Mitigating risk to DOD information networks by improving network security in third-party information networks
Author
Kansteiner, Michael J.
Date
2016-06Advisor
Buettner, Raymond R.
Second Reader
Meyer, Ramsey
Metadata
Show full item recordAbstract
Poorly defended third-party information networks can act as an attack vector for cyber attackers to successfully breach larger and more robustly defended information networks. Therefore, third-party networks connecting to Department of Defense (DOD) information networks may pose a significant risk to the DOD. The DOD has attempted to alleviate this risk to its networks by requiring covered defense contractors to meet certain network security standards and by initiating a cyber threat information sharing program: the DOD Defense Industrial Base (DIB) Cyber Security/Information Assurance (CS/IA) Program. However, these DOD actions are not aggressive enough to adequately mitigate this risk to DOD networks. To adequately address this problem, an expanded and more aggressive incentive-based program is required. Existing federal government, incentive-based programs were analyzed as potential exemplars from which to build a new incentive-based network security program. The Department of Homeland Security's (DHS's) Safety Act Program was ultimately chosen as the primary exemplar. Using this model, an Enhanced DOD CS/IA Program was designed to offer the DOD a system that can influence the improvement of third-party network security through a structure of synchronized network security controls and incentives. By implementing the proposed DOD Enhanced CS/IA Program to improve the network security of third-party networks that connect to DOD networks, the DOD can better mitigate the risk of cyber attacks to its own networks.
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.Related items
Showing items related by title, author, creator and subject.
-
Cyber System Assurance through Improved Network Anomaly Modeling and Detection
Bollmann, Chad A. (Monterey, California: Naval Postgraduate SchoolMonterey, California. Naval Postgraduate School, 2019-12); NPS-19-N039-AThe objectives of this work were to investigate the source of the dual natures of network traffic (i.e., Gaussian and alpha-stable) in order prove the merit of further development, improvement, and application of non-parametric ... -
Cyber System Assurance through Improved Network Anomaly Modeling and Detection
Bollmann, Chad A. (Monterey, California: Naval Postgraduate SchoolMonterey, California. Naval Postgraduate School, 2019-12); NPS-19-N039-AThe objectives of this work were to investigate the source of the dual natures of network traffic (i.e., Gaussian and alpha-stable) in order prove the merit of further development, improvement, and application of non-parametric ... -
Homeland Security Affairs Journal, Volume IV - 2008: Issue 2, June
Naval Postgraduate School Center for Homeland Defense and Security (CHDS) (Monterey, California. Naval Postgraduate SchoolCenter for Homeland Defense and Security, 2008-06);June 2008. How do we define “homeland security?” Is it best addressed at a local, state, or national level? These are the underlying questions posed by our authors in this issue of Homeland Security Affairs. In “What is ...