Block 1 Unit 6: Mission Assurance
OPSEC Process (5)
1. Identification of critical info. 2. Analysis of threats. 3. Analysis of vulnerabilities. 4. Assessment of risk. 5. Application of appropriate OPSEC measures.
Encryption
2 primary forms of encryption: asymmetric - 2 different keys (PKI) symmetric - 1 shared key
EIM - Records Management
Ability to centrally manage all official AF records.
For Official Use Only (FOUO)
Applied to unclassified info that is exempt from automatic release to public under Freedom of Information Act (FOIA).
COMPUSEC - Safeguarding System Info - Classified Processing
Applies to protection of classified systems & data at Secret level.
DAA Representative
Delegated Authorizing Official
Tools to Ensure Confidentiality (3)
Encryption: algorithm converts plaintext to cipher-text so data can't be read by unintended users. Secure Sockets Layer (SSL): method of encrypting transmission control protocol/internet protocol (TCP/IP) transmission en route between client & server using public key encryption tech. Firewalls: gateway devices selectively blocks/filters traffic between networks.
Director, Defense Information Systems Agency (DISA)
Ensures control correlation identifiers Identifies/develops & provides DoD enterprise RMF management tools
Information Assurance Officer
Information System Security Officer
Sniffers
Piece of software grabs all traffic flowing into/out of computer attached to network. Used to match packets against rule-set designed to flag anything malicious/strange. Used to gather data necessary for metrics & analysis. Used to monitor email during investigations. Snort WireShark
Maintenance/Job Control
Plans, organizes, staffs, directs, controls maintenance effort. Responsible to CC for accomplishing maintenance mission.
Emergency Authorization to Connect (E-ATC)
Process for emergency fielding of new capabilities via new products & systems or significant upgrades to existing products & systems.
OPSEC Advisory Reports
Provide advanced notification of a potential threat to ops.
Risk Management framework for DoD Info Technology
Provides disciplined & structured process combining IS security & risk mgt activities into system development life cycle & authorize use within DoD.
Information System Owner (ISO)
Responsible for overall procurement, development, integration, modification, operation, maintenance of information system.
Certification & Accreditation Process
Risk Management Framework
Types of Classifications & FOUO (4)
TS Secret Confidential Unclassified
Top Secret
Unauthorized disclosure could reasonably be expected to cause *exceptionally grave damage* to national security.
Secret
Unauthorized disclosure could reasonably be expected to cause *serious damage* to national security.
DoD Classifications (5)
Unclassified Sensitive but unclassified Confidential Secret Top Secret
Standardization & Evaluation (Stan/Eval)
*Help effectiveness to perform unit mission!* Program to ensure personnel are qualified to perform assigned duties within cyberspace mission. Ensures standardization of operational procedures & provides CC & comms staff meaning indicators reflecting individual & overall crew effectiveness to perform unit mission.
6 steps of RMF
1. Categorize system 2. Select security controls 3. Implement security controls 4. Assess security controls 5. Authorize system 6. Monitor security controls
OPSEC - Self-Assessments & Staff Assistance Visits
2 purposes: To provide info & data into OPSEC risk analysis process & to measure program's compliance with established policies & instructions. Conducted by OPSEC Program Manager.
Information Superiority
Ability to collect, process, disseminate an uninterrupted flow of info. Maintains operational advantage. Denies adversary to do the same.
Accessing eMASS
Accessible via URL address of your org's instance
Goals of Information Operations (IO)
Achieve & maintain info superiority for US & allies. Be free from adversary attack. Be free to attack at will. Freedom to maneuver appropriately. Establish decision superiority.
Authorizing Official Designated Representative (AODR)
Acts on behalf of AO in carrying out & coordinating required activities associated with security authorization.
Accepting Accountability
Agency official accepts responsibility for security of system. *Fully accountable* for any adverse impacts to agency if breach of security occurs.
EIM - Document Management
Allows users to store, retrieve, share electronic documents with security & version control in central repository.
Enterprise Mission Assurance Support Service (eMASS)
Allows users to: Manage key activities in RMF process workflow. Capture system info. Assign users to roles with RMF workflows. Track progress of risk mgt (RM) activities. Monitor current cybersecurity status of info systems. Provide notifications when specific work tasks are required.
Tools to Ensure Integrity (3)
Anti-Virus (AV) Software: prevents viruses, Trojans, worms that allow authorized user access to system & performs hash checks. Change Control Management: formal process to ensure changes to info or info systems are introduced in controlled & coordinated manner. Digital Signatures: utilizes Public Key Infrastructure (PKI)
Information System Security Officer (ISSO)
Assigned responsibility for maintaining appropriate operational security posture for information system/program.
