In order to provide a safe and successful event, the Cybersecurity Workshop is going Virtual! We will be using the Accelevents Platform. The video below is a quick video on how to enter and navigate the virtual event hub as an attendee. FAQ and best practices will be posted soon! If you have any questions please email Lena@itea.org
Watch Live – Watch presentations, keynotes and panel discussions from top industry thought-leaders all day, every day!
Discuss – Comment and question in real time. Spark conversations with your fellow attendees.
Question – Get in-depth answers in real-time in our live Q&A sessions in each presentation and panel!
On-Demand – Missed a session? Catch-up in your own time! Included in the cost of registration is access to all “on-demand” content up until 31 Dec.
Networking – Connect with your fellow attendees and potential customers! You will be able to message, schedule meetings and video chat.
Virtual Exhibition – Search through exhibitors from your own desk and find the latest services and technology solutions for your company.
Cyberspace is one of the most critical domains in maintaining our nation’s superiority. However, the 2018 General Accounting Office (GAO) report on “Weapon Systems Cybersecurity” states, by using basic tools and techniques, testers were able to take control of major weapon systems under development with ease and operate largely undetected. Challenges of weapon systems cybersecurity include complex and intense software in systems, common tactical networks, lack of test infrastructure and tools, lack of test assets and cyber T&E workforce, data rights issues and many more. This workshop will focus on solutions and approaches to overcome these challenges with special emphasis on the Weapon Systems. Our goal is to share practical knowledge and information to rapidly enhance the Weapon Systems Cybersecurity posture.
Please join us as members of the T&E community from academia, industry, and government discuss the evolving discipline of Cybersecurity T&E. Come share your thoughts, connect with others, and learn from some of the leading experts at this Workshop.
Abstract Submission Form
Abstracts will be accepted on a “Space Available” basis through September 30th
The pre-workshop tutorials will be held on Monday, 16 November. Each of the 4-hour Pre-Workshop Tutorials provide 4 contact hours of instruction (4 CEUs) that are directly applicable to your professional development program, including the Certified Test and Evaluation Professional Credential (CTEP). A certificate of completion will be provided upon request.
The ITEA leadership authorized special fees to accommodate those in the T&E community that may be experiencing a financial burden. No travel expenses incurred and a one-time discounted rate is our way of keeping education key during these unprecedented times.
The fee to attend a 4-hour tutorial is $200. If you would like to take a second course, your fee then becomes $300 for both classes . Upon registration, use the discount code “TWO-Tutorials” at checkout.
ITEA also has a Special Group Rate Registration of $100 per class (for three or more employees). We welcome you to take advantage of this limited time offer. This Group Rate Registration will be paid by one source – credit card, check, or invoice for purchase order.
Group Registration Form – TBD
After you register you will receive a confirmation email a few days before with instructions on how to access the live tutorial on the GoTo Webinar platform. If you have any difficulties, please contact Lena Moran at Lena@itea.org
How to use GoToWebinar?
Air Force Cyber Test and Evaluation Guidebook
Instructor: Steven Newton, 47CTS/OL-A (COLSA)
The United States Air Force (USAF) Cyber Test and Evaluation (CT&E) Guidebook (USAF CT&E GB) provides guidance and best practices for conducting CT&E activities used to verify cyber survivability (i.e., cybersecurity and cyber resiliency) of USAF information and weapon systems. Importantly, when CT&E activities are implemented early in program acquisition, integrated with program activities, and performed iteratively, CT&E activities reduce potential cyber survivability-related cost, schedule and performance issues. The goal of this guidebook is to assist the acquisition community in delivering to the warfighter a comprehensively evaluated, cyber secure and cyber resilient system capable of operating and completing its mission in a cyber-contested environment. CT&E starts at acquisition initiation and continues throughout the lifecycle of the system. In summary, CT&E:
The USAF CT&E GB is intended for Program Managers, Chief Developmental Testers (CDTs), Lead Developmental Test and Evaluation (T&E) Organizations (LDTOs), Operational Test Agencies (OTAs)/Operational Test Organizations (OTOs), and cyber Participating Test Organizations (PTOs) for USAF acquisition programs.
This guidebook applies to all USAF acquisition programs and systems regardless of their classification level, acquisition category, or acquisition lifecycle phase unless otherwise noted or directed.
