Information Sys Security Program

Abstract

Information Systems Security Program (ISSP) ensures the protection of Navy and joint telecommunications and information systems from exploitation and attack. ISSP is the Navy's implementation of statutory and regulatory requirements specified in Presidential Decision Directive 63, the Computer Security Act of 1987 (Public Law 100-235), Appendix III of Office of Management and Budget (OMB) Circular A-130, and Department of Defense Directive 8500.1. ISSP activities address the triad of defensive information operations defined in Joint Publication 3-13; protection, detection, and reaction. Focused on FORCEnet supporting the mobile forward-deployed subscriber, the Navy's implementation of Network-Centric Warfare places demands upon the ISSP as the number of users dramatically increases and the criticality of their use escalates. Today, the ISSP protects an expanding core service critical to the effective performance of the Navy's mission, supported by Mission Assurance Category 1 systems and crypto modernization requirements with Chairman Joint Chiefs of Staff Instruction 6510. The interconnectivity of naval networks, connections to the public information infrastructure, and their use in naval and joint war fighting means that FORCEnet is a easier attacked and higher value target. The types of possible attacks continues to grow. In addition to the traditional attacks that involve the theft or eavesdropping of information, Navy information and telecommunications systems face advanced attacks involving malicious changes to critical information, changes to the functioning of critical systems, denial of service (jamming), and the destruction of systems and networks. Since many naval information systems are based on commercially available technologies, an adversary often has access to the very technologies they want to exploit. The rapid change in the underlying commercial and government information infrastructures makes the security an increasingly complex and dynamic problem. ISSP provides the Navy's war fighter the essential information trust characteristics of availability, confidentiality, integrity, authentication, privacy, and non-repudiation. Information Assurance (IA) technology mix and deployment strategies must evolve quickly to meet the rapidly evolving threats and vulnerabilities. The ISSP Research Development Test & Evaluation (RDT&E) program provides the Navy with these essential Information Assurance (IA) elements: (1) assured separation of information levels and user communities, including coalition partners; (2) assurance of the telecommunications infrastructure; (3) assurance of joint user enclaves, using a defense-in-depth architecture; (4) assurance of the computing base and information store; and, (5) supporting assurance technologies, including a Public Key Infrastructure (PKI). ISSP RDT&E program is predictive, adaptive, and coupled to technology by modeling Department of Defense (DoD) and commercial information and telecommunications systems evolution (rather than being one-time developments). The program develops frameworks, architectures, and products based on mission threats, information criticality, exploitation risks, risk management, and integrated joint information system efforts. All ISSP RDT&E efforts comply with the National Technology Transfer and Advancement Act of 1995 (Public Law 104-113) as implemented through OMB Circular A-119 of February 10, 1998, DoD Instruction 4120.24, Defense Standardization Program (DSP), and DoD Instruction 4120.3-M, Defense Standardization Program Policies and Procedures. The predominant commercial standards bodies in ISSP-related matters include International Organization for Standardization (ISO), American National Standards Institute (ANSI), Institute of Electrical and Electronics Engineers (IEEE), Internet Engineering Task Force (IETF), World Wide Web Consortium (W3C), and National Institute of Standards and Technologies (NIST). The joint interoperability required in today's telecommunications systems makes standards compliance a must and the ISSP RDT&E program complies with the joint technical architecture. The FORCEnet architecture and standards documents reflect this emphasis on interoperable standards. The interconnection of FORCEnet into the DoD Global Information Grid (GIG) requires all ISSP RDT&E activities to adopt a minimum standard of "best commercial IA practice." The ISSP RDT&E program examines commercial technologies to determine their fit within Navy architectures, provides feedback to vendors about what the Navy requires, and participates in the standards bodies themselves. When necessary to protect mission critical systems specified in Clinger/Cohen Act, the ISSP RDT&E develops or tailors commercial and government technologies, standards, and processes to meet Navy-unique requirements; prototypes systems or portions of systems and examines their utility in operational Navy settings; and, provides IA expertise and engineering to Navy and joint information system developments. All ISSP technology development efforts solve specific Navy and joint IA problems using techniques that speed transition to procurement as soon as ready. JUSTIFICATION FOR BUDGET ACTIVITY: This program is funded under OPERATIONAL SYSTEMS DEVELOPMENT because it encompasses engineering and manufacturing development for upgrade and integration of existing, operational systems. This includes cryptographic systems required to protect information defined in Title 40 United States Code (USC) Chapter 25 Sec 1452, and the ISSP cryptographic RDT&E program is the implementation of requirements in Executive Orders 12333 and 12958 and National Security Decision Directive 145. Major focus areas in FY11: Computer Network Defense (CND) - Continue to develop and integrate CND capabilities in support of Common Computing Environment (CCE) and Afloat Core Services (ACS). Cryptographic (Crypto)/Crypto Modernization (CM) - Continue the Link-22 Modernized Link Level Communications Security, VHF/UHF Wideband Tactical Secure Voice Cryptologic Equipment (VINSON)/Advanced Narrowband Digital Voice Terminal Cryptographic Modernization, and Link-16 CM development efforts, and start the Portable Repair Program, Cooperative Engagement Capability, Digital Modular Radio, Demand Assigned Multiple Access, Secure Voice Over Internet Protocol and Common Data Link development efforts. Coordinate a CM Plan for Range and Weapons Telemetry as well as Transmission Security with National Security Agency (NSA) and other services. Electronic Key Management System (EKMS)/Key Management Infrastructure (KMI) - Continue EKMS to KMI transition planning; conduct Navy KMI Initial Operational Test and Evaluation to support NSA Milestone C and Low Rate Initial Production schedule. Begin transition strategy and define requirements for incorporation of other KMI roles into Navy architecture (e.g., Controlling Authority, Command Authority).

Open PDF

Document Details

Document Type: R2 Budgetary Justification
Publication Date: Oct 01, 2011
Source ID: 0303140N_7_1319_PB_2011
Change Summary Explanation: Schedule: Computer Network Defense (CND) - Schedule slip for Capability Production Document (CPD) approval, resulting in delay of Inc 2 Milestone C from 3rd Qtr FY10 to 3rd Qtr FY11. Key Management Infrastructure (KMI) - NSA's KMI Capability Increment 2 (CI-2) MS C schedule delay from 4th Qtr FY10 to 2nd Qtr FY11. Crypto Modernization - Link-22 MLLC Prototype Award delay from 4th Qtr FY09 to 3rd Qtr FY10. KW-46 Integration testing delay from 4th Qtr FY09 to 2nd Qtr FY11. AN-PYQ-20 (v) (c) (formerly KL-51M) testing and evaluation delayed from 4th Qtr FY09 to 2nd Qtr FY10. Technical: N/A FY11 from previous President's Budget is shown as zero because no FY11-15 data was presented in President's Budget 2010.
Service Agency Name: Navy

Entities

Organizations

United States Navy

Information Sys Security Program

Abstract

Document Details

Entities

Organizations

Tags

Communities of Interest

DTIC Thesaurus Topics

Fields of Study

Readers

Technology Areas

Related Documents