Presentation is loading. Please wait.

Presentation is loading. Please wait.

CYBERSAFE Overview AFCEA C4ISR Symposium 28 April 2015

Published byDamian Logan Modified over 9 years ago

Similar presentations

Presentation on theme: "CYBERSAFE Overview AFCEA C4ISR Symposium 28 April 2015"— Presentation transcript:

1 CYBERSAFE Overview AFCEA C4ISR Symposium 28 April 2015
Presented by: Mr. Brian Marsh Assistant Chief Engineer (Certification & Mission Assurance) SPAWAR 5.0 Statement A: Approved for public release, distribution is unlimited (27 APRIL 2015)

2 CYBERSAFE BLUF The CYBERSAFE Program is focused on ensuring effective cybersecurity design, procurement, and operation of the Navy’s most critical warfighting systems SPAWAR will play multiple key roles from both a Navy Enterprise and a SYSCOM perspective CYBERSAFE will bring heightened consideration to the cybersecurity elements of many SPAWAR Programs But first, let’s discuss CYBERSAFE in the context of Navy cybersecurity

3 Current Cyber Environment
Source: Symantec 2015 Internet Security Threat Report Cyber Mandate Growth Trend (Bar chart): shows the number of cyber vulnerabilities of which we are aware and send out Information Assurance Vulnerabilities Management (IAVM) or Communications Tasking Order (CTO) updates (chart shows yearly figures to include numbers for 2015 through March). - numbers are tracked by 8.0 (CIO shop)--they use Online Compliance Reporting System (OCRS) to track Federal Information Systems Management Act (FISMA) requirements (move to VRAM will simplify this effort) - IAVM and CTO updates issued to address cyber vulnerabilities    IAVM - Information Assurance Vulnerability Management IAVM Updates sent out with a severity designation (A/B/C) to indicate the severity of the vulnerability as articulated in the Communications Vulnerabilities Enumeration tool (sent out as IAVA, IAVB, IAVC) CTO = Communications Tasking Order - flows down from USCC, to FCC to PMs and SYSCOMs--provides background on the vulnerabilities and required actions to mitigate the vulnerabilities and any required reporting actions Extreme challenge to keep pace with exponential increase in cybersecurity requirements

4 SPAWAR’s Role in Navy Cybersecurity
Information Technology / Information Assurance Technical Authority Board (IT/IA TAB) Joint Regional Security Stack (JRSS) Task Force Cyber Awakening Technical Specs/Standards Developer Authority to Operate (ATO) – Security Control Assessor (SCA) As Navy’s IA Technical Authority, SPAWAR will assume additional roles in CYBERSAFE

5 CYBERSAFE Overview Objective Scope Establish a CYBERSAFE Program to provide maximum reasonable assurance of a hardened subset of critical warfighting components Navy Cybersecurity Construct CYBERSAFE Platform PMs PEOs Focused on limited subset of select network components that enable Mission Critical capabilities CYBERSAFE components may require additional controls beyond RMF CYBERSAFE Office to become an element within the overall Navy cybersecurity construct CYBERSAFE CERTIFICATION AUTHORITY CYBERSAFE PMO Tasking: Establish a CYBERSAFE Program, based on the tenets of the Naval Sea Systems Command administered SUBSAFE Program, to provide maximum reasonable assurance of a hardened subset of critical warfighting components and processes. Technical Authority IT/IA TA Security & QA Authority SYSCOMs CYBERSAFE Program will focus on Mission Assurance of critical warfighting capabilities

6 CYBERSAFE Facets Design Procure & Build Operate
Cyber System Level CYBERSAFE Grade Cyber Condition Grade A: Mission Critical Grade B: Mission Essential Material Grade C: Non-Mission Essential CSL 1: Platform Safety CSL 2: Platform Combat CSL 3: Networked Combat CSL4: Sustained Combat X FULL NET Y SEMI NET TECHNICAL CAPABILITIES Z NO NET Cyber System Level Functionality Hierarchy of system to ETE mission Platform Safety: Systems required to maneuver and control platform Platform Combat: Systems required for self-defense, C2, and employing organic sensors and weapons Networked Combat: Systems required for employing networked sensors and weapons Sustained Combat: Systems required for logistics and maintenance support of above 3 Cyber System Levels CYBERSAFE Grade Level of cyber protections designed into systems Grade A (Mission Critical): Most stringent cyber protection level, documented with Objective Quality Evidence (OQE) Grade B (Mission Essential): More stringent than Grade C, less stringent than Grade A, OQE required. Grade C (Non-Mission Essential): Cyber Hygiene at Commercial / Military best practice Cyber Condition Operating mode of platform CC X: Cyber attack possible but not expected CC Y: Cyber attack likely CC Z: Cyber attack underway or expected in near-term Design Functionality Hierarchy of system to end-to-end mission Procure & Build Level of cyber protection incorporated into system design Operate Operating mode of platform based on likelihood of cyber attack IT/IA TAB to develop criteria for leveraging facets to identify CYBERSAFE critical items

