Lifecycle Jacqueline Janning-Lask AFLCMC/WNE 6 June 2017 B r e a k - - PowerPoint PPT Presentation

lifecycle
SMART_READER_LITE
LIVE PREVIEW

Lifecycle Jacqueline Janning-Lask AFLCMC/WNE 6 June 2017 B r e a k - - PowerPoint PPT Presentation

Mar 19, 2024 1.34k likes •1.51k views

Log IT Summit --- June 2017 The Cyber Lifecycle Jacqueline Janning-Lask AFLCMC/WNE 6 June 2017 B r e a k i n g B a r r i e r s S i n c e 1 9 4 7 Cyber Why is it so darn hard? Human generated domain few natural laws

slide-1
SLIDE 1

B r e a k i n g B a r r i e r s … S i n c e 1 9 4 7

The Cyber Lifecycle

Jacqueline Janning-Lask AFLCMC/WNE 6 June 2017

Log IT Summit --- June 2017

slide-2
SLIDE 2

B r e a k i n g B a r r i e r s … S i n c e 1 9 4 7

Cyber – Why is it so darn hard?

2

  • Human generated domain – few “natural laws”

– Filled with “oops”, special cases, and surprises

  • Properties:

– Non-linear – what’s a dB of cyber?

  • Vulnerable today – patched tomorrow?

– Disruptive – which is the whole point of adding it

  • Awesome capabilities…with a potential dark side

– Inconsistent – not always what you expect

  • Who is attempting what?

– Often unpredictable – complexity drives this

  • Insert unexpected value X – weird thing Y happens

– Easily “democratized” – non-nation-states can become near “national” capable cyber powers w/ little effort

  • Big capabilities leave only a tiny –INT footprint - no large infrastructure!

– Cyber is a team sport – new area for weapon system acquisitions -- new problem for new people, skillsets, processes, and organizations that have never played together before -- but MUST!

slide-3
SLIDE 3

B r e a k i n g B a r r i e r s … S i n c e 1 9 4 7

Food for Thought: RAND

3

 Current policies are better suited to simple, stable, and

predictable environments than to the complex, rapidly changing, and unpredictable reality of today’s cybersecurity environment.

 Implementation of cybersecurity is not continuously vigilant

throughout the life cycle of a military system.

 Control of and accountability for military system cybersecurity is

spread over numerous organizations and is poorly integrated.

 Monitoring and feedback for cybersecurity is incomplete,

uncoordinated, and insufficient for effective decision-making or accountability.

  • ”Cybersecurity of Air Force Weapon

Systems”, RAND Research Brief, 2016.

slide-4
SLIDE 4

B r e a k i n g B a r r i e r s … S i n c e 1 9 4 7

AF Cyber Campaign Plan: Weapon System Focus

4

 Goal:

#1 “Bake-In” cyber resiliency into new weapon systems

#2 Mitigate “Critical” vulnerabilities in fielded weapon systems  7 Lines of Action (LOAs)

LOA 1: Perform Cyber Mission Thread Analysis

LOA 2: “Bake-In” Cyber Resiliency

LOA 3: Recruit, Hire & Train Cyber Workforce

LOA 4: Improve Weapon System Agility & Adaptability

LOA 5: Develop Common Security Environment

LOA 6: Assess & Protect Fielded Fleet

LOA 7: Provide Cyber Intel Support  Test & Evaluation (infrastructure/capability growth): Part of LOA 2  Cyber Squadron Initiative (CS-I)  Industrial Control Systems/SCADA cyber protection measures People, Processes, & Products

Ensure mission success in a cyber contested environment

slide-5
SLIDE 5

B r e a k i n g B a r r i e r s … S i n c e 1 9 4 7

Roadmap to Resiliency

  • Develop assessment

methodology framework

  • Develop cyber

acquisition workforce

  • Assess cyber

posture of fielded systems

  • Enable weapon

system adaptability

  • Institutionalized

methodology, tools, T&E infrastructure

  • Skilled workforce
  • Integrated cyber

tools, policy, etc.

Present

Mission Assurance

  • Mission Thread Analysis

Institutionalize

  • “Baked” in resiliency

Future

Mx and Aircrew Trainers

System Assurance

  • Assess and Fix

Off Board Mission Support

5

slide-6
SLIDE 6

B r e a k i n g B a r r i e r s … S i n c e 1 9 4 7

Applying Cyber Across All Domains

Finance Logistics Personnel

6

Medical Contracting Munitions Infrastructure Operations Comm Transportation IT Services Civil Engineering

slide-7
SLIDE 7

B r e a k i n g B a r r i e r s … S i n c e 1 9 4 7

Applying Cyber Across the Lifecycle

7

slide-8
SLIDE 8

B r e a k i n g B a r r i e r s … S i n c e 1 9 4 7

Assuring Resiliency

8

 Ability of weapon systems to maintain mission effective

capability under adversary offensive cyber operations

 Manage the risk of adversary cyber intelligence exploitation  Resiliency is the ability to morph, change in the face of adversity  ”Cyber resiliency is the ability of cyber systems and cyber-

dependent missions to anticipate, continue to operate correctly in the face of, recover from, and evolve to better adapt to advanced cyber threats” ---”Cyber Resiliency Engineering Aid, MITRE, Defense Innovation Marketplace, May 2015 Resiliency is key to cyber success and mission assurance Between, Among, Within and Across the Lifecycle

slide-9
SLIDE 9

B r e a k i n g B a r r i e r s … S i n c e 1 9 4 7

Questions?

9

?