Assessments and Evaluations Cyber Vulnerabilities

Abstract

This funding line supports testing of Army Modernization Priority Programs. The National Defense Authorization Acts (NDAA), Fiscal Year (FY) 16 Section 1647, and FY 17 Section 1650, directs the office of the Secretary of Defense (OSD) to complete an evaluation of cyberspace vulnerabilities of select Department of Defense (DoD) weapon systems and critical infrastructures. For NDAA 1647, the Army was directed to assess and mitigate twenty-four weapon systems not later than December 31, 2019. For NDAA 1650, the Army was directed to assess and submit a mitigation strategy for twenty-five installations by December 31, 2020. To support this mandate, the two Congressional mandates were merged into two enduring Army programs: the Cyber Operational Resiliency Assessment-Platforms (CORA-P) to replace NDAA 1647, and the Cyber Operational Resiliency Assessment-Installations (CORA-I) to replace NDAA 1650. The aim of CORA-P/I is to reduce the Army's risk to adversarial cyber intrusions or attacks that compromise Army weapon and installation systems. Performance objective is to provide governance oversight of CORA-P/I phased vulnerability assessments to support the Planning, Programming, Budgeting and Execution (PPBE) cycle. These deliverables include identifying the means to mitigate CORA-P/I vulnerabilities. Efforts in this Program Element will: 1) identify, assess, and develop non-recurring engineering (NRE) to mitigate operational risks from cyber vulnerabilities to critical Army weapon systems in an operational configuration; and 2) assure the confidentiality, availability, and integrity of the information and control systems that underpin Army facilities and critical infrastructure by inventorying and assessing Facility-Related Control Systems (FRCS). Weapon systems evaluations will assess and provide NRE recommendations to mitigate operational risks emanating from a peer or near-peer adversary profile in accordance with existing test/lab requirements through the acquisition cycle. Where applicable, these evaluations will include tabletop exercises, lab assessments, and exercise/operational assessments of Program Executive Officer Command, Control, Communications-Tactical (PEO C3T) and ground weapon systems. Cyber hardening efforts will be informed by the vulnerability assessments reports (VAR) generated through the assessment and prioritization process. Prioritization will be based on mission criticality, impact to readiness, and threat. When applicable, this PE also provides for Red Team enhancement to support Combatant Command mission-level cyber vulnerability assessments.

Open PDF

Document Details

Document Type
R2 Budgetary Justification
Publication Date
Oct 01, 2024
Source ID
0606942A_6_2040_PB_2024
Change Summary Explanation
Increased funding due to revised economic assumptions.
Service Agency Name
Army

Entities

Organizations

  • United States Army

Tags

Communities of Interest

  • Cyber

DTIC Thesaurus Topics

  • Acquisition
  • Army Facilities
  • Availability
  • Control Systems
  • Cyberspace
  • Department Of Defense
  • Engineering
  • Executives
  • Hardening
  • Infrastructure
  • National Security
  • Platforms
  • Risk
  • System Of Systems
  • Unified Combatant Commands
  • Vulnerability
  • Weapon Systems

Readers

  • Cybersecurity.
  • Defense Acquisition Program Management
  • Enterprise Information Systems Architecture and Joint Command Capability Interoperability Support.

Technology Areas

  • Cyber
  • Fully Networked C3
  • Fully Networked C3 - Command and Control

Related Documents