1.0. introduction – purpose, authority, scope, and … › bbcswebdav › institution ›...

FOR TRAINING PURPOSES ONLY

Joint Reconnaissance and Autonomous Targeting System (JRATS) / Joint Training and Maintenance

System (JTAMS)

Increment 1

Program Protection Plan

DISTRIBUTION STATEMENT

DESTRUCTION NOTICE:


Approved ByMilestone Decision Authority

__ SIGNED__________________William KennedySecurity Manager JTAMSChair, Security WIPTDate

___ SIGNED_________________George Rekab, GS-15Program Manager, JTAMSDate

CONCURRENCE___ SIGNED_________________Mark Johnevicz, PhD. GS-15Chief Systems Engineer, Program Executive Office, JRATSDate

___ SIGNED_________________Den Timman, Brig Gen, USAF Program Executive Officer, JRATSDate

COMPONENT APPROVAL___ SIGNED_________________Honorable Iwanna PassAssistant Secretary of the Air Force for Acquisition (ASAF(A))Air Force Acquisition ExecutiveDate

TABLE OF CONTENT


1.0 Introduction – Purpose, Authority, Scope, and Update Plan1.1 System Description1.2 Program Protection Responsibilities

2.0 Program Protection Summary2.1 Schedule2.2 CPI and Critical Functions and Components Protection

3.0 CPI and Critical Components3.1 Identification Methodology3.2 Inherited CPI and Critical Components3.3 Organic CPI and Critical Components

4.0 Horizontal Protection5.0 Threats, Vulnerabilities, and Countermeasures

5.1 Threats5.2 Vulnerabilities5.3 Countermeasures

5.3.1 Anti-Tamper (AT)5.3.2 Information Assurance (IA)5.3.3 Software Assurance (SA)5.3.4 Supply Chain Risk Management5.3.5 System Security Engineering5.3.6 General Countermeasures

6.0 Other System Security-Related Plans and Documents7.0 Program Protection Risks8.0 Foreign Involvement

8.1 Defense Exportability Features9.0 Processes for Management and Implementation of PPP

9.1 Audits/Inspections9.2 Engineering/Technical Reviews9.3 Verification and Validation9.4 Sustainment

10.0 Processes for Monitoring and Reporting Compromises11.0 Program Protection Costs

11.1 Security Costs11.2 Acquisition and Systems Engineering Protection Costs


Appendix A: Security Classification GuideAppendix B: Counterintelligence Support PlanAppendix C: Critical Functional AnalysisAppendix D: Anti-Tamper PlanAppendix E: Acquisition Information Assurance (Cybersecurity) StrategyAppendix F: CPI Memorandum from ARTPC

TABLES

Table 1.0-1: PPP UpdateTable 1.1-1: Program InformationTable 1.2-1: Program ResponsibilitiesTable 2.2-1: CPI and Critical Components Countermeasures SummaryTable 3.2-1: Inherited CPI and Critical ComponentsTable 3.3-1: Organic CPI and Critical ComponentsTable 4.0-1: Horizontal Protection InformationTable 5.0-1: Summary of CPI Threats, Vulnerabilities, and CountermeasuresTable 5.1-1: Threat Product ReferencesTable 5.1-2: Identified Threats to Inherited CPI and Supply ChainTable 5.2.1: Potential CPI and Critical Components VulnerabilitiesTable 5.3.3-1: Software AssuranceTable 5.3.4-1: Supply Chain Risk Management ActionsTable 5.3.5-1: Systems Security Engineering ActivitiesTable 5.3.6-1: Generic Program Countermeasure/Security ActivitiesTable 6.0-1: Other System Security – Related Plans and DocumentsTable 7.0-1: Program Protection RiskTable 8.0-1: Foreign Involvement SummaryTable 11.1-1: Security Costs above NISPOM RequirementsTable 11.2-1: Acquisition and Systems Engineering Protection Costs

FIGURES

Figure 1.1-1: OV-1 for Joint Training and Maintenance System (JTAMS)

1.0. Introduction – Purpose, Authority, Scope, and Update Plan

The Joint Reconnaissance and Autonomous Targeting System (JRATS) / Joint Training and Maintenance System (JTAMS) Program Protection Plan (PPP) is a living document. The purpose of this plan is to identify Critical Program Information (CPI), Critical Components, and Critical Functions (CFs) that must to be protected from foreign collection activity and to develop the protection countermeasures necessary to protect them. JTAMS will facilitate the remote performance of high value, high risk missions through the integrated use of the Joint Command and Control System (JCCS), the Joint Training and Maintenance System (JTAMS), the Joint Unmanned Ground Vehicle (JUGV), and the Firebird Unmanned Aerial Vehicle (FUAV) in combination, or singly, with greatly reduced casualties. The JUGV shall also be capable of operations by remote control and/or limited autonomous operation without the FUAV.

