Implementation Challenges for Risk

Management Framework on

RDT&E Systems

Paul Waters412 TENG Tech Director

Donald.waters.3@us.af.mil10/10/2017 1

DISTRIBUTION STATEMENT A. Approved for public release; distribution unlimited

412TW-PA-17563

Overview• Objective

– Share the Challenges and Successes of implementing RMF in a Test Range environment

• Outline– Balancing Mission and Cybersecurity– Starting Point– Tipping Point– Process Changes– Successes– Ongoing Challenges

• BLUF– Test Ranges need to take ownership of Cybersecurity

and tailor it to balance Mission and Security10/10/2017 2

Mission• 412 Test Wing

– Mission:• Test and Evaluate Weapons Systems to Ensure War-

Winning Combat Capabilities– Vision:

• The World Leader in Developmental Test and Evaluation ... Agile, Ready, and Right!

• 412 Test Engineer Group Mission– Manage T&E Engineering Core Competencies in

Airframe-Propulsion-Avionics (APA), Range, Instrumentation

• Operate and maintain the Edwards Flight Test Range• Provide airborne instrumentation systems and technical

expertise10/10/2017 3

Customer Base

10/10/2017 4

Global Vigilance452 FLTS

Global Hawk, UAVs

Joint Strike Fighter-461 FLTS

F-35 Global PowerFighter-416 FLTS

F-16, T-38

Hypersonics

Global PowerBomber-419 FLTS

B-1, B-2, B-52

Global Reach418 FLTS

KC-46, KC-135,C-17, C-5, C-130

Raptor411 FLTS

F-22A

DT

Combined/ Integrated Test Force

In development:B-21 Program

LRSO

Platform Avionics Cyber Security Testing

Emerging TechnologyCTF

sUAS, C-UAS

F-16 Deep Stall Videos

10/10/2017 5

T-46 Flutter Response

10/10/2017 6

C-I-A Balance• Confidentiality

– Driven by System Security Guides

• Integrity– Driven by Data Quality

and Safety of Flight/Test Requirements

• Availability– Driven by Schedule

10/10/2017 7

Availability

Where We Started From• Equipment Inventory

– Incomplete, no “truth” source, limited system descriptions• People

– Limited resources (2 Cyber Security Liaison, 1 DSCAR)– System owners had limited cyber security background– No management focus

• Processes– Poor cyber security “hygiene”– Inconsistent configuration control– Moving Certification and Authorization requirements

• Initial pass– ~55 systems– 2 with Authority to Operate (ATOs)– 1st pass took 4+ years

10/10/2017 82014 Estimate – in 30+ years all systems will have ATOs

Tipping Points• Real Threats

– Varying Cyber Security capabilities in our supply chain partners

– Increasing issues with stand-alone systems becoming infected

• Increased Compliance Pressures– Unable to connect to other ranges– Regular reporting of ATO status– Federal Data Center Consolidation

• Resource Availability– Emerged from Sequestration constraints

10/10/2017 9

Current Cyber Security Plans• Inventory Systems

– 95% complete• Strategically Group like-Systems

– Combine into common control packages• Prioritize RMF implementation

– Based on external connections, risk, mission impact and SME/PM availability

– ~60 Systems in the queue– ~70 Aircraft instrumentation systems waiting for direction– ~10 future architectures in development

• Working core systems– NGDATS, Generic Airborne Instrumentation System, Common

Policy package• Goal is 5 systems in work simultaneously

– Support ongoing Process implementation and improvement– Support continuous monitoring requirements

10/10/2017 10

How are We Getting There• Leadership Emphasis

– Provided resources– AO team standardized and streamlined process– Developed local process

• Developed a Qualified Team– Mission focused ISSM– RMF trained support teams

• Prioritized Work10/10/2017 11

Authorizing Officials

SFS/LEMr. David Beecroft

LVCWilliam MacLure

NC3Mr. Arthur Hatcher

Industrial Depot Maintenance

Mr. Kevin Stamey

FinanceMs. Shirley Reed

Civil EngineeringMr. Edwin Oshiba

AFMC DTEDr. Eileen Bjorkman

LogisticsLt Gen Cedric

George

AETC RT&EMaj Gen Mark

Brown

USAFALt Gen Michelle

Johnson

MedicalDavid Bowen

Command & Control

Mr. Danny Holtzman

AircraftMr. Mitchell Miller

WeaponsMr. George Mooney

Science & TechnologyMr. Darrell Phillipson

AF EnterpriseMaj Gen Joseph T.

Guastella

Defense Cyber Crime

Mr. Steve Shirley

AFOTECMr. William Redmond

AF WeatherMr. Ralph Stoffler

Rapid Cyber Acquisition

Mr. Danny Holtzman

AF A1TBD

OTIMr. William

MacLure

10/10/2017 12

AF CIO/CISOLt Gen Bradford J.

