trusted defense systems l.
Skip this Video
Loading SlideShow in 5 Seconds..
Trusted Defense Systems PowerPoint Presentation
Download Presentation
Trusted Defense Systems

Loading in 2 Seconds...

play fullscreen
1 / 21

Trusted Defense Systems - PowerPoint PPT Presentation

  • Uploaded on

Trusted Defense Systems. Kristen Baldwin Director, Systems Analysis DDRE/Systems Engineering. Trusted Defense Systems Strategy. Report on Trusted Defense Systems. Delivering Trusted Systems. USD(AT&L) ASD(NII)/ DoD CIO. Elements of the Strategy. CPI Identification Critical Components

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Trusted Defense Systems' - Gideon

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
trusted defense systems

Trusted Defense Systems

Kristen Baldwin

Director, Systems Analysis

DDRE/Systems Engineering

trusted defense systems strategy
Trusted Defense Systems Strategy

Report on Trusted Defense Systems

Delivering Trusted Systems



elements of the strategy
Elements of the Strategy
  • CPI Identification
    • Critical Components
    • Critical Technology
  • System Security Engineering
    • Anti-Tamper, SPI
    • System Assurance
  • Supply Chain Risk Mitigation
    • Trusted Foundry, DMEA
    • Threat and vulnerability assessments
  • Focus on Mission Critical Systems
  • Identify Critical Components for Trust
  • Protect Critical Technology
  • Technology Investment Strategies
    • NSA Center for Assured SW, Air Force Application SW Assurance CoE
    • IA/HW/SW Assurance
  • DIB Cyber Security
  • Standards for Secure Products and Networks
  • Damage Assessments
increased priority for program protection
Increased Priority for Program Protection

Threats: Nation-state, terrorist, criminal, rogue developer who:

Gain control of systems through supply chain opportunities

Exploit vulnerabilities remotely

Vulnerabilities: All systems, networks, applications

Intentionally implanted logic (e.g., back doors, logic bombs, spyware)

Unintentional vulnerabilities maliciously exploited (e.g., poor quality or fragile code)

Consequences: Stolen critical data & technology; corruption, denial of critical warfighting functionality

Today’s acquisition environment drives the increased emphasis:


Standalone systems >>>

Some software functions >>>

Known supply base >>>


Networked systems


Prime Integrator, hundreds of suppliers

challenges being addressed
Challenges Being Addressed
  • Policy and guidance for security is not streamlined
  • There is a lack of useful methods, processes and tools for acquirers and developers
  • Criticality is usually identified too late to budget and implement protection
  • Horizontal protection process is insufficiently defined
  • Lack of consistent method for measuring cost and success of “protection”
  • Intelligence data is not available to programs for risk awareness
  • Security not typically identified as an operational requirement, and is therefore lower priority

Data Source: GAO report, white papers, military service feedback

major efforts being executed by ddre se
Major Efforts being executed by DDRE/SE
  • Implementing 5200.39 and 5000.02 Program Protection Policy
    • Review/Coordination of PPPs for ACAT I programs
    • Program protection assessment methodology
    • Guidance and best practice countermeasures, education and training, industry outreach, to assist programs with CPI identification and protection
  • Supply Chain Risk Management
    • Procedures, capability to utilize threat information in acquisition
    • Commercial standards for secure components (ISO/IEC, The Open Group)
  • Horizontal Protection Procedures
    • Acquisition Security Database (ASDB) oversight and implementation
  • Advancing the practice: System Security Engineering
    • SERC Research Topic – “Security Engineering”
    • INCOSE Working Group on System Security Engineering
    • DoD/NSA Criticality Analysis Working Group
  • DoD Anti-Tamper Executive Agent
    • Anti-Tamper IPT, AT policy, guidance advocate
    • Legislative Proposal – Defense Exportability Fund Pilot Program
  • Countering Counterfeits Tiger Team
    • Lifecycle strategy to reduce counterfeits, esp microelectronics
program protection policy
Program Protection Policy
  • DoD Policy: DODI 5200.39 “Critical Program Information Protection Within the DoD”
    • Provide uncompromised and secure military systems to the warfighter by
      • performing comprehensive protection of CPI
      • through the integrated and synchronized application of CI, Intelligence, Security, systems engineering, and other defensive countermeasures to mitigate risk…
    • “CPI. Elements or components of an RDA program that, if compromised, could cause significant degradation in mission effectiveness;
      • Includes information about applications, capabilities, processes, and end-items.
      • Includes elements or components critical to a military system or network mission effectiveness.
      • Includes technology that would reduce the US technological advantage if it came under foreign control…”
dod 5000 lifecycle approach to early designed in program protection
DoD 5000 Lifecycle Approach to Early, Designed-In Program Protection