Confidentiality
Assurance that info is not disclosed to unauthorized individuals, processes, devices. Access is granted/denied based upon rights/permissions. Right - action you have to perform Permission - like to a folder
Accreditation
Authorization
Authority to Operate (ATO)
Authorization granted by DAA for DoD IS to process, store, transmit info.
Designated Accrediting Authority
Authorizing Official
Firewalls
Barrier to keep those with less than friendly intentions away from your IS (info system).
OPSEC Responsibilities
Begins with Commanders. Relies on EVERY member of AF.
Critical Information List
Best identified by individuals responsible for planning & execution of unit's mission (commanders & their support staff).
Quality Assurance
CC's tool to ensure process, end item, service is of type & quality to meet/exceed requirements for effective mission ops.
COMPUSEC Objectives
CIA achieved through countermeasures.
Senior Information Security Officer (SISO)
Carries out CIO responsibilities under FISMA & serves as CIO's primary liaison to agency's AOs, info system owners, info system security officers.
COMPUSEC - Safeguarding System Info - Sanitization & Clearing of System Data
Clearing - deletion of data to a point where it cannot be reproduced by *system* tools. Sanitization - deletion of data to a point where it cannot be reproduced with *laboratory* tools.
EIM Generate Mission Applications (2)
Collaborative Tools Knowledge Management
OPSEC - Electronic Systems Security Assessment (ESSA)
Collection & analysis of info transmitted via unsecured & unprotected comms systems. Determine if systems are being used to transmit critical, sensitive, or classified info.
EIM Vision
Common global environment that creates an authoritative source for Airmen to share & acquire info & knowledge.
CIA Triad
Confidentiality Integrity Availability Degree of emphasis on each determined by type of info processed & mission of org responsible for data.
Emissions Security (EMSEC)
Contain compromising emanations within an inspectable space.
eMASS Modules (4)
Control Administration module System Administration module Authorization Process Module Reports module
EIM - Forms
Create, manage, track form-based info that automates common businesses processes requiring structured data content.
COMSEC Incidents (4)
Cryptographic Personnel Physical Aircraft accidents/disasters
Interim Authority to Operate (IATO)
Decision is intended to manage IA security weaknesses while allowing system operation in live environment.
Interim Authority to Test (IATT)
Decision is special case for authorizing testing in operational info environment or with live data for specified time period.
COMPUSEC - Safeguarding System Info - Remediating Procedures
Delete spilled info. Re-label media containing spilled info. Remove classified info from media. Erase OS, program files, all data files. Erase all partition tables & drive formats. Erase & sanitize media. Forfeit the media.
EIM - Workflow Management (WM)
Delivers powerful web-enabled coordination, staffing, task management of documents, files, info requests using email or web.
EMSEC - Cryptographic Equipment Countermeasure Review
Depends on type of info processed. Evaluates possibility of escape of classified info. RED Black separation - unencrypted classified vs unclassified/encrypted classified cabling distance. Radiation characteristics of system.
Denial of Authorization to Connect (DATC)
Determination that IS cannot connect to AF-DoDIN because of inadequate IA design, failure to adequately implement assigned IA controls, other lack of adequate security.
EMSEC - Countermeasures Reviews
Determines needed EMSEC countermeasures for an info system that process classified info.
Joint IO vs AF IO
Different terms, same goal - support commander's obj using integrated capabilities.
COMPUSEC - Software Usage
Efforts/actions to determine what types of ISs or software can be acquired by AF. IA awareness & education Maintaining user accounts Managing remote access Administrative access End-user access Limited (general) access
Unit OPSEC Program
Enforce building security. Conduct random anti-terrorism measures (RAM). Ensure personnel are properly storing classified documents. Conduct investigations on security incidents Operational focus. Personnel understand "real world" implications.
EIM - Collaborative Tools
Facilitate interaction among 2 or more individuals allowing users to view shared documents, presentations, applications.
Authorization to Connect (ATC) Approval
Formal approval for an IS to connect to AF-DoDIN & acceptance of risk associated with IS connection by AF-DAA or delegated individual.
Joint Info Ops
Guidance for JFC: plan execute assess
Tier 3
IS/PIT (Platform Info Tech) Systems RMF operates primarily at Tier 3! Address risk from an information system perspective & is guided by risk decisions at Tier 1 & 2.
AF Tools Sets & Methods for Ensuring CIA
Identification & Authentication: procedure required both possession & knowledge-based tokens ensure dual level security. Host Based Security System (HBSS): provides second line of defense inside network perimeter. Assured Compliance Assessment Tool (ACAS): automatically identifies config vulnerabilities that could threaten the security of DoD's computer systems.
OPSEC Vulnerability Reports
Identify a disclosure of critical info or provide identification of OPSEC indicators that could jeopardize ongoing/planned ops.
OPSEC - Multi-Disciplinary Vulnerability Assessment (MDVA)
Identify ops vulnerabilities, operational impacts, exercise threat response procedures.
