Cyber Operations

Abstract

A number of key IT strategies were identified in the DoD Information Technology Enterprise Strategy and Roadmap issued by the Deputy Secretary of Defense in 2011. The IT Roadmap specifically addresses the need to improve Cybersecurity. It states that DoD networks are under constant attack from cybersecurity threats launched from various sources. MDA must meet the National Command Authority Directives for rapid deployment of the BMDS while complying with the key principles of the Cybersecurity standards to ensure MDA remains a secure member of the DoD Information Network (DODIN). DoD Instruction 8500.01 Cybersecurity issued in March 2014, requires continuous monitoring, data analysis, reporting and incident mitigation of DoD classified and unclassified, mission, test and administrative networks. To comply with the Instruction, MDA must implement a multi-tiered cybersecurity risk management capability to protect critical BMD data and systems from rapidly evolving internal and external threats. The issuance of DoD Instruction 8510.01, Risk Management Framework (RMF) Information Technology in March 2014 requires additional resources to implement, manage, monitor and report as a result of a thirty-five percent increase in controls (237 controls with 817 enhancements). DoD 8510.01 also states that resources for implementing the RMF must be identified and allocated as part of the Defense planning, programming, budgeting, and execution process. The Controls must be tested on all IT supporting research, development, test and evaluation and DoD-controlled IT operated by a contractor or other entity on behalf of DoD and reported. The Cyber Operations budget project in the Enabling Program Element is executed by the MDA Chief Information Officer who has responsibility over the Agency Authorizing Official (AO). The project provides funds to sustain the Risk Management Framework (RMF) and Controls Validation Testing (CVT) activities, analysis of validation results, risk assessments and reviews of proposed Program Manager/Information Systems Security Officer (PM/ISSO) Plan of Action and Milestones (POA&M) for the MDA mission, test and administrative systems. It maintains the Certification and Accreditation (C&A) data repository, capturing the RMF documentation (artifacts, validation results, and Cybersecurity Risk Assessment results, and Authorizing Official (AO) accreditation decisions) and POA&M on all MDA information systems. It supports the monitoring and tracking of Cybersecurity mitigations detailed in IT security POA&Ms. Activities include preparation of C&A documentation and accreditation recommendations to the MDA PM/ISSO and AO. Independent Verification and Validation (IV&V) team actions ensure the availability, integrity, confidentiality and non-repudiation of the MDA mission, test and administrative systems. Activities in the Project are necessary to comply with Federal Information Security Management Act(FISMA). This project funds the MDA Security Operations Center (SOC), responsible for monitoring, managing, patching, and maintaining MDA network and core IT services; issuing and tracking Technical Compliance Orders; and coordinating overarching Enterprise NetOps. The SOC provides the network security operations centers and supporting processes to protect and defend BMDS and the MDA Enterprise information and information systems. The MDA Computer Emergency Response Team (CERT), funded in this project, monitors the classified and unclassified information technology MDA administrative IT networks and reports vulnerabilities. The MDA CERT coordinates with U.S. Cyber Command to identify and implement network vulnerability updates and patches to comply with U.S. Cyber Command vulnerabilities identified for DoD networks. The project funds Cybersecurity governance management and administrative management support, annual Agency-wide computer-based IA training and metrics reporting, implementation of Public Key Infrastructure and Enabling and COMSEC related activities. Beginning in FY 2018, new Accomplishments will map to the Cybersecurity Taxonomy approved by OMB and OSD. The following are the recurring activities in each new accomplishment. Recurring Activities for the Prevent Malicious Cyber Attacks Accomplishment: -Maintain a current Information Assurance risk and residual risk assessment of the BMDS. -Provide coordination on all IT projects and remote sites for Cybersecurity compliance. -Implement methodologies and goals to identify insecure and unauthorized vectors of access to networks or applications, analyze the threat, attempt to exploit the vectors and confirm existence and analyze the risk for exploiting an application, network or service. -Track ports, protocols, and