Production & Deployment


  • Milestone Decision Authority approves PPP in addition to PM
  • Acquisition Strategy, RFP, SEP, and TEMP reflect PPP relevant information
  • Streamlined Program Protection Plan
  • One-stop shopping for documentation
  • of acquisition program security (ISP, IA, AT appendices)
  • Living document, data driven, easy to update, maintain
  • Identify candidate CPI in TDS, and potential countermeasures

Full Rate

Prod DR




Engineering and Manufacturing Development




S&T Programs



Technology Development


  • Obtain threat assessments from Intel/CI, assess supplier risks
  • Develop design strategy for CPI protection
  • Submit PPP to Acquisition Security Database (ASDB)
  • Enhance countermeasure information in Program Protection Plan (PPP)
  • Evaluate that CPI Protection, RFP requirements have been met
  • Contractor adds detail to Program Protection Plan
  • Preliminary verification and
  • validation that design meets
  • assurance plans
multifaceted approach to program protection
Multifaceted Approach to Program Protection

DoDM 5200.39

Requires use of

Supply Chain Risk Management (SCRM) and

System Security Engineering

Best Practice Countermeasures

to protect

Critical Program Information (CPI)


Key Practices

Systems Security Engineering

(risk mitigation)


DoDM 5200.39

Specific tools and practices (e.g. Malicious code checks, software assurance techniques)


Best Practices

Other countermeasures (INFOSEC, IA, ITAR, FMS, etc.)

Map to CPI being protected & location in

Use to contract for security in

Program Protection Plan (PPP)

Requests for Proposals (RFP)

systems security engineering sse early engineering emphasis
Systems Security Engineering (SSE): Early Engineering Emphasis
  • Identify components that need protection
    • Perform criticality analysis based on mission context and system function
      • Evaluate CONOPS, threat information, notional system architecture to identify critical components (hardware, software and firmware)
      • Identify rationale for inclusion or exclusion from candidate CPI list
    • Perform trade-offs of design concepts and potential countermeasures to minimize vulnerabilities, weaknesses, and implementation costs
  • Establish System Security Engineering Criteria
    • Ensure preferred concept has preliminary level security requirements derived from candidate CPI countermeasures
    • Ensure system security is addressed as part of Systems Engineering Technical Reviews
  • We have begun to apply these practices with major acquisition programs
systems security engineering
Systems Security Engineering
  • Systems Security Engineering Definition:
    • An element of system engineering that applies scientific and engineering principles to identify security vulnerabilities and minimize or contain risks associated with these vulnerabilities

(MIL-HDBK-1785: Systems Security Engineering Program Management Requirements)

