120 likes | 467 Views
Lockheed Martin Cyber Security Ensuring Mission Integrity, Assurance, & Resilience To Fight Through The Attack. Craig Solem , CISSP Lockheed Martin Information Systems and Global Services Program Manager, Joint Medical information Systems for
E N D
Lockheed Martin Cyber Security Ensuring Mission Integrity, Assurance, & Resilience To Fight Through The Attack Craig Solem , CISSP Lockheed Martin Information Systems and Global Services Program Manager, Joint Medical information Systems for Naval Space and Warfare systems Center Atlantic January 8, 2010
Outline • Who We Are • Cyber Security Customers • Cyber Tradeoff Model • Characteristics of LM Solutions • Security Approach • Cyber Security Technology • Center for Cyber Security Innovation
Lockheed Martin Information Systems & Global Services • The leading provider of Information System Solutions and Services for the US Government for 14 years • Over $10Billion in annual sales • 52,000 Employees across every state and 50 countries • CMMI Level 5, ITIL v2/3, ISO 27001 • 4,000 Customer programs • 80 – 120 Vendors Evaluated Yearly
Cyber Security Solutions & Operations For a Wide Range of Customers • Security Operations • Security Engineering • Security R&D • Across All Domains • Policy Support • Security Planning • Defense in Depth • Unique Solutions Intel31% Civil25% Int’l6% Defense38%
Cyber Tradeoff Model - Decisions Solution: “One Size Does Not Fit All”
Cyber Tradeoff Model • Commercial Solutions • SI Value: Integration of Commercial Products Solution: “One Size Does Not Fit All”
Cyber Tradeoff Model Commercial Solutions SI value: Integration of Commercial Products • Mission Critical • Leveraging R&D, National Labs and Universities • SI Value: Integration + IP Solution: “One Size Does Not” Fit All”
Characteristics of LM Solutions - Approach Mission Enablers HOW Cyber Security is all about providing Mission Assurance Integrated Solutions Proactive Services Resilient Systems Trusted Information
IS&GS NexGen Cyber Innovation & Technology Center • Native Design, Engineering, & Test Innovation Teams from across IS&GS and partners • Extensive LIVE portfolio of LM R&D and current capabilities • Extensive partner LIVE portfolios (COTS/Open Source) • Real, Relevant, Rapid Availability of Our Current & Next Generation Integrated Capabilities • Global Cyber Innovation Range for test, verification, offense /defense exercise, & partner collaboration • Cloud enabled virtual and real onDemand compute/network/test capabilities • Classified and unclassified labs • High Definition Collaboration Networks & Tools across LM Innovation Centers & Partners • Multiple network access: Direct Internet, LMI, HIWAE, Classified • Rapid Prototypes and Proof of Concepts enablers • Operational Team Access & Use of Solutions LMCO IS&GS Defense Civil IC EIG Global R&SO Global Cyber Innovation Range Accelerating Cyber Security Innovation To Ensure Mission Integrity, Assurance, & Resilience To Fight Through The Attack
Design Operations Test Proposal Planning Security “built-in” the Life Cycle Requirements Deployment Development Technical Proposals Program & Technical Plan System Requirements Document • Allocate Security Requirements • Evaluate Alternatives • COTS Selection • Security Testing • Certification • Develop Design Sustaining Engineering Plan • Monitor & Sustain Approved • Security Baseline • Resolve New Security Risks • INFOSEC Plan • High Level Solution • High Level Plan • Security Requirements System Test Report Test Plans Operational Concept Document • INFOSEC Sustainment Strategy System Design Document • Discrepancy Reporting/ Mitigation • SRA Report • Accreditation • INFOSEC Test Plan • INFOSEC Test Procedures • INFOSEC Test Cases • INFOSEC Test Scenarios • Data/Info Criticality & Sensitivity • Identify/Assess Threats & Vulnerabilities • C&A Criteria • 21 BFC • Security Architecture • Secure Code Engineering Deployment Plan Retirement Plans System Component Design Document Configuration Management Plan • INFOSEC Plans & Procedures • System Disposal -INFOSEC Requirements • Security Components • Security work products * DDR PSCR SRR TRR ORR PIR Annual Proposal Review SDR Security is part of every review (peer, technical, management)