Tuesday, 18 August

Session 1 – State of the Army Information Assurance

Speaker:  Ms. Carol Assi, Army Office of Information Assurance & Compliance 

In this environment of heightened risk, the Army Information Assurance program has an essential role to play in Cyber Security. As in other critical mission areas, Information Assurance is charting the way for strengthening the security posture of the Army’s infrastructure, enabling the Warfighter to communicate in a smart and protected environment, and reducing risk to the global information grid. In this session, the audience will learn about new challenges and initiatives planned (and in progress) such as creating a specialized cyber workforce, introducing proactive best practices, and leveraging technologies that address complex threats, shortening the time to protect, and removing  the burden and complexity of these challenges.

Session 2 – State of the Army Cyber Security & Operations

Speaker:  BG Steven Smith, Chief Cyber Officer, Army CIO/G-6

More than 140 countries around the world have cyber weapons development efforts underway, but lack a comprehensive doctrine and legal framework for responding to cyber attacks as well as using offensive cyber weapons against attackers and adversaries. Time is short before the next significant cyber attack is launched! But you may rest assured that cyber warfare is nothing new to the U.S. military which has an expansive arsenal of sophisticated cyber weapons and tactics at its disposal.The characteristics of cyber attacks coupled with the operational aspects of cyber weapons make this a unique challenge to the U.S. Army. In this session, the presenter will focus on the DoD’s strategic initiatives and the Army’s Cyber Directorate’s vision and implementation of these critical goals and rules of engagement.

Session 3 - What’s new in Identity Protection and Management

Guest Panelists: Mr. Morris Hymes, DoD PKI PMOI; Mr. William E. Vickers*, Office of the Director, Biometrics Task Force; CAPT John Boyd*, USN, Office of the Secretary of the Navy, Naval Identity Management Capability; Robert Carey*, Department of the Navy CIO

Moderator: Ms. Tracy Traylor, Army Office of Information Assurance & Compliance

The Army IA program is leading the charge in Identity Protection (proving who you are) and Management (controlling what you have access to).  Homeland Security Presidential Directive (HSPD) – 12 requires the executive branch of the federal government to standardize on a common smartcard called the Personal Identity Verification (PIV), more commonly known as the Common Access Card (CAC), to be used for both physical and logical access.  The attendee will walk away with up to date information on the SIPRNet Card Management Pilot, smartcards for non-CAC-eligible populations and Non-Person Entities, and the latest on extending PKI into the Tactical/Austere environments. This session will focus on piecing together policy with technology to safeguard our most vital assets - people, information, and equipment. 

* Invited

Session 4 - What Role is Army IA Playing in the DMZ Implementation?

Speaker: Mr. Stephen Schless and Mr. Mike DiLorenzo, Army Office of Information Assurance & Compliance

The Department of Defense (DoD) Chief Information Officer (CIO) has laid out a plan to improve the overall security posture of the Non-Secure Internet Protocol Router Network (NIPRNET). The Army’s Office of Information Assurance and Compliance (OIA&C) and Enterprise Services (ES) are leading the path to ensure that the Army’s Demilitarized Zone (DMZ) is integrated into the Defense Information Systems Network (DISN) initiative.  This session will lay out the DoD DMZ Hardening plan and the Army's actions to comply with the plan.  The presenter will focus on: the overall NIPRNET hardening concept and plan, the Whitelist of public web, file transfer protocol (FTP), domain name system/servers (DNS), and simple mail transfer protocol (SMTP) servers, and the implementation of the DMZ and DMZ Extension Secure Technical Implementation Guidelines (STIG).

Session 5 - What Constitutes a Successful Information Assurance Assessment

Moderator: Ms. Carol Assi, Army Office of Information Assurance & Compliance

This panel will discuss the methodologies used to measure Information Assurance compliance across the Army.  It will include a discussion of major trends in compliance and non-compliance that were observed in the past year.  Ideas on strategies for mitigating the findings will be shared with the audience.

Session 6 - Army Components of Compliance

Guest Panelists: Ms. Netter*, DISA; Ms. Linnea Fransen, OAI&C; Ms. Sally Dixon, OAI&C; and COL Frederick Henry, DAIG IA Compliance Division

Moderator: Ms. Carol Assi, Army Office of Information Assurance & Compliance

The panelists will present the various facets of a successful process which addresses governance, risk, portfolio management, and satisfies compliance requirements for the Federal Information Security Management Act of 2002 (FISMA), Authority to Connect (ATC), and Authority to Operate (ATO).  This session will focus on lifecycle management of these components as a key business strategy at the Army Enterprise Governance framework.

* Invited

Session 7 - The IA Tools Panel Returns

Guest Panelists: Ms. Kathy Laymon*, ASA-ALT; Mr. Jim Hatch*, ISEC; Dr. Randy Easter*, NIST; and Dr. Amy Harding, 9th SC (A)

Moderator: Mr. LeRoy Lundgren, Army Office of Information Assurance & Compliance

A distinguished panel will present new strategies and models designed to standardize U.S. Government protection profiles and expedite test and evaluation schedules. These changes add value to the Army’s IA tools vetting process and the IA technology providers.

A cumulative review of key issues and highlights from the Track's presentations will follow this discussion.

* Invited