INFORMATION SYSTEMS & GLOBAL SERVICES Craig Solem, CISSP Lockheed Martin Information Systems and Global Services Program Manager, Joint Medical information

INFORMATION SYSTEMS & GLOBAL SERVICES

Craig Solem , CISSP

Lockheed Martin Information Systems and Global ServicesProgram Manager, Joint Medical information Systems for

Naval Space and Warfare systems Center AtlanticJanuary 8, 2010

Lockheed MartinCyber Security

Ensuring Mission Integrity, Assurance, & Resilience To Fight Through The Attack


Outline

• Who We Are• Cyber Security Customers• Cyber Tradeoff Model• Characteristics of LM Solutions• Security Approach• Cyber Security Technology• Center for Cyber Security Innovation


Lockheed Martin Information Systems & Global Services

• The leading provider of Information System Solutions and Services for the US Government for 14 years

• Over $10Billion in annual sales

• 52,000 Employees across every state and 50 countries

• CMMI Level 5, ITIL v2/3, ISO 27001

• 4,000 Customer programs

• 80 – 120 Vendors Evaluated Yearly


• Security Operations

• Security Engineering

• Security R&D

• Across All Domains

• Policy Support

• Security Planning

• Defense in Depth

• Unique Solutions

Intel31%

Defense38%

Civil25%Int’l6%

Cyber Security Solutions & Operations For a Wide Range of Customers


Cyber Tradeoff Model - Decisions

Solution: “One Size Does Not Fit All”


Cyber Tradeoff Model

• Commercial SolutionsCommercial Solutions• SI Value: Integration of Commercial SI Value: Integration of Commercial

ProductsProducts

Solution: “One Size Does Not Fit All”


Cyber Tradeoff Model

Commercial SolutionsCommercial SolutionsSI value: Integration of Commercial SI value: Integration of Commercial

ProductsProducts

• Mission Critical Mission Critical • Leveraging R&D, National Labs and UniversitiesLeveraging R&D, National Labs and Universities

• SI Value: Integration + IPSI Value: Integration + IP

Solution: “One Size Does Not” Fit All”


Characteristics of LM Solutions - Approach

Integrated SolutionsIntegrated Solutions

Proactive ServicesProactive Services

Resilient SystemsResilient Systems

Trusted InformationTrusted Information

Cyber Security is all about providing Mission Assurance

Mission EnablersMission Enablers

HOWHOW


IS&GS NexGen Cyber Innovation & Technology Center

Accelerating Cyber Security Innovation To Ensure Mission Integrity, Assurance, & Resilience To Fight Through The Attack

• Native Design, Engineering, & Test Innovation Teams from across IS&GS and partners

• Extensive LIVE portfolio of LM R&D and current capabilities

• Extensive partner LIVE portfolios (COTS/Open Source)

• Real, Relevant, Rapid Availability of Our Current & Next Generation Integrated Capabilities

• Global Cyber Innovation Range for test, verification, offense /defense exercise, & partner collaboration

• Cloud enabled virtual and real onDemand compute/network/test capabilities

• Classified and unclassified labs

• High Definition Collaboration Networks & Tools across LM Innovation Centers & Partners

• Multiple network access: Direct Internet, LMI, HIWAE, Classified

• Rapid Prototypes and Proof of Concepts enablers

• Operational Team Access & Use of Solutions

Global Cyber Innovation RangeGlobal Cyber Innovation Range

Defense IC EIG GlobalCivil R&SO

LMCO IS&GS


TestRequirements

Security “built-in” the Life Cycle

Proposal Planning Design Operations

Program & TechnicalPlan

SystemDesignDocument

Development Deployment

Proposal Review PSCR SRRSDR

DDR TRR ORR PIR Annual

SystemRequirementsDocument

OperationalConceptDocument

TechnicalProposals

ConfigurationManagementPlan

Test Plans

SustainingEngineering Plan

Retirement Plans

EngineeringDeployment Plan

SystemComponentDesignDocument

SystemTestReport

•Security Requirements

•Security work products *

•Data/Info Criticality & Sensitivity

• Identify/Assess Threats & Vulnerabilities

•C&A Criteria•21 BFC

•Monitor & Sustain Approved

Security Baseline

•Resolve New Security Risks

•High Level Solution

•High Level Plan

• INFOSEC Plan

• INFOSEC Test Plan

• INFOSEC Test Procedures

• INFOSEC Test Cases

• INFOSEC Test Scenarios

•System Disposal -INFOSEC Requirements

•Develop Design

•Security Testing

•Certification

•Allocate Security Requirements

•Evaluate Alternatives

•COTS Selection

•Security Components

•Discrepancy Reporting/ Mitigation

•SRA Report•Accreditation

Security is part of every review (peer, technical, management)

•Security Architecture

•Secure Code

•INFOSEC Sustainment Strategy

• INFOSEC Plans & Procedures


Documents

INFORMATION SYSTEMS & GLOBAL SERVICES Craig Solem, CISSP Lockheed Martin Information Systems and Global Services Program Manager, Joint Medical information