7 SPAWAR’s Role in CYBERSAFE
SPAWAR is Technical Authority for CYBERSAFE Cross-Enterprise Role Define criteria to identify CYBERSAFE Critical Items Develop specs & standards for CYBERSAFE Critical Items Interface with SYSCOM TAs to resolve CYBERSAFE issues Enterprise Role SPAWAR to establish a CYBERSAFE Entity Cross-SPAWAR Role (Led by SPAWAR 5.0) Identify SPAWAR’s CYBERSAFE Critical Items Ensure specs & standards are incorporated into acquisition and implemented into capabilities Perform certification of SPAWAR CYBERSAFE Critical Items SYSCOM Role COMSPAWAR assigned CHENG as SPAWAR’s Lead for CYBERSAFE

8 SPAWAR IA Standards Plan
IA Standards Work Plan approved by the IT/IA TAB

9 SPAWAR IA Standards Plan
Plus… New task to develop initial CYBERSAFE Standards CYBERSAFE Standards CYBERSAFE Certification Criteria CYBERSAFE Grade A/B/C Criteria Requirements for CYBERSAFE Grades A/B/C Systems Inspection and Audit Criteria for CYBERSAFE SPAWAR will play a lead role in developing the technical underpinnings for CYBERSAFE

10 SPAWAR Equities SPAWAR 5.0 work with PEOs to identify SPAWAR CYBERSAFE Items Baseline Configuration Pilot will assist in identifying Control Points Potential Programs with CYBERSAFE components: CANES BFTN JALN ADNS DCGS-N GCCS-M/J NMT MUOS CANES aligns with CYBERSAFE Grade A criteria as it provides networking, compute, and storage for mission critical applications and data Due to its role as entryway to the ship, ADNS is a critical Control Point that enables connectivity for mission critical systems and components NMT’s vital SATCOM capabilities provide assured C2 to Naval Commanders in support of Ballistic Missile Defense SPAWAR will not identify CYBERSAFE Critical Items until TAB issues selection criteria

11 CYBERSAFE Way Ahead CYBERSAFE Implementation Plan approved by CNO on 21 April CYBERSAFE Office to release CYBERSAFE Instruction and 100-Day Plan IT/IA TAB begin work on criteria development Establish SPAWAR Tiger Team Led by SPAWAR 5.0 Cross-SYSCOM representation Leverage TAB criteria and Baseline Pilot to identify CYBERSAFE Items Develop POA&M for developing implementing, and maintaining CYBERSAFE Entity at SPAWAR CYBERSAFE 2015 Timeline Aug Submit CYBERSAFE POA&M FOC Apr CYBERSAFE Instruction and 100-Day Plan Apr - FOC IT/IA TAB develop criticality criteria. SPAWAR Tiger Team develops implementation approach. Oct CYBERSAFE FOC Apr CNO Approval

12 Summary Building upon the foundation provided by IA TA, CYBERSAFE is a key component of a common Navy plan for Cyber that: Promotes a holistic approach to securing critical warfighting capabilities Mandates use of common specifications and standards in acquisition and implementation Ensures compliance with common specifications and standards through certification process CYBERSAFE will increase awareness of cybersecurity requirements for many SPAWAR Programs IT/IA TAB will set criteria for identifying CYBERSAFE Critical Items SPAWAR 5.0 will work with PEOs to identify CYBERSAFE Critical Items within Programs

13

Download ppt "CYBERSAFE Overview AFCEA C4ISR Symposium 28 April 2015"

Similar presentations

Gaining Senior Leadership Support for Continuity of Operations

Gaining Senior Leadership Support for Continuity of Operations
METRICS AND CONTROLS FOR DEFENSE IN DEPTH AN INFORMATION TECHNOLOGY SECURITY ASSESSMENT INITIATIVE.

