1 - Cybersecurity - SEA 03 Industry Day 2021.pdf


Original Source
Contract Opportunity
Date Originally Posted
Aug. 6, 2021, 9:56 a.m.
Profiled People



EXPANDTHEADVANTAGETHEFORCEBEHINDTHEFLEETPresented by:Presented to:Industry DaySEA 03Cyber Engineering & Digital TransformationNAVSEA 03QIndustry Partners21 JUL 2021 2THEFORCEBEHINDTHEFLEETSEA 03Cyber Engineering &Digital TransformationComplianceIs Not EnoughGOAL: Provide True Cybersecurity to Systems and PlatformsTrue cybersecurity requires complete system knowledge. Only then can the system be restricted toperform only it’s designed functions, and any violation of design functions be identified and resolved.Navy Red Teams with basic cybersecurity tactics, techniques, and procedures (TTP) are never concerned about system compliance or Authority To Operate (ATO) status... Why would we think adversaries who seek to harm ourNavy with advanced TTPs would care about an ATO? 3THEFORCEBEHINDTHEFLEETSEA 03Cyber Engineering &Digital TransformationNAVSEA Chief Information Security Officer (CISO)CISO OBJECTIVES•Provide unity of effort between shipboard and shore cybersecurity.•Field defensive and situational awareness solutions.•Develop and field advanced response capabilities and automation.•Sharpen our response skills within existing infrastructure.•Develop tools and capabilities to make the cyber technical area more manageable for programs and the fleet.•Continue to develop tools that increase our understanding of risk to our systems and fleet missions. Technical AuthorityFlowCISO, Deputy DWODeputy CISOCybersecurity Technical Warrant HoldersCyber EngineeringDivision DirectorRMFDivision DirectorEnterprise CyberDivision Director 4THEFORCEBEHINDTHEFLEETSEA 03Cyber Engineering &Digital TransformationNAVPLAN PrioritiesCapacity:Larger/ Hybrid FleetReadiness:More Ready FleetCapabilities:Lethal and Connected FleetSailors:Seasoned WarriorsNAVSEA Priorities-Deliver Combat Power-Transform Digital Capability-Build a Team to Compete and WinSEA 03 Capabilities-Digital Ecosystems / Processes-Innovation-Digital Data/ Architecture-Model-Based Systems Engineering-Cyber/Digital WorkforceSEA 03Q Capabilities-SCRMAfloat Cyber Capabilities-Endpoint Enumeration-Model-Based Cyber Analysis Tool-Distributed T&E-Cybersecurity Safety-Policies & Standards-Cybersecurity EducationCyber EngineeringEffort Alignment 5THEFORCEBEHINDTHEFLEETSEA 03Cyber Engineering &Digital TransformationDISTRIBUTION A: APPROVED FOR PUBLIC RELEASE; DISTRIBUTION IS UNLIMITEDSupply Chain Risk Management (SCRM)NAVSEA must deliberately harden the supply chain commensurate with the risk to national security.Priorities and Considerations•OEM or authorized reseller product sourcing•Vendor relationships with foreign adversaries and/or threat actors•Previous vendor cyber incidents (e.g., network intrusions, data breaches, etc.)•Vendor CMMC certification levels•SCRM Countermeasures:•Software Assurance•Hardware Assurance•Procurement strategies•Anti-counterfeit practices 6THEFORCEBEHINDTHEFLEETSEA 03Cyber Engineering &Digital TransformationAfloat CyberIdentifyEnumerateMonitorProtectPreventativeDefenseAutomatedComponentHardening DetectAgile DefenseMission Impact AwarenessResponseAutomated AnalysisExtensible TransportRecoveryOperational ResilienceMission TriageArchitectureComponentsCAPAfloat Cyber CapabilitiesCAPCAPCAPCAPAFLOATSYSTEMSENCLAVECONTROLPOINTSAFLOATSYSTEMS 7THEFORCEBEHINDTHEFLEETSEA 03Cyber Engineering &Digital TransformationNavy Control System (NCS) Endpoint Enumeration & MBSEEfficienciesInnovationShipboard system enumeration facilitating high-integrity model generation•Paper…•Inefficiencies•Subjective Analytics•Stifling Decision MakingLegacy SE Processes•Digital Transformation•Enables Automation•Objective System Attributes•Well Informed Decision MakingIn-Service PlatformsNew-Con Platformsw/ Full MBSE EfficienciesMBSEEnumeration builds expedite MBSE tool Assessments of In-Service NCSExpediting Model-Based Systems EngineeringGround-Truth System Awareness & MonitoringAutomating, Quantifying, and Reporting Actionable Risk, Mission, & Decision AnalysisDigital Model DevelopmentMBSE AutomatedToolsNCS Endpoint Enumeration Tools 8THEFORCEBEHINDTHEFLEETSEA 03Cyber Engineering &Digital TransformationCyber Policy & Standards (P&S)FOCUS AREASCURRENTFUTURE(Research Areas)CS Tech Authority Board•Cyber Posture•ICS Architectures•Cyber Operational Centers•A&A Improvements•SCRM•Cyber IncidentsNAVSEA Cyber & Digital Policies•Afloat Data Archiving•Data Capture•Boundary Defense•Situational Awareness•Monitoring •Cyber Response 9THEFORCEBEHINDTHEFLEETSEA 03Cyber Engineering &Digital TransformationNavy Control Systems (NCS) Cybersecurity TrainingNCS Curriculum Focused on Cybersecurity Engineering Competency and Based Upon the National Institute for Cybersecurity Education (NICE) Cybersecurity Workforce Framework.•Increase Cybersecurity Knowledge Across Enterprise•Cyber Training for Navy Control Systems•Provide Scalable and Effective Cybersecurity Training•Flexible to accommodate a broad audience based upon role in the design, development, acquisition, and/or use of Afloat NCS.•Integrating real world scenarios and hands on laboratory exercises 10THEFORCEBEHINDTHEFLEETSEA 03Cyber Engineering &Digital TransformationBACKUP