The JTAMS Systems PPP, part of a multidiscipline security program, ensures that organic and critical components and CFs along inherited CPI within GFE components are protected from foreign collection, design vulnerability, supply chain exploitation or insertion. The PPP focuses on Information and Communications Technology and logic-bearing components.

The JTAMS PPP is applicable to all government and contractor personnel assigned to and supporting JTAMS systems. Contractors will protect program information in accordance with contractual requirements specified in the DD 254, DoD Contract Security Classification Specification, and DoD 5220.22-M, National Industrial Security Program Operating Manual (NISPOM).

The JTAMS PPP:

Will be updated as required. Project Office (PO) JTAMS is the update authority Program Executive Officer JRATS is the approval authority

This document constitutes the initial JTAMS PPP. Updates and revision history will be reflected in Table 1.0-2: JTAMS PPP Update Record.

Table 1.0-2: JTAMS PPP Update Record

Revision Number Date Changes Approved By

Initial _________ Initial BG Robert L. Marion

5. Program Summary. The JRATS program will employ an evolutionary acquisition approach. Increments 1 and 2 have been defined. An evolutionary approach will be facilitated through the modular design of the JUGV and the adoption of the Joint Architecture for Unmanned Ground Systems (JAUGS) and the Joint Architecture for Unmanned Aerial Vehicles (JAUAV). The JAUGS and JAUAV are a part of the “Automated Battle Command, Integrated (ABCI)” architecture that integrates autonomous devices on the battlefield; this is a CJCS vision. Increment 1 will provide the warfighters with battlespace awareness, force application, force protection, and command and control capabilities that are not currently available. The JRATS program will field initial mission packages with Increment 1 by the end of FY8 related to intelligence, surveillance, and reconnaissance; direct fire; and employment of fire support. JTAMS will support standard maintenance of these missions to include the ability to monitor critical sub-system statuses of all

FOR TRAINING PURPOSES ONLY 5

vehicles and weapons systems. BC detection capability is deferred to Increment 2 because of the current low level of technical maturity of potential BC sensor packages. Also deferred to Increment 2 is the ability for JTAMS to do expert system analysis and make automated logistics supportability predictions of mission packages based on the equipment status and resources aboard the FUAV and JUGV. In addition, the ability for JTAMS to model and simulate for mission rehearsal purposes the Direct Fire and Fire Support missions will be delayed until JRATS Increment 2 due to the complexity of the algorithms needed to solution these missions. Estimated MS B for Increment 2 is 4Q, FY7 with fielding of BC sensor packages starting in FY13. A separate Increment 2 CDD will be issued to govern this effort. JRATS will utilize an open system architecture and modular design to implement this evolutionary approach. The modular design philosophy anticipates that all Increment 1 JRATS will be retrofitted with Increment 2 BC packages.

Figure 1.1-1: OV-1 for JTAMS


1.2. Program Protection Responsibilities

The JTAMS PO is responsible for the JTAMS PPP. The JTAMS PO Security Manager is responsible for implementing security countermeasures.

2.0. Program Protection Summary

The JTAMS PO is preparing documentation to provide the Program Protection for the Army JTAMS Systems.

2.1. Schedule

2.2. CPI and Critical Functions and Components Protection


The JTAMS PO determined that no Organic CPI existed for the JTAMS through a CPI Assessment (CPIA) facilitated by the U.S. Army’s Research, Technology, and Protection Center (ARTPC). The JTAMS PO identified the following components as Government Furnished Equipment (GFE) in various JTAMS systems to be assessed for possible inherited CPI.

Table 2.2-1: Government Furnished Equipment

COMMUNICATIONS NAVIGATIONAN/ARC-331 (Airborne Communication System)AN/ARC-320 (SINCGARS Radio)AN/ARC-310 (SINCGARS Radio)AN/ARC-301 (SINCGARS Radio)AN/ARC-166 (UHF/AM Radio Set)

TA-294 (GPS Receiver)H654G (Embedded GPS/Inertial Navigation System (EGI))TAGR (Tiny Airborne GPS Receiver)

A search of the Acquisition Security Database (ASDB) and coordination with the proponent commands for the above listed GFE items revealed inherited CPI involving Government Furnished Information and Communications Technology and logic-bearing components provided by other Project Management Offices. Inherited CPI is identified in Table 2.2-2: CPI and Critical Components Countermeasure Summary. (Not Included)

b. The CFA disclosed two organic CF Priority Level 2.

(1) Derive and display FUAV state information; the mitigated risk to this CF is assessed as low. This assessment is based on system design elements built into the UAV design. Alternative capabilities and redundant design utilizing separate and distinct technologies/components reduce the vulnerability to any single adversarial attack methodology, see Figure 7.0-1: Program Risk Matrix.

(2) Providing threat identification, classification, and location information, derived from hosted ASE and displayed through the same critical components (existing mitigations, as well as, a redundant stand-alone display).

