In 2015, the DepSecDef (DSD) directed the Joint Staff to develop a Cybersecurity Key Performance Parameter (KPP). The tasking was a response to the Director of Operational Test & Evaluation (OT&E) highlighting multiple weapon systems with the same “dirty dozen” high-risk vulnerabilities reported every year that should have been fixed prior to OT&E and would now be harder and more costly to mitigate.
The probable root cause was that the only contractually binding cyber requirement on almost all legacy systems was “enough cybersecurity compliance to obtain an ATO.” Despite all the tested systems having an ATO and cyber guidance from 40+ U.S. Department of Defense Instructions, there were (1) no threshold performance requirements for cybersecurity or cyber resilience, (2) no adapt resourcing to achieve and sustain a meaningful cyber risk posture, and (3) no actionable cyberthreats to justify the appropriate level of protection for resource sponsor action.
Instead of a Cybersecurity KPP, a Cyber Survivability Endorsement (CSE) was added to the Joint Staff’s System Survivability Key Performance Parameter (SS KPP), which places cyber within a project manager’s operational risk trade-space for functionality (cost, schedule, and performance).
This webinar training will provide a brief introduction to the CSE and how its framework applies to any acquisition pathway to improve weapon system cyber survivability. The webinar will address the following:
- How and Why Cyber Survivability
- Long Life Cycle Challenges
- Hidden Costs and Risks of Defects
- Cyber Survivability and Risk Management Framework
- Resource and Mission Risk Benefits