AMRDEC CYBER Capabilities - HAMA Web

1 08 July 16 AMRDEC CYBERC apabilitiesPresented by:Julie LockerAMRDEC CYBER Army aviation and Missile Research, Development, and Engineering CenterPresented to: HAMAD istribution Statement A: Approved for public release: distribution CYBER Engineering Center (CEC)Assistant Secretary of the Army (Acquisition, Logistics and Technology)ASA(ALT)AcademiaIndustryJoint ServicesDefense Advanced Research Projects AgencyDARPAO ther DECsOther Gov t AgenciesUSD(P&R), USD(I); USD(ATL); DOT&E; USCENTCOM; USSTRATCOM; USTRANSCOM30 Gov t Experts150+ Contractor ExpertsLEVERAGINGOFASSETSENSURESNON-DUPL ICATIONOFEFFORTSR edstone Arsenal CommunitySupporting CYBER Across the Acquisition Life CyclePEO MSPEO AVNRTCPEO CYBER Functional Support Areas System Owner Support (SOS) Software Assurance (SwA) Supply Chain Risk Mgmt Risk MgmtFramework Protective Technologies CYBER S&T Green Teams Vulnerability Assessment Eng.

2 Institutional Training Interns DAU National Guard Training 842 NGB/AR military trained since CY12; 454 in CY15 SOS: Since 2006, have helped 155 systems achieve their accreditation; personnel embedded in PEO/PM site SwA: Since 2009, have scanned more than 350 million Lines of source code in support of more than 700 analysis projects; 31 million scanned in FY15 Has an SCA-V Assessor (only 11 total for Army) 100 SCA-V Assessments per year Red Team Coop for TSMO CND: Extension of ARL Network Defense Blue Team Certification Process/PEO STRI-ARLINSTITUTIONALTRAINING/ EDUCATIONENGINEERING ACA/SCA-V (Security Control Assessor/Validator) Virtualization/Impact-Effects CYBER Security Testbed Blue Teams Red Teams Computer Network ApproachServices Applied Across Life CycleFRP Decision ReviewABCC yber Design Team/ CYBER IntegratorSoftware AssuranceSystem Owner SupportVulnerability Assessment and Engineering RMFC yber Institutional Training.

3 Intern DevelopmentCyber R & D/ aviation and Missile System FocusedSCA-VEvent DrivenBlue TeamGreen TeamRed TeamBuild REDUCTIONINTEGRATIONB uild *LIMITED DEPLOYMENTOT&ESUSTAINMENTDISPOSALM aterial Solution AnalysisOperations & SupportTechnology Maturation & Risk ReductionEngineering & Manufacturing DevelopmentProduction & DeploymentCyber Burned into DNACYBERINTEGRATEDACROSSDOMAINSE ngineeringTest and EvaluationEducation and Assurance MissionMissionMission Objective: To ensure software conforms tothe requirementsestablished by system owners and accrediting authorities to achieve trustworthiness and predictable execution. Flaws -Errors in the design or implementation of software.

4 Vulnerabilities -Exploitable software flaws. Malicious Features -Software designed with malicious Assessment Shift Left Iterative process where assessments are conducted at the beginning of the lifecycle and repeated throughout all phases Begins with system architecture review Baselines assessed and scanned for each update Easier and cheaper to correct AssessmentSupply Chain Threat and Vulnerability AssessmentSupply Chain Risk Assessment (SCRM Effectiveness)Supply Chain Threats and Vulnerabilities Insider Agents Non-Trusted Vendors No traceability No Physical / Personnel SecurityCC TechnicalThreats and Vulnerabilities Malw are Insertion Counterf eit Parts Lack of Sof tw are / Hardw are assurance Lack of Secure Design / SSEH ardwareSoftwareSupply Chain Mitigations Trusted Vendors CC Accountabilityand Traceability Supply Chain Controls Security Inf ormation Assurance Enterprise PolicyCC Mitigations Hardw are / Sof tw areAssurance Secure Design CYBER SecurityNISTNISPOMP olicyValidate / Publish Project Office SCRM EffortsProgramProtection PlanProgram Protection ImplementationplanAMRDEC

5 SHAREHOLDERINTEGRATIONCYBERVULNERABILITY ASSESSMENT/ ENGINEERINGRMFSOFTWAREASSURANCEHARDWARE/ SOFTWARE/ FIRMWARETESTING(CTSB)Supply Chain Risk ManagementAcross Each Program LifecycleSCRM Awareness Familiarization Intense SCRM Working Group Training Roles ResponsibilitiesIncidentInstitutionalTra ining / EducationFirmwareCoordinationSCRM S&T CYBER Snapshot Performed outreach to recognized experts in the community The mission areas of CERDEC and AMRDEC overlap when considering responsibility of CYBER for US Army weapons systems Collaborate with CERDEC where possible and inform CERDEC of research topics within their mission area Primary Research Areas tend to be: Potential Future Research Areas: CEMA Defense Science Board recommends spending $2B/yrin EW to catch up Active Defense Proactive, not reactive Understanding CYBER effects within a System of Systems using M&S Software Assurance CYBER Physical Systems Risk Management Process Supply Chain Risk Management FPGA Defense Big Data AnalyticsCEMA.

6 CYBER /Electromagnetic Activities (FM 3-38)The Purpose of this Effort is to Research and Develop Technologies that "Weave CYBER Defense into the DNA of Army Systems" Strategy DevelopmentOther Instructional DocumentsDoD CYBER Strategy 2014 Army CYBER StrategyA CYBER -prof icient total f orce that operates ef f ectively in and through cyberspace to meet joint and service requirementsArmy f ormations and netw orks support Army & Joint operationsRapidly-Delivered Cyberspace Capabilities to the Total ForceAdaptive f acilities and installation resources f ully capable of supporting cyberspace operations and developing a 21stcentury f orce Developed partnerships w ith US and international Academia, Industry.

7 Def ense Departments/Ministries, and other Agencies to enhance cyberspace operations Build and maintain ready f orces and Capabilities to conduct cyberspace end the DoDinf ormation netw ork, secureDoD data, and mitigate risks to DoD prepared to def end the homeland and vital interests f rom disruptive or destructive CYBER attacks of signif icant and maintain viable CYBER options andplan to use those options to control conf lict escalation and to shape the conf lict environment at all and maintain robust internationalalliances and partnerships to deter shared threats and increase international security and stability. DoDI , Operation of the Defense Acquisition System DoDI , Cybersecurity DoDI , Risk Management FrameworkAM RDEC Strategic PlanUnder Development and will tieTo DoD and Army AMRDEC s CYBER Engineering Center is the focal point for leveraging ofknowledge and personnel resources to support PEO MS and PEO AVN systems Critical efforts are ongoing to support weapon system developers in CyberResiliency Limited personnel resources within Government and Industry to address CYBER issues AMRDEC is aggressively working to build the Government bench throughprograms such as Scholarship for Servic