Assessments and Evaluations Cyber Vulnerabilities

Abstract

The National Defense Authorization Acts (NDAA), Fiscal Year (FY) 16 Section 1647, and FY 17 Section 1650, directs the office of the Secretary of Defense (OSD) to complete an evaluation of cyberspace vulnerabilities of select Department of Defense (DoD) weapon systems and critical infrastructures. For NDAA 1647, the Army was directed to assess and mitigate twenty-four weapon systems not later than December 31, 2019. For NDAA 1650, the Army was directed to assess and submit a mitigation strategy for twenty-five installations by December 31, 2020. To support this mandate, the two Congressional mandates were merged into two enduring Army programs: the Cyber Operational Resiliency Assessment-Platforms (CORA-P) to replace NDAA 1647, and the Cyber Operational Resiliency Assessment-Installations (CORA-I) to replace NDAA 1650. The aim of CORA-P/I is to reduce the Army's risk to adversarial cyber intrusions or attacks that compromise Army weapon and installation systems. Performance objective is to provide governance oversight of CORA-P/I phased vulnerability assessments to support the Planning, Programming, Budgeting and Execution (PPBE) cycle. These deliverables include identifying the means to mitigate CORA-P/I vulnerabilities. Efforts in this Program Element will: 1) identify, assess, and develop non-recurring engineering (NRE) to mitigate operational risks from cyber vulnerabilities to critical Army weapon systems in an operational configuration; and 2) assure the confidentiality, availability, and integrity of the information and control systems that underpin Army facilities and critical infrastructure by inventorying and assessing Facility-Related Control Systems (FRCS). Weapon systems evaluations will assess and provide NRE recommendations to mitigate operational risks emanating from a peer or near-peer adversary profile in accordance with existing test/lab requirements through the acquisition cycle. Where applicable, these evaluations will include tabletop exercises, lab assessments, and exercise/operational assessments of Program Executive Officer Command, Control, Communications-Tactical (PEO C3T) and ground weapon systems. Cyber hardening efforts will be informed by the vulnerability assessments reports (VAR) generated through the assessment and prioritization process. Prioritization will be based on mission criticality, impact to readiness, and threat. When applicable, this PE also provides for Red Team enhancement to support Combatant Command mission-level cyber vulnerability assessments.

Open PDF

Document Details

Document Type: R2 Budgetary Justification
Publication Date: Oct 01, 2022
Source ID: 0606942A_6_2040_PB_2022
Change Summary Explanation: FY 2021 increase allows for development of new analytic methodologies to make use of commercially available data that can be applied to military and Defense Industrial Base (DIB) targets to identify vulnerabilities in the cyber and physical supply chain or critical assets and facilities. The increase develops a process that allows for a comprehensive, intelligence informed assessment that can be applied to critical weapon systems and Combatant Commands (CCMDs) as well as the ecosystems that support them by providing a holistic look at cyber defense posture, resiliency, supply chain and development of cyber-electronic warfare (EW) convergence techniques. FY 2022 increase allows for further development of new analytic methodologies to make use of commercially available data that can be applied to military and Defense Industrial Base (DIB) targets to identify vulnerabilities in the cyber and physical supply chain or critical assets and facilities.
Service Agency Name: Army

Entities

Organizations

United States Army

Assessments and Evaluations Cyber Vulnerabilities

Abstract

Document Details

Entities

Organizations

Tags

Communities of Interest

DTIC Thesaurus Topics

Readers

Technology Areas

Related Documents