Cyber Security: Overcoming Challenges to Innovation

20150918_JTEG_TF_cybersecurity

Overview

On 23 February 2016 the JTEG will conduct a technology forum on “Cyber-Security: Overcoming Challenges to Innovation”. The purpose of the forum is to share information on the cybersecurity related challenges and barriers encountered while developing, testing, and transitioning new maintenance technology/processes within the DoD, and the measures taken to overcome these challenges. The forum discussion will include lessons learned and best practices that have been implemented to streamline the information assurance process while defending DoD networks and information.

Agenda

1300-1309:  Welcome and Overview – Greg Kilchenstein (OSD-MPP)

1309-1310:  Administrative Notes – Debbie Lilu (NCMS)

1310-1340:  Cyber-Security and New Technology: Overcoming Challenges-

1340-1400:  Naval Cyber-Security Best Practices (CYBERSAFE) – Dan Green (SPAWAR)

1400-1420:  US Air Force Cyber-Security Best Practices – Teresa Moyer (AFMC)

1420-1440:  NAVAIR Cyber-Security Best Practices – Liz McMichael (NAVAIR)

1440-1455:  US Army Cyber-Security Best Practices – Eric Hoover (RDEC)

1455-1500:  Wrap-up and JTEG Principals Comments

Minutes

Event: On 23 February, 2016, the Joint Technology Exchange Group (JTEG), in coordination with the National Center for Manufacturing Sciences (NCMS), hosted a virtual forum on “Cyber-Security Overcoming Challenges to Innovation”.

Purpose: The purpose of the forum was to provide information and exchange ideas on cyber-security challenges within DoD and how they might impact on innovation.
Welcome: Greg Kilchenstein (JTEG Co-Chair), welcomed everyone to the forum, thanked the presenters and all the listeners for their attendance, and briefly described the purposes of the JTEG and the JTEG technology forums.

Administrative: This was an open forum. The presentations, along with questions and answers, were conducted through Defense Collaboration Services (DCS) and an audio line. Approximately 75 participants from across DoD and industry joined in the forum. Questions were sent through DCS, and through the audio lines, and answered by the presenters during the forum.

Top 10 Reasons to Care about Cyber – Dan Green (SPAWAR) led a discussion on cyber considerations within the maintenance, repair and operations community. His briefing highlighted ten (10) areas of concern when considering the impact of cyber security on operations, and identified challenges associated with each area.

Naval Cyber-Security Best Practices (CYBERSAFE) – Dan Green (SPAWAR) provided a short presentation focused on the Navy cybersecurity safety (CYBERSAFE) program. CYBERSAFE is composed of three facets: 1) Cyber system levels – Design; 2) CYBERSAFE Grades – Procure & Build; 3) Cyber conditions of readiness – Operate.

US Air Force Cyber-Security Best Practices – Teresa Moyer (AFMC) provided an overview of the Air Force Cyber Resiliency Campaign plan & Cyber Campaign Lines of Action (LOA) details, to include the cyber resiliency steering group and cyber resiliency of weapon systems. She followed with a description of the AF Cyber Campaign Plan Roadmap and more detailed discussions on the seven (7) LOAs.

US Army Cyber-Security Best Practices – Eric Hoover (RDEC) provided a straight-forward and high level presentation on cybersecurity/information assurance within the DoD and the Army. His discussion included the Defense Science Board cybersecurity observations and “Top 10 Rules” for cybersecurity/information assurance.

Closing Comments: Greg Kilchenstein thanked the presenters for their contributions and the audience for their participation. He noted that we should all walk away with a better understanding of the cybersecurity risks, and the knowledge that our enterprises and leadership also understand these risks and are undertaking measures to counter. He and others also commented that, though the forum increased awareness and increased sensitivity to cyber threats, it didn’t provide a clear understanding of what to do at our level, i.e…What is “Our part of the “Internet of Things”? These are issues that we, our leadership, and the entire DoD enterprise must continue to work.
Presentation Slides and Questions & Answers: These meeting minutes, the Q&A, and those briefing slides approved for public release, will be posted on the JTEG website at https://jteg.ncms.org/ .
Next JTEG Meeting: The next JTEG virtual forum is 29 March 2016, 1:00 – 3:00 pm EST. The topic is “Laser and Automated Painting & Depainting”.

POC this action is Ray Langlais, rlanglais@lmi.org , (571) 633-8019

Q&A

Top Ten Reasons to care About Cyber

Dan Green (SPAWAR)

——————————

Q1. Dan, does SPAWAR/DoD have a certification process for DoD designated IA professionals?

A1. Yes, and it is changing. For the Navy, CYBERCOM is standing up new structures and teams, and will be rolling changes out to DoD. Changes include new/changes to IA rules to counter new threats, and will be much more dynamic than in the past. There are both DoD and Navy (Service specific) certification processes.  Dan stated that he would do some research on DoD certification and how they may relate to new maintenance devices.

 

Q2. Dan, are you familiar with any efforts across the Navy to assess and document the cyber threats in the FRCs and Shipyards?

A2. Yes. I will cover that in my next brief. The Navy is engaged in some very specific efforts.

 

Q3. How do I protect myself from cyber threats?

A3. Each device has to be secured. There is not a lot of knowledge to help show you how to get there. However, there is plenty of information stating what you cannot do.

 

CYBERSAFE

Dan Green (SPAWAR)

——————————

Q1. How would an organization know what the proper staffing level for IA/CA in order to adequately address the current and future challenges/requirements?

A1. Take the current baseline and multiply by 10!  The problem is that there are not enough people to effectively execute CA. It cannot be done manually. It is extremely difficult, but you can try to get enough people certified and provided the tools to constantly monitor.

 

Q2. Who can walk us through (hold our hand) to get through CS approval process.  Our wiring tester project has been held up since last September for CS.  We have received varying opinions from IA.  Many have been a dead end.

A2. Mr. Hardy at NAVAIR, for example. I can provide a list of names. I recommend you ask your IA personnel, and if you don’t an answer move it up the chain.

 

Q3. Is there anything that can help smooth the transition of new technology to help the innovation community with best practices?  Within the senior leadership, is there a sense of how innovation is being stifled?

A3. We are working with leadership, instilling industry best practices while working with manufacturing. All of us need policy change. In the near future, individuals will be held accountable for CA, not organizations, as is the current process.

 

USAF Cyber Security

Teresa Moyer (AFMC)

—————————–

Q1. Teresa, how can we get more information regarding the portable mx aids IA/CA pilot?

A1. I’ll take that as an action item since the SME is not present on the call.

 

Q2. Does the USAF have a target or standard for IA/CA certification time for innovations like PMAs?

A2. This is another question that I’ll take as an action item since the SME is not present on the call.

 

ARMY Cyber Security

Eric Hoover (RDEC)

————————–

No Questions

 

Cyber Security- Army