Information Sys Security Program

Abstract

Information Systems Security Program (ISSP) ensures the protection of Navy and joint cyberspace systems from exploitation and attack. Cyberspace systems include wired and wireless telecommunications systems, Information Technology (IT) systems, and the content processed, stored, or transmitted therein. ISSP includes protection of the Navy's National Security Systems and Information (NSSI). ISSP is the Navy's implementation of statutory and regulatory requirements specified in Federal Information Security Management Act of 2002 (FISMA, 44 U.S.C. section 3541), the Computer Security Act of 1987 (Public Law 100-235), Privacy Act of 1974 (5 U.S.C. section 552a, Public Law No. 93-579), National Security Act of 1947 (Public Law 235), Comprehensive National Cyber security Initiative (CNCI) National Security Presidential Directive 54/Homeland Security Presidential Directive 23 (NSPD-54/ HSPD-23), National Security Directive 42, Presidential Decision Directive 63, Executive Order 13526, Appendix III of Office of Management and Budget (OMB) Circular A-130 Revised, Committee for National Security Systems (CNSS) Policy 22, Chairman Joint Chiefs of Staff Instructions 6510.01F and 6510.02D, Department of Defense (DoD) Directives 8500.01, O-8530.01, and 8570.01, the new DoD Instruction 8500.02, and CNSS Instruction 1253. ISSP activities address the risk management of cyberspace defined in "The National Military Strategy for Cyberspace Operations", Chairman of the Joint Chiefs of Staff, Dec 2006, of defensive Information Operations (IO) defined in Joint Publication 3-13 including the capabilities to protect, detect, restore, and respond. ISSP supports the entire naval cyberspace domain from the mobile forward-deployed subscriber, through the ashore supporting critical information infrastructure, and the interconnection with other cyberspace domains. Navy cyberspace is a higher value and more vulnerable target due to the interconnectivity of naval and joint networks, connections to allied and coalition partners, connections to the public information infrastructure, and their use in naval and joint war fighting. Navy cyber systems face advanced attacks involving malicious changes to critical information, changes to the functionality of critical systems, denial of service (including jamming), and the destruction of systems and networks. Since many naval cyber systems are based on commercially available technologies, adversaries often have access to the technologies they seek to exploit. Rapid changes in the underlying commercial and government cyber infrastructures makes cyber security an increasingly complex and dynamic problem. ISSP provides the Navy's warfighter the essential information trust characteristics of availability, confidentiality, integrity, authentication, and non-repudiation. Information Assurance (IA)/Computer Network Defense (CND), key supporting cyber security activities, must evolve quickly to meet the rapidly evolving threats and vulnerabilities. Implementing ISSP requires rapid acquisition approaches to stay ahead of nation-states, terrorists, and criminal organization adversaries, among others. The Information Systems Security Program (ISSP) provides the Navy with the following cyber security elements: (1) defense of Navy's National Security Systems and Information (NSSI); (2) assured separation of information levels and user communities, including allied, coalition, non-Governmental, Defense Industrial Base, and other public partners; 3) technologies supporting the Navy's Computer Network Defense Service Providers (CNDSP) operations; (4) assurance of the Navy's telecommunications infrastructure and the wireless spectrum; (5) assurance of joint-user cyberspace domains, using a defense-in-depth architecture; (6) assurance of the critical computing base and information store; and, (7) supporting assurance technologies, including the Public Key Infrastructure (PKI) and Key Management Infrastructure (KMI). The ISSP program must be rapid, predictive, adaptive, and tightly coupled to cyberspace technology. Through modeling and simulation of Department of Defense (DoD) and commercial cyberspace systems evolution, the ISSP program provides architectures, products, and services based on mission impacts, information criticality, threats, vulnerabilities, and required defensive countermeasure capabilities. All ISSP Research Development Test & Evaluation (RDT&E) efforts comply with the National Technology Transfer and Advancement Act of 1995 (Public Law 104-113) as implemented through Office of Management and Budget (OMB) Circular A-119 of February 10, 1998, DoD Instruction 4120.24, Defense Standardization Program (DSP), and DoD Instruction 4120.3-M, Defense Standardization Program Policies and Procedures. The predominant commercial standard bodies in ISSP-related matters include International Organization for Standardization, American National Standards Institute, Institute of Electrical and Electronics Engineers, Internet Engineering Task Force, World Wide Web Consortium, and National Institute of Standards and Technologies. The joint interoperability required in today's telecommunications systems makes standards compliance a must and the ISSP RDT&E program complies with the joint technical architecture. The FORCEnet architecture and standards documents reflect this emphasis on interoperable standards. The connection of FORCEnet with the DoD Global Information Grid (GIG) requires all ISSP RDT&E activities to adopt a minimum standard of "best commercial IA practices." The ISSP program examines commercial technologies to determine their fit within Navy architectures, provides feedback to vendors about what the Navy requires, and participates in the standard bodies themselves. When necessary to protect mission critical systems specified in the Clinger/Cohen Act, ISSP RDT&E develops or tailors commercial and government technologies, standards, and processes to meet Navy-unique requirements; prototypes systems or portions of systems and examines their utility in operational Navy settings; and, provides