Download presentation
Presentation is loading. Please wait.
Published byRussell Chase Modified over 9 years ago
1
Latest Strategies for IT Security Margaret Myers Principal Director, Deputy CIO United States Department of Defense North American Day 2006
2
How does the DoD define information assurance (IA)? Availability Confidentiality Integrity Identification & Authentication Non-Repudiation Secure the information and the information environment –Encryption and crypto keys –Computer network defense –Identify protection/PKI Red team –Independent assessments of vulnerabilities Educate/train –Building the IA- empowered workforce How it HappensWhat it is Information available to authorized users when and where they need it Trust in the information Confidence in the information environment
3
Why does it matter? We rely on our information and information environment to: –Reduce decision-kill chain –Provide real-time access to mission relevant information –Facilitate functional integration of dispersed command, targeting, weapons delivery –Support operations with our Allies and other partners, government and non- government –Enable force projection and information reach back –Provide user defined common operational picture Compromised information and information environment can lead to devastating consequences Information assurance cannot be the Achilles heel of the DoD
4
Reported Events on NIPRNet Information is foundational for all DoD missions DoD depends on information sharing across the enterprise (warfighting, intelligence, and business mission areas) and with our external partners (government, coalition, commercial, and non-government organizations) Our network infrastructure is vulnerable –Attacks are increasing and time to exploitation is decreasing (shorter “flash to bang”) –Reported security events on DoD networks are rapidly increasing –There is HW / SW of unknown pedigree throughout the information value chain Threat actors are increasingly sophisticated –We believe sophisticated adversaries could exfiltrate information and disrupt operations –We lack capabilities to detect and respond to many malicious activities The underpinnings of our network are vulnerable Average Time to Exploitation Days Sources: Roundstone; Symantec Events As of April 1, 2005 1000+ serious incidents
5
An Information Age approach to net- centricity Fundamental Shift: Requires ENTERPRISE, not stovepipes Requires ACCESS, not exclusivity Requires TRUST Trust in the Environment (availability) Trust in the Information (assurability) Trust in the Participants (identity) Confront Uncertainty with Agility User “gets what he gets” User “takes what he needs” and “contributes what he knows”
6
Net-centric framework Data Strategy: –How to “share” the data Information Assurance: –How to keep it “dependable” Enterprise Services: –How to “access” the data Information Transport: –How to “move” the data Net Ops: –How to “manage” the environment 01NOV05/0050 Data: Discoverable, Accessible, Understandable
7
Information assurance (IA) strategy Protect information –Data protection requirements –Protection mechanisms –Robust mechanisms Defend the information environment –Engineered defenses –Ability to react and respond –Activities to assess and evaluate Provide situational awareness/IA command and control –User-defined operating picture –Coordinated IA operations and decisions –Collaboration Transform and enable IA capabilities –IA integration into programs –Dynamic IA capabilities –Improved strategic decision- making –Information sharing Create an IA-empowered workforce –Baseline skills –Enhanced IA skill levels –Trained/skilled personnel –Infusion of IA into other disciplines Vision – Dynamic IA in support of net-centric operations Mission – Assure DoD’s information, information systems, and information environment
8
Our IA strategy has two thrusts – Securing today’s operations and tomorrow’s net- centric environment from evolving threats Security embedded into each transaction (e.g. individuals, discrete content and specific assets) Strong data content security both in storage and in-transit Authentication and near real-time monitoring and response Real-time risk management to the edge Defense-in-Depth dominated by perimeter defense Physical separation of sensitive networks and systems Highly specialized connections between networks of different security levels IA to Sustain Today’s Mission & Operating Environment IA to Enable Tomorrow’s Net- Centric Operations
9
We are making good progress, but much work remains Accomplishments Challenges Enforceable enterprise IA policies Strategic and operational metrics IA awareness training ( 80%) Joint Task Force (Global Network Operations) Enforce IA policies across the Department Obtain funding to build IA Architecture Harden SIPRNet Mitigate insider threat Certify IA skills Global Information Grid IA Architecture IA investment portfolio structure Identity management (PKI, biometrics) Expand partnership with industry for IA R&D Mitigate the risk of unknown hardware/software Increased coordination and collaboration with federal, coalition, and allied IA partners Today’s Enclaves Tomorrow’s Enterprise
10
For more information… Dr. Margaret Myers Principal Director, DoD Deputy CIO (703) 695-0871 margaret.myers@osd.mil
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.