distribution statement a. 412tw-pa-17563 implementation ...€¦ · customer base 10/10/2017 4...
TRANSCRIPT
Implementation Challenges for Risk
Management Framework on
RDT&E Systems
Paul Waters412 TENG Tech Director
[email protected]/10/2017 1
DISTRIBUTION STATEMENT A. Approved for public release; distribution unlimited
412TW-PA-17563
Overview• Objective
– Share the Challenges and Successes of implementing RMF in a Test Range environment
• Outline– Balancing Mission and Cybersecurity– Starting Point– Tipping Point– Process Changes– Successes– Ongoing Challenges
• BLUF– Test Ranges need to take ownership of Cybersecurity
and tailor it to balance Mission and Security10/10/2017 2
Mission• 412 Test Wing
– Mission:• Test and Evaluate Weapons Systems to Ensure War-
Winning Combat Capabilities– Vision:
• The World Leader in Developmental Test and Evaluation ... Agile, Ready, and Right!
• 412 Test Engineer Group Mission– Manage T&E Engineering Core Competencies in
Airframe-Propulsion-Avionics (APA), Range, Instrumentation
• Operate and maintain the Edwards Flight Test Range• Provide airborne instrumentation systems and technical
expertise10/10/2017 3
Customer Base
10/10/2017 4
Global Vigilance452 FLTS
Global Hawk, UAVs
Joint Strike Fighter-461 FLTS
F-35 Global PowerFighter-416 FLTS
F-16, T-38
Hypersonics
Global PowerBomber-419 FLTS
B-1, B-2, B-52
Global Reach418 FLTS
KC-46, KC-135,C-17, C-5, C-130
Raptor411 FLTS
F-22A
DT
Combined/ Integrated Test Force
In development:B-21 Program
LRSO
Platform Avionics Cyber Security Testing
Emerging TechnologyCTF
sUAS, C-UAS
F-16 Deep Stall Videos
10/10/2017 5
T-46 Flutter Response
10/10/2017 6
C-I-A Balance• Confidentiality
– Driven by System Security Guides
• Integrity– Driven by Data Quality
and Safety of Flight/Test Requirements
• Availability– Driven by Schedule
10/10/2017 7
Availability
Where We Started From• Equipment Inventory
– Incomplete, no “truth” source, limited system descriptions• People
– Limited resources (2 Cyber Security Liaison, 1 DSCAR)– System owners had limited cyber security background– No management focus
• Processes– Poor cyber security “hygiene”– Inconsistent configuration control– Moving Certification and Authorization requirements
• Initial pass– ~55 systems– 2 with Authority to Operate (ATOs)– 1st pass took 4+ years
10/10/2017 82014 Estimate – in 30+ years all systems will have ATOs
Tipping Points• Real Threats
– Varying Cyber Security capabilities in our supply chain partners
– Increasing issues with stand-alone systems becoming infected
• Increased Compliance Pressures– Unable to connect to other ranges– Regular reporting of ATO status– Federal Data Center Consolidation
• Resource Availability– Emerged from Sequestration constraints
10/10/2017 9
Current Cyber Security Plans• Inventory Systems
– 95% complete• Strategically Group like-Systems
– Combine into common control packages• Prioritize RMF implementation
– Based on external connections, risk, mission impact and SME/PM availability
– ~60 Systems in the queue– ~70 Aircraft instrumentation systems waiting for direction– ~10 future architectures in development
• Working core systems– NGDATS, Generic Airborne Instrumentation System, Common
Policy package• Goal is 5 systems in work simultaneously
– Support ongoing Process implementation and improvement– Support continuous monitoring requirements
10/10/2017 10
How are We Getting There• Leadership Emphasis
– Provided resources– AO team standardized and streamlined process– Developed local process
• Developed a Qualified Team– Mission focused ISSM– RMF trained support teams
• Prioritized Work10/10/2017 11
Authorizing Officials
SFS/LEMr. David Beecroft
LVCWilliam MacLure
NC3Mr. Arthur Hatcher
Industrial Depot Maintenance
Mr. Kevin Stamey
FinanceMs. Shirley Reed
Civil EngineeringMr. Edwin Oshiba
AFMC DTEDr. Eileen Bjorkman
LogisticsLt Gen Cedric
George
AETC RT&EMaj Gen Mark
Brown
USAFALt Gen Michelle
Johnson
MedicalDavid Bowen
Command & Control
Mr. Danny Holtzman
AircraftMr. Mitchell Miller
WeaponsMr. George Mooney
Science & TechnologyMr. Darrell Phillipson
AF EnterpriseMaj Gen Joseph T.
Guastella
Defense Cyber Crime
Mr. Steve Shirley
AFOTECMr. William Redmond
AF WeatherMr. Ralph Stoffler
Rapid Cyber Acquisition
Mr. Danny Holtzman
AF A1TBD
OTIMr. William
MacLure
10/10/2017 12
AF CIO/CISOLt Gen Bradford J.