Table 2.2-2: CPI and Critical Components Countermeasure SummaryProtected Item(Inherited

and Organic)Countermeasures (CM)

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15Organic

CPIThere is no organic CPI associated with the Commercial FUAV’s and JUGV’s comprising the JTAMS

Inhe

rite

d C

PI

Mark XYZ Mode 25 Cooperative Identification Capability (APX-789) – Operational Key I I I I I I

Mark XYZ Mode 25 Cooperative Identification Capability (APX-789) – Crypto Algorithm I I I I I I

Critical Components

Hardware x x x x x x x x x

Software x x x x x x x x


Key General Countermeasures

Research and TechnologyProtection Countermeasures

Trusted Systems Design Countermeasures

X = Implemented

I = Denotes protection already implemented if CPI is inherited

1 Personnel Security2 Physical Security3 Operations Security4 Industrial Security5 Training6 Information Security7 Foreign Disclosure/ Agreement

8 Transportation Management9 Anti-Tamper10 Dial-down Functionality

11 IA/Network Security12 Communication Security13 Software Assurance14 Supply Chain Risk Management15 System Security Engineering (SSE)

3.0. CPI and Critical Components

3.1. Identification Methodology

On 18 Jul 11, the Under Secretary of Defense for Acquisition, Technology, and Logistics (USD[AT&L]) directed that: “every acquisition program shall submit a PPP for MDA review and approval at Milestone A and shall update the PPP at each subsequent milestone and the Full-Rate Production decision. While some programs may not have CPI, every program, including those with special access content, shall address mission-CFs and components requiring risk management to protect warfighting capabilities.” This requirement has been incorporated into AR 70–77, Research, Development, and Acquisition Program Protection, dated 7 April 2014.

PM JTAMS conducted an assessment to identify CPI utilizing the approved Army methodology in accordance with the procedures outlined in DoDI 5200.39, DoDI 5000.02, DoDI 5200.44, and the 18 July 2011 USD(AT&L) policy memorandum. The JTAMS Product Office (PO) determined that no organic CPI existed for JTAMS. This determined based on the results of the CPIA conducted on 2 Apr 00, which was facilitated by an ARTPC Technology Protection Engineer. Also present at the assessment were representatives from the JTAMS Product Office, PEO JRATS, and the Military Intelligence (MI) Group. The assessment was performed for the JTAMS only.

Updates to this PPP will occur as appropriate prior to major program milestones and full-rate production decisions in accordance with the Acquisition Decision Memorandum for future milestone events.

The JTAMS criticality analysis focused on the following overall mission categories:

a. Survivability

b. Command, Control, and Communications (C3)

The JTAMS PO assessed the system impact of item compromise for the identified hardware and software logic-bearing components and determined the FUAV’s and JUGV’s has no CF Priority Level 1 (Catastrophic) components. PM JTAMS did identify a total of four CF Priority Level 2 (Critical) components, hardware (two) and software (two). Additional information can be found in the CFA.

The JTAMS PO determined that the impact of loss of these CFs results in their being identified as Priority Level 2. The unmitigated risk was assessed as medium. However, they are risk-mitigated by design. These CFs are common to all JTAMS platforms and are the subject to rigorous design


assurance and testing. Mitigation for each of these components is explained throughout the document. Mitigation results in a residual risk assessment of low for all components.

The supporting logic-bearing components to the CFs were assessed as CF Priority Level 2 (Critical). All remaining components were assessed as CF Priority Level 3 (Marginal) and CF Priority Level 4 (Negligible).

3.2. Inherited CPI and Critical Components

JTAMS FUAV’s and JUGV’s have inherited CPI contained in specific GFE and logic-bearing components from other organizations, as shown in Table 3.2-1: Inherited CPI and Critical Components. The component manager is responsible for notifying PM JTAMS of any new components with inherited CPI added to the JTAMS configuration. In addition, the PEO JRATS TPO will review the ASDB to identify possible inherited CPI. The JTAMS PO will safeguard the inherited CPI in accordance with the proponent’s PPP.

Table 3.2-1: Inherited CPI and Critical ComponentsInherited

Critical Item Parent Program Original Use Planned Use

Variation in CMs?

Inherited Program POC

BFT 22 Blue Force Tracker System

Program Executive Office, Aviation

Blue Force Tracker System

No variation from original use

NoneProject ManagerAviation SystemsBuilding 5309Redstone Arsenal, AL

H654GGlobal Positioning System Wing (GPSW)

Embedded GPS/Inertial Navigation System (EGI)

No variation from original use

None

Global Positioning System Wing (GPSW), 483 N. Aviation Blvd, El Segundo, CA 90245-2808

3.3. Organic CPI and Critical Components

No Organic CPI has been identified for JTAMS FUAV’s and JUGV’s. The JTAMS PO determined that the JTAMS has no CF Priority Level 1 (Catastrophic). All CF Priority Level 2 are mitigated through various means to ensure that the risk of failure of any one component is reduced to a marginal level. This assessment is based on system design elements built into the FUAV’s and JUGV’s design. Alternative capabilities and redundant design utilizing separate and distinct technologies/components reduce the vulnerability to any single adversarial attack methodology. JTAMS FUAV’s and JUGV’s are so configured so that none of the identified CF Level 2 is a single point of failure for a system.

