[PDF] Achieving Mission Assurance Against A Cyber Threat With The Defense Acquisition System eBook

Author : Robert T. Ungerman (III)
Publisher :
Page : 22 pages
File Size : 44,37 MB
Release : 2016
Category : Cyberterrorism
ISBN :

GET BOOK

"Most DOD major weapon systems were designed before 1990 and were never deemed susceptible to a "hacking" threat. Decades of subsequent engineering focused on information availability and usability rather than security. Today we are left with a fleet of aircraft operating in a system of systems that has much vulnerability and little cyber hardening. Current guidance is not sufficient to obtain mission assurance, and without clarification, the DOD cannot assure mission success in the face of cyber threats. The author argues that three major guidance changes are needed. First, a functional mission analysis (FMA) should be conducted on every major weapon system. This will determine (and prioritize) the minimum requirements and subsystems needed for critical mission execution. Identification and prioritization of these systems will enable more focused and efficient vulnerability assessments that will eventually drive mission assurance to be "baked in" to system design. Second, FMAs and vulnerability assessments should be conducted prior to every acquisition milestone. Earlier assessments (in contrast to current guidance) will allow for timely and cost-effective changes to system design. Without a change in guidance, the DOD runs the risk of finding vulnerabilities that are either too costly to fix or too unsecure to field. Lastly, the DOD must mandate the inclusion of uniquely-qualified Cyber Vulnerability Assessment (CVA) Engineers at all vulnerability assessments. The extremely limited availability of these professionals may drive (and allow) a program to conduct halfhearted assessments unless current guidance is modified. Current direction allows a program strapped for time and money to execute (and pass) a vulnerability assessment that is too late, conducted without the proper experts, and does not address the most critical aspects of mission execution. Changes are needed."--Abstract.

Author : National University
Publisher : CreateSpace
Page : 154 pages
File Size : 29,15 MB
Release : 2012-07-05
Category :
ISBN : 9781478192602

GET BOOK

One of the missions of the Center for Technology and National Security Policy at National Defense University is to study the transformation of America's military and to explore the consequences of the information revolution. During the last two decades of the 20th century, through a series of internal and external studies and policy pronouncements, the Department of Defense dramatically shifted its view of the nature of future military operations and the associated equipment, doctrine, tactics, and organization that were required. The names varied ("Reconnaissance/Strike Warfare," "Revolution in Military Affairs," "Network Centric Warfare," "Transformation"), but the basic premise was the same: The explosive changes in information technology would transform the future of military operations. The benefits of this change have been well documented, but its potential vulnerabilities have been less commonly described-or addressed for corrective actions. These actions must begin with a recognition of the new relationship between traditional defense systems and modern information technologies. Traditional warfare systems are developed, ruggedized, hardened, secured, and tested to ensure the highest level of performance and availability. As military systems become more software intensive (in both computers and communications), greater time and cost increases occur because of increased system complexity and the lack of vigorous software processes, especially when compared with more mature, hardware intensive engineering and development processes. For the most part, military systems are proprietary and communicate securely with little effect on performance. Current military weapons and combat platform system acquisitions have very high costs and extremely long lead times. This high expense and long preparation is attributed, in part, to the complexity of new system designs and to the rigidity of design processes that are needed to meet mission-critical battlefield requirements of high reliability, ease of maintenance, and built-in safety systems. The acquisition process itself introduces costs and delays because it must meet legal and regulatory demands designed to ensure openness and fiscal responsibility. These methods have produced formidable systems; American superiority in high-tech weapons development is acknowledged worldwide. In contrast to military systems, commercial information systems can be developed, marketed, and upgraded within a 2-year life cycle. The introduction and adoption by industry of new technologies such as wireless, voice over Internet protocol (VOIP), and radio frequency identification devices (RFID) are rapid, with little design concern for security and privacy. Introduction of this technology in the commercial market is based on user acceptability, legal consequences, and bottom-line cost analysis, not on considerations of safety, potential loss of life, or national security policy. In spite of these potential problems with commercial systems, their advantages-rapid deployment of state-of-the-art technology (consequently, higher performance) and far lower cost (because of much higher volume)-make them extremely attractive. Thus, over the past decade, Defense Acquisition Reform has been focused on developing processes to achieve both the high-performance and low-cost benefits that come from using commercial technology while still assuming the necessary mission objectives of high reliability, rugged environmental capability, and (particularly) security. This volume examines threats and vulnerabilities in the following four areas: physical attacks on critical information nodes; electromagnetic attacks against ground, airborne, or space-based; information assets; cyber attacks against information systems; attacks and system failures made possible by the increased level of complexity inherent in the multiplicity of advanced systems.

