Defense-wide Information Assurance Program (DIAP) CAPT J. Katharine Burton, USN Staff Director, DIAP...
-
Upload
cornelia-sanders -
Category
Documents
-
view
228 -
download
0
Transcript of Defense-wide Information Assurance Program (DIAP) CAPT J. Katharine Burton, USN Staff Director, DIAP...
Defense-wideInformation Assurance
Program(DIAP)
CAPT J. Katharine Burton, USN
Staff Director, DIAP
703.602.9988
[email protected]://www.c3i.osd.mil/org/sio/ia/diap/
The Challenge
NIPRNET Growth 20% customer growth* 400% growth in traffic* 1554 customers 4,000 dial-up users
SIPRNET Growth 200% customer growth* 600% growth in traffic* 811 customers 1,200 dial-up users
The InternetBill Cheswick
Lucent Technologies
Growing dependence on information systems
Rapid growth in computer networks
Vulnerability to internal and external attack
Defense Department Systems 2-3 Million Computers 100,000 Local Area Networks 100 Long-distance Networks * Since 1996
Low High
High
Low
PotentialDamage
Probability of occurrence
2000
2002
2005
The Threat is Increasing
Source: 1996 DSB Summer Study
HackerCriminal
Espionage
Terrorist
State Sponsored
Threats & Vulnerabilities
Operations
Aircraft Accident
Rodent Infestation
IllnessEpidemic
Fire
Chemical Spill
HW/SWFailure
HVAC Failure
Power Outage
Substance Abuse
Floods
EarthquakeLightning
Severe Storms
ExtremeTemperatures
ElectricInterference
Vandalism
Industrial EspionageBomb
Threat
Unauthorized Disclosure Modification of
Data
Theft of Assets
Terrorism
Unauthorized System/Facility
Access
Sabotage
Human Omissions
Administrative Error
Inadvertent Disclosure
Human Error
Management Error
Intentional
Human
Unintentional
Man-made
Environmental
Natural
Info
rmati
on S
uperi
ori
ty
Focused Logistics
Precision Engagement
Dominant Maneuver
Full Dimensional Protection
Innovati
on
FullSpectrum
Dominance
Joint Vision 2020
Dedicated individuals and innovative organizations transforming the joint force for the 21st Century to achieve full spectrum dominance :
- persuasive in peace- decisive in war- preeminent in any form of conflict
DOD IA Goal
Ensure DoD’s vital information resources
are secure and protected
Ref: DoD CIO October 1999, DoD Information Management (IM) Strategic Plan (ver 2.0)
Information Superiority
“.. The capability to collect, process, and disseminate an uninterrupted
flow of information while exploiting or denying an adversary’s ability
to do the same.”
Joint Vision 2020
DoD IA Vision
Information Superiority for the DoD, achieved through a balanced
integration of highly skilled personnel, operational policy and capability, and
leading edge technology.
Information Assurance is essential to achieve and maintain Information Superiority.
Elements of Information Assurance
INFORMATION
AvailabilityIntegrity
Au
then
tica
tio
n
Confidentiality
No
n-rep
ud
iation
AVAILABILITYTimely, reliable access to
data and information services for authorized users.
CONFIDENTIALITYAssurance that information is not disclosed to unauthorized
persons, processes, or devices.
INTEGRITYCondition existing when data is unchanged from its source and
has not been accidentally or maliciously modified, altered, or
destroyed.
AUTHENTICATIONSecurity measure designed to establish the validity of a
transmission, message, user, or system or a means of verifying an individual's authorization to receive specific categories of
information.
NON-REPUDIATIONAssurance the sender of data
is provided with proof of delivery and the recipient is provided with proof of origin,
so neither can later deny having processed the data.
Information Assurance Challenges
Interconnected, interdependent systems underscore need for broad understanding of threats and vulnerabilities
Security-enabled commercial products - strong encryption with key recovery (Except for Digital Signature)
Global Security Management Infrastructure
Cyber situation awareness - Cyber attack, sensing, warning and response capability
Risk accepted by one is shared by all
Information AssuranceInformation Assurance
THROUGH: ACTIVE CYBER DEFENSETHROUGH: ACTIVE CYBER DEFENSE
PROTECT DETECT & REPORT REACT
Founded On:Founded On:
People Operations Technology
Via:Via:
Information Assurance PolicyInformation Assurance Policy
achieved
Defense in Depth Strategy
Integrates the capabilities of people, operations and technology to establish a multi-layer, multi-dimension protectionFour Areas of focus:
1 - Local Computing Environments or Enclaves2 - Enclave Boundaries3 - Networks that link enclaves4 - Supporting Infrastructures
DIAP Mission
To ensure the DoD’s vital information resources are secured and protected
by unifying/integrating IA activities to achieve information superiority
DIAP Staff Director
Deputy Staff Director
Admin Assistant
Policy
Joint Staff Liaison
Agency Liaison
Law Enforcement & CI Coordinator
Reserve Component
Liaison
Service Liaison
IC CoordinatorSolutions
Research & Technology
Architecture
Acquisition & Product Support
Critical Infrastructure
Technology andCapabilities Development
Human ResourcesOperations andCapabilities Deployment
Readiness
Net Ops
AS&W
Assessments
Connection Approval,
Recert
Requirements
ResourceManagement
Team Education
Training
IA Scholarships
AwarenessActivities
Personnel & Manpower
WebsiteSupport
C3I Major IA Initiatives
Crypto Modernization Public Key Infrastructure Computer Network Defense
Attack Sensing and Warning JTF-CND IAVA
Human Resources Policy Technology
All IA related DoD issuances will be realigned to 8500 Series
8500 - General
8510 - Certification and Accreditation
8520 - Security Management (SMI, PKI, KMI, EKMS)
8530 - Computer Network Defense
8540 - Interconnectivity/Multi-Level Security
8550 - Network/Web (Access, content, Privileges)
8560 - Assessments (VAAP, Red Team, TEMPEST Testing)
8570 - Education, Training, Awareness
8580 - Other
IA Policy Framework
Government Information Security
Reform (GISR)
Required by Subtitle G of National Defense Authorization Act of 2001
DoD Integrated Process Team (IPT) to develop DoD plan and course of action
Report due to Congress Oct 2001 Addresses Secret and Classified
Systems
Information Assurance Panel (IAP)
Panel under the Military Communication Electronics Board (MCEB)
First met October 1999
Co -chaired by DIAP and J6K
Members: Military Services, DISA, NSA, DIA, DLA, NRO, NIMA, DSS, BMDO, DECA, DFAS, DTRA, IC CIO, USSPACECOM
Information Assurance Panel (IAP) Task Forces
Hum an Resources W ork ing G roup C om m unity R isk W ork ing G roup
D IT S C A P W ork ing G roup C O M S E C M oderniza tion W ork ingG roup
D oD F irew a l l Pol icyW ork ing G roup
M obile C ode T es tingW ork ing G roup
Ports and ProtocolsW ork ing G roup
PK E nabl ingW ork ing G roup
IAP
MC EB
The Weak Link
In IA we’re only as strong as our weakest link!
A Risk Accepted By One is a Risk Shared By AllA Risk Accepted By One is a Risk Shared By All