4.0. Horizontal Protection Horizontal protection is the responsibility of the DoD components. The mechanism to support horizontal protection of CPI is the ASDB. The PEO JRATS TPO is responsible for updating the ASDB record when CPI is identified and for following up with other program offices when potentially similar CPI exists.


Table 4.0-1: Horizontal Protection InformationDate of Last ASDB Update: N/A Date of Next ASDB Update:

CPI Other Programs With Same or Similar CPI Pending Adjudications of CPI? (Y/N)N/A

5.0. Threats, Vulnerabilities, and Countermeasures

The JRATS STAR (DA G2 Validation Memo Dated 11 Sep 00) summarizes the approved threat for the combat and material developers, developmental and operational testers, and evaluators for JTAMS FUAV’s and JUGV’s.

The JTAMS PO and JTAMS PO Security Manager have reviewed the threats and have determined that the primary threats to the JTAMS FUAV’s and JUGV’s are from Human Intelligence (HUMINT) and Signals Intelligence (SIGINT). The determination was reached that the JTAMS FUAV’s and JUGV’s has no unmitigated risk because of the full range of traditional security countermeasures being implemented. The likelihood of compromised data, insertion of malware into the software, and insertion of counterfeit parts has been mitigated to an acceptable level for the identified JTAMS Priority Level 2 CFs. No additional countermeasures beyond those listed in this document are required. Particular emphasis was placed on Physical Security, Operations Security (OPSEC), Industrial Security, Security Education, Communications Security (COMSEC), Supply Chain Risk Management (SCRM), and Cybersecurity to counter the identified threat. The assessed residual risk to the MFD/SAD/FMS hardware and software after the mitigation plan is considered low. All required threat countermeasures will be reassessed at the JTAMS FUAV’s and JUGV’s enters a different acquisition phase or there is a significant change in the threat.

Refer to the threat products identified in the “Threats” column of Table 5.0-1 for the Foreign Intelligence and Security Services threat to identified inherited CPI. Specific threat product references to the JTAMS and inherited CPI are represented in Table 5.1-1, in Section 5.1 section below.

Table 5.0-1: Summary of CPI Threats, Vulnerabilities, and Countermeasures

Inhe

rited

CPI

CPI/CCSection 2.0

ThreatsSection 5.1

Vulnerabilities Section 5.2

Countermeasures Section 5.3

Mark XYZ Mode 25 Cooperative (Inherited CPI)

(U) The Foreign Intelligence, Terrorist Organization and Cyber Collection Threats to the U.S. Army, FY 2012

Refer to component manager’s PPP for inherited CPI

Refer to component manager’s PPP

If Organic CPI or any additional CF Priority Levels 1 or 2 are identified in the future, the JTAMS PO will assess the risk to the identified CPI or CFs and components. These assessments will be based on a Threat Assessment and Vulnerability Analysis. If the implemented countermeasures are insufficient, a suite of appropriate countermeasures, including SCRM key practices, will be recommended to the JTAMS PO for approval based on the assessed risk. All issues will be mitigated till the residual risk is acceptable.


5.1. Threats

The overall threat level to the inherited CPI and CFs Level 2 associated with the JTAMS FUAV’s and JUGV’s is assessed as medium, based on the threat identified in the reference documents listed in Table 5.0-1: Summary of CPI Threats, Vulnerabilities, and Countermeasures. The vulnerability to that threat after application of engineering design, information/software/ hardware assurance, and generic security activities is mitigated to an acceptable level.

The supporting Intelligence Analyst matrix from the G-2, U.S. Army Aviation and Missile Command is responsible for all intelligence support to the JTAMS PO and is the focal point to the Intelligence Community. All intelligence and threat support documents, intelligence gaps, and information requirements are submitted using COLISEUM and assigned to the appropriate Intelligence Production Center. In addition, the Redstone Detachment, 902D MI Group is the focal point for all counterintelligence support. Support will be consistent with the conditions of the Counterintelligence Support Plan. The JTAMS PO utilized the multiple intelligence and threat support documents generated regarding the JTAMS FUAV’s and JUGV’s to develop and refine the PPP. These intelligence products are updated on a recurring basis based on requirements. (References not included)

Table 5.1-2: Identified Threats to Inherited CPI and Supply Chain

T# Threat Description Consequence of Threat Realization

1 HUMINT Collection

Multiple countries have demonstrated the capability and intent to collect U.S. industrial trade secrets and classified information through human collectors.

