Congressional Adds

Abstract

The goal of the Information Systems Security Program (ISSP) is to ensure the continued protection of Navy and joint information and information systems from hostile exploitation and attack. The ISSP activities address the triad of Defense Information Operations: protection, detection, and reaction. Evolving attack sensing (detection), warning, and response (reaction) responsibilities extend far beyond the traditional ISSP role in the protection of Information Systems, including weapons systems. Focused on the highly mobile forward deployed subscriber, the Navy's adoption of Network-Centric Warfare (NCW) places demands upon the ISSP, as the number of users expands significantly and the criticality of their use escalates. Today, the ISSP protects an expanding core of services critical to the effective performance of the Navy's mission, as well as developing information assurance technology and systems that are resilient and survivable in the face of adversarial attacks. Features that are critical in supporting the Navy's concept of Distributed Maritime Operations (DMO). The rapid rate of change in the underlying commercial and government information infrastructures makes the provision of security an increasingly complex and dynamic problem. IA technology mix and deployment strategies must evolve quickly to meet rapidly evolving threats and vulnerabilities. No longer can information security be divorced from the information infrastructure. The ISSP enables the Navy's war fighter to trust in the availability, integrity, authentication, privacy, and non-repudiation of information. This project included funds for advanced technology development, test and evaluation of naval information systems security based on leading edge technologies that improved information assurance (e.g., situational awareness and information infrastructure protection) across all command echelons to tactical units afloat and war fighters ashore. This effort provided the research to develop a secure seamless interoperable, common operational environment of networked information systems in the battle space and for monitoring and protecting the information infrastructure from malicious activities. This effort provided naval forces a secure capability and basis in its achievement of protection from unauthorized access and misuse, and optimized IA resource allocations in the information battle space. This program also developed core technology to: (1) improve network infrastructure resistance and resiliency to attacks; (2) enable the rapid development and certification of security-aware applications and information technologies in accordance with the common criteria for IA and IA-enabled information technology products by the National Security Telecommunications and Information Systems Security Committee; and (3) measure the effectiveness and efficiency of IA defensive capabilities under naval environments. The program developed common architectural frameworks that facilitated integration of network security capabilities, enabled effective seamless interoperation, and contributed to a common consistent picture of the networked environment with respect to information assurance and security. This effort addressed the need for a common operational picture for IA, as well as assessment of security technology critical to the success of the mission. This effort also initiated requirements definition for situational awareness capabilities to support computer network defense in a highly-distributed, homogeneous, and heterogeneous networks including mobile and embedded networked devices. This effort also included the architectural definition of situational awareness and visualization capabilities to support active computer network defense and support underlying data mining and correlation tools, and addressed the capability to remotely manage and securely control the configurations of network security components to implement changes in real time or near real time. This program also initiated requirements definition for secure coalition data exchange and interoperation among security levels and classifications, and ensured approaches address various security level technologies as well as emerging architectural methods of providing interoperability across different security levels. IA examined multi-level aware applications and technologies including databases, web browsers, routers/switches, etc. Efforts also initiated infrastructure protection efforts as the Navy develops network centric architectures and warfare concepts, ensuring an evolutionary development of security architectures and products for IA that addresses Navy infrastructure requirements. IA ensured the architectures evolved to provide proper protection as technology, Department of Defense (DoD) missions, and threats continuously evolved. IA includes defensive protections as well as intrusion monitoring (sensors), warning mechanisms, and response capabilities in the architecture. Ensure the unique security and performance requirements of tactical systems, including those operating various security levels are addressed. Also, the program initiated the efforts to conceptualize new network centric warfare technology to protect our assets, such as secure network gateways, routers, components and tools that improve the survivability of Navy networks. Additionally, IA provided systems security engineering, certification and accreditation support for high-confidence naval information systems and ensure certification and accreditation approaches are consistent with Navy and DoD requirements.

Open PDF

Document Details

Document Type
Project
Publication Date
Oct 01, 2022
Source ID
9999_0303140N_7_1319_PB_2022

Tags

Fields of Study

  • Computer science

Readers

  • Cybersecurity.
  • Enterprise Information Systems Architecture and Joint Command Capability Interoperability Support.

Technology Areas

  • AI & ML
  • AI & ML - DoD AI Strategy
  • Cyber
  • Space

Related Documents