Assessments and Evaluations Cyber Vulnerabilities
Abstract
This Program Element (PE) funds cyber vulnerabilities evaluations of major weapon systems in alignment with Section 1647 of the National Defense Authorization Act (NDAA) for Fiscal Year (FY) 2016, and of critical infrastructure in alignment with Section 1650 of NDAA 2017. Efforts in this PE will: 1) identify, assess, and mitigate operational risk from cyber vulnerabilities as it pertains to critical Army weapon systems in an operational configuration; and 2) assure the confidentiality, availability, and integrity of the information and control systems that underpin Army facilities and critical infrastructure by inventorying and assessing Facility-Related Control Systems (FRCS). Weapon systems evaluations will assess and mitigate operational risk from a peer or near-peer adversary profile in accordance with existing testing requirements of the acquisition cycle. Where applicable, these evaluations will include tabletop exercises, lab assessments, and exercise/operational assessments of Program Executive Officer Command, Control, Communications-Tactical (PEO C3T) and ground weapon systems. Cyber hardening efforts will apply knowledge from weapon systems vulnerability assessments to identify gaps and develop mitigation strategies to reduce operational risk and prioritize resources. Prioritization will be based on mission criticality, impact to readiness, and threat. This PE also provides for enhancement of existing Red Team elements and efforts attributed to Combatant Command mission-level cyber vulnerability assessments. Evaluations of cyber vulnerabilities at critical infrastructure will focus on Task Critical Assets, Defense Critical Assets, and on units with high priority Quadrennial Defense Review missions and their supporting infrastructure. This PE provides for the training of teams to conduct cyber vulnerability evaluations on critical infrastructure. Once trained, these teams will conduct cooperative vulnerability and penetration assessments (Blue Teaming), adversarial assessments (Red Teaming), and assist with conducting assessments of cyber dependencies, vulnerabilities and threats in accordance with DoDI 8501.1 "Risk Management Framework." Funding will also provide for Contractor subject matter expertise to conduct Security Control Assessments and Deep Cyber Resiliency Assessments.
Document Details
- Document Type
- R2 Budgetary Justification
- Publication Date
- Oct 01, 2020
- Source ID
- 0606942A_6_2040_PB_2020
- Change Summary Explanation
- Fiscal Year (FY) 2020 funding is to continue conducting Cyberspace Operational Resiliency Assessments at both Platform and Installation levels (CORA-P/I).
- Service Agency Name
- Army
Entities
Organizations
- United States Army
Related Documents
- Child Project: Cyber Vulnerabilities Assessments and Evaluations
- Child Accomplishment: Cyberspace Operational Resiliency Assessment ? Platform (CORA-P)
- Child Accomplishment: Cyberspace Operational Resiliency Assessment ? Installation (CORA-I)