Compromise of US technology lead

2 SIGINT Collection

Multiple countries has demonstrated the capability and intent to illegally intercept U.S. communications

Compromise of US technology lead

3 Malicious Code

There are validated incidents of foreign countries inserting malware into the software of Critical Components of U.S. systems

Degraded or untrustworthy performance of targeted

4Counterfeit or Substandard Components

There are validated incidents of counterfeit or substandard components being provided to the US Government for use in a U.S. weapons systems

Degraded or untrustworthy performance of targeted component

5.2. Vulnerabilities

Based on the threats identified in the Table 5.1-2, Identified Threats to Inherited CPI, organic CFs/Critical Components, and Supply Chain the overall vulnerability to the JTAMS FUAV’s and JUGV’s is assessed as medium. All information for the JTAMS FUAV’s and JUGV’s is currently maintained in government offices and contractor facilities. Risk mitigation contained in Table 5.3.6-1: Generic Program Countermeasures/Security Activities and Table 4.3.4-1: SCRM Actions brings the risk of loss or compromise to an acceptable level.

The vulnerabilities assessed from the JTAMS FUAV’s and JUGV’s Priority Level 2 CFs are listed in Table 5.2-1: Potential CPI and Critical Component Vulnerabilities. These vulnerabilities were then


weighed against the in-place countermeasures to determine residual risk.

Table 5.2-1: Potential CPI and Critical Component VulnerabilitiesV# CPI/Critical Components Identified Vulnerabilities1 Hardware Counterfeit parts, substandard assembly, loss of intellectual property

2 Software Malicious code, loss of developmental lead time

5.3. Countermeasures

The primary risk mitigation countermeasures for the identified CF Level 2 elements are engineering design, information/ software/hardware assurance, and generic security activities. The JTAMS PO Security Manager, with support from the PEO JRATS security staff, has identified traditional security discipline countermeasures to mitigate the known threat to the JTAMS FUAV’s and JUGV’s. This includes generic countermeasure categories, such as personnel security, physical security, industrial security, OPSEC, information security, security training and education, and foreign disclosure. The PEO JRATS Chief Information Officer/G6 and the Network Enterprise Center are responsible for providing assistance in the areas of Information Assurance and Network Security. Specific examples of how the JTAMS PO and JTAMS PO have implemented the various selected security disciplines to protect the identified CF on the JTAMS FUAV’s and JUGV’s are as follows: (not included)

The JTAMS PO will safeguard inherited CPI in accordance with the component manager’s PPP. Items falling under the category of Controlled Cryptographic Item will be safeguarded in accordance with the regulatory guidance.

5.3.1. Anti-Tamper (AT)

The Anti-Tamper requirement is not applicable to the JTAMS. If CPI is identified in the future, the appropriate steps will be taken to determine whether a need exists to develop an AT plan and implement AT solutions. Inherited component with identified AT application is identified in Table 2.2-2: CPI and Critical Components Countermeasure Summary.

5.3.2. Information Assurance (IA)/Cybersecurity (IA/CS)

Refer to the system Acquisition Cybersecurity Strategy and ISP.

Agents of the Certifying Authority are responsible for assessing the adequacy of IA/CS countermeasures for CPI. The key IA schedule milestone is the Department of Defense IA Certification and Accreditation Process (DIACAP) or assessment under the DoD Risk Management Framework (RMF).

Per the current Acquisition Strategy, the JTAMS PO has reviewed all appropriate IA policies and guidance. JTAMS PO has addressed the implementation of these Cybersecurity considerations in the Program Cybersecurity Strategy. Cybersecurity requirements, including the set of baseline Cybersecurity controls per National Institute of Standards and Technology (NIST) Special Publication 800-53, Security and Privacy Controls for Federal Information Systems and


Organizations and applicable Committee on National Security Systems Instruction (CNSSI) No. 1253 overlays, which are commensurate with the system’s Confidentiality, Integrity, and Availability Levels, shall be clearly communicated to offers in the program’s solicitations and contracts.

Funding to implement the necessary IA/CS program will be inherent in the engineering, management, and production elements of individual contracts and flowed to subcontractors, as appropriate, depending on their role on the program. JTAMS PO will fulfill the required obligation to manage Cybersecurity considerations at the system level as they are identified during the process. Upcoming Requests for Proposal and Statements of Work will state the requirements for the contractor to adequately plan and resource the implementation of required controls and complete required training per DoDD 8570.01, Information Assurance Workforce Improvement Program.

Personnel involved in the development and operation of JTAMS FUAV’s and JUGV’s must understand the tenants of Cybersecurity to ensure the resultant products provide the necessary protections IAW DoDD 8570.01. The degree of training required to attain the necessary level of IA awareness varies depending on the role each individual serves in the development program. The individual(s) who are primarily responsible for defining Cybersecurity within the system engineering process and implementing Cybersecurity features within the architecture will have completed or be on track to complete formal Cybersecurity training such as the Computer Information System Security Professional, Global Cybersecurity Certification from the SANS Institute, or other Cybersecurity Manager accreditation. All personnel who are appointed the role of IA Security Officer must complete a course of instruction on automated system security appropriate for the duties assigned to them. All other persons supporting the program will participate in an annual security training and awareness program.

