throughout the information value chain  Threat actors are increasingly sophisticated –We believe sophisticated adversaries could exfiltrate information and disrupt operations –We lack capabilities to detect and respond to many malicious activities The underpinnings of our network are vulnerable Average Time to Exploitation Days Sources: Roundstone; Symantec Events As of April 1, serious incidents

An Information Age approach to net- centricity Fundamental Shift:  Requires ENTERPRISE, not stovepipes  Requires ACCESS, not exclusivity  Requires TRUST  Trust in the Environment (availability)  Trust in the Information (assurability)  Trust in the Participants (identity) Confront Uncertainty with Agility User “gets what he gets” User “takes what he needs” and “contributes what he knows”

Net-centric framework Data Strategy: –How to “share” the data Information Assurance: –How to keep it “dependable” Enterprise Services: –How to “access” the data Information Transport: –How to “move” the data Net Ops: –How to “manage” the environment 01NOV05/0050 Data: Discoverable, Accessible, Understandable

Information assurance (IA) strategy Protect information –Data protection requirements –Protection mechanisms –Robust mechanisms Defend the information environment –Engineered defenses –Ability to react and respond –Activities to assess and evaluate Provide situational awareness/IA command and control –User-defined operating picture –Coordinated IA operations and decisions –Collaboration Transform and enable IA capabilities –IA integration into programs –Dynamic IA capabilities –Improved strategic decision- making –Information sharing Create an IA-empowered workforce –Baseline skills –Enhanced IA skill levels –Trained/skilled personnel –Infusion of IA into other disciplines Vision – Dynamic IA in support of net-centric operations Mission – Assure DoD’s information, information systems, and information environment

Our IA strategy has two thrusts – Securing today’s operations and tomorrow’s net- centric environment from evolving threats Security embedded into each transaction (e.g. individuals, discrete content and specific assets) Strong data content security both in storage and in-transit Authentication and near real-time monitoring and response Real-time risk management to the edge  Defense-in-Depth dominated by perimeter defense  Physical separation of sensitive networks and systems  Highly specialized connections between networks of different security levels IA to Sustain Today’s Mission & Operating Environment IA to Enable Tomorrow’s Net- Centric Operations

We are making good progress, but much work remains Accomplishments Challenges  Enforceable enterprise IA policies  Strategic and operational metrics  IA awareness training ( 80%)  Joint Task Force (Global Network Operations)  Enforce IA policies across the Department  Obtain funding to build IA Architecture  Harden SIPRNet  Mitigate insider threat  Certify IA skills  Global Information Grid IA Architecture  IA investment portfolio structure  Identity management (PKI, biometrics)  Expand partnership with industry for IA R&D  Mitigate the risk of unknown hardware/software  Increased coordination and collaboration with federal, coalition, and allied IA partners Today’s Enclaves Tomorrow’s Enterprise

For more information… Dr. Margaret Myers Principal Director, DoD Deputy CIO (703)