services. -Coordinate with private partnerships to ensure the Defense Industrial Base protects MDA data. Recurring Activities for the Detect, Analyze and Mitigate Intrusions Accomplishment: -Test RMF controls on all IT supporting research, development, test and evaluation and DoD-controlled IT operated by a contractor or other entity on behalf of DoD and reported. -Conduct RMF analysis and reporting for the BMDS such as evaluation of residual risk by incorporating current and proposed BMDS monitoring and mitigations. -Maintain MDA Computer Emergency Response Team (MDA CERT) as a fully accredited Tier II Computer Network Defense Service provider (CNDSP) in accordance with CJCSI 6510.01F and DoD O-8530.1. -Perform CNDSP services (protect, detect, respond and sustain) for all MDA Admin/General Services, MDA Mission and test networks and enclaves 24 hours per day, seven days a week, 365 days a year. -Conduct application testing that looks for vulnerabilities and issues using a number of tactics, technical and procedures. -Conduct vulnerability scanning of MDA network to assess risks to MDA data from inside and outside sources. -Conduct monthly information assurance vulnerability audits. -Issue and track implementation of Information Assurance Vulnerability Alerts (IAVA), Bulletins and Technical Advisories. -Implement Information Assurance Vulnerability Alerts (IAVA) and Communication Tasking Orders remediation and patches. -Perform network security monitoring of all MDA subscriber networks and enclaves. -Conduct system forensic analysis, review content of compromised system, document files and data, and identify tactics, techniques and procedures used by an attacker to gain access. -Develop and maintain the RMF package for the BMDS Mission System to support a full Authorization to Operation (ATO). -Compile and validate BMDS Mission Element-level certification and accreditation documents to include BMDS Element-level SIPs, DIPs, C&A Scorecards, POA&M artifacts (CVT -Ensure MDA mission, test, and administrative systems are operated securely in accordance with DoD Information Assurance Certification and Accreditation policies. -Prepare and maintain current certification and accreditation documentation for general service networks reported to DoD and Office of Management and Budget. Recurring Activities for the Planning, Policy Development, Workforce Training and Force Management Accomplishment: -Document and maintain Standard Operating Instructions/Procedures for consistent interface with the MDA BMDS Network Operations Support Center (BNOSC) and the BMDS elements. -Publish MDA policies to incorporate new requirements stated in DoDI 8510.01 Risk Management Framework (RMF) to comply with 237 new controls and 817 control enhancements into controls validation testing of BMDS elements and networks. -Manage the Information Assurance Workforce Improvement Program to certify Cybersecurity professionals and report compliance in accordance with Federal Information Security Management Act (FISMA) and Information Assurance Workforce Improvement Program (DoD Manual 8570.1), achieving the DoD certification goal; reports IA Risk Assessments, Primary RMF artifacts. -Interface with Central Command (CENTCOM) to provide BMDS Mission RMF package. -Conduct an annual IA Security review of the BMDS in accordance with DoDI 8510.01 and provide an analysis of changes in IA posture. -Collect, analyze, and report vulnerability and cyber warfare attack metrics to the MDA CIO, MDA leadership, and U.S. Cyber Command. -Provide Information Assurance engineering and planning guidance and vulnerability assessment for all MDA Information Technology acquisition programs. Recurring Activities for the Continuous Monitoring Accomplishment: -Manage data-at-rest encryption to ensure compliance with Global Information Grid mandated policies. -Procure/renew cybersecurity software maintenance agreements for IT Security Tools. -Procure/renew cybersecurity hardware maintenance for hardware. New Accomplishment beginning in FY 2019: Outside Federal Service Outreach - Defense Industrial Base - Participate and liaison with the Defense Security Service (DSS), MDA organizations and industry partners to conduct site visits and inspections to improve network monitoring capabilities at classified contractor sites to ensure protection of MDA BMDS data. -Assist with the analysis of network scans of industry partner networks and mitigation of risks to BMDS data.

Open PDF

Document Details

Document Type
Project
Publication Date
Oct 01, 2019
Source ID
MC30_0603890C_4_0400_PB_2019

Tags

Fields of Study

  • Computer science

Readers

  • Cybersecurity.
  • Defense Financial Management and Audit.

Technology Areas

  • Cyber

Related Documents