The JTAMS PO will address Cybersecurity requirements and be compliant throughout the system life cycle in accordance with DoD 8500.01, Cybersecurity and DoD Instruction 8510.01, Risk Management Framework (RMF) for DoD Information Technology (IT). JTAMS PO will be in full compliance with the IA requirements in accordance with DoD 8500 series and CJCSI 6510 series directive, instruction, and manuals.

5.3.3. Software Assurance

The JTAMS FUAV’s and JUGV’s will be modified and maintained by multiple contractors who will be responsible for software assurance. These contractors, in agreement with JTAMS PO, will scan applicable software for Information Assurance Vulnerability Alerts (IAVAs). As the DoD identifies IAVAs, the contractor will receive copies of reports that outline potential vulnerabilities. The contractor should scan for these potential vulnerabilities; if any are found, they should properly mitigate and/or patch these potential vulnerabilities. This ensures software that is designed and tested is protected. The JTAMS includes the airframe and MEP. For the purpose of this document, only the airframe is considered, not the MEP.

Commercially Off-the-Shelf (COTS) software of unknown pedigree will not be included on the JTAMS due to stringent requirements for detailed review and testing for Flight Safety Critical Software, IAW DO-178B/C. IA testing will be fully integrated in the system Test and Evaluation Master Plan. Due to the requirements for Office of the Director, Operational Test and Evaluation (DOT&E) policy for IA testing, Common Vulnerabilities and Exposures, Common Attack Pattern Enumeration and Classification, Common Weakness Enumeration, and Penetration Testing will be performed on the entire system regardless of CF Priority.


Table 5.3.3-1: Software AssuranceDevelopment Process

Software (SW) (CPI, CF components, other SW)

Static Analysisp/a (%)

Design Inspect

Code Inspectp/a (%)

CVEp/a (%)

CAPECp/a (%)

CWEp/a (%)

Pen Test

Test Coverage

p/a (%)

Developmental CF SW 100/0 Two Levels 100/0 100/0 100/0 100/0 Yes 75/0

Other Developmental SW none One level 100/0 100/0 100/0 100/0 Yes 50/0

CF Level 1 & 2 COTS CPI and CF SW Vendor SwA Vendor

SwAVendor

SwA 100/0 100/0 100/0 Yes UNK

CF Level 1 & 2 COTS (other than CPI and CF) and NDI (Spell out NDI) SW

No No No 100/0 100/0 100/0 Yes UNK

Operational SystemFailover Multiple Supplier

Redundancy (%)

Fault Isolation

Least Privileg

eSystem Element

IsolationInput

Checking / Validation

SW load key

Developmental CF SW 50 All All Yes All All

Other Developmental SW None Partial none None All AllCOTS (CPI and CF) and NDI SW None Partial All None Wrappers/ All All

Development Environment

SW Product Source Release testing

Generated code inspectionp/a (%)

5.3.4. Supply Chain Risk Management

SCRM requirements identification will be accomplished by the program through the use of the following actions:

a. Identifying Mission Categories/Capabilities

b. Identifying CFs/CPI

c. Identifying Logic Bearing Components

d. Assigning Criticality Levels

e. Identifying Critical Suppliers

f. Repeat steps a - e at each appropriate event/milestone

It is planned that a contract will be required to implement this action. The Performance Work Statements (PWS) will detail a list of components and software related items that are considered Critical Safety Items (CSIs). CSIs are subjects that are required to be discussed in detail in the


proposed manufacturing plan. Further, CSIs that can be non-destructively inspected/tested shall be subjected to 100% inspection by the Contractor unless specific approval is received from the cognizant Design Control Activity. Hardware items that require destructive testing are to be tested on a lot or batch basis with no skip lots allowed. Additional Contractor requirements in the PWS are as follows: Government audits, traceability, purchasing records, retention of records, supplier removal notifications, sourcing and procurement, CSIs implementation plan and CSIs program control board requirements.

The following actions related to SCRM, identified in the anticipated listing of key practices provided by the Assistant Secretary of the Army for Acquisition, Logistics, and Technology have been implemented by the JTAMS PO and the JTAMS PO.

