G2TT
来源类型Research Reports
规范类型报告
ISBN9780833089007
来源IDRR-1007-AF
Improving the Cybersecurity of U.S. Air Force Military Systems Throughout Their Life Cycles
Don Snyder; James D. Powers; Elizabeth Bodine-Baron; Bernard Fox; Lauren Kendrick; Michael H. Powell
发表日期2015
出版年2015
页码74
语种英语
结论

Root Causes of Deficiencies in Air Force Management of Cybersecurity

  • The cybersecurity environment is complex, rapidly changing, and difficult to predict, but the policies governing cybersecurity are better suited to simple, stable, and predictable environments, leading to significant gaps in cybersecurity management.
  • The implementation of cybersecurity is not continuously vigilant throughout the life cycle of a military system, but instead is triggered by acquisition events, mostly during procurement, resulting in incomplete coverage of cybersecurity issues by policy.
  • Control of and accountability for military system cybersecurity are spread over numerous organizations and are poorly integrated, resulting in diminished accountability and diminished unity of command and control for cybersecurity.
  • Monitoring and feedback for cybersecurity is incomplete, uncoordinated, and insufficient for effective decisionmaking or accountability.
  • Two underlying themes carry though these findings: that cybersecurity risk management does not adequately capture the impact to operational missions and that cybersecurity is mainly added onto systems, not designed in.
摘要
  • Define cybersecurity goals for military systems within the Air Force around desired outcomes.
  • Realign functional roles and responsibilities for cybersecurity risk assessment around a balance of system vulnerability, threat, and operational mission impact and empower the authorizing official to integrate and adjudicate among stakeholders.
  • Assign authorizing officials a portfolio of systems and ensure that all systems comprehensively fall under some authorizing official throughout their life cycles.
  • Encourage program offices to supplement required security controls with more comprehensive cybersecurity measures, including sound system security engineering.
  • Foster innovation and adaptation in cybersecurity by decentralizing in any new Air Force policy how system security engineering is implemented within individual programs.
  • To reduce the complexity of the cybersecurity problem, reduce the number of interconnections by reversing the default culture of connecting systems whenever possible.
  • Create a group of experts in cybersecurity that can be matrixed as needed within the life-cycle community, making resources available to small programs and those in sustainment.
  • Establish an enterprise-directed prioritization for assessing and addressing cybersecurity issues in legacy systems.
  • Produce a regular, continuous assessment summarizing the state of cybersecurity for every program in the Air Force and hold program managers accountable for a response to issues.
  • Create cybersecurity red teams within the Air Force that are dedicated to acquisition/life-cycle management.
  • Hold individuals accountable for infractions of cybersecurity policies.
  • Develop mission thread data to support program managers and authorizing officials in assessing acceptable risks to missions caused by cybersecurity deficiencies in systems and programs.
主题Critical Infrastructure Protection ; Cyber Warfare ; Cybersecurity ; Military Acquisition and Procurement ; Military Information Technology Systems ; United States Air Force
URLhttps://www.rand.org/pubs/research_reports/RR1007.html
来源智库RAND Corporation (United States)
资源类型智库出版物
条目标识符http://119.78.100.153/handle/2XGU8XDN/108015
推荐引用方式
GB/T 7714
Don Snyder,James D. Powers,Elizabeth Bodine-Baron,et al. Improving the Cybersecurity of U.S. Air Force Military Systems Throughout Their Life Cycles. 2015.
条目包含的文件
文件名称/大小 资源类型 版本类型 开放类型 使用许可
x1495316249927.jpg(4KB)智库出版物 限制开放CC BY-NC-SA浏览
RAND_RR1007.pdf(775KB)智库出版物 限制开放CC BY-NC-SA浏览
个性服务
推荐该条目
保存到收藏夹
导出为Endnote文件
谷歌学术
谷歌学术中相似的文章
[Don Snyder]的文章
[James D. Powers]的文章
[Elizabeth Bodine-Baron]的文章
百度学术
百度学术中相似的文章
[Don Snyder]的文章
[James D. Powers]的文章
[Elizabeth Bodine-Baron]的文章
必应学术
必应学术中相似的文章
[Don Snyder]的文章
[James D. Powers]的文章
[Elizabeth Bodine-Baron]的文章
相关权益政策
暂无数据
收藏/分享
文件名: x1495316249927.jpg
格式: JPEG
文件名: RAND_RR1007.pdf
格式: Adobe PDF

除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。