The USAF CT&E GB is one of a series of USAF cyber related documents sponsored by the USAF Cyber Resiliency Office for Weapon Systems (CROWS) as part of the USAF Cyber Campaign Plan. Namely, the USAF CT&E GB follows and complements the USAF Weapon System Program Protection/System Security Engineering (PP/SSE) Guidebook (USAF WS PP/SSE GB) and the USAF System Security Engineering Acquisition Guidebook (USAF SSE Acq GB).
Air Force’s New MBCRA (Mission Based Cyber Risk Assessment) and Integrated Engineering Approach
Instructor: Kevin McGowan, 47CTS/OL-A (COLSA)
The AF commonly uses numerous stove-piped cyber vulnerability assessment processes, executed in parallel, to characterize cyber attack surfaces and to identify potential cyber vulnerabilities and risks. This is an inefficient use of limited resources and results in products being generated for targeted audiences (i.e., not usable by multiple stakeholders). It also results in less informed products and decisions.
The Mission-based Risk Assessment Process for Cyber (MRAP-C) is the AF’s new iterative Mission Based Cyber Risk Assessment (MBCRA) process which builds upon best practices from the Cyber Table Top (CTT), Cyber Test Prioritization Methodology (CTPM), Cyber BlueBook (CBB), and integrated engineering processes. The MRAP-C combines bottom-up and top-down assessment approaches to identify critical components and system information, to assess potential cyber attack paths through the system, and to identify potential mission effects of cyber vulnerability exploitation. The MRAP-C analysis activities and Attack Path Vignettes generated during the MRAP-C process inform cooperative and adversarial DT and OT cyber test events, cyber test strategy, cyber test plans, cyber requirements, cyber test resource lists, and cyber recommendations development. It also fulfills Cyber Test and Evaluation Phase 1 and 2 requirements.
When combined with the USAF’s integrated Program Protection / Systems Security Engineering (PP/SSE) Standard Process, programs are equipped with an iterative engineering process which assesses cyber vulnerabilities and risks throughout the acquisition lifecycle. When executed by the program’s integrated Systems Security Working Group (SSWG), all member stakeholders are involved with performing the cyber vulnerability assessments and with performing key programmatic/engineering activities focused on developing a cyber secure and cyber survivable system for the warfighter.
This Tutorial provides an overview of the new USAF PP/SSE Standard Process, and the embedded MRAP-C MBCRA process, which is expected to become mandatory for all AF acquisition programs by the end of CY20.
Cyber Table Top (CTT) Workshop For Participants & Facilitators
Instructor: Vincent Lamolinara – Defense Acquisition University
The tutorial introduces and applies the Cyber Table Top (CTT) mission-based cyber risk assessment (MBCRA) method to help discover cyber vulnerabilities, gauge their risk, propose mitigations and inform other competencies, documents and events across the DoD acquisition lifecycle. The workshop will establish an understanding of the threat and “thinking like a Hacker”; provide a “wheel of access” methodology to identify and diagram surface-attack characteristics; include cross-competency personnel, including users, to identify and prioritize cyber-attacks / vulnerabilities in a Red / Blue / White Team “wargame” mission scenario; and provide a construct to characterizes and report risk and mitigations in order to design and maintain cyber resilient systems and personnel in the acquisition and operational phases of an Information or Platform weapons system. Participants will conduct exercises in each phase to reinforce and apply the concepts and methodology will learn how cybersecurity principles apply to their career fields. Students will create a surface attack taxonomy, role play different competencies including engineering, test, cybersecurity, logistics, safety, intelligence, contracts and the adversary. The case studies and scenarios will build up in complexity culminating in a mini-CTT execution and Cyber Risk outbrief (to a simulated PM) for an exemplar weapons systems at the UNCLAS level. Students will also apply CTT results to inform Test, AoA ICD/CDD/CPD, RFP/SOW, Specification, Architecture and upgrade / patch / ECP requirements as well as acquisition and risk management strategy. This workshop will allow enable students to participate in CTT efforts in their respective programs. Tailorable to the specific customer needs. Objectives : Given a cybersecurity scenario, use Surface-attack characterization and Cyber Table Top Methodology to discover cyber vulnerabilities, gauge their risk, propose mitigations and inform other competencies, documents and events across the DoD acquisition lifecycle.