5.3.5. System Security Engineering

System Security Engineering (SSE) is considered as part of the overall Cybersecurity and System Engineering (SE) processes. Specifically, the contractor is required to produce Cybersecurity design and system architecture packages for review that include consideration of SSE practices using MIL-HDBK-1785 as guidance. Adversary scenarios and vulnerability analysis will be considered as part of the design review process and identified risks will be incorporated into the SE Risk Management plan. CF Priority Level 2, mitigation through flight safety criticality qualification, will consider SSE as part of the design. If new Organic CPI or CF Priority Levels 1 or 2 are identified in the future, then JTAMS PO will identify the appropriate SSE procedures for safeguarding the identified CPI or CFs and components. Error: Reference source not found, below, shows how SSE activities are incorporated throughout the system lifecycle.

5.3.6. General Countermeasures

Table 5.3.6-1: Generic Program Countermeasures/Security Activities, below, contains examples of general security countermeasures that have be incorporated into the protection plan for the JTAMS .

Table 5.3.6-1: Generic Program Countermeasures/Security Activities

Type Detail

Information Security

Information Security will adhere to the guidance provided in AR 380-5, Department of the Army Information Security Program; Program Executive Office Aviation, Standard Operating Procedure 14-01 Security; and the various JTAMS specific Security Classification Guides (SCG).

Physical Security

Physical Security will adhere to the guidance provided in AR 190-13, The Army Physical Security Program. Access Control System.

COMSECJTAMS PO complies fully with AR 380-40, Policy for Safeguarding and Controlling Security (COMSEC) Material; Program Executive Office Aviation, Standard Operating Procedure 14-01 Security.

OPSEC JTAMS PO complies with AR 530-1, Operations Security. Program Executive Office Aviation, Policy Memorandum 12-08, Operations Security (OPSEC).

Foreign Visit Program

JTAMS PO complies with AR 380-10, Foreign Disclosure.JTAMS PO complies with the PEO JRATS Foreign Disclosure Officer process.Project office personnel, other government organizations and contractors will adhere to approved visit procedures for the facility being visited.


CPI Protection Training

JTAMS PO personnel will follow the guidance outlined in the PPP.JTAMS PO personnel responsible for identifying and managing/protecting CPI will take online Defense Acquisition University CLE 022, Project Manager (PM) Introduction to Anti-Tamper (AT) Training after such time as organic CPI is identified.

CybersecurityAcquisition Cybersecurity Strategy for the systems Information Support PlansJTAMS PO complies with AR-25-2, Information Assurance and all Enterprise Network (RAEN) Users Policy.

Flight Safety Critical Processes

Special processes, inspection, and testing for software (DO-178) and hardware (DO-254) are required for flight safety critical components that also provide significant security measures.

Secure System Administration

Acquisition Cybersecurity Strategy for the systems Information Support Plans.

Personnel Security

JTAMS PO complies with AR 380-67, Personnel Security Program.JTAMS PO complies with the PEO JRATS Personnel Security processes.

Industrial Security

Industrial Security will adhere to the guidance provided in the JTAMS FUAV’s and JUGV’s specific SCG, DD Form 254, and the NISPOM.

6.0. Other System Security-Related Plans and Documents

The following table shows other system security related plans and documents. (not included)

7.0. Program Protection Risks

The JTAMS FUAV’s and JUGV’s have no known unmitigated risks. JTAMS FUAV’s and JUGV’s face the risk of potential compromise of U.S. technological lead time through the threats of hostile HUMINT/SIGINT collection and degraded or untrustworthy performance from the insertion malicious code or counterfeit components. The assessed risk without application of countermeasures is medium. The existing threat to the JTAMS PO offices and related contractor facilities has been addressed in Table 5.1-2: Identified Threats to Inherited CPI and Supply Chain. Countermeasures contained in Table 5.3.6-1: Generic Program Countermeasures/Security Activities and Table 5.3.4-1: Supply Chain Risk Management Actions. The residual risk to the inherited CPI and Level 2 CFs after application of these countermeasures is assessed as low.

System design elements include alternative capabilities and redundant design utilizing separate and distinct software and components reduce the vulnerability to any single adversarial attack methodology built into the FUAV’s and JUGV’s design. Mitigation is also provided through implementation of the see Figure 7.0-1: Program Risk Matrix.

All classified contracts awarded for the JTAMS FUAV’s and JUGV’s will contain a DD-254, Department of Defense Contract Security Classification Specification to address all security requirements. Contractors will be required to comply with the NISPOM. Security/Cybersecurity inspections of contractor facilities as required will be conducted to identify vulnerabilities and verify compliance with all provisions of the contracts.

Risks to CF Priority Level 2 items are primarily to aviation-specific components (not exclusive to military use, such as navigation) and are managed through the System Engineering Plan Risk Management process and application of the identified security countermeasures.


The assessed risk without application of countermeasures would be medium. The residual risk after application of the countermeasures identified in Error: Reference source not found and Table 5.3.6-1: Generic Program Countermeasures/Security Activities is assessed as low.

Figure 7.0-1: Program Risk Matrix

8.0. Foreign Involvement

This is a U.S. ONLY SYSTEM. There is no current foreign involvement.

