全球智库信息集成服务系统(G2TT): Improving the Cybersecurity of U.S. Air Force Military Systems Throughout Their Life Cycles

G2TT

来源类型	Report
规范类型	报告
来源ID	RR-1007-AF
	Improving the Cybersecurity of U.S. Air Force Military Systems Throughout Their Life Cycles
	Don Snyder; James D. Powers; Elizabeth Bodine-Baron; Bernard Fox; Lauren Kendrick; Michael H. Powell
发表日期	2015-10-27
出版年	2015
语种	英语
结论	Root Causes of Deficiencies in Air Force Management of Cybersecurity The cybersecurity environment is complex, rapidly changing, and difficult to predict, but the policies governing cybersecurity are better suited to simple, stable, and predictable environments, leading to significant gaps in cybersecurity management. The implementation of cybersecurity is not continuously vigilant throughout the life cycle of a military system, but instead is triggered by acquisition events, mostly during procurement, resulting in incomplete coverage of cybersecurity issues by policy. Control of and accountability for military system cybersecurity are spread over numerous organizations and are poorly integrated, resulting in diminished accountability and diminished unity of command and control for cybersecurity. Monitoring and feedback for cybersecurity is incomplete, uncoordinated, and insufficient for effective decisionmaking or accountability. Two underlying themes carry though these findings: that cybersecurity risk management does not adequately capture the impact to operational missions and that cybersecurity is mainly added onto systems, not designed in.
摘要	There is increasing concern that Air Force systems containing information technology are vulnerable to intelligence exploitation and offensive attack through cyberspace. In this report, the authors analyze how the Air Force acquisition/life-cycle management community can improve cybersecurity throughout the life cycle of its military systems. The focus is primarily on the subset of procured systems for which the Air Force has some control over design, architectures, protocols, and interfaces (e.g., weapon systems, platform information technology), as opposed to commercial, off-the-shelf information technology and business systems. , The main themes in the authors' findings are that cybersecurity laws and policies were created to manage commercial, off-the-shelf information technology and business systems and do not adequately address the challenges of securing military systems. Nor do they adequately capture the impact to operational missions. Cybersecurity is mainly added on to systems, not designed in. The authors recommend 12 steps that the Air Force can take to improve the cybersecurity of its military systems throughout their life cycles.
目录	Chapter One Cybersecurity Management Chapter Two Cybersecurity Laws and Policies Chapter Three Findings and Recommendations
主题	Critical Infrastructure Protection ; Cyber Warfare ; Cybersecurity ; Military Acquisition and Procurement ; Military Information Technology Systems ; United States Air Force
URL	https://www.rand.org/pubs/research_reports/RR1007.html
来源智库	RAND Corporation (United States)
资源类型	智库出版物
条目标识符	http://119.78.100.153/handle/2XGU8XDN/522887
推荐引用方式 GB/T 7714	Don Snyder,James D. Powers,Elizabeth Bodine-Baron,et al. Improving the Cybersecurity of U.S. Air Force Military Systems Throughout Their Life Cycles. 2015.

条目包含的文件
文件名称/大小	资源类型	版本类型	开放类型	使用许可
RAND_RR1007.pdf（762KB）	智库出版物		限制开放	CC BY-NC-SA	浏览
x1495316249927.jpg.p（2KB）	智库出版物		限制开放	CC BY-NC-SA	浏览