Cyber Resiliency Office for Weapon Systems (CROWS) Mr. Dennis - PowerPoint PPT Presentation

Headquarters U.S. Air Force I n t e g r i t y - S e r v i c e - E x c e l l e n c e Cyber Resiliency Office for Weapon Systems (CROWS) Mr. Dennis Miller, SES Mr. Danny Holtzman, HQE Col Ed Masterson DISTRIBUTION A. Approved for public release: distribution unlimited. Case Number: 66ABG-2017-0050 1

Topics  Air Force Cyber Campaign Plan & CROWS overview  FY16 NDAA 1647 directed cyber vulnerability analysis  Cyber Resiliency Considerations DISTRIBUTION A. Approved for public release: distribution unlimited. B r e a k i n g B a r r i e r s … S i n c e 1 9 4 7 2

Overview  SECAF, SAF/AQ, AFMC & AFSPC teamed to establish Cyber Resiliency Steering Group (CRSG) to develop AF Cyber Campaign Plan (CCP)  Stood up dedicated office to manage execution → CROWS  AF CCP’s overall mission has two goals :  #1 “Bake - In” cyber resiliency into new weapon systems  #2 Mitigate “Critical” vulnerabilities in fielded weapon systems  Plus coordination with:  Cyber Squadron Initiatives  Test and Evaluation (infrastructure & capability growth)  Industrial Control Systems/SCADA cyber protection measures DISTRIBUTION A. Approved for public release: distribution unlimited. B r e a k i n g B a r r i e r s … S i n c e 1 9 4 7 3

Weapon System Cyber Resiliency Critical to Mission Assurance  We define the Cyber Resiliency of Military systems to be:  The ability of weapon systems to maintain mission effective capability under adversary offensive cyber operations  To manage the risk of adversary cyber intelligence exploitation  Weapon systems differ from general administrative and business IT systems in ways that matter for implementing Cyber Resiliency Cyber Campaign Plan FOCUS Software/Hardware Design Government control COTS Architectures Common Diverse Interfaces Standardized Customized IT Systems Weapon Systems DISTRIBUTION A. Approved for public release: distribution unlimited. B r e a k i n g B a r r i e r s … S i n c e 1 9 4 7 4

AF Cyber Boundary Framework FAC-A/ISR C2ISR DCGS UHF Link 16 Mission Planning AOC MDL OFP Loader JTAC DISTRIBUTION A. Approved for public release: distribution unlimited. Cyber investments need to be made in Weapons Systems & Infrastructure B r e a k i n g B a r r i e r s … S i n c e 1 9 4 7 5 DISTRIBUTION A. Approved for public release: distribution unlimited.

AF Cyber Campaign Plan: Weapon System Focus  7 Lines of Action (LOAs)  LOA 1: Perform Cyber Mission Thread Analysis  LOA 2: “Bake - In” Cyber Resiliency  LOA 3: Recruit, Hire & Train Cyber Workforce  LOA 4: Improve Weapon System Agility & Adaptability  LOA 5: Develop Common Security Environment People, Processes, & Products  LOA 6: Assess & Protect Fielded Fleet  LOA 7: Provide Cyber Intel Support  Cyber Squadron Initiatives  Test & Evaluation (infrastructure & capability growth)  Industrial Control Systems/SCADA cyber protection measures Ensure mission success in a cyber contested environment DISTRIBUTION A. Approved for public release: distribution unlimited. B r e a k i n g B a r r i e r s … S i n c e 1 9 4 7 6

CROWS Organization Cyber Resiliency Steering Group (CRSG)  Vision SAF/AQR, SAF/CIO, LCMC, SMC, NWC, AFTC ,Intel, 24 th AF Advisors: AFSC, AFRL  Cyber resiliency ingrained in AF culture Director HAFB AFLCMC/EN Cyber Dual Hatted Technical Director*  Mission HAFB Deputy Director Lines of Actions HAFB Center  Increase cyber resiliency of Air Liaisons Force weapon systems to 1647 SMC maintain mission effective LOA #1 Chief Engineer* Program Manager* Program Manager* LAAFB Mission Thread WPAFB HAFB HAFB Analysis capability under adverse LOA #2 NWC Systems KAFB 1647 Deputy PM* conditions Engineering WPAFB LOA #3 Cyber AFTC Workforce Dev EAFB  Status LOA #4 Open System  IOC Declared: 21 Dec 2016 AFOTEC Architecture KAFB LOA #5  FOC Projected: 1 Oct 2017 Common Secure Env. 24 th AF  Integrate & Execute Campaign JBSA LOA #6 Legacy Systems Assess & Fix Plan (7 LOAs) AFRL WPAFB/Rome LOA #7  Executing NDAA 1647 Intel Cyber Security * Dedicated Staff AF Office with AFLCMC OTE DISTRIBUTION A. Approved for public release: distribution unlimited. As Of: 16 March 2017 B r e a k i n g B a r r i e r s … S i n c e 1 9 4 7 7

