G2TT
来源类型Report
规范类型报告
来源IDRR-1007-AF
Improving the Cybersecurity of U.S. Air Force Military Systems Throughout Their Life Cycles
Don Snyder; James D. Powers; Elizabeth Bodine-Baron; Bernard Fox; Lauren Kendrick; Michael H. Powell
发表日期2015-10-27
出版年2015
语种英语
结论

Root Causes of Deficiencies in Air Force Management of Cybersecurity

  • The cybersecurity environment is complex, rapidly changing, and difficult to predict, but the policies governing cybersecurity are better suited to simple, stable, and predictable environments, leading to significant gaps in cybersecurity management.
  • The implementation of cybersecurity is not continuously vigilant throughout the life cycle of a military system, but instead is triggered by acquisition events, mostly during procurement, resulting in incomplete coverage of cybersecurity issues by policy.
  • Control of and accountability for military system cybersecurity are spread over numerous organizations and are poorly integrated, resulting in diminished accountability and diminished unity of command and control for cybersecurity.
  • Monitoring and feedback for cybersecurity is incomplete, uncoordinated, and insufficient for effective decisionmaking or accountability.
  • Two underlying themes carry though these findings: that cybersecurity risk management does not adequately capture the impact to operational missions and that cybersecurity is mainly added onto systems, not designed in.
摘要

There is increasing concern that Air Force systems containing information technology are vulnerable to intelligence exploitation and offensive attack through cyberspace. In this report, the authors analyze how the Air Force acquisition/life-cycle management community can improve cybersecurity throughout the life cycle of its military systems. The focus is primarily on the subset of procured systems for which the Air Force has some control over design, architectures, protocols, and interfaces (e.g., weapon systems, platform information technology), as opposed to commercial, off-the-shelf information technology and business systems.

,

The main themes in the authors' findings are that cybersecurity laws and policies were created to manage commercial, off-the-shelf information technology and business systems and do not adequately address the challenges of securing military systems. Nor do they adequately capture the impact to operational missions. Cybersecurity is mainly added on to systems, not designed in. The authors recommend 12 steps that the Air Force can take to improve the cybersecurity of its military systems throughout their life cycles.

目录
  • Chapter One

    Cybersecurity Management

  • Chapter Two

    Cybersecurity Laws and Policies

  • Chapter Three

    Findings and Recommendations

主题Critical Infrastructure Protection ; Cyber Warfare ; Cybersecurity ; Military Acquisition and Procurement ; Military Information Technology Systems ; United States Air Force
URLhttps://www.rand.org/pubs/research_reports/RR1007.html
来源智库RAND Corporation (United States)
资源类型智库出版物
条目标识符http://119.78.100.153/handle/2XGU8XDN/522887
推荐引用方式
GB/T 7714
Don Snyder,James D. Powers,Elizabeth Bodine-Baron,et al. Improving the Cybersecurity of U.S. Air Force Military Systems Throughout Their Life Cycles. 2015.
条目包含的文件
文件名称/大小 资源类型 版本类型 开放类型 使用许可
RAND_RR1007.pdf(762KB)智库出版物 限制开放CC BY-NC-SA浏览
x1495316249927.jpg.p(2KB)智库出版物 限制开放CC BY-NC-SA浏览
个性服务
推荐该条目
保存到收藏夹
导出为Endnote文件
谷歌学术
谷歌学术中相似的文章
[Don Snyder]的文章
[James D. Powers]的文章
[Elizabeth Bodine-Baron]的文章
百度学术
百度学术中相似的文章
[Don Snyder]的文章
[James D. Powers]的文章
[Elizabeth Bodine-Baron]的文章
必应学术
必应学术中相似的文章
[Don Snyder]的文章
[James D. Powers]的文章
[Elizabeth Bodine-Baron]的文章
相关权益政策
暂无数据
收藏/分享
文件名: RAND_RR1007.pdf
格式: Adobe PDF
文件名: x1495316249927.jpg.pagespeed.ic._iLlV4GnPx.jpg
格式: JPEG

除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。