Cyber Vulnerabilities Assessments and Evaluations

Abstract

This Program Element (PE) funds cyber vulnerabilities evaluations of major weapon systems in alignment with Section 1647 of the National Defense Authorization Act (NDAA) for Fiscal Year 2016, and of critical infrastructure in alignment with Section 1650 of NDAA 2017. Efforts in this PE will: 1) identify, assess, and mitigate operational risk from cyber vulnerabilities as it pertains to critical Army weapon systems in an operational configuration; and 2) assure the confidentiality, availability, and integrity of the information and control systems that underpin Army facilities and critical infrastructure by inventorying and assessing Facility-Related Control Systems (FRCS). Weapon systems evaluations will assess and mitigate operational risk from a peer or near-peer adversary profile in accordance with existing testing requirements of the acquisition cycle. Where applicable, these evaluations will include tabletop exercises, lab assessments, and exercise/operational assessments of Program Executive Officer Command, Control, Communications-Tactical (PEO C3T) and ground weapon systems. Cyber hardening efforts will apply knowledge from weapon systems vulnerability assessments to identify gaps and develop mitigation strategies to reduce operational risk and prioritize resources. Prioritization will be based on mission criticality, impact to readiness, and threat. This PE also provides for enhancement of existing Red Team elements and efforts attributed to Combatant Command mission-level cyber vulnerability assessments. Evaluations of cyber vulnerabilities at critical infrastructure will focus on Task Critical Assets, Defense Critical Assets, and on units with high priority Quadrennial Defense Review missions and their supporting infrastructure. First, this PE provides for the training of teams to conduct cyber vulnerability evaluations on critical infrastructure. Once trained, these teams will conduct cooperative vulnerability and penetration assessments (Blue Teaming), adversarial assessments (Red Teaming), and assist with conducting assessments of cyber dependencies, vulnerabilities and threats in accordance with DoDI 8501.1 "Risk Management Framework." Funding will also provide for Contractor subject matter expertise to conduct Security Control Assessments and Deep Cyber Resiliency Assessments.

Document Details

Document Type

Project

Publication Date

Oct 01, 2020

Source ID

FL2_0606942A_6_2040_PB_2020

Tags

Related Documents

• Root: Assessments and Evaluations Cyber Vulnerabilities
• Child Accomplishment: Cyberspace Operational Resiliency Assessment ? Platform (CORA-P)
• Child Accomplishment: Cyberspace Operational Resiliency Assessment ? Installation (CORA-I)