Historically, an organization developed a Cybersecurity program to achieve compliance. It has been our experience, organizations which achieve full compliance cannot continue to operate because of strict Compliance requirements and the lack of a functional Cybersecurity program. The lack of a functional Cybersecurity program enables methodologies found
Topic: Operational Technology (OT)
“Hardware and software that detects or causes a change through the direct monitoring and/or control of physical devices, processes and events in the enterprise” (Gartner, n.d.). Additionally, this is “often comprised of closed systems warranted by system vendors only as long as customers configure and deploy systems using their rigid specifications. By in large, these system vendors focus on system availability rather than security, to the detriment of good security best practices. Vendor support staff can view security controls as inhibitors to effective operations” (National Grid, n.d.).
Gartner. Gartner IT Glossary (Operational Technology). Retrieved 18 Sep 17 from http://www.gartner.com/it-glossary/operational-technology-ot/
National Grid. (n.d.). “Digital Risk and Security. “Response to NIST: Developing a Framework to Improve Critical Infrastructure Security.” Retrieved 18 Sep 17 from http://csrc.nist.gov/cyberframework/rfi_comments/040813_national_grid.pdf
Stephen Brewster is a graduate of Capitol Technology University with a Masters in Information Assurance Engineering. Stephen has expertise in software assurance, systems integration and testing, and cybersecurity governance and risk management. Mr. Brewster developed software for military logistics planning shortly after finishing his bachelors in Computer
Dr. Rampaul Hollington completed 21 years in the US Army, retiring as a Chief Warrant Officer 3. While on active duty, Dr. Hollington served as an Information Assurance Manager, an Information Assurance Security Officer, Information System Security Officer and COMSEC Custodian. Over the past 11 years, Dr. Hollington worked in support of Cyber programs for
Tim Watkins is a Lead Application Engineer for Schweitzer Engineering Laboratories, Inc. in Pullman, Washington. He retired in 2013 as a decorated Marine Corps Officer and immediately began working for SEL. He currently works in the SEL’s Secure Engineering branch of Research and Development. Tim has a M.S.A in International Leadership from Central
In this article, we discuss the development and transition of the Software Engineering Institute’s (SEI’s) Software Assurance Curriculum. The Master of Software Assurance Reference Curriculum, developed under U.S. Department of Homeland Security (DHS) sponsorship, was endorsed by the Association for Computing Machinery (ACM) and IEEE Computer Society.
Over the last 30 years, the DoD has struggled to adapt to the ever-changing world of software development. Of these many struggles, implementing Agile software development and practicing systems security engineering are two struggles that continue to plague the DoD. In an attempt to overcome both of these hurdles, this paper presents a Software Assurance
Software is inherent in today’s complex systems and is often the primary cost, schedule, and technical performance driver in Department of Defense (DoD) programs. For DoD mission critical systems, the associated software size, complexity, interdependencies, reliance-on for mission and safety critical functionality, and software assurance (high quality and
The ability for commanders to know and understand an organizational attack surface, its vulnerabilities, and associated risks is a fundamental aspect of command decision-making. In the cyberspace domain, ongoing monitoring sufficient to ensure and assure effectiveness of security controls related to systems, networks, and cyberspace, by assessing security
Cyber Physical Systems (CPSs) are electronic control systems that control physical machines such as motors and valves in an industrial plant. In a networked environment, the security of the physical machines depends on the security of the electronic control systems, but cybersecurity is not typically the main design concern. The main concern for CPSs is the
The U.S. Army Research Laboratory (ARL) received the first salvos in the battle for cybersecurity as early as three decades ago. In terms of technology history, it was an astonishingly long time ago. Before most people ever heard of the Internet. Before there were web browsers. Long before the smartphones. Back in 1986, the laboratory withstood attacks by