FY17 Focus  CROWS reach FOC by 1 Oct 2017  Cyber Incident Coordination Cell  Standup initial Cyber Acquisition Expert Cell Establish Cyber Resiliency for Weapon Systems Technical Reference Architecture   Complete detailed LOA execution plans for FY18 start  Execute FY16 NDAA 1647 cyber evaluations for Priority 1 systems  Conduct Cyber Mission Thread Analysis to support 1647 assessments  Prioritize cyber mitigations solutions for maximum benefit  Implement weapon system Cyber Security Classification Guide  Incorporating Resilient-EGI Government Reference Architecture into the EGI program of record – Supports Alt-Nav PNT Capabilities  Field cyber training courses for acquisition personnel, in coordination with AFIT and AETC Foster collaborative efforts across AF, Industry, Academia, FFRDC/UARC Communities DISTRIBUTION A. Approved for public release: distribution unlimited. B r e a k i n g B a r r i e r s … S i n c e 1 9 4 7 8

Roadmap to Resiliency Present Future Mission Assurance - Mission Thread Analysis • Develop assessment System Assurance methodology framework - Assess and Fix • Develop cyber • Assess cyber Institutionalize acquisition workforce posture of fielded - “Baked” in resiliency systems • Enable weapon • Institutionalized system adaptability methodology, tools, T&E infrastructure • Skilled workforce • Integrated cyber Mx and Aircrew Trainers tools, policy, etc. Off Board Mission Support DISTRIBUTION A. Approved for public release: distribution unlimited. B r e a k i n g B a r r i e r s … S i n c e 1 9 4 7 9

Topics  Air Force Cyber Campaign Plan & CROWS overview  FY16 NDAA 1647 directed cyber vulnerability analysis  Cyber Resiliency Considerations DISTRIBUTION A. Approved for public release: distribution unlimited. B r e a k i n g B a r r i e r s … S i n c e 1 9 4 7 10

NDAA 1647 Background  FY16 NDAA Section 1647  Complete cyber vulnerabilities evaluation of major weapon systems NLT 31 Dec 19  Prioritize based on mission criticality  Build on existing efforts  Develop risk mitigation strategies  FY17 NDAA; amended Section 1647  Develop tools to improve detection & evaluation  Conduct non-recurring engineering for design of mitigation solutions  Establish Department-wide repository DISTRIBUTION A. Approved for public release: distribution unlimited. 11 B r e a k i n g B a r r i e r s … S i n c e 1 9 4 7

NDAA 1647 OSD and AF Plan  Dep SECDEF Memo signed 20 Dec 16  OUSD (AT&L) appointed lead  Joint Staff analysis determined 50 AF weapon systems  Aligned each system to Major Service or COCOM exercise  9 Step evaluation process  SAF/AQR Program Plan  Assigns CROWS as implementation org  Conduct Mission Thread Analysis  Maintain cyber vulnerability mitigation list  Operationalize cyber injects into COCOM or Service level exercises DISTRIBUTION A. Approved for public release: distribution unlimited. 12 B r e a k i n g B a r r i e r s … S i n c e 1 9 4 7

Air Force NDAA 1647 Strategy  Use agreed upon methodology on 50 weapon systems  Sys Analysis  Intel Likeliness  Mission Impact  Gather prior assessments/tests up front  Leverage existing scheduled T&E activities  Front load schedule with Cyber System Risk Analysis (CSRA)  Build cross-org evaluation teams  Use common data storage consistent with security classification guidelines DISTRIBUTION A. Approved for public release: distribution unlimited. 13 B r e a k i n g B a r r i e r s … S i n c e 1 9 4 7

NDAA 1647 Partnerships  AFRL – Assessment methodology and support developing mitigation efforts  AFTC – Leverage weapon system expertise  AFOTEC – Existing scheduled OTA efforts  24 th AF – Cyber Protection Team support  Intel – Threat input to risk analysis  Red Teams – Performing CVPAs  AO Teams – Leverage existing ATO docs and augment certification process  PEOs, Program Offices, and users – Support of CSRAs Discovering “Islands of Cybersecurity Expertise” and bridging islands DISTRIBUTION A. Approved for public release: distribution unlimited. 14 B r e a k i n g B a r r i e r s … S i n c e 1 9 4 7

Air Force NDAA 1647 Programs  Evaluation Priority 1  AEHF MILSTAR, B-2, B-52H, E4-B, FAB-T, GPS-OCS, ICBM, ISPAN, SBIRS/SBIRS-High, WGS  Evaluation Priority 2  3DELRR, AFSCN, DCGS-AF, DMSP, Space Fence, U-2/SYERS- 2C  Evaluation Priority 3  A-10, AC-130J, AOC-WS, B-1, C-130J, C-17, C-5, CRH, DCAPES, E-3, E-8C, EC-130H, F-15, F-16, F-22, F-35, GBS, HC- 130J, JMPS, JMS, KC-10, KC-135, KC-46A, MC-12, MC-130J, RC-135, RQ-4, TBMCS-FL, UH-1N  Evaluation Priority 4  CV-22, HH-60, MQ-9 DISTRIBUTION A. Approved for public release: distribution unlimited. B r e a k i n g B a r r i e r s … S i n c e 1 9 4 7 15

Topics  Air Force Cyber Campaign Plan & CROWS overview  FY16 NDAA 1647 directed cyber vulnerability analysis  Cyber Resiliency Considerations DISTRIBUTION A. Approved for public release: distribution unlimited. B r e a k i n g B a r r i e r s … S i n c e 1 9 4 7 16