Systems Security Engineering Committee Status and Plans December 2013 Holly Coulter Dunlap, Raytheon Beth Wilson, Raytheon Industry Co-Chairs NDIA SE Division – Annual Planning Meeting December 11-12,
Download ReportTranscript Systems Security Engineering Committee Status and Plans December 2013 Holly Coulter Dunlap, Raytheon Beth Wilson, Raytheon Industry Co-Chairs NDIA SE Division – Annual Planning Meeting December 11-12,
Systems Security Engineering Committee Status and Plans December 2013 Holly Coulter Dunlap, Raytheon Beth Wilson, Raytheon Industry Co-Chairs NDIA SE Division – Annual Planning Meeting December 11-12, 2013 1 SSE Committee 2013 Status: NEW Activity Added Task Apr 2013: New SSE Committee Plans for 2013 Continue work of Systems Assurance Committee to follow up on May 2012 Program Protection Planning (PPP) workshop Status/Plans Kickoff held June 18, 2013 Committee renamed Systems Security Engineering (SSE) Committee NDIA SE Conference: SSE track, joint SSE/SoS track Progress on 5 priorities identified May 2012 Follow-on Workshop planned for May 2013 NDIA SE Division – Annual Planning Meeting December 11-12, 2013 2 Complete In Process Cancelled SSE Committee - 2014 Task Plan Projects Working Group Proposed 2014 Tasks: Deliverables/Products • PPP Implementation Workshop • Joint meetings with SED Committees • Developmental Test and Evaluation: Connections between PPP and cyber testing guidelines • Systems of Systems: PPP leverage points in the SoS Wave Model • Workshop Recommendations • NDIA SE Conference Progress Briefings • Comments on PPP related guidance Schedule / Resources Issues / Concerns: • PPP Workshop Apr/May • Joint meetings with SED Committees Jun/Aug • Developmental Test and Evaluation • Systems of Systems • Industry and government engagement NDIA SE Division – Annual Planning Meeting December 11-12, 2013 3 Summary of SSE Committee 2014 Plans SED SSE Topic Activity PPP Workshop 2014: Follow-on to 2012 Workshop Focus on Taxonomy and Metrics May 20-22: MITRE facility in McLean, VA Industry Inputs Comments on guideline documents Inputs into PPP implementation Systems of Systems 2014: PPP leverage points in the SoS Wave Model Developmental Test and Evaluation 2014: Cyber testing guidelines connections to Program Protection Planning Completed NDIA SE Division – Annual Planning Meeting December 11-12, 2013 Current Proposed 4 2013 Systems Security Engineering • Restart Former Systems Assurance Committee • New Systems Security Engineering Committee • Kick-off June 18th • Track at SE Symposium • Planning follow-on workshop in 2014 on Program Protection Plan NDIA SE Division – Annual Planning Meeting December 11-12, 2013 5 2013 NDIA SE Conference Issue Short Title NDIA SE Conference Paper 1 Taxonomy 16290 – Critical Program Information Test Vector (Geoff “Ninja” Donatelli, Raytheon) 2 Metrics 16185 – Software Assurance and NDAA 2013: Software Code Quality Checking (John Keane DoD VA IPO, Vik Chauhan Deloitte Consulting) 3 Contracts and Acquisition Strategy 16223 – System Security Engineering and Comprehensive Program Protection (Melinda Reed, OSASD SE) 4 Threat and Attack Vectors 16051 – Engineering Your Software for Attacks (Bob Martin, Mitre) 16077 – Security Engineering in a Systems of Systems Environment (George Rebovich, Mitre) 16001 – Strategic Cybersecurity Threat Analysis Framework: Know Your Enemy to Defeat Your Enemy (Michele Myauo, Microsoft) 16111 – A Supply Chain Attack Framework to Support DoD Supply Chain Security Risk Management (Dr. John Miller, Mitre) 5 Education 16153 – A Practical Educational Approach to Program Protection Planning (Dr. Don Gelosh, Worcester Polytechnic Institute) NDIA SE Division – Annual Planning Meeting December 11-12, 2013 6