Information Assurance (IA) expertise and engineering to Navy and joint information system developments. All ISSP technology development efforts endeavor to solve specific Navy and joint IA problems using techniques that speed transition to procurement as soon as possible. Maritime Operations Center (MOC) will respond to new technologies and advanced hardware and software tools to support the development and deployment towards automated autonomous Computer Network Operations (CNO) Network Operations (NetOps). Justification for Budget Activity: This program is funded under Operational Systems Development because it encompasses engineering and manufacturing development for the upgrade and integration of existing, operational systems. This includes cryptographic systems required to protect information defined in Title 40 United States Code (USC) Chapter 25 Sec 1452, and implements requirements in Executive Orders 12333 and 12958 and National Security Decision Directive 145. Major focus areas in FY14 (By Program): Computer Network Defense (CND) - Continue to ensure that security of Navy networks meet the mandates and initiatives of DoD for securing the Global Information Grid (GIG). Continue to develop, integrate, and test defense-in-depth and situational awareness technologies for knowledge-empowered CND operations for afloat and ashore platforms. Continue to develop new capabilities for Navy's Command and Control (C2) architecture and provide technical guidance to ensure CND requirements are met by Consolidated Afloat Network Enterprise Service (CANES). Continue the development and integration of DoD defined tools and capabilities including adaptive defense, security sensors, automation of reporting, monitoring, analysis and response as well as providing modernized patch management, virtualization support, packet capture and processing, and host based security agent tools. Cryptographic (Crypto)/Crypto Modernization (CM) - Initiate development of a Transmission Security (TRANSEC) replacement product for legacy devices. Initiate Intermediary Application (iApp) development efforts and incorporate functionality into specific Navy crypto devices, fill devices support products, or Personal Digital Assistants (PDA). Complete Full Development effort for the Link-22 Modernized Link Level Communications Security (COMSEC) (MLLC) and begin planning transition to production. Conduct Navy system test on VINSON/Advanced Narrowband Digital Voice Terminal (ANDVT) Cryptographic Modernization (VACM) Low Rate Initial Production (LRIP) units. Complete Navy VACM training material development, and all required pre-installation documentation, materials and acquisition support. Continue providing security engineering support for modernization of space crypto systems, embeddable crypto strategies, Unmanned Vehicle/low power crypto, Next Generation crypto initiatives, disposable crypto for tactical apps, Layer 2 encryption, and Tactical Secure Voice (TSV) cross-banding. Continue NSA Certification Authority and acquisition authority for all CM products. Key Management Infrastructure (KMI) - Continue capability, verification testing support to KMI Capability Increment (CI) CI-2 Spiral 2 software. Continue transition strategy and define requirements for incorporation of other KMI roles in Navy architecture (e.g., Controlling Authority, Command Authority). Continue defining capability requirements for KMI CI-3. Continue supporting KMI transition working group meetings, developing white papers and supporting documentation for KMI CI-3. Continue requirements definition support to the development of the next generation fill device. Continue migrating COMSEC Material Work Station/Data Management Device and other next generation fill devices to the KMI environment. Continue engineering the Navy Enterprise system to a centralized configuration management and crypto unit inventory tracking tool, which will improve Electronic Key Management System (EKMS) Tier 3 Simple Key Loaders (SKL), Tactical Key Loaders (TKL), KMI, and Crypto product management. Continue development engineering and testing to the Intermediary Application (iApp) which will enhance KMI secure communications. Continue shipboard bandwidth study with Spiral 2 Software in support of KMI Delivery Only Client (DOC) architecture in the afloat operation environment. Public Key Infrastructure (PKI) - Develop Secret Internet Protocol Router Network (SIPRNet) PKI solutions, including the SIPRNet Validation Authority and Cryptographic Logon(CLO) capability to non-Microsoft systems and Microsoft non-Domain services. Research and test Defense Information Systems Agency (DISA) Online Certificate Status Protocol (OCSP) enchancements for certificate authentication in the Navy afloat and ashore environments. Ensure compatibility and interoperability of PKI with Computer Network Defense (CND) systems architecture. Ensure Navy compliance with new PKI related cryptographic algorithms and certificates changes on the Common Access Card (CAC), Alternate Logon Token (ALT), and SIPRNet hardware token. Research and develop tools to support certificates for Non-Person Entity (NPE) devices and tactical/austere environments. Research Identity and Access Management (IdAM) technologies to increase information security on the Global Information Grid (GIG). Investigate virtualization of Navy Certificate Validation Infrastructure (NCVI) servers with Hardware Security Modules. Information Assurance (IA) Services - Continue to provide security systems engineering support for the development of Department of Defense (DoD) and Navy IA architectures and the transition of new technologies to address Navy IA challenges. Provide IA risk analysis and recommended risk mitigation strategies for Navy networks and Command, Control, Communications, & Intelligence (C4I) systems. This includes the expanded requirements to provide complete Identity and Access Management (IdAM) solutions, expanded spectrum monitoring, and data object security and provenance labeling as required in the current DODI 8500.2 and the new DODI 8500.02 IA controls.

