美国空军CROWS办公室最初创建时是解决老式武器系统的网络安全的,现在的目的是确保从新计划开始就考虑网络安全问题。(凯利安诺瓦克/空军国民警卫队)
美国空军武器系统网络弹性办公室(CROWS)是根据2016年法律的一项规定建立的,该办公室责成国防部识别和减轻武器系统的网络安全漏洞,最初侧重于老式遗留系统。但是,其负责人表示,现在它也正在瞄准新武器的网络安全问题。
“我们实际上是在计划执行办公室内嵌入网络专业人员……(因为)我们要向他们解释什么是网络空间;我们希望他们在新的装备采购中传播“网络空间”一词。
作为该工作的一部分,CROWS办公室致力于将系统工程手册精简为八个或九个可执行页面,以使官员和承包商更容易找到快速解决方案。
布拉德利表示:“他们可以进去,在工作说明中找到语言,也可以在征求建议书或规范时找到语言。”他补充说,这对工业基础确实很重要,因为当政府将一项计划更改为另一项,他们争先恐后地找出做出此更改的原因。
“如果我们可以使用标准化语言,那么我们可以与我们的行业合作伙伴进行沟通,'嘿,这是我们上次装备采购时所寻求的相同类型的弹性,相同的态势,” Bradley说。
这项工作需要生命周期管理中心、快速能力办公室、核武器中心以及太空与导弹中心的指挥官共同合作来完成的。
布拉德利表示,他希望该服务的首席收购执行官威尔·罗珀(Will Roper)将这种语言正式发布。
“在前进的道路上,我相信,如果我们正确地做到这一点,那么今天就把重点放在网络上,它将成为每位工程师的观念–它在他们的工具包中;它只是成为另一个系统工程要求。” Bradley补充说。
布拉德利声称,这就是原因,他们已经在PEO中嵌入了网络安全官员,以帮助工程师和指挥官更好地了解计划的网络空间部分。尽管每个PEO只有三名官员,但Bradley表示,他希望PEO权限内的每个程序最终都有网络空间的专家。
但是,布拉德利说,最大的挑战是网络嵌入,而不是后来再进行升级-这种情况主要归结于改变文化生态。
There’s a new role for this Air Force cybersecurity outfit
Mark Pomerleau
Initially created to look at legacy weapon systems, the Air Force CROWS office will be taking aim at ensuring cybersecurity concerns are taken into account from the start of new programs. (Kellyann Novak/Air National Guard)
The Air Force Cyber Resiliency Office for Weapons Systems (CROWS), established by a provision in a 2016 law charging the Department of Defense to identify and mitigate cybersecurity vulnerabilities of weapon systems, initially focused on legacy systems. However, its director says now it’s also taking aim at new ones.
“We’re actually embedding cyber professionals within the program executive offices … [because] we want to explain to them what cyber is; we wanted them to spread that ‘cyber’ word in new acquisitions,” Joe Bradley, the director of CROWS, told Fifth Domain in a December interview.
As part of that effort, CROWS worked to distill the systems engineering handbook to eight or nine actionable pages to make it easier for officials and contractors to find quick solutions.
“They can go in there and they find language in the statements of work or for the request for proposals or the specs,” Bradley said, adding that this is really important to the industrial base because when the government makes changes from one program to another, they are scrambling to find out why that change was made.
“If we can use standardized language, then we can communicate to our industry partners, ‘hey, this is the same type of resiliency, the same posture we’re looking for as we did in the last acquisition,’” Bradley said.
This was done in conjunction with the commanders of the Life Cycle Management Center, Rapid Capabilities Office, Nuclear Weapons Center and the Space and Missile Center.
Bradley said he wants Will Roper, the service’s chief acquisition executive, to sign the language out, making it official.
“Down the road, I believe that if we do this right, by putting the emphasis on cyber right now today, it’s going to become in the mindset of every engineer — it’s in their toolkit; it just becomes another system engineering requirement,” Bradley added.
Sign up for our Daily Brief
Get the top Cyber headlines in your inbox every weekday morning.
This is the reason, Bradley said, they’ve embedded officials within the PEOs to help engineers and commanders better understand the cyber portions of the programs. Though there are only three officials per PEO, Bradley said he hopes eventually there are cyber experts for each program within the PEO’s purview.
The biggest challenge, however, Bradley said, involves baking in cyber versus bolting it on later — a situation that will come down mostly to changing the culture.
本文来自投稿,不代表本人立场,如若转载,请注明出处:http://www.sosokankan.com/article/1797509.html