Information Systems Security Program

Abstract

To limit DOD exposure to Insider SIPRNET data exfiltration threats, the Department must both deter bad behavior by increasing accountability and enforcement, and, implement barriers to data theft while preserving required ease of information sharing amongst authorized users. To accomplish this goal, DISA must accelerate implementation and fielding of three capability sets: •The ability to control and monitor pre-provisioned user access in a manner that cannot be repudiated (e.g. using CAC-enabled PKE Authentication) mitigates insider exfiltration threat by limiting data access and enabling enforcement and accountability •The ability to control and monitor user access based on known attributes about a user such as their organizational affiliation or roles within that organization (i.e. “Attribute Based Access Control” (ABAC)) provides the ability to share information on an ad-hoc basis amongst “unintended, but authorized users” while still limiting data access and enabling enforcement •The ability to enable, monitor and control the authorized transfer of information between SIPRNET and other DOD Networks as required via a globally available and operationally effective cross domain enterprise service solutions Of the three above listed capabilities, DISA has Identified five enhancements to existing programs to accomplish these capabilities. Two of the enhancements, Host Based Security System (HBSS) Audit Extraction Module (AEM) and Cross Domain Enterprise Services (CDES), require further test and evaluation. All testing is anticipated to be completed in FY12. The FY 2012 $5.500 million will fund the testing and evaluation of enhancements on two programs, HBSS AEM and CDES. HBSS AEM ($3.0M): Funds are required for the testing portion of HBSS AEM. DISA will implement a HBSS AEM to gather data associated with end-user behavior as part of the overall insider threat analysis effort. The Audit Extraction Module is a tool used to extract and centralize audit log events from HBSS equipped computers in near real-time. The centralized server will sit in the DoD Net Defense Community Data Center enabling monitoring by a variety of specialists. The audit events will be those relevant to insider misbehavior as well as cyber attacks so receiving these alerts in a timely manner will provide the needed alerting of a potential attack in progress. CDES ($2.5M): Funds will be used to test and evaluate the CDES. As part of the DoD enterprise cross domain service effort, DISA will create a cross domain enabled enterprise email solution to reduce the requirement to use removable media on SIPRNET, increase DoD’s ability to and to greatly improve DoD's ability to monitor cross domain information movement and the people who do this. Creating regionally deployed instances of email cross-domain capabilities will also yield benefits of infrastructure consolidation. Specifically, this solution will provide a two-way e-mail delivery across classification boundaries and amongst and between communities of interest.

Open PDF

Document Details

Document Type
R2 Budgetary Justification
Publication Date
Oct 01, 2012
Source ID
0303140K_7_0400_PB_2012
Change Summary Explanation
The increase in funding for FY 2012 is due tot he DoD’s response to recent global events which involved the unauthorized release of classified information.
Service Agency Name
Defense Information Systems Agency

Entities

Organizations

  • Defense Information Systems Agency

Tags

Communities of Interest

  • Cyber

DTIC Thesaurus Topics

  • Budgets
  • Computer Access Control
  • Cost Analysis
  • Cross Domain
  • Cyberattacks
  • Data Centers
  • Data Exfiltration
  • Electronic Mail
  • Extraction
  • Information Exchange
  • Information Systems
  • Insider Threats
  • Security
  • Test And Evaluation
  • Threats

Fields of Study

  • Computer science

Readers

  • Cybersecurity.
  • Defense Financial Management and Audit.

Technology Areas

  • Cyber

Related Documents