Shwedo

RMF ControlsRMF Control Families

AC Access ControlAT Awareness and TrainingAU Audit and AccountabilityCA Security Assessment and AuthorizationCM Configuration ManagementCP Contingency PlanningIA Identification and AuthenticationIR Incident ResponseMA MaintenanceMP Media ProtectionPE Physical and Environmental ProtectionPL PlanningPM Program ManagementPS Personnel SecurityRA Risk AssessmentSA System and Services AcquisitionSC System and Communications ProtectionSI System and Information Integrity

10/10/2017 1318 Families, ~1300 Untailored Controls

P2P-S (+55)

SA-U(95 Baseline

Controls)

CE-U (+128)

CE-S (+79)

SA-S (+47)

P2P-U (+17)

DT&E Tailoring• All systems answer 95 DT&E

baseline controls• Controls are added based on

system complexity and classification

– 95 controls for SA-U– 388 controls for CE-CDS– 88 additional controls for

Airborne Instrumentation Systems

412 TENG Cyber SecuritySCAR DSCAR TENG ISSM

Cyber Security Team

JT3 Support Contractors

System OwnersProgram Managers

Process TeamTMAS Support

Contractors

Cyber Security Liasion

10/10/2017 14

• Weekly package reviews and status updates• Strategic combining

• Monthly process reviews• Cyber Security processes• Supporting processes

• SharePoint site for tracking systems and sharing information

• Trained team members

GLSC

CISSPSecurity +

CISSP (2)Security + (3)

Prioritization• Prioritization Factors

– Mission Impact– Security – Mandates– Efficiency

• Top Priorities– External Connections– Systems that can’t Upgrade to Win 10 (standalones)– NGDATS– Airborne Instrumentation– Standard TENG Controls/Policies

10/10/2017 15

NGDATS

TPS/TPS MCRs

DISA

UTTR

DREN

WSMR EGLIN

D395

CHINA LAKE

RANGE MCRs

TELEMETRY STIES, FEDS, IRSSS, TSPI,

ACTFAST, FAANGDATS

TELEMETRY SITES, FEDS, IRSSS, TSPI,

ACTFAST, FAA

TELEMETRY CONTROL, FLIGHT VISION CONTROL, VCC, FREQENCY MGMT,

CMDL

10/10/2017 16

Standard Instrumentation

10/10/2017 17

Design goals 10 GigE backbone, wire (T) 1 GigE switches (T) Reduced wiring, weight, growth (T) No REO patch panels (O) Camera needs self storage, H.264 for

transmit data, thru-put of 4 cameras

1

1

1A12

2

3B

1Gig Switch

DAS

XMTR, XCVR, Ant

10 GigE backbone In pylon

4

HD, SD cameras

1 GigE leg

3B

3A

3A

3A

5

6

3B

3B

3B

3B

3B

3B

4

4

4

4

3A3B

1

2

5 Data Rcdr6 Control Panel

4 4 4 4

412 TENG ATO Status

10/10/2017 18

SA – Stand Alone; P2P – Point to Point; CE – Collaborative Enclave-S – Classified System; + System Connects to NIPR/SIPR

ATO Status CE CE+ P2P P2P - A SAGrand Total

1 - Yes 2 1 31 - Yes; Expiring 1 12 - No - In Review 1 2 1 1 52a - No - Expired C&A; Determination completed 1 12a - No - Expired C&A; In Review 1 13 - No - Hi priority in order to get Win 10 waiver 2 7 94 - No - Hi Priority 2 25 - No - Med Priority 14 6 1 216 - No - low priority 19 197 - No - Expired C&A; Replacing System 1 18 - Cancelled 1 1Grand Total 17 2 15 1 29 64

Proposed Component Policy• Test Infrastructure Components

– Test and evaluation [components] used to execute flight and ground test, collect/analyze/ evaluate test data, and report results

• Acquisition, upgrade, and maintenance contracts shall properly identify security requirements via DD Form 254

• All test infrastructure components will be procured with a validated certificate of volatility/non-volatility, clearly identifying and characterizing all non-volatile storage, along with supporting documentation

• AFTC organizations are directed to establish Risk Management Boards (RMB) to manage acquisition and sustainment risks, plus provide oversight and compliance mechanisms

10/10/2017 19

Volatility/Non-Volatility Documentation• Volatility/non-volatility determination supporting

documentation:– unit and board level schematics– data flow diagrams– test results showing the component has no data retention

following normal operations– data files and scripts on non-volatile memory– identification if battery removal makes memory non-

volatile, and identify what memory becomes volatile after battery removal

– identification if internal time and global positioning system ephemeris data is volatile (and where stored when non-volatile)

– identification of NAND flash memory and boot electrically erasable programmable read-only memory (EEPROM)

10/10/2017 20

Component Sustainment Procedures

• Sustainment assessment documentation: – approved technical control plan– approved electronic control plan– records on repairs and upgrades– definition of software and firmware [development]

process– definition of firmware update process– firmware update procedures using Government-

controlled computers– audit documentation for all updates– encryption and signature of firmware and

software10/10/2017 21

Future Activities• Continue to Streamline Process

• Implement Standard Policies

• Conduct Cyber Table Top

10/10/2017 22

QUESTIONS

10/10/2017 23