3 Categories of TCTOs
Immediate Action TCTOs Urgent Action TCTOs Routine Action TCTOs
Decision Superiority
Improve ability to OODA faster & more effectively than adversary.
User Representative (UR)
Individual/org that represents user community for particular system for RMF purposes.
For Official Use Only Law Enforcement Sensitive (FOUO)
Info compiled for law enforcement purposes
Originator Controlled (ORCON)
Info may not be disseminated beyond original distribution without approval of originating office.
Unclassified
Info no considered to be of particular damage to nation - however, large amts of unclassified info may indeed reveal info that could be considered classified.
Availability
Info, computing systems used to process info, IA controls & security controls to protect info are all available & functioning correctly when info is needed.
Information Assurance Manager
Information System Security Manager
3 Types of TCTOs
Inspection TCTOs Record TCTOs Interim TCTOs
Denial of Authorization to Operate (DATO)
Issued if determined that a DoD IS should not operate.
Interim TCTOs
Issued when circumstances preclude timely publication of emergency instructions as formal TCTOs. (msg?)
Observe, Orient, Decide, Act (OODA)
Leverage tech to achieve air, space, info superiority & be able to operate in faster decision cycle (decision superiority) than adversary.
Computer Security (COMPUSEC)
Measures & controls that ensure CIA of info systems assets including hardware, software, firmware, info being processed, stored, communicated.
Communications Security (COMSEC)
Measures taken to deny unauthorized persons access to info derived from info systems. *Key tapes (physical or digital) & devices that do encryption/decryption.*
Basic EMSEC Process
Meow details
OPSEC - Self-Assessment Survey
Method to determine if there is adequate protection of CI during any operation or activity.
Operations Security (OPSEC) Concept & Applicability
Methodology that can be applied to any operation or activity for denying critical info to adversary. Aims to identify any unclassified activity or info that when analyzed with other activities/info can reveal protected & important friendly ops, info, activities.
Legal Considerations
Military Necessity: what is military gain? Discrimination or Distinction: don't target civilians. Proportionality: don't kill fly with cannon. Unnecessary Suffering: limit effect to only what is needed.
Tier 2
Mission/Business Processes Addresses risk from mission & business process perspective
Anti-Virus Software
Mitigates known viruses, malicious mobile code, Trojans, worms, etc.
Tools to Ensure Availability (4)
Network Equipment: routers, switches, other network devices to ensure data is transmitted to only authorized recipients. Power Backup: equipment connected to uninterruptable power supply (PUS) to ensure systems stay running when power lost. Data Backups: redundant servers, tape drives, hard drives (Redundant Array of Independent Disks (RAID) - store off site. Web Services: provide ability to make data available via World Wide Web - present vulnerabilities that can be exploited to access data on internal non-public systems.
Inspection TCTOs
Non-configuration change TCTOs that direct a 1-time inspection to determine equipment condition or configuration.
Accreditation
Official mgt decision given by senior agency official to authorize operation of information system.
Tier 1
Organization Development of governing structure & risk mgt strategy that includes techniques & methodologies to assess info system related risks, methods, procedures
DoD Chief Information Officer
Oversees implementation. Directs & oversees cybersecurity risk mgt. Distributes RMF info stds & sharing requirements. Manages transition from DIACAP to RMF.
Information System Security Manager (ISSM)
Oversight responsibilities for information security program.
Limited Distribution (LIMDIS)
Personnel can be granted access to info bearing LIMDIS caveat provided they have valid need to know.
Information Environment
Pre-industrial/Industrial Age Warfare: commands atop hill surveying battlespace. Information Age Warfare: tech-centric.
Information Security Purpose
Primary goal: efficiently & effectively protect AF info. Delegate authority to lowest levels possible. Encourage & advocate use of risk management principles. Focus on identifying & protecting only that info that requires protection. Integrating security procedures into our business processes. Ensure everyone understands their security roles & responsibilities.
Integrity
Principle that guarantees data is not arbitrarily changed.
Integrated Maintenance Data System (IMDS)
Production oriented, base-level automated maintenance mgt system designed to give managers visibility & control resources at unit level.
HBSS
Protects every server, workstation, laptop. Enables system admins to have complete visibility to what's happening on their networks through pre-defined reports. System admins easy, centralized management of system security tools through a console. Provides common tool suite used throughout DoD enabling synergy in training, equipment, processes.
Chief Information Officer
Provide advice to head of exec agency to ensure acquired IT & info resources are consistent with laws, directives by head of agency. Develop, maintain, facilitate implementation of integrated info tech architecture for agency. Promote effective & efficient design & operation of all info resources mgt & work processes for agency.
EIM Goal
Provide decision-quality info from single, authoritative repository via a common message, transport, storage, presentation interface with 24/7/365 role-based access.