Shwedo
RMF ControlsRMF Control Families
AC Access ControlAT Awareness and TrainingAU Audit and AccountabilityCA Security Assessment and AuthorizationCM Configuration ManagementCP Contingency PlanningIA Identification and AuthenticationIR Incident ResponseMA MaintenanceMP Media ProtectionPE Physical and Environmental ProtectionPL PlanningPM Program ManagementPS Personnel SecurityRA Risk AssessmentSA System and Services AcquisitionSC System and Communications ProtectionSI System and Information Integrity
10/10/2017 1318 Families, ~1300 Untailored Controls
P2P-S (+55)
SA-U(95 Baseline
Controls)
CE-U (+128)
CE-S (+79)
SA-S (+47)
P2P-U (+17)
DT&E Tailoring• All systems answer 95 DT&E
baseline controls• Controls are added based on
system complexity and classification
– 95 controls for SA-U– 388 controls for CE-CDS– 88 additional controls for
Airborne Instrumentation Systems
412 TENG Cyber SecuritySCAR DSCAR TENG ISSM
Cyber Security Team
JT3 Support Contractors
System OwnersProgram Managers
Process TeamTMAS Support
Contractors
Cyber Security Liasion
10/10/2017 14
• Weekly package reviews and status updates• Strategic combining
• Monthly process reviews• Cyber Security processes• Supporting processes
• SharePoint site for tracking systems and sharing information
• Trained team members
GLSC
CISSPSecurity +
CISSP (2)Security + (3)
Prioritization• Prioritization Factors
– Mission Impact– Security – Mandates– Efficiency
• Top Priorities– External Connections– Systems that can’t Upgrade to Win 10 (standalones)– NGDATS– Airborne Instrumentation– Standard TENG Controls/Policies
10/10/2017 15
NGDATS
TPS/TPS MCRs
DISA
UTTR
DREN
WSMR EGLIN
D395
CHINA LAKE
RANGE MCRs
TELEMETRY STIES, FEDS, IRSSS, TSPI,
ACTFAST, FAANGDATS
TELEMETRY SITES, FEDS, IRSSS, TSPI,
ACTFAST, FAA
TELEMETRY CONTROL, FLIGHT VISION CONTROL, VCC, FREQENCY MGMT,
CMDL
10/10/2017 16
Standard Instrumentation
10/10/2017 17
Design goals 10 GigE backbone, wire (T) 1 GigE switches (T) Reduced wiring, weight, growth (T) No REO patch panels (O) Camera needs self storage, H.264 for
transmit data, thru-put of 4 cameras
1
1
1A12
2
3B
1Gig Switch
DAS
XMTR, XCVR, Ant
10 GigE backbone In pylon
4
HD, SD cameras
1 GigE leg
3B
3A
3A
3A
5
6
3B
3B
3B
3B
3B
3B
4
4
4
4
3A3B
1
2
5 Data Rcdr6 Control Panel
4 4 4 4
412 TENG ATO Status
10/10/2017 18
SA – Stand Alone; P2P – Point to Point; CE – Collaborative Enclave-S – Classified System; + System Connects to NIPR/SIPR
ATO Status CE CE+ P2P P2P - A SAGrand Total
1 - Yes 2 1 31 - Yes; Expiring 1 12 - No - In Review 1 2 1 1 52a - No - Expired C&A; Determination completed 1 12a - No - Expired C&A; In Review 1 13 - No - Hi priority in order to get Win 10 waiver 2 7 94 - No - Hi Priority 2 25 - No - Med Priority 14 6 1 216 - No - low priority 19 197 - No - Expired C&A; Replacing System 1 18 - Cancelled 1 1Grand Total 17 2 15 1 29 64
Proposed Component Policy• Test Infrastructure Components
– Test and evaluation [components] used to execute flight and ground test, collect/analyze/ evaluate test data, and report results
• Acquisition, upgrade, and maintenance contracts shall properly identify security requirements via DD Form 254
• All test infrastructure components will be procured with a validated certificate of volatility/non-volatility, clearly identifying and characterizing all non-volatile storage, along with supporting documentation
• AFTC organizations are directed to establish Risk Management Boards (RMB) to manage acquisition and sustainment risks, plus provide oversight and compliance mechanisms
10/10/2017 19
Volatility/Non-Volatility Documentation• Volatility/non-volatility determination supporting
documentation:– unit and board level schematics– data flow diagrams– test results showing the component has no data retention
following normal operations– data files and scripts on non-volatile memory– identification if battery removal makes memory non-
volatile, and identify what memory becomes volatile after battery removal
– identification if internal time and global positioning system ephemeris data is volatile (and where stored when non-volatile)
– identification of NAND flash memory and boot electrically erasable programmable read-only memory (EEPROM)
10/10/2017 20
Component Sustainment Procedures
• Sustainment assessment documentation: – approved technical control plan– approved electronic control plan– records on repairs and upgrades– definition of software and firmware [development]
process– definition of firmware update process– firmware update procedures using Government-
controlled computers– audit documentation for all updates– encryption and signature of firmware and
software10/10/2017 21
Future Activities• Continue to Streamline Process
• Implement Standard Policies
• Conduct Cyber Table Top
10/10/2017 22
QUESTIONS
10/10/2017 23