Author : National Academies of Sciences, Engineering, and Medicine
Publisher : National Academies Press
Page : 111 pages
File Size : 12,7 MB
Release : 2019-07-09
Category : Technology & Engineering
ISBN : 0309493935

GET BOOK

High-performance electronics are key to the U.S. Air Force's (USAF's) ability to deliver lethal effects at the time and location of their choosing. Additionally, these electronic systems must be able to withstand not only the rigors of the battlefield but be able to perform the needed mission while under cyber and electronic warfare (EW) attack. This requires a high degree of assurance that they are both physically reliable and resistant to adversary actions throughout their life cycle from design to sustainment. In 2016, the National Academies of Sciences, Engineering, and Medicine convened a workshop titled Optimizing the Air Force Acquisition Strategy of Secure and Reliable Electronic Components, and released a summary of the workshop. This publication serves as a follow-on to provide recommendations to the USAF acquisition community.

Author : Martin C. Libicki
Publisher : Cambridge University Press
Page : 17 pages
File Size : 10,72 MB
Release : 2007-04-16
Category : Political Science
ISBN : 1139464655

GET BOOK

With billions of computers in existence, cyberspace, 'the virtual world created when they are connected,' is said to be the new medium of power. Computer hackers operating from anywhere can enter cyberspace and take control of other people's computers, stealing their information, corrupting their workings, and shutting them down. Modern societies and militaries, both pervaded by computers, are supposedly at risk. As Conquest in Cyberspace explains, however, information systems and information itself are too easily conflated, and persistent mastery over the former is difficult to achieve. The author also investigates how far 'friendly conquest' in cyberspace extends, such as the power to persuade users to adopt new points of view. He discusses the role of public policy in managing cyberspace conquests and shows how the Internet is becoming more ubiquitous and complex, such as in the use of artificial intelligence.

Author : Isaac Porche
Publisher : Rand Corporation
Page : 0 pages
File Size : 13,87 MB
Release : 2012
Category : Computers
ISBN : 9780833078551

GET BOOK

The U.S. Navy requires an agile and adaptable acquisition process that can field new information technology capabilities and services in relatively short and responsive time frames. A RAND study sought to identify ways to accelerate or bypass the traditional acquisition process in response to the unique demands of information technology and cyber programs.

Author : National Research Council
Publisher : National Academies Press
Page : 299 pages
File Size : 22,15 MB
Release : 1999-06-17
Category : Technology & Engineering
ISBN : 0309064856

GET BOOK

Rapid progress in information and communications technologies is dramatically enhancing the strategic role of information, positioning effective exploitation of these technology advances as a critical success factor in military affairs. These technology advances are drivers and enablers for the "nervous system" of the militaryâ€"its command, control, communications, computers, and intelligence (C4I) systemsâ€"to more effectively use the "muscle" side of the military. Authored by a committee of experts drawn equally from the military and commercial sectors, Realizing the Potential of C4I identifies three major areas as fundamental challenges to the full Department of Defense (DOD) exploitation of C4I technologyâ€"information systems security, interoperability, and various aspects of DOD process and culture. The book details principles by which to assess DOD efforts in these areas over the long term and provides specific, more immediately actionable recommendations. Although DOD is the focus of this book, the principles and issues presented are also relevant to interoperability, architecture, and security challenges faced by government as a whole and by large, complex public and private enterprises across the economy.