  • Codify guidance and best practice
    • To identify software, hardware vulnerabilities
    • To support program protection planning
    • To support secure systems design
  • Work is needed to fully expand this discipline
    • Foundational science and engineering, competencies (as compared to other SE Specialties: reliability, safety, etc)
    • Methods and tools: V&V, architecting for security
    • Community and design team recognition of SSE as a key design consideration
systems security engineering research roadmap
Systems Security Engineering Research Roadmap
  • Joint DDRE/SE and NSA funded SE Research Center task
    • Goal: Develop a research roadmap to grow Systems Security Engineering as a key discipline of SE
  • Workshop in March 2010 to collect input
    • 50 attendees from industry, government, and academia
  • Proposed research modules in key areas:
    • Definitions: What is the scope of Systems Security Engineering?
    • Metrics: How much security is enough? How do we compare?
    • Frameworks: What is the trade space for making security engineering decisions? Are there architectural commonalities to leverage?
    • Workforce: How do we train researchers, developers, and acquisition professionals to do this? What do they need to know?
    • Methods, Processes, and Tools: How might practitioners actually do this? What can we learn from related disciplines (e.g. Safety, Reliability, Surety)?
  • Final report in September 2010
standardization efforts
Standardization Efforts
  • Buying with Confidence
    • Open Group engagement to develop secure commercial product standards
    • Technology supply chain security standard through ISO
    • Supply Chain Risk Mitigation
    • Countering Counterfeits Tiger Team
    • DFAR for safeguarding unclassified DoD information on DIB networks
    • Object Management Group software assurance frameworks
  • Building with Integrity
    • NDIA System Assurance Guidebook, adopted by NATO Standardization Agency
    • ISO 15026: Standard for Systems and Software Assurance
    • Criticality Analysis Working Group
    • Systems Security Engineering research roadmap
    • DHS Software Assurance
  • Horizontal Protection
    • DoD-wide Critical Program Information identification process
    • Acquisition Security Database adoption and implementation
in summary
In Summary
  • Holistic approach to assurance is critical
    • To focus attention on the threat
    • To avoid risk exposure from gaps and seams
  • Program Protection Policy provides overarching framework for trusted systems
    • Common implementation processes are beneficial
  • Stakeholder integration is key to success
    • Acquisition, Intelligence, Engineering, Industry, Research Communities are all stakeholders
  • Systems engineering brings these stakeholders, risk trades, policy, and design decisions together
    • Informing leadership early; providing programs with risk-based options
key enablers of the strategy
The requirement for assurance is allocated among the right systems and their critical components

DoD understands its supply chain risks

DoD systems are designed and sustained at a known level of assurance

Commercial sector shares ownership and builds assured products

Technology investment transforms the ability to detect and mitigate system vulnerabilities

Key Enablers of the Strategy










Assured Systems

Vision of Success

*Reference: DoD System Assurance CONOPS, 2004

desired outcome
Desired Outcome

Program Benefit

DoD Benefit

Reduced risk exposure to gaps/seams in policy and protection activity

Improved oversight and focus on system assurance throughout the lifecycle

Ability to capitalize on common methods, instruction and technology transition opportunities

Cost effective approach to “building security in” where most appropriate

  • Coherent direction and integrated policy framework to respond to security requirements
  • Risk-based approach to implementing security
  • Provision of expert engineering and intelligence support to our programs
  • Streamline process to remove redundancy; focus on protection countermeasures
se ppp and assessment criteria
SE PPP and Assessment Criteria
  • Program Criticality Analysis uses a collection of techniques to identify the critical functions / capabilities that need protection
    • Mission thread analysis
    • Vulnerability analysis
    • WBS analysis (What are the major cost elements)
    • Domain specific knowledge
    • COTS design vulnerabilities and supply chain
  • Design and assurance techniques
    • Defense in Depth
    • Draft PDR Exit Criteria
    • Draft CDR Exit Criteria
    • Configuration management access control
  • SW Development assurance techniques
    • Static code analyzers
    • Design and code walkthroughs / inspections for assurance
cpi formats and example protections
CPI Formats andExample Protections
  • Information Systems
    • Information Assurance (controls for applications, networks, IT processes and platform IT interconnections)
    • Communications Security (Encryption, decryption)
  • End Items
    • Anti-Tamper (deter, prevent, detect, respond)
    • Information Assurance
    • Supply Chain Risk Management (assessing supplier risk)
    • Software Assurance (tools, processes to ensure SW function)
    • System Security Engineering
    • Trusted Foundry (integrated circuit providers)
  • Hard Copy Documents
    • Information Security (Document markings, handling instructions)
    • Foreign Disclosure (restrict/regulate foreign access)
    • Physical Security (gates, guards, guns)
  • Ideas/Knowledge
    • Personnel Security (trustworthy, reliable people)
    • Access Controls