Track Five: Information Assurance - The Defender's Challenge


Ms. Carol Assi, Ms. Joudi Henoud, and Ms. Alegra Woodard

Cyber attacks are increasing in frequency and impact!  These attacks have demonstrated that extensive vulnerabilities exist in information systems and networks with the potential for serious damage.  As the global economy shifts downward, the effects of a successful cyber attack might include serious consequences to our economic sectors, critical communication capabilities, and impair the Army's response in crisis situations.  The Cyber threat has the ability to disrupt the entire Army IT infrastructure. This will impact the ability of the Warfighter to process, transmit, and store information.  Information is a key power enabler and crucial to the War Fighter mission.   The Army Information Assurance and Cyber Security strategy ensures that the Army stays abreast of the National Military Strategy for Cyber Security to prevent and defend against increased attempts on Army networks and systems.  In this track the audience will be introduced to current initiatives, outreach efforts, and training programs delivered by engaging, speakers, panelists, and subject matter experts. This track will introduce the attendees to best practices for a successful information assurance and cyber program regardless of resources, while providing opportunities for open dialog and information exchange.


  Tuesday, 3 August 2010
1015 - 1130

State of Information Assurance (IA) & Cyber Security (CS)

Speaker: Ms. Carol Assi, Director, Army Office of Information Assurance & Compliance/HQDA CIO-G6


In this environment of heightened risk, the Army Information Assurance (IA) Program plays an integral role in Cyber Security (CS).  As in other critical mission areas, the Army's Information Assurance program is charting the way for strengthening the security posture and resiliency of the Army's infrastructure, and enabling the Warfighter to communicate in a smart and protected environment, while reducing risk to the global information grid. In this session, the audience will learn about new challenges, strategies, initiatives, and best practices planned for Information Assurance and Cyber Security that address the complex threat of this rapidly evolving cyber environment.
 
1400 - 1515

Components of Compliance to achieve Authority to Connect (ATC) Panel
Panel
Moderator: Ms. Terri Netter, Army Office of Information Assurance & Compliance/HQDA CIO-G6

Panelists: Ms. Sally Dixon, Ms. Judi Mullin

 

The panelists will present the various facets of a successful process which addresses governance, risk, portfolio management, and satisfies compliance requirements for the Federal Information Security Management Act of 2002 (FISMA), Authority to Connect (ATC), and Authority to Operate (ATO).  This session will focus on lifecycle management of these components as a key business strategy for the Army Enterprise Governance framework. 

  Wednesday, 4 August 2010
0945 - 1100

Inspector General Information Assurance FY09 Annual Report

Speaker: TBD

The Department of Army’s Inspector General (DAIG) Agency Information Assurance (IA) Division has now performed over 50 compliance inspections and assistance visits across the Total Army in Garrison as well as deployed tactical environments. Each year the IA Division publishes an annual report based on the previous year’s inspection results.  These reports contain information that identify where the Army must improve its IA Readiness and more importantly, identifies trends and systemic issues that require senior Army leadership involvement.   In this track, the DAIG will discuss systemic findings, compliance trends, and recommendations to improve the Army’s IA program. 

1500 - 1615

(Multi-topics): Tactical IA Initiatives and What’s New in Identity Protection and Management

  • Tactical IA Initiatives –

Speaker: Mr. William “Bill” Biggs, Army Tactical IA Division, Army Office of Information Assurance Compliance.

 

The presenter will brief current efforts pertaining to the integration of IA processes into the LandWarNet Battle Command Capability Set Management Process, the Army -Marine Corps Command and Control (C2)/ Situational Awareness (SA) Convergence, IA Systems of System Network Vulnerability Assessment tasks update, Security Data Log Management implementation, and the significant IA/CND issues impacting Army current forces. The brief will define the problem set, current status, and the projected way ahead to achieve the desired end state.

 

  • Army Cross Domain Solutions – What are they? Do I need one? How do I get it?

Speaker: Mr. Mike Tyson, Army Cross domain Solution Office, Army Office of Information Assurance & Compliance

This briefing will explain what a Cross Domain Solution (CDS) is, what it is used for, the approval process, and timelines.  The role of Army Cross Domain Management Office (CDMO), the Unified CDMO (UCDMO), the Army Cross Domain Working Group (CDWG), and the DISA Cross Domain Enterprise Service (CDES) will be detailed, as well as the distinction between Secret and Below CDS and an SCI connected CDS.  The future of CDS, the re-engineering of the approval process and what that means to Army CDS customers will also be discussed.  Of particular importance to those implementing a CDS, will be information about how and when and the approvals required for procurement or acquisition CDS technology, the critical dependence on the updated accreditation of the network/enclave to connection approval and ways to smooth the approval path and avoid "Gotchas."

1630 - 1745

What's New in Identiy Protection and Management?

Speaker: Mr. Desmond Adams, Army IA Programs, Army Office of Information Assurance & Compliance/HQDA CIP-G6

 

The Army IA program is leading the charge in Identity Protection (proving who you are) and Management (controlling what you have access to). Homeland Security Presidential Directive (HSPD) 12 requires the executive branch of the federal government to standardize on a common smartcard called the Personal Identity Verification (PIV), more commonly known as the Common Access Card (CAC), to be used for both physical and logical access. The attendee will walk away with up to date information on the SIPR Token Pilot and the latest on extending PKI into the Tactical/Austere environment. This session will focus on piecing together policy with technology to safeguard our most vital assets - people, information and technology.

 

  Thursday, 5 August 2010
1000 - 1130

Assessments, Validations, Inspections – what’s the difference?

Panel Moderator: Ms. Phyllis Bailey, Assessments and Training Division, Army Office of Information Assurance & Compliance 

 

The panel will discuss some of the challenges and trends identified during the various IA Compliance inspections conducted in the Army.  This forum will address how to take the best practices from all the various assessments/inspections and turn them into Quick Wins for the larger Army community.  The members will briefly describe the scope of the assessments and then take audience questions on the Force Protection Assessment Team (FPAT), the Compliance Verification Team (CVT) mission, the Joint Task Force-Global Network Operations (JTF-GNO) directed Command Cyber Readiness Inspection (CCRI), and the Department of the Army Inspector General (DAIG) IA Compliance inspections.

A cumulative review of key issues and highlights from the Track’s presentations will follow this discussion.