Author : Don Snyder
Publisher :
Page : 0 pages
File Size : 26,53 MB
Release : 2020-04-27
Category : Computers
ISBN : 9781977404374

GET BOOK

This report presents a framework for the development of metrics-and a method for scoring them-that indicates how well a U.S. Air Force mission or system is expected to perform in a cyber-contested environment. There are two types of cyber metrics: working-level metrics to counter an adversary's cyber operations and institutional-level metrics to capture any cyber-related organizational deficiencies.

Author : Department of Department of Defense
Publisher :
Page : 204 pages
File Size : 12,1 MB
Release : 2015-09-30
Category :
ISBN : 9781978210462

GET BOOK

Department of Defense (DoD) systems and networks are constantly under cyber attack. Nearly all defense systems incorporate information technology (IT) in some form, and must be resilient from cyber adversaries. This means that cybersecurity applies to weapons systems and platforms; Command, Control, Communications, Computers, Intelligence, Surveillance, and Reconnaissance (C4ISR) systems; and information systems and networks. Cybersecurity is a critical priority for the DoD, and is a vital aspect of maintaining the United States'' technical superiority. DoD recently revised several of its policies to more strongly emphasize the integration of cybersecurity into its acquisition programs to ensure resilient systems. This guidebook is intended to assist Program Managers (PM) in the efficient and cost effective integration of cybersecurity into their systems, in accordance with the updated DoD policies. Why buy a book you can download for free? First you gotta find a good clean (legible) copy and make sure it''s the latest version (not always easy). Some documents found on the web are missing some pages or the image quality is so poor, they are difficult to read. We look over each document carefully and replace poor quality images by going back to the original source document. We proof each document to make sure it''s all there - including all changes. If you find a good copy, you could print it using a network printer you share with 100 other people (typically its either out of paper or toner). If it''s just a 10-page document, no problem, but if it''s 250-pages, you will need to punch 3 holes in all those pages and put it in a 3-ring binder. Takes at least an hour. It''s much more cost-effective to just order the latest version from Amazon.com This book is published by 4th Watch Books and includes copyright material. We publish compact, tightly-bound, full-size books (8 � by 11 inches), with glossy covers. 4th Watch Books is a Service Disabled Veteran-Owned Small Business (SDVOSB). If you like the service we provide, please leave positive review on Amazon.com. For more titles published by 4th Watch Books, please visit: cybah.webplus.net UFC 4-010-06 Cybersecurity of Facility-Related Control Systems NIST SP 800-82 Guide to Industrial Control Systems (ICS) Security Whitepaper NIST Framework for Improving Critical Infrastructure Cybersecurity NISTIR 8170 The Cybersecurity Framework FC 4-141-05N Navy and Marine Corps Industrial Control Systems Monitoring Stations UFC 3-430-11 Boiler Control Systems NISTIR 8089 An Industrial Control System Cybersecurity Performance Testbed UFC 1-200-02 High-Performance and Sustainable Building Requirements NIST SP 800-12 An Introduction to Information Security NIST SP 800-18 Developing Security Plans for Federal Information Systems NIST SP 800-31 Intrusion Detection Systems NIST SP 800-34 Contingency Planning Guide for Federal Information Systems NIST SP 800-35 Guide to Information Technology Security Services NIST SP 800-39 Managing Information Security Risk NIST SP 800-40 Guide to Enterprise Patch Management Technologies NIST SP 800-41 Guidelines on Firewalls and Firewall Policy NIST SP 800-44 Guidelines on Securing Public Web Servers NIST SP 800-47 Security Guide for Interconnecting Information Technology Systems NIST SP 800-48 Guide to Securing Legacy IEEE 802.11 Wireless Networks NIST SP 800-53A Assessing Security and Privacy Controls NIST SP 800-61 Computer Security Incident Handling Guide NIST SP 800-77 Guide to IPsec VPNs NIST SP 800-83 Guide to Malware Incident Prevention and Handling for Desktops and Laptops NIST SP 800-92 Guide to Computer Security Log Management