Open PDF

Document Details

Document Type: R2 Budgetary Justification
Publication Date: Oct 01, 2014
Source ID: 0303140N_7_1319_PB_2014
Change Summary Explanation: CND Inc 2 IOC was achieved in advance of schedule, moved from 4QFY12 to 3QFY12. CND Inc 2 IOT&E slipped from 3QFY12 to 4QFY12 due to delayed receipt of Operational Test results. CND Inc 2 LRIP slipped from 3QFY12 to 4QFY12 due to delayed receipt of Operational Test results. CND Inc 2 FRP Decision slipped from 4QFY12 to 1QFY13 due to delayed Acquisition Decision Memorandum (ADM) approval. CRYPTO KG-45A FOC slipped from 1QFY13 to 4QFY13 due to delay in fielding onboard 1 CG platform. CRYPTO VACM MS C slipped from 3QFY13 to 4QFY13 due to software delays per US Air Force (USAF) Program Office. Milestones are driven by USAF as the lead service. CRYPTO VACM IOC slipped from 3QFY14 to 4QFY14 due to software development delays. CRYPTO VACM LRIP slipped from 3QFY13 to 4QFY13 due to software development delays. CRYPTO VACM FRP Decision slipped from 4QFY13 to 3QFY14 due to software development delays and contracting strategy moving to USAF contract sole source justification. CRYPTO KW-46M Common Submarine Radio Room (CSRR) integration test end date slipped from 2QFY12 to 1QFY13 due to availability of Naval Undersea Warfare Center (NUWC) test lab. CRYPTO VACM IOT&E end date slipped from 1QFY14 to 2QFY14 due to software development delays. CRYPTO KG-45A deliveries end date shifted from 1QFY13 to 4QFY13 due to delay in fielding onboard 1 CG platform. CRYPTO Link-22 MLLC Prototype delivery end date shifted from 2QFY12 to 3QFY12 due to contract performance issues (SAFENET). CRYPTO VACM LRIP deliveries shifted from 3QFY13 to 2QFY14 due to change in delivery schedule. CRYPTO VACM FRP delivery start date shifted from 1QFY14 to 4QFY14 due to software development delays. TKL IOC slipped from 1QFY13 to 2QFY13 and FOC slipped from 1QFY15 to 2QFY15 due to late Acquisition Decision Memorandum (ADM) approval and contract award. KMI CI-2 IOC is a NSA driven milestone and equipment was funded by NSA at limited Navy sites; IOC shifted from 3QFY12 to 4QFY12 due to NSA test schedule delays. KMI CI-2 FOC slipped from 1QFY17 to 3QFY18 to align to Chief of Naval Operations (CNO) ship availabilities. KMI CI-2 IOT&E is a NSA driven milestone and equipment was funded by NSA at limited Navy sites; slipped from 3QFY12 to 4QFY12 due to NSA test schedule delays. TKL production First Article (FA) test was completed 2QFY12. TKL Full Rate Production (FRP) Decision slipped from 3QFY12 to 1QFY13 due to Milestone Decision Authority (MDA) decision on FRP events. KMI CI-2 Spiral 1 LRIP contract was awarded 4QFY12. KMI Spiral 1 FRP slipped from 1QFY13 to 2QFY13 due to NSA test schedule delays. KMI Spiral 2 FRP slipped from 1QFY14 to 4QFY14 due to NSA schedule delays. EKMS Phase V SW delivery end date shifted from 1QFY13 to 2QFY13 due to final fielding. SKL delivery end date shifted from 3QFY13 to 4QFY15 due to later fielding of Next Generation Fill Devices to coincide with KMI Over the Network Key (OTNK) capability. TKL delivery start date shifted from 1QFY13 to 3QFY13 due to delay in Full Rate Fielding Decision (FRFD). KMI CI-2 Spiral 1 LRIP deliveries shifted from 4QFY12 to 1QFY14 through 3QFY14 due to NSA test schedule delays. KMI CI-2 Spiral 2 delivery start date shifted from 3QFY13 to 4QFY14 due to NSA schedule changes; Delivery end date shifted from 1QFY17 to 3QFY18 due to CNO availabilities of ships. Next Generation Fill Device delivery start date shifted from 1QFY13 to 1QFY16 to support Crypto Mod initiative for KMI awareness and will coincide with NSA KMI OTNK capability in FY15. Funding: FY 2014 $3M reduction will descope Cyber Security Research efforts ($2.5M) and Crypto systems engineering efforts ($0.5M). Technical: N/A
Service Agency Name: Navy

Entities

Organizations

United States Navy

Information Sys Security Program

Abstract

Document Details

Entities

Organizations

Tags

Communities of Interest

DTIC Thesaurus Topics

Fields of Study

Readers

Technology Areas

Related Documents