ndia se division – annual planning meeting december 11-12, 2013 1 systems security engineering...
TRANSCRIPT
NDIA SE Division – Annual Planning MeetingDecember 11-12, 2013
1
Systems Security EngineeringCommittee
Status and Plans December 2013
Holly Coulter Dunlap, RaytheonBeth Wilson, Raytheon
Industry Co-Chairs
NDIA SE Division – Annual Planning MeetingDecember 11-12, 2013
2
SSE Committee2013 Status: NEW
Activity Plans for 2013 Status/Plans
Added Task Apr 2013:New SSE Committee
Continue work of Systems Assurance Committee to follow up on May 2012 Program Protection Planning (PPP) workshop
Kickoff held June 18, 2013Committee renamed Systems Security Engineering (SSE) Committee
NDIA SE Conference: SSE track, joint SSE/SoS trackProgress on 5 priorities identified May 2012
Follow-on Workshop planned for May 2013
Complete In Process Cancelled
NDIA SE Division – Annual Planning MeetingDecember 11-12, 2013
3
SSE Committee - 2014 Task PlanProjects Working Group
Proposed 2014 Tasks:
• PPP Implementation Workshop• Joint meetings with SED Committees
• Developmental Test and Evaluation: Connections between PPP and cyber testing guidelines
• Systems of Systems: PPP leverage points in the SoS Wave Model
Deliverables/Products
• Workshop Recommendations • NDIA SE Conference Progress Briefings• Comments on PPP related guidance
Schedule / Resources
• PPP Workshop Apr/May• Joint meetings with SED Committees Jun/Aug
• Developmental Test and Evaluation• Systems of Systems
Issues / Concerns:
• Industry and government engagement
NDIA SE Division – Annual Planning MeetingDecember 11-12, 2013
4
Summary of SSE Committee2014 Plans
Topic Activity
SSE
PPP Workshop 2014: Follow-on to 2012 Workshop Focus on Taxonomy and MetricsMay 20-22: MITRE facility in McLean, VA
Industry Inputs Comments on guideline documentsInputs into PPP implementation
SED
Systems of Systems 2014: PPP leverage points in the SoS Wave Model
Developmental Test and Evaluation
2014: Cyber testing guidelines connections to Program Protection Planning
Completed Current Proposed
NDIA SE Division – Annual Planning MeetingDecember 11-12, 2013
5
Systems Security Engineering
• Restart Former Systems Assurance Committee• New Systems Security Engineering Committee
• Kick-off June 18th
• Track at SE Symposium• Planning follow-on workshop in 2014 on Program Protection Plan
2013
NDIA SE Division – Annual Planning MeetingDecember 11-12, 2013
6
NDIA SE Conference2013
Issue Short Title NDIA SE Conference Paper
1 Taxonomy 16290 – Critical Program Information Test Vector (Geoff “Ninja” Donatelli, Raytheon)
2 Metrics 16185 – Software Assurance and NDAA 2013: Software Code Quality Checking (John Keane DoD VA IPO, Vik Chauhan Deloitte Consulting)
3 Contracts andAcquisition Strategy
16223 – System Security Engineering and Comprehensive Program Protection (Melinda Reed, OSASD SE)
4 Threat and Attack Vectors
16051 – Engineering Your Software for Attacks (Bob Martin, Mitre)16077 – Security Engineering in a Systems of Systems Environment (George Rebovich, Mitre)16001 – Strategic Cybersecurity Threat Analysis Framework: Know Your Enemy to Defeat Your Enemy (Michele Myauo, Microsoft)16111 – A Supply Chain Attack Framework to Support DoD Supply Chain Security Risk Management (Dr. John Miller, Mitre)
5 Education 16153 – A Practical Educational Approach to Program Protection Planning (Dr. Don Gelosh, Worcester Polytechnic Institute)