There is no foreign involvement in JTAMS systems. It will remain the responsibility of the prime contractor to ensure DD Form 254 compliance with PEO JRATS approval of any foreign vendors.

Table 8.0-1: Foreign Involvement Summary

8.1. Defense Exportability Features

There is no plan to offer JTAMS systems for foreign military sales. Any Direct Commercial Sale of the commercial FUAV’s and JUGV’s hosting JTAMS systems would have no bearing on the Army programs.

9.0. Processes for Management and Implementation of PPP

9.1. Audits/Inspections

The Defense Security Service is responsible for ensuring the cleared defense contractors comply with the NISPOM. In addition, contractors must comply with the DD Form 254 and JTAMS FUAV’s and JUGV’s specific SCG. JTAMS program schedules contain security inspections of contractor facilities to identify any security vulnerabilities and verify compliance with all security provisions of the contracts.


YellowYellow

Green

Red Problems or challenges exist and workable solutions have not been identified.

Problems or challenges exist and workable solutions have been identified.

No significant issues or problems.

5

4

3

2

1

54321

LIKELIHOOD

CONSEQUENCE

9.2. Engineering/Technical Reviews

The JTAMS PO will conduct rigorous engineering and technical reviews associated with flight safety critical software requirements (DO-178) and Cybersecurity testing. These will include Failure Modes Criticality and Effects Analysis (FMECA) and other safety related detailed engineering reviews associated with airworthiness.

9.3. Verification and Validation

Verification and validation activities will be a part of the Engineering Manufacturing Development phase. The planned validation and verification will cover CFs identified through planned assessment and as a part of the system engineering process. The Test and Evaluation (T&E) Community must comply with the specific FUAV’s and JUGV’s Security Classification Guide (SCG) during testing.

9.4. Sustainment

The Life Cycle Sustainment Plan for Operations and Sustainment of the JTAMS will include performance measures which will be developed for all support contracts once they are determined. Supportability Integrated Product Team Reviews will be conducted quarterly to analyze the supply chain risk identification and information assurance risks. The concept for the JTAMS FUAV’s and JUGV’s is through Life Cycle Sustainment Planning to utilize the Product Support Manager construct to provide program oversight and implement an Interim Contractor Support (ICS) with a phased approach to organic Government fielded support while utilizing the two level maintenance concepts. A Feasibility Product Support Business Case Analysis (BCA) Type I which will be expanded into a formal Type II BCA IAW DoD Product Support BCA Guidebook and the Product Support Manager Guidebook will be conducted to determine the most viable and cost effective means of support strategies. The integration of Condition Based Maintenance+ initiatives will be utilized to reduce unscheduled maintenance which will reduce the logistics footprint by reducing excess stock levels required of a reactive maintenance processes. Item Unique Identifier marking will also be implemented for Total Asset Visibility of serial number managed items and flight critical components.

10.0. Processes for Monitoring and Reporting Compromises

The process for monitoring and reporting any future compromise of classified or Controlled Unclassified Information will be in compliance with contract instructions and accompanying DD Form 254. The reporting individual must immediately notify his/her respective Facility Security Officer or Security Manager. The Facility Security Officer or Security Manager notifies PM JTAMS. The process for monitoring and reporting the compromise of information at government offices will be IAW the PEO JRATS, Standard Operating Procedure, Number 14-01, Security.

11.0. Program Protection Costs

The JTAMS PO Security Manager will estimate any program protection costs and request program funds for follow-on contract awards using the appropriate allocation process.

11.1. Security Costs


There is no additional security cost associated with safeguarding the existing CF Priority Level 2. The selected security countermeasures are in compliance with Army regulations and contractors will comply with the NISPOM. In addition, the CF Priority Level 2 risk has been mitigated through the engineering processes and the cost is included in the design and implementation related to airworthiness. In addition, none of the inherited CPI components currently require additional countermeasures over the application of Government security regulation and contractor compliance with the NISPOM.

11.2. Acquisition and Systems Engineering Protection Costs

To Be Determined (TBD)

Table 11.2-2: Acquisition and Systems Engineering Protection Costs

Cost Type Activity Responsibility Cost

SCRM N/A

Verification &Validation N/A

Sustainment N/ATotal N/A


Appendix A: Security Classification Guide (SCG)

The current classification guidance is contained in the attached JRATS SCG.


Appendix B: Counterintelligence Support Plan (TBP)


Appendix C: Critical Function Analysis for JTAMS (TBP)


Appendix D: Anti-Tamper Plan Not applicable.


Appendix E: Acquisition Information Assurance (IA) / Cybersecurity Strategy

The current Acquisition Information Assurance Strategy for JRATS is attached. The Cybersecurity Strategy document will be maintained as a separate product and revised upon transition from DIACAP to RMF. Contact the Cybersecurity Manager for JTAMS for additional information; contact information for the various Cybersecurity personnel are contained in the current Cybersecurity Strategy.
