Cyber Resiliency & Cybersecurity Policy
Abstract
FY 2022 Accomplishments: Assessments: Conduct Cyber Risk Assessments in support of CCMDs: - Combatant Command (CCMD) Mission Analysis: Began pilot of analytic approach with USSPACECOM to define mission essential tasks. - Mission Resilience (MR) Games: Completed MR I in support of USTRANSCOM and USEUCOM to assess Global Logistics mission in a contested cyberspace environment. Began preparation for MR II in support of USSPACECOM. - Deep Cyber Resiliency Assessments (DCRAs): Completed multiple DCRAs for Mission Partners across the DoD including a high priority special request from a CCMD. - In coordination with the Services, National Security Agency, DoD CIO, Joint Staff, USCYBERCOM, and USSTRATCOM, developed the requirements and desired functionality for the Cyber Risk Mitigation Tool (CRMT). - Based on these requirements, the CRMT team worked with the Defense Threat Reduction Agency, Air Force Research Laboratory, MITRE, Johns Hopkins Applied Physics Laboratory, Air Force Cyber Resiliency Office for Weapons Systems (CROWS), and Advance Analytics (ADVANA) leadership to develop the general implementation and schema of the CRMT. - Launched a NIPRnet-based version of the CRMT tool during the COVID restrictions to allow for demonstration of potential functions and enable gathering of specific use cases. - Launched SIPRnet-based version of the CRMT providing analysis and status of Cybersecurity assessments under Section 1647 of the National Defense Authorization (NDAA) Act for FY 2016 and Section 1650 of the NDAA for FY 2017, covering priority weapon systems and critical infrastructure respectively. - Advocated and provided initial funding to put ADVANA on JWICS to enable the CRMT to provide in depth analytics on cyber vulnerabilities and mitigations while ensuring data security. - Began development of the structure and functions in the JWICS environment to enable Initial Operational Capability (IOC) of the CRMT by the end of FY 2022. - Collected, compiled, and standardized the data required to meet IOC functionality of the CRMT on JWICS. Cybersecurity for Weapon Systems and Defense Critical Infrastructure (DCI): - Developed Strategic Cybersecurity Program Directive Type Memorandum establishing with support from stakeholders for issuance. - Inaugurated cybersecurity contribution as a factor in determining overall acquisition risk through OUSD(A&S) Integrated Acquisition Portfolio Reviews. - Established working group to address section 1521 of the NDAA for FY 2022 requirement for identification of Executive Agent for procurement of cyber tools, data, and services. - Developed a Cyber Risk Mitigation Plan (CRMP) in support of identified installation cyber risks. - Supported Cyber Supply Chain Risk Management initiatives across the Department including support to implementation of Section 889/1656 Prohibitions on covered information and communication technologies for programs in acquisition and sustainment. - Began development and establishment of a standardized risk calculus for reporting control systems in relation to critical infrastructure, a control systems and critical infrastructure common lexicon, taxonomy, and ontology and an assessment reporting template of minimum required data for control systems and critical infrastructure. Capability Portfolio Management for Cyber Capabilities: - Conducted mission engineering analysis to support the USD(A&S)-chaired Cyberspace Operations Enterprise Integrated Acquisition Portfolio review (IAPR) meeting on June 28, 2022, which highlighted the need for a dedicated and enduring joint cyberspace operations capabilities System of Systems (SoS) Systems Engineering & Integration (SE&I) lead organization. - In coordination with USCYBERCOM, updated the cyber access and tools acquisition, development, and sustainment strategy and conducted an internal DoD directed study on Joint Cyber Warfighting Architecture (JCWA) enhancement.
Document Details
- Document Type
- Accomplishment
- Publication Date
- Oct 01, 2024
- Source ID
- 0cd4e2a92435eb19580464a433745f96