METRICS AND CONTROLS FOR DEFENSE IN DEPTH AN INFORMATION TECHNOLOGY SECURITY ASSESSMENT INITIATIVE.
Joint Contingency Contracting

Joint Contingency Contracting
Navy’s Operational Authority for Naval Networks, Information Operations, and FORCEnet 2004 Strike, Land Attack & Air Defense Annual Symposium Vice Admiral.

Navy’s Operational Authority for Naval Networks, Information Operations, and FORCEnet 2004 Strike, Land Attack & Air Defense Annual Symposium Vice Admiral.
Applying the SOA RA --------------------- Utah Public Safety ESB Project Utah Department of Technology Services April 10, 2008 Prepared by Robert Woolley.

Applying the SOA RA Utah Public Safety ESB Project Utah Department of Technology Services April 10, 2008 Prepared by Robert Woolley.
Federal Risk and Authorization Management Program (FedRAMP) Lisa Carnahan, Computer Scientist National Institute of Standards & Technology Standards Coordination.

Federal Risk and Authorization Management Program (FedRAMP) Lisa Carnahan, Computer Scientist National Institute of Standards & Technology Standards Coordination.
Panel 5: The Latest in OA Innovation and C4ISR 4 November, 2014 Mike Rice President / Senior Systems Engineer R2E Inc.

Panel 5: The Latest in OA Innovation and C4ISR 4 November, 2014 Mike Rice President / Senior Systems Engineer R2E Inc.
SPAWAR CTO: Meeting the Transition Challenge Dr. Roger Boss – for Rob Wolborsky CTO and 7.0 S&T National Lead 17 Nov 2010 Distribution A: Approved for.

SPAWAR CTO: Meeting the Transition Challenge Dr. Roger Boss – for Rob Wolborsky CTO and 7.0 S&T National Lead 17 Nov 2010 Distribution A: Approved for.
Distribution Statement A: Approved for Public Release; Distribution is unlimited. 1 Electronic Warfare Information Operations 29 MAR 2011 Val O’Brien.

Distribution Statement A: Approved for Public Release; Distribution is unlimited. 1 Electronic Warfare Information Operations 29 MAR 2011 Val O’Brien.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
SPēD Certification Program Executive Overview. 2April 2012Executive Overview Purpose Outline the SPēD Program Provide SPēD Program update Provide SPēD.

SPēD Certification Program Executive Overview. 2April 2012Executive Overview Purpose Outline the SPēD Program Provide SPēD Program update Provide SPēD.
CDR A.J. Hoffman PEO IWS 1AD AEGIS Baseline Development

CDR A.J. Hoffman PEO IWS 1AD AEGIS Baseline Development
Achieving Affordable, Capable Systems through Open Architecture Dr. Adam Razavian Deputy Major Program Manager Above Water Sensors Directorate PEO IWS2.0.

Achieving Affordable, Capable Systems through Open Architecture Dr. Adam Razavian Deputy Major Program Manager Above Water Sensors Directorate PEO IWS2.0.
Information Assurance (IA) - Measures that protect and defend information and information systems by ensuring their availability, integrity, authentication,

Information Assurance (IA) - Measures that protect and defend information and information systems by ensuring their availability, integrity, authentication,
United States Army Combined Arms Center TIER III SUPPORT.

United States Army Combined Arms Center TIER III SUPPORT.
Christopher P. Cabuzzi CS 591 DEFENSE INFORMATION ASSURANCE CERTIFICATION & ACCREDITATION PROCESS (DIACAP) Chris Cabuzzi, DIACAP, 12/8/10 1.

Christopher P. Cabuzzi CS 591 DEFENSE INFORMATION ASSURANCE CERTIFICATION & ACCREDITATION PROCESS (DIACAP) Chris Cabuzzi, DIACAP, 12/8/10 1.
Integrated Information Technology (IT) & Information Assurance (IA)

Integrated Information Technology (IT) & Information Assurance (IA)
Disciplined Engineering to Support Navy Cybersecurity: SPAWAR’s Integrated Information Technology & Cybersecurity Technical Authority American Society.

Disciplined Engineering to Support Navy Cybersecurity: SPAWAR’s Integrated Information Technology & Cybersecurity Technical Authority American Society.
LandWarNet 2020 and Beyond Enterprise Architecture

LandWarNet 2020 and Beyond Enterprise Architecture
Mr. Charles Adams Transport & Computing Infrastructure (TCI) Business Portfolio Lead Statement A: Approved for public release; Distribution is unlimited.

Mr. Charles Adams Transport & Computing Infrastructure (TCI) Business Portfolio Lead Statement A: Approved for public release; Distribution is unlimited.

Similar presentations

Ads by Google