Cyber Operations

Abstract

Project MC30 Cyber Operations increased by $4.565 million between FY 2015 to FY 2016 to comply with expanding White House, Secretary of Defense, and U.S. Cyber Command DoD-wide Cybersecurity Initiatives, and the Federal Information Security Management Act (FISMA). White House Memorandum, “Near-Term Measures to Reduce the Risk of High-Impact Unauthorized Disclosures,” issued February11, 2014, requires DoD to implement an insider threat program, complete the issuance and use of Public Key Infrastructure credentials and Public Key enabling on the SIPRNET to enhance security enforcement of asset controls for sensitive information and reduce the risks associated with “privileged” users. A number of key IT strategies were also identified in the DoD Information Technology Enterprise Strategy and Roadmap issued by the Deputy Secretary of Defense in 2011. The IT Roadmap specifically addresses the need to improve Cybersecurity. It states that DoD networks are under constant attack from cybersecurity threats launched from various sources. MDA must meet the National Command Authority Directives for rapid deployment of the BMDS while complying with the key principles of the Cybersecurity standards to ensure MDA remains a secure member of the DoD Information Network (DODIN). DoD Instruction 8500.01 “Cybersecurity” issued in March 2014, requires continuous monitoring, data analysis, reporting and incident mitigation of DoD classified and unclassified, mission, test and administrative networks. To comply with the Instruction, MDA must implement a multi-tiered cybersecurity risk management capability to protect critical BMD data and systems from rapidly evolving internal and external threats. The issuance of DoD Instruction 8510.01, “Risk Management Framework (RMF) Information Technology” in March 2014 requires additional resources to implement, manage, monitor and report as a result of a thirty five percent increase in controls (237 controls with 817 enhancements). DoD 8510.01 also states that “resources for implementing the RMF must be identified and allocated as part of the Defense planning, programming, budgeting, and execution process.” The Controls must be tested on all IT supporting research, development, test and evaluation and DoD-controlled IT operated by a contractor or other entity on behalf of DoD and reported. The Cyber Operations budget project in the Enabling Program Element is executed by the MDA Chief Information Officer who is the Agency Designated Approving Authority (DAA) for MDA Administrative information technology systems. The project provides funds to sustain MDA DoD Information Assurance Certification and Accreditation Program (DIACAP) and Controls Validation Testing (CVT) activities, analysis of validation results, risk assessments and reviews of proposed Program Manager/Information Assurance Manager (PM/IAM) Plan of Action and Milestones (POA&Ms) for the MDA mission, test and administrative systems. It maintains the Certification & Accreditation (C&A) data repository, capturing the DIACAP documentation (artifacts, validation results, and Information Assurance Risk Assessment results, and Designated Approving Authority (DAA) accreditation decisions) and POA&M on all MDA information systems. It supports the monitoring and tracking of Cybersecurity mitigations detailed in IT security POA&Ms. Activities include preparation of C&A documentation and accreditation recommendations to the MDA Senior Information Assurance Officer (SIAO)/Certification Authority (CA) and DAA. Independent Verification and Validation (IV&V) team actions ensure the availability, integrity, authentication, confidentiality and non-repudiation of the MDA mission, test and administrative systems. Activities in the Project are necessary to comply with the Federal Information Security Management Act (FISMA). This project funds the MDA Security Operations Center (SOC), responsible for monitoring, managing, patching, and maintaining MDA network and core IT services; issuing and tracking Technical Compliance Orders; and coordinating overarching Enterprise NetOps. The SOC provides the network security operations centers and supporting processes to protect and defend Ballistic Missile Defense System (BMDS) and the MDA Enterprise information and information systems. The MDA Computer Emergency Response Team (CERT), funded in this project, monitors the classified and unclassified information technology MDA administrative IT networks and report vulnerabilities. The MDA CERT coordinates with U.S. Cyber Command to identify and implement network vulnerability updates and patches to comply with U.S. Cyber Command vulnerabilities identified for DoD networks. The project funds IA governance management and administrative management support, annual Agency-wide computer-based IA training and metrics reporting, implementation of Public Key Infrastructure and Enabling and Communications Security (COMSEC) related activities.

Document Details

Document Type

Project

Publication Date

Oct 01, 2016

Source ID

MC30_0603890C_4_0400_PB_2016

Tags

Related Documents

• Root: BMD Enabling Programs
• Child Accomplishment: Information Assurance/Computer Network Defense (IA/CND)
• Child Cost Item: be266cb7d6101a11a34962ea56c35216
• Child Cost Item: a9a74dcfa4cddd65ff514ee07b0ec66f
• Child Cost Item: 732cd510f9c19fe6c769b967b90b258f
• Child Cost Item: 748f3e84ff5afcee2915452577bd4263
• Child Cost Item: bf1e31d78741e16a00137e7f93583e5a
• Child Cost Item: bb401e97215dc676e73acc31b75f0c30
• Child Cost Item: bef3effa92d7d3f2c1002f810bc58310
• Child Cost Item: 9c619d34e5ab74b50db57d7b081838d6