Saturday, May 21, 2022
  • About us
    • Write for us
    • Disclaimer
    • Terms of use
    • Privacy Policy
  • RSS Feeds
  • Advertise with us
  • Contact us
DefenceTalk
  • Home
  • Defense News
    • Defense & Geopolitics News
    • War Conflicts News
    • Army News
    • Air Force News
    • Navy News
    • Missiles Systems News
    • Nuclear Weapons
    • Defense Technology
    • Cybersecurity News
  • Military Photos
  • Defense Forum
  • Military Videos
  • Military Weapon Systems
    • Weapon Systems
    • Reports
No Result
View All Result
  • Home
  • Defense News
    • Defense & Geopolitics News
    • War Conflicts News
    • Army News
    • Air Force News
    • Navy News
    • Missiles Systems News
    • Nuclear Weapons
    • Defense Technology
    • Cybersecurity News
  • Military Photos
  • Defense Forum
  • Military Videos
  • Military Weapon Systems
    • Weapon Systems
    • Reports
No Result
View All Result
DefenceTalk
No Result
View All Result

Project Sentinel – The Army Announces Cybersecurity Risk Management Framework Reform

by Army News Service
February 21, 2020
in Cybersecurity, Technology News
2 min read
0
Project Sentinel – The Army Announces Cybersecurity Risk Management Framework Reform

Army Cybersecurity

14
VIEWS

The Army is launching Project Sentinel to adapt the current Risk Management Framework (RMF) process into a streamlined threat-informed risk decision process.

The Army adopted the Risk Management Framework in 2015. Since then, as has been the case in other Services, the process has been wrought with challenges including training, time to execute, number of controls, and resourcing. Focus on the process has been more compliance-based with little consideration to current threat information. During the past two years, the Army has made considerable progress in streamlining the RMF process to address Army priorities, and activated Army Futures Command with specific processes for testing tactical systems. In addition, the Army created a process in which rapid capability can be assessed quickly to address high-priority operational needs statements from the field. Now with lessons learned and experience using RMF over the past four years, the Army stands postured to pivot from compliance to a threat-informed risk management process.

Sentinel introduces the prioritization of cybersecurity controls based on current validated threats from authoritative sources, such as Critical Security Controls for Effective Cyber Defense published by the Center of Internet Security (formerly SANs Top 20). The publication identifies controls that address the vast majority of the most common attacks.

The project will also review Army Cyber Command (ARCYBER) threat trends as well as military intelligence from National Ground Intelligence Center and its Intelligence Community partners. The RMF control set can now be tailored to ensure these identified threats are addressed. By focusing on the “right” controls versus “all” the controls, the process becomes less cumbersome and less resource intensive, yet more focused on true cybersecurity risk management.

In addition to focusing on a threat-based risk framework, Sentinel will look to institute a risk threshold. While there is risk that the Army is able to assume or mitigate, there also is risk that needs to be addressed before authorization can be granted. Examples of risk above the threshold are the encryption of personally identifiable information, or monitoring on public facing websites. Examples of risk that the Army can assume or mitigate are vulnerabilities found on a closed or restricted network, or findings that are awaiting completion of documentation. With the adoption of a risk threshold, decisions for where to spend resources become apparent, necessary, and more precise. The cost to fix a cybersecurity finding above the threshold can be prioritized against other findings during an RMF assessment. In addition, the threshold can change with emerging threat information.

The project team will start defining and reviewing the threat resources and mapping validated threats to the RMF controls in Phase 1. Several pilots will be conducted over the next several months to inform the level of assurance we gain from identifying the right controls, making the right assessments, and reviewing the process as a whole. Phase I capability to be available in April-May 2020 timeframe.

Ultimately, cybersecurity is a team sport and this effort bears that axiom out. We have a group of outstanding, dedicated cybersecurity professionals from all over the Army coming together in support of this effort. The Sentinel team is comprised of representatives from the following organizations including: Army Forces Command; the Army Deputy Chief of Staff G-2; the Army National Guard; ARCYBER; Army Materiel Command; Army Test and Evaluation Command; Army Corps of Engineers; Army Reserve Command; Army Network Enterprise Technology Command; Program Executive Office Command, Control Communications-Tactical; and the Army Software Engineering Center.

I look forward to working as a team on this Army-wide effort to make meaningful change in how we execute cybersecurity.

Tags: cybersecuritynetwork securityproject sentinelRisk Managementsecurityus army
Previous Post

Nanoscience breakthrough: Probing particles smaller than a billionth of a meter

Next Post

Software-defined networking could get US Army’s data moving faster

Related Posts

US moves closer to retaliation over hacking as cyber woes grow

UK probes ‘Russian hack’ targeting army recruits

April 28, 2022

The UK defence ministry said Tuesday it was investigating a reported hack by Russia of its computer systems targeting more...

US needs top cyber coordinator, better hacker ‘deterrence’

Space Security Challenge 2022: Hack-A-Sat 3 Registration Opens

April 20, 2022

The U.S. Air and Space Force, in collaboration with the security research community, opened registration April 8 for the qualification...

Next Post
Software-defined networking could get US Army’s data moving faster

Software-defined networking could get US Army's data moving faster

Latest Defense News

EU warns Belarus opening door to Russian nukes after vote

New military bases in western Russia in response to NATO expansion: minister

May 20, 2022
NATO warns Russia readying for ‘full-scale attack’ on Ukraine

Signs multiply Russia seeks control of south Ukraine

May 20, 2022
Biden to announce anti-gun violence measures

Biden begins Asia trip in South Korea, under North nuclear shadow

May 20, 2022
Russian Army Receives More Iskander-M Tactical Ballistic Missile System

Belarus buys S-400, Iskander missiles from Russia: Lukashenko

May 20, 2022
Turkey seeks alternatives to Russian energy after warplane crisis

Erdogan urges NATO allies to ‘respect’ concerns over Finland, Sweden

May 19, 2022
North Korea

North Korea ‘ready for nuclear test’ with Biden due in Seoul

May 19, 2022

Defense Forum Discussions

  • NZDF General discussion thread
  • The Russian-Ukrainian War Thread
  • Russian Air Force News & Discussion
  • Royal Australian Navy Discussions and Updates 2.0
  • Royal Australian Air Force [RAAF] News, Discussions and Updates
  • Indian Military Aviation; News, Updates & Discussions
  • Helocasting with the Special Forces; KCT Jumping from a Chinook!!!
  • AMARG / Boneyard May 2022 Arrival/Departures
  • Middle East Defence & Security
  • China - Geostrategic & Geopolitical.
DefenceTalk

© 2003-2020 DefenceTalk.com

Navigate Site

  • Defence Forum
  • Military Photos
  • RSS Feeds
  • About us
  • Advertise with us
  • Contact us

Follow Us

No Result
View All Result
  • Home
  • Defense News
    • Defense & Geopolitics News
    • War Conflicts News
    • Army News
    • Air Force News
    • Navy News
    • Missiles Systems News
    • Nuclear Weapons
    • Defense Technology
    • Cybersecurity News
  • Military Photos
  • Defense Forum
  • Military Videos
  • Military Weapon Systems
    • Weapon Systems
    • Reports

© 2003-2020 DefenceTalk.com