Coast Guard Cutter Bertholf Information Assurance/Tempest Update
Guest Post from CAPT Joseph M. Vojvodich (CG-933), C4ISR Acquisitions Program Manager
IA/Tempest on the BERTHOLF continues to be a point of interest and I wanted to provide a status update.
During the United States Coast Guard Cutter BERTHOLF's construction and post-delivery activities, the Coast Guard has remained focused on the cutter?s Information Assurance (IA)/TEMPEST posture. IA and TEMPEST are important aspects to enable the full multi-mission C4ISR capability on our first-in-class National Security Cutter. The Coast Guard has appropriately addressed the security of its information systems and has periodically reported on the status towards certification.
The Coast Guard has worked diligently at identifying IA discrepancies, including TEMPEST, and continues to capture lessons learned to make the next cutters better. We are taking the appropriate steps to make our National Security Cutter IA compliant including using certified experts to assist in inspecting and correcting discrepancies. The staffs from the Acquisition Directorate and the Technical Authority oversee the work to ensure it is properly completed and also use 3rd parties to perform Independent Verification and Validation (IV&V) to ensure we have secure systems on the cutter. We are now taking the final steps to resolve any remaining issues and protect our systems against cyber attacks.
Information Assurance incorporates the practice of analyzing and auditing software, hardware, and devices for known threats and involves the remediation of vulnerabilities. Our team evaluates external changes, ensures documentation is accurate, and maintains an acceptable security posture. By scanning our systems for vulnerabilities, we update and deploy software and make necessary adjustments in our systems that address IA risks while maintaining the operating capability of the system. Our next planned software load is in March and we will immediately follow the installation with an on board IV&V assessment of the system. Like previous versions, this version of software will have IA incorporated into its development and is a product of best practices and findings of the past.
TEMPEST is an important aspect of managing BERTHOLF's Information Assurance risks and our recent efforts are captured as lessons learned for future cutters. Testing and workmanship activities related to TEMPEST reduce the chances of unintended compromising emanations. We have taken an active role by having our Coast Guard TEMPEST certified field agents and CTTA (Certified TEMPEST Technical Authority) monitor the execution of these lessons learned as new assets are being built. We have performed a rigorous Visual TEMPEST Inspection, corrected the deficiencies that we have discovered, and continue to make the system more robust. In December, the Coast Guard verified that the remaining 122 visual TEMPEST discrepancies identified during the preliminary delivery of the ship (DD-250) were resolved. The test-fix-test methodology over the recent months has proved to be a sound approach. Before U.S. Navy's Space and Naval Warfare Systems Command (SPAWAR), under contract by the Coast Guard Technical Authority, conducts a final Instrumented TEMPEST Survey (ITS) in April on the BERTHOLF, we will continue to employ the services of a National Security Agency certified TEMPEST test services facility throughout the month of March to prepare for final ITS by inspecting and correcting any newly discovered deficiencies. Improvements in our processes, relationships with industry & SPAWAR, and our oversight program have contributed significantly to our progress.
I can report continued progress in the security posture of the BERTHOLF and I am confident that we will achieve the appropriate authorizations and certifications in the near future.
Captain Joseph M. Vojvodich
C4ISR Acquisition Program Manager
Coast Guard Acquisition Directorate (CG-933)
IA/Tempest on the BERTHOLF continues to be a point of interest and I wanted to provide a status update.
During the United States Coast Guard Cutter BERTHOLF's construction and post-delivery activities, the Coast Guard has remained focused on the cutter?s Information Assurance (IA)/TEMPEST posture. IA and TEMPEST are important aspects to enable the full multi-mission C4ISR capability on our first-in-class National Security Cutter. The Coast Guard has appropriately addressed the security of its information systems and has periodically reported on the status towards certification.
The Coast Guard has worked diligently at identifying IA discrepancies, including TEMPEST, and continues to capture lessons learned to make the next cutters better. We are taking the appropriate steps to make our National Security Cutter IA compliant including using certified experts to assist in inspecting and correcting discrepancies. The staffs from the Acquisition Directorate and the Technical Authority oversee the work to ensure it is properly completed and also use 3rd parties to perform Independent Verification and Validation (IV&V) to ensure we have secure systems on the cutter. We are now taking the final steps to resolve any remaining issues and protect our systems against cyber attacks.
Information Assurance incorporates the practice of analyzing and auditing software, hardware, and devices for known threats and involves the remediation of vulnerabilities. Our team evaluates external changes, ensures documentation is accurate, and maintains an acceptable security posture. By scanning our systems for vulnerabilities, we update and deploy software and make necessary adjustments in our systems that address IA risks while maintaining the operating capability of the system. Our next planned software load is in March and we will immediately follow the installation with an on board IV&V assessment of the system. Like previous versions, this version of software will have IA incorporated into its development and is a product of best practices and findings of the past.
TEMPEST is an important aspect of managing BERTHOLF's Information Assurance risks and our recent efforts are captured as lessons learned for future cutters. Testing and workmanship activities related to TEMPEST reduce the chances of unintended compromising emanations. We have taken an active role by having our Coast Guard TEMPEST certified field agents and CTTA (Certified TEMPEST Technical Authority) monitor the execution of these lessons learned as new assets are being built. We have performed a rigorous Visual TEMPEST Inspection, corrected the deficiencies that we have discovered, and continue to make the system more robust. In December, the Coast Guard verified that the remaining 122 visual TEMPEST discrepancies identified during the preliminary delivery of the ship (DD-250) were resolved. The test-fix-test methodology over the recent months has proved to be a sound approach. Before U.S. Navy's Space and Naval Warfare Systems Command (SPAWAR), under contract by the Coast Guard Technical Authority, conducts a final Instrumented TEMPEST Survey (ITS) in April on the BERTHOLF, we will continue to employ the services of a National Security Agency certified TEMPEST test services facility throughout the month of March to prepare for final ITS by inspecting and correcting any newly discovered deficiencies. Improvements in our processes, relationships with industry & SPAWAR, and our oversight program have contributed significantly to our progress.
I can report continued progress in the security posture of the BERTHOLF and I am confident that we will achieve the appropriate authorizations and certifications in the near future.
Captain Joseph M. Vojvodich
C4ISR Acquisition Program Manager
Coast Guard Acquisition Directorate (CG-933)
Posted at
9:36 PM
0 Comments:
Post a Comment
Links to this post:
Create a Link
<< Home