Standardized and Repeatable Technology Evaluation for Cybersecurity Acquisition

Hallman, Roger A.; Romero-mariona, Jose; Major, Maxine; Kline, Megan; Kerr, Lawrence; Palavicini, Geancarlo; San Miguel, John; Bryan, Josiah

Standardized and Repeatable Technology Evaluation for Cybersecurity Acquisition

Active / Technical Report | Accession Number: AD1031839 |

Open PDF

Abstract:

Cybersecurity is a growing concern for the United States Government, indeed the United States is on the receiving end of an estimated 100,000 cyber-attacks each day. Cybersecurity is a fast-growing market where technologies are constantly evolving to counter threats to information and operations systems. Across the U.S. Government as a whole, there is no standard and repeatable methodology for evaluating cybersecurity technologies. In this document, we introduce the Department of Defense DoD-centric and Independent Technology Evaluation Capability DITEC, an experimental decision support service within the DoD, which aims to provide a standardized framework for cybersecurity technology evaluations in support of acquisition decision making. In addition to DITEC as a proof of concept, we describe a family of services including DITEC , an enterprise-level tool, and the Cyber-SCADA Evaluation Capability C-SEC, an instantiation of DITEC for evaluating SCASA network cybersecurity technologies.

Author(s):

Hallman, Roger A. ; Romero-mariona, Jose ; Major, Maxine ; Kline, Megan ; Kerr, Lawrence ; Palavicini, Geancarlo ; San Miguel, John ; Bryan, Josiah

Author Organization(s):

Space and Naval Warfare Systems Center Pacific San Diego

Descriptive Note:

Technical Report

Pagination:

0027

Security Markings

DOCUMENT & CONTEXTUAL SUMMARY

Distribution:

Approved For Public Release

Distribution Statement:

Approved For Public Release;

RECORD

Collection: TR

Identifying Numbers

Report Number(s):

SPAWAR/SCP-TD-3316, SSC Pacific

Subject Terms

Joint Capability Areas:

JCA_5_Command and Control; JCA_5.3_Planning; JCA_6_Net Centric; JCA_6.4.1_Secure Information Exchange; JCA_6.4.2_Protect Data and Networks; JCA_6.4_Information Assurance; JCA_3.2_Engagement; JCA_3_Force Application; JCA_3.2.2_Non-Kinetic Means; JCA_5.3.4_Develop Courses of Action; JCA_5.3.5_Analyze Courses of Action; JCA_5.3.3_Develop Strategy; JCA_7.1.2_Prevent Non-kinetic Attack; JCA_7.1_Prevent; JCA_7_Protection; JCA_5.4_Decide; JCA_5.2_Understand; JCA_6.1_Information Transport; JCA_5.2.3_Share Knowledge and Situational Awareness; JCA_6.2.3_Core Enterprise Services; JCA_1_Force Support

Communities of Interest:

Cyber

Descriptor(s):

cyberattacks, computer network security, department of defense, graphical user interface, network protocols, procurement, information systems, operating systems, DECISION SUPPORT SYSTEMS

Field(s)/Group(s):

Computer Systems Management and Standards

Keyword(s):

cybersecurity, technology acquisition, technology selection, purchase process, enterprise ready technology evaluation capability, cybersecurity in industrial control systems, critical infrastructure, Cyber SCADA Evaluation Capability, Department of Defense (DoD) centric and Independent Technology Evaluation Capability

Report Date:

2017 Feb 01

Creation Date:

2017 Oct 31