1 / 62

LandWarNet 2008

arion
Download Presentation

LandWarNet 2008

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

    1. LandWarNet 2008

    2. PURPOSE: To provide an overview of the Army’s Information Assurance Program OBJECTIVES: To present key challenges To highlight select programs and initiatives

    5. Changes in Threat Perspectives 1995 – Life was simple Few foreign developed tools considered Presence of a non U.S. citizen is a red flag Trusted coalition partners is a short list Threat to networks is not widely understood Threat not that sophisticated –Jolt cola and SATAN perceptions Limit access to the INTERNET

    7. Changes in Threat Perspectives 2008 – Life is more complicated Research Centers support multinational corporations are located In Russia, China and India Multinational boards include non U.S. citizens Demand for information sharing with coalition partners is significant – and really necessary Supply Chain concerns Theft of information Organized crime Personal Identifiable Information (PII) – identity theft Technology – P2P/collaboration/virtual Threat is more sophisticated Solar Sunrise -- Israel Moonlight Maze – Russian Titan Rain -- China

    9. Can You Guarantee 100% Security Can you guarantee with this IA investment that my information will be 100% protected ? Information Assurance investments looked at as something separate, something special, something out of the norm. After spending 1M plus for a tank does the decision maker ask if the provider can guarantee it will be 100 % assured of not being damaged/destroyed ? Depth of armor Reactive technology Speed Smoke Stand off capability IA is not always looked at as an integral and key enabler to facilitate the Integrity, confidentiality and availability of the information necessary to execute a mission.

    13. Turn a Ship in a Bathtub

    14. What is the Challenge ? A Firewall/IPS that does not have adequate policy rules and or is not audited is a door stop ! The best Certification and Accreditation (C&A) and Networthiness process in the world is worthless if there is no daily follow up and compliance ! Need to get away from the “3 year” mind set Need compliance checks Lack of compliance needs to be painful ! Lack of enterprise results in pockets of excellence and pockets of failure.

    15. What is the Challenge ?

    16. Information, Information, Information In modern conflict, information as one of the eight elements of combat power (The other elements are leadership, movement and maneuver, intelligence, fires, sustainment, command and control, and protection) has become as important as lethal action in determining the outcome of operations.

    18. HQDA IG IA Division Operational IA Self Assessment Training Module Question Source Standard Determine standard is being met Limited number of categories and questions ALARACT directing use of the self assessment tool to conduct a self assessment

    20. Authority To Connect (ATC) DISA requires customers to renew a request for their circuit connectivity. To be successful the customer must have a valid IATO/ATO. 2008 is the first year that the Army is tracking the status of ATCs. 2008 is the first year that JTF GNO is disconnecting circuits that cannot meet the standards for an ATC.

    21. Army NIPR Circuits

    22. Army NIPR Circuits

    29. Army Web Risk Assessment Cell Reviews: Public assessable web sites Army BLOGs Works with owner/web manager to remediate Trends: Personably Identifiable Information

    30. AWRAC Tracking Database Snapshot July 2008

    33. IAVA – Hosts Scanned

    34. IAVA – Patches Not Applied

    35. IAVA- Sites Visited

    36. IAVA – Army Annual Vulnerability Rate

    40. Systems requiring Accreditation must have an Authority to Operate (ATO) Systems need to have a Plan of Action and Milestones (POAM) System owners must test their DoD 8500.2 Security Controls on Annual Basis All Systems must have a Contingency Plan and test that Contingency Plan on an Annual Basis System owners must conduct an annual security review Annual IA training requirement Army Portfolio Management System (APMS)

    41. Army FISMA Statistics

    43. Training: System Administrator

    44. Training: e-Learning

    46. Certificates Approved For FY08

    48. Visual of legacy equipment and what they are being replaced by. This chart does not represent one for one Visual of legacy equipment and what they are being replaced by. This chart does not represent one for one

    49. Prior to FY08 Stopped issuing - KG-84, KG-94, KG-175, STUIII, Production stopped- KG-175AC (classic), DTD, KIV-7 HSB, KG-75 New Technology- TALON, SecNet 11, SecNet 54, KG-250 FY08- Stop issuing KG-175 AC, KY-68, KIV-7, KIV-19 Production stopped- KG-175 E-100, KG-175B, KG-235, KG-240 New Technology- KG-175D, KIV-7M, KIV-19M, KY-100s, vIPer, ECC, SME-PED, SKL, TALON, KG-255, SecNet 54 FY09- Stop issuing- KOV-14 Production stopped- TBD New Technology- 10 GB TACLANEs, other TBD FY10 Not supported- STUIII

    51. Public Key Infrastructure Identity Management Logical access Physical access Select groups Security - Security - Security

    53. ON CYBER PATROL

More Related