SEC Command and Staff
-
Upload
khangminh22 -
Category
Documents
-
view
5 -
download
0
Transcript of SEC Command and Staff
Presented By:Ms. Jennifer Zbozny, SES, Software Engineering Center (SEC) Director- AMC CECOMMr. Chad Claussen, SEC Chief Technical Officer- AMC CECOMMs. Xiomara Ford, SEC Cybersecurity Division Chief, AMC CECOM
Measures Towards Defensible Cyber Operations
Approved for Public Release- Distribution Unlimited
SEC Mission and Core Competencies
Core Competencies
MISSIONEnsure operational readiness by
developing, providing, integrating andmaintaining Army C4ISR, logistics and
business software
Software Acquisition
Support
Software Field
Support
Independent Verification & Validation
CybersecuritySoftware Testing
Software Development
Electronic Warfare Software Reprogramming
Who We Are & What We Do• The Communications Electronics Command Software
Engineering Center (CECOM SEC) • SEC sustains C4ISR system software• Software sustainment includes but is not limited to:
• Resolving software anomalies• Modifying software to meet new operational needs• Maintaining software interoperability• Responding to new threats• Incorporating fixes to protect systems from cyber
threats
Approved for Public Release- Distribution Unlimited
• Business & Logistics Systems• Strategic Satellite Communication Systems
• Intelligence Systems• Sensor Systems
• Electronic Warfare Systems
CECOM SEC Customer & System Support
• Communications Systems• Command & Control Systems
Approved for Public Release- Distribution Unlimited
Why Care about Cybersecurity?
Anything that is networked can be hacked
Approved for Public Release- Distribution Unlimited
Cybersecurity Improvements
Objective: Improving measures for protecting Army information systems, networks and operations from disruption, unauthorized access, use, disclosure, modification, and destruction.
SECURE OPERATIONS
Hire/Retain Cybersecurity Professionals
Secure Army
Software
Enable Electronic Patching
• Leveraging Government-wide Direct Hire Authority 5 U.S.C. 3304(a)(3), 5 CFR part 337 to address talent shortage.
• Cyber Workforce Program identifies cyber functions of all personnel across SEC and provides training resources and current threat reports from the G-2.
• Assess Army and Enterprise software for security deficiencies.
• Provide electronic delivery and automated installation of software patches.
• Gauge security issues with software while in development.
Approved for Public Release- Distribution Unlimited
PURPOSE: To transform our workforce focus from solely informationassurance to a more inclusive cybersecurity focus comprised ofpersonnel who build, secure, operate, defend, and protect DoD and U.S.operations.
BACKGROUND: The Federal Cybersecurity Workforce Assessment Act of 2015(FCWAA’15)
CURRENT STATE:• Cyber specialties coded for SEC Personnel in Army
Training and Certification Tracking System (ATCTS)• SEC Cyber Workforce SharePoint Portal
END STATE:• Innovated recruitment strategy• Qualified Cyber workforce retention strategy• Expansion of Threat Knowledge• Promote greater sense of cybersecurity
responsibilities amongst the workforce.
Cyber Workforce Program
Approved for Public Release- Distribution Unlimited
Software Assurance Program
BACKGROUND: The implications of software security defects are not well-knownthrough the Acquisition Lifecycle and difficult to detect through the Risk ManagementFramework and Program Protection processes.
PURPOSE: To “build-in” security requirements for software in development or enteringinto sustainment.
CURRENT STATE:• Customized tools for conducting static and dynamic code
analysis.• Unique personnel skillsets whom specialize in software
engineering and cyber,• Developer-capability tools to assess software security
deficiencies as they develop.
END STATE:• Develop robust and secure software applications to enable a
defense-in-depth approach• Influence the procurement of secure applications from
industry.
Approved for Public Release- Distribution Unlimited
Electronic Patching
Purpose: Improve the software security posture by expediting thedelivery and process of applying software updates
Background: The Army continually faces a challenged network todeliver information safely and efficiently. Software security updatesare needed to prevent cyber attacks on Army systems
Current State: With a manual process, the soldier has to:• Wait 2-3 weeks for security updates to reach CONUS and OCONUS
sites• Manually upload security updates via CDs to each system• Manually create reports based on system compliance (~2 week effort)
End State: With an electronic process, the soldier is enabled to:• Leverage one website to obtain security updates• Automate the manual process of updating multiple systems• Create a quick report based on system compliance (~2 minute
effort)
Approved for Public Release- Distribution Unlimited
EPI Scope & Lines of Effort
LoE 1: Baseline Tagging
LoE 2: Compliance Reporting
LoE 3: ePatching
LoE 4: Patch Portal
Embed standardized data fields for asset and baseline identification
Provide actionable reporting for network defenders and commanders
Automate the manual process of applying software security updates
Centralize content distribution as a one-stop-shop for the warfighter to improve patch availability
Desired End-State Allows us to see
ourselves Identify system
vulnerabilities of our systems
Reduces complexity of unit patch management processes
EXORD 013-18: Program of Record Electronic Patching and Compliance Reporting for PORs in a high-bandwidth environment or Installation as a Docking Station (IaaDS) connected state
Purpose: Improve Program of Record (POR) security posture through an expedited electronic process for patching security vulnerabilities and enhanced vulnerability management
Approved for Public Release- Distribution Unlimited
Stakeholders
AMC• CECOM
ASA(ALT)• PEOs• Cyber Focal
ARCYBER• G35• NETCOM
TRADOC • TCM N&S
FORSCOM• Operating Units• G6
POR Tagging and ePatching
Compliance Reporting Process and Tool
Patch Portal and Governance
Requirements Integration
Schoolhouse training development
Unit Implementation
POR Tagging and ePatching
Identify long-term patching solution
EXORD 013-18 WG: Army-wide team enabling systems on high-bandwidth networks
Approved for Public Release- Distribution Unlimited