Cyber Survivability Test & Evaluation Overview

Determination of a system's capability to survive and operate after exposure to cyber threats is critical for ensuring mission success. The META approach, conducted by the COTF Cybersecurity Division, assesses critical components, system deficiencies, and mission impacts. This testing evaluates system vulnerabilities, cyber threat impacts, and the system's readiness to withstand cyber attacks. By analyzing mission tasks, critical components, and cyber threat environments, the test identifies potential vulnerabilities and assesses the system's effectiveness and suitability in facing cyber threats.

• Cyber Survivability
• Test & Evaluation
• META
• Cyber Threats
• System Readiness

gwe_pyb Follow

Uploaded on Sep 28, 2024 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

Presentation Transcript

1. UNCLASSIFIED Cyber Survivability Test & Evaluation (T&E) September 2021 Mr. Ryan C. Mayer The overall classification of this brief is UNCLASSIFIED UNCLASSIFIED

2. UNCLASSIFIED Cyber Survivability T&E What: Determination of a system s capability to survive and operate after exposure to cyber threats which attempt to prevent the completion of operational mission(s) by destruction, corruption, denial, or exposure of data transmitted, processed or stored The system includes both the machine and human aspects (technicians, operators, cyber defenders, etc.) How: Mission Effect Test and Analysis (META) Inclusion of specific cyber objectives to target critical components of the SUT to evaluate system deficiencies in a cyber threat environment; based on outsider, nearsider, and insider threat analysis Analysis of SUT s operational mission impacts due to system deficiencies that fail to prevent, mitigate, and recover META requires identification of the SUT s mission(s), critical components and critical components traced to tasks; mission relevant cyber terrain Program protection analysis (supply chain, counter intelligence, counterfeit components) Who: COTF Cybersecurity Division (01D) supports all COTF warfare divisions for cybersecurity OT&E requirements Organic test team capability with NAO authorization to conduct standalone test events 01D works directly with DOT&E for policy and process alignment NOTE: Purpose statement is based on the JCIDS Manual, 12FEB15: Content Guide For the System Survivability KPP, Appendix C to Enclosure D UNCLASSIFIED 2

3. UNCLASSIFIED META Concept Overview Missions Missions MBTD executed with which deny/degrade Mission Tasks Mission Tasks supported by Critical Components affecting execution of with System Impacts Cyber Survivability DRs and and META Threat Environment DRs Vulnerabilities collected through revealing Test Execution *DR = Data Requirement *MBTD = Mission Based Test Design 3 UNCLASSIFIED

4. UNCLASSIFIED Test & Evaluation Determination Triad Cyber Threat Environment Non Cyber Threat Environment The most important characteristic of a system Mission Accomplishment Supports required operational capabilities, Tactics Techniques Procedures, Concept of Operations/Employment Effectiveness Cyber Survivability Attributes of achieving and sustaining system readiness System documentation, training, logistics, etc. Suitability System vulnerabilities impacting mission completion when exposed to cyber threats What mission impacts could be expected when exposed to cyber threats Evaluates Cyber Threat Impact to Effectiveness and Suitability COIs 4 *COI = Critical Operational Issue (i.e., Air Warfare, Mobility, Information Warfare, etc.) UNCLASSIFIED

5. UNCLASSIFIED Cyber Survivability Test Execution Cooperative Vulnerability Penetration Assessment (CVPA) Objectives Discover system vulnerabilities Validate exploitations against system vulnerabilities Identify attack path enabling access to critical components Prepare attack scenarios for Adversarial Assessment (AA) AA Objectives Degrade or deny mission capability using outsider, nearsider, insider threat portrayals White card when necessary Gain access to Critical Program Information (CPI)/classified data for proof of concept 5 UNCLASSIFIED

6. UNCLASSIFIED Cyber Survivability Test Execution (cont.) COTF 01D Execution Support Working towards NSA red team certification and NIPR/SIPR/.COM infrastructure accreditation (remote operations) Enterprise IT based capabilities Partnerships with external organizations for non-IP based test support Avionic data buses (MIL-STD-1553, ARINC429) Industrial Control Systems / Hull, Mechanical & Electric (HM&E) Active Central Test and Evaluation Investment Program (CTEIP) efforts NSWC Philadelphia HM&E toolset development NAWCAD Patuxent River Datalink test environment Future collaboration with other stakeholders / warfare centers welcomed! 6 UNCLASSIFIED

7. UNCLASSIFIED Cyber Survivability T&E Areas of Interest Capabilities Based Test & Evaluation (CBT&E) Align DT and OT strategies and resources Discover & mitigate vulnerabilities early; buy down risk of vulnerability discovery in OT Advanced test tool and tactics development Evolve the red team with the evolving threat Platform focused kill chain assessment What does it take to operate and complete a mission in the presence of an active cyber threat? Fleet exercise integration Collect force level data for OT, exercise defensive cyber operations 7 UNCLASSIFIED

8. UNCLASSIFIED COTF Cyber T&E POCs Cybersecurity T&E Director Gene Costello eugene.costello@cotf.navy.mil 757-457-6288 Cybersecurity T&E Deputy Director Ryan C. Mayer ryan.mayer@cotf.navy.(smil).mil 757.457.6415 Cybersecurity T&E Operations Officer Craig Whitney craig.whitney@cotf.navy.mil 757-457-6050 8 UNCLASSIFIED

9. UNCLASSIFIED Questions 9 UNCLASSIFIED