Operations & Maintenance Mgt
Provide high degrees of reliability & low failure rates for electronic equipment processing data critical to aircraft ops, flight mgt, other mission sensitive areas. AFNETOPS community integrates practices from aircraft & comms-electronics maintenance into network maintenance as networks are used to transmit critical data.
Physical Security Measures
Provide means to counter threat entities during peacetime, mobilization, wartime. Physical security equipment, procedures, devices used to protect security interests from possible threats. Shall be sufficient to maintain continuity of ops of critical users & facilities they support. Security guards, barriers, doors, fences, biometrics
EIM - Knowledge Management
Provide means to integrate & aggregate data that displays, stores, reuses analysis for further knowledge refinement.
AF Technical Orders (TOs)
Provide operators & maintainers of equipment and/or systems admins with guidance regarding equipment use & maintenance.
Objs to Cyber Stan/Eval
Provide system to assess individual proficiency & capability to accomplish assigned operational duties. Ensure compliance with directives. Develop & coordinate standardized task-oriented eval criteria based on unit mission. Ensure standardization of operational procedures. Recognize trends & recommend changes to training programs & directives. Evaluate & revise operational directives, procedures, techniques as required. Enhance overall mission effectiveness & safety.
Virtual Private Network (VPN)/Secure Networking
Provides encrypted means of transporting data across internet, NIPRNET, within AF provisioned portion of DoDIN. Allow remote users access into otherwise private networks & resources.
Enterprise Information Management (EIM)
Provides foundation for enabling mission capabilities through seamlessly integrated access to right info, anytime, anywhere, directly supports concept of Knowledge-Based Ops (KBO).
EMSEC Assessments
Purpose: determine if EMSEC countermeasures are required & which measures must be put in place based on type of info being processed.
EIM Capabilities (4)
Records Management Workflow Management Forms Document Management
Information System Security Engineer (ISSE)
Responsibility for conducting information system security engineering activities.
Security Control Assessor (SCA)
Responsible for conducting security control assessment.
Security Test & Evaluation Report
Security Assessment Report
Certification
Security Control Assessment
COMPUSEC - Safeguarding System Info - Risk Factors
Select appropriate remediation procedures based on several factors. Important to not send classified msg to other individuals in the report.
OPSEC Tools (4)
Self-Assessments & Staff Assistance Visits (SAV) OPSEC Self-Assessment Survey Electronic Systems Security Assessment (ESSA) Multi-Disciplinary Vulnerability Assessment (MDVA)
Authorizing Official (AO)
Senior/federal official with authority to assume responsibility for operating an IS at acceptable level of risk to organizational ops, assets, individuals, nation
How to request COMSEC support, clarification, assistance
Separate chain of command User -> Wing IA Office COMSEC Manager -> MAJCOM IA Office -> AFNIC/EVPI -> SAF/A6P
Communication Focal Points (CFP)
Serve as maintenance ops center, telephone helpdesk, client services center.
COMSEC - Access Controls & Procedures
Store classified COMSEC material to prevent unauthorized access. GSA approved containers. Limited to only authorized individuals. Entry procedures will be developed. AF Form 1109 Visitor Register Log. Destruction & witness officials - must destroy COMSEC items, destruction certificate.
EIM Mission
Support global combat & mission ops by providing right info to right individuals.
COMPUSEC - Safeguarding System Info - Wireless Service Control
Susceptible to interference & easily jammed.
Risk Management Benefits
System categorization lets info system owners (ISO) tailor security controls. Stds for reciprocity are better defined. Residual risk determines based on likelihood & impact & account for mitigation. Expanded control sets catalog results in specific implementation procedures that are tailored better to system attributes. Provides framework designed to adapt to speed of cyber threat evolution. Continuous re-authorizations possible when cybersecurity risk is properly managed.
Urgent Interim Authorization Request (UIAR)
System required to meet mission requirement prior to completion of C&A Workflow/DIACAP process & system doesn't have existing Authorization to Operate.
Record TCTOs
Tabulate equipment affected, index necessary installation drawings & instructions & list required parts which are provided by kits.
Policies & Procedures (3)
Tier 1, 2, 3
Confidential
Unauthorized disclosure could reasonably be expected to cause *damage* to national security.
Sensitive but Unclassified
Unclassified info concerned with protecting availability & integrity as well as confidentiality of info
Time Compliance Technical Orders (TCTOs)
Used to modify existing equipment.
COMPUSEC - consents
User identification & authentication Consent to monitoring. Monitoring Network equipment Monitoring telephones Monitoring Facsimile Electro mail Transmittal
EMSEC - Comm System Countermeasure Review
Uses distance, equipment TEMPST characteristics, facility characteristics to determine required countermeasures that need to be applied.
EMSEC - Information System Countermeasure Review
Uses inspectable space, equipment TEMPEST characteristics, facility characteristics to determine required countermeasures that need to be applied.
