Pentagon to unveil zero-trust cyber strategy

Sur le même sujet

• 

  29 janvier 2020 | International, C4ISR, Sécurité

  New cybersecurity standards for contractors could be finalized this week

  The first version of the new cybersecurity requirements the Pentagon wants military contractors to follow could be finalized as soon as Jan. 31. Katie Arrington, chief information security officer for the Office of the Under Secretary of Defense for Acquisition and the point person for the Cybersecurity Maturity Model Certification (CMMC), told an audience Jan. 28 that she will have the requirements by the end of the month. The CMMC is a tiered cybersecurity framework that grades companies on a scale of one to five. A score of one designates basic hygiene and a five represents advanced hygiene. Arrington said Jan. 28 that the lowest level will become the default for Department of Defense contracts and will include basic tasks such as changing passwords. Speaking at an event hosted by the law firm Holland and Knight, Arrington said the new standards won't be in effect overnight. The auditors and assessors who will grade companies need training and new contracts will be slowly phased in. “The likelihood that any awards will be made until 2021 [of the certification] is, I would say, highly unlikely,” she said. She noted that companies are not required to have CMMC certification until the time of award. “You have a full year to get yourselves set, to get yourself in position.” According to one slide in her presentation, all new contracts will have the requirements in fiscal year 2026. Arrington expects 1,500 companies to be certified by the end of 2021. The requirements are expected to be free of jargon and overly technical language that can often make military documents befuddling. “I asked if it could be created on an eighth grade reading level. Why? Because I'm not smart and I owned a small business and I fell prey to this,” she said. “I needed it to be in something that anybody could adapt to. We hear companies all the time say my nephew is doing my cybersecurity. I need your nephew to read what I need him to do.” Arrington promised that the requirement would not become a simple checklist, because if it does “I've failed. We failed.” Moreover, she suggested the framework be reevaluated at least once each year because cyber threats will continue to evolve. https://www.fifthdomain.com/dod/2020/01/28/new-cybersecurity-standards-for-contractors-could-be-finalized-this-week/

• 

  31 décembre 2018 | International, C4ISR

  Air Force begins to roll out special cyber defense teams

  By: Mark Pomerleau The Air Force is beginning to build specialized cyber teams across the service whose primary mission is to defend local installations and critical mission tasks from cyberattacks. These teams will ensure that a particular wing or smaller organization can complete their mission from a cyber perspective, Maj. Gen. Robert Skinner, commander of 24th Air Force/Air Forces Cyber, told Fifth Domain in a November interview. For example, Skinner said if a wing has an F-16 unit that's responsible for offensive counter air or defensive counter air support, mission defense teams will understand those weapon system and everything that goes into making those air sorties successful as a way to defend that mission from a cyber standpoint. As an example, an eight-man team at the 2nd Weather Group within the 557th Weather Wing monitors the network and recently discovered several “bogus” account requests. The commander, Col. Patrick Williams, said the team was able to figure out that many of the requests were either bots or foreign requests that “had no business being on that network.” By working with the Network Operations and Security Center to eliminate that activity, the number of requests dropped by 80 percent, a huge win, Williams said. He added this was done with just a nascent mission defense team given that the teams are just being filled out across the major commands now. Skinner said each major command is at a different point in activating the teams. In addition, Air Force leaders said the service hopes to achieve efficiencies within its entire IT and cyber defense enterprise. The officials pointed to the Air Force's “enterprise IT as a service” pilot, which examines what efficiencies can be gained by having commercial companies conduct the IT services as opposed to having airmen maintain the IT infrastructure. One benefit of such a move could be that it frees up personnel to spend more time on cyber defense. “Our core strategic theme is moving from IT focused delivery into mission defense teams,” Bill Marion, deputy CIO of the Air Force, said during a keynote presentation in early December. Skinner said the service will likely be able to “re-mission” workers from their IT positions and assign them to these more active defensive roles such as mission defense teams. These mission defense teams are different from cyber protection teams that the Air Force, and other services, provide to U.S. Cyber Command. “In my eyes the [mission defense team] is a [cyber protection team] lite,” Skinner said. "We're very proud of our cyber protection team training and I think that the more of that I can get with our mission defense teams, the more successful they'll be and then our cyber protection teams can be really focused on the high end, the big threats that we'll run into in a peer competition and peer adversaries.” https://www.fifthdomain.com/dod/air-force/2018/12/27/air-force-begins-to-roll-out-special-cyber-defense-teams

• 

  30 novembre 2024 | International, Terrestre

  Joint Statement from the Chief of the Defence Staff and Office of the National Defence and Canadian Armed Forces Ombud

  General Jennie Carignan, the Chief of the Defence Staff, and Robyn Hynes, Interim Ombud, are pleased to announce an exciting new collaboration between the Office of the DND/CAF Ombudsman and the Canadian Armed Forces.