Target Attendees: The acquisition workforce, including industry partners, who design, build, procure, maintain, and provision cybersecurity capabilities.
Introduction to Cybersecurity Test and Evaluation
Instructors: Pete Christensen and Jean Petty, The MITRE Corporation
The purpose of this tutorial is to familiarize attendees with Cybersecurity and Test and Evaluation as it applies to US Federal Government Programs and the U.S DOD. Note that the ideas and concepts presented also apply in principal to any acquisition program. Topics that will be addressed include Cyberspace as an operational domain, Cybersecurity threats, malware, DHS and DOD systems acquisition and associated Cyber T&E policy and process including “Cloud” Programs, requirements analysis, evaluation frameworks, cyber tabletop exercises, cooperative vulnerability assessments, adversarial assessments, cyber ranges and lessons learned.
Security Testing at the Speed of Trust: Evolving DevSecOps Security Practices at JITC
Instructor: Arless “Derek” Holloway, Cyber Situational Awareness, Systems/Analytics Test Team Lead( JTD), Jacobs / Joint Interoperability Test Command (JITC)
Security and risk management leaders at JITC labor over “How” do they secure current, legacy and cloud resources consistently within their limited constraints. Integrating security into DevOps to deliver “DevSecOps” requires changing mindsets, processes and technology. Jacobs’ role in this transformation is to help the JITC organization tailor it’s operational culture and technical processes to support the new ways of developing, running, and supporting applications made possible by containers and other more loosely coupled application components. This paper reports about challenges and lessons learned during pilot project case studies to define new artifacts and processes for the independent validation and verification of systems at Defense Information Systems Agency (DISA). Why Can’t JITC be Agile? Developer Self-Service – In DISA’s Compliance Oriented World. Cloud services have provided streamlined ways to achieve innovation through the principles of DevOps and Developer Self-Service. This paradigm presents problems for regulated customers like DISA who are still under regulatory mandate to follow strict security, governance, and accreditation standards. Additional in the past these components were typically delivered during the production deployment phase. Jacobs’case studies explore more streamlined alternatives to these waterfall deliverables in order to fit the velocity of the DevSecOps lifecycle. Key Issues that this paper tackles are: Defining Risk in order to justify streamlined documentation for Medium and Low Risk releases; Defining ways in which information security must adapt to development processes and tools, not the other way around; Define a lightweight Security Test and Evaluation Strategy based on risk and the most likely threat vectors to be exploited; and, Lessons learned from work with the Risk Management Executive (REM) to accredit the DEVOPS Toolchain.
TENA and JMETC Solutions for Cyber Test and Training
Instructor: Gene Hudgins, KBR
Together, TENA and JMETC enable interoperability among ranges, facilities, and simulations in a timely and cost-efficient manner. TENA provides for real-time system interoperability, as well as interfacing existing range assets, C4ISR systems, and simulations; fostering reuse of range assets and future software systems. JMETC is a distributed, LVC capability which uses a hybrid network architecture; the JMETC Secret Network (JSN), based on the SDREN, is used for secret testing and the JMETC Multiple Independent Levels of Security (MILS) Network (JMN) is the T&E enterprise network solution for all classifications and for cyber testing. JMETC provides readily available connectivity to the Services’ distributed test and training capabilities and simulations, as well as industry resources. This tutorial will address the current impact of TENA and JMETC on distributed systems engineering as well as their significance to the cyber Test and Training community.
|Maj. Gen. Christopher P. Azzano
|Brigadier General Evan C. Dertien
|Brigadier General Scott Cain
|Col. Bryan Choi
|Amy Henninger, PhD, CEH, CISSP, CMSP
Senior Advisor for Software and Cybersecurity
Deputy Executive Agent, Cyber Test Ranges
ITEA is very excited to be able to offer these reduced rates. Included in the cost of registration is access to all “on-demand” content up until December 31st.
$400 – Non-Member*
$300 – ITEA Member
Full-Time Government Employee or Active Duty
$300 – ITEA Member *
$25 – ITEA Member / Non-Member*
Plenary Panelist or Track Session Presenter – $200
Track Chair or Second Tutorial Instructor – $100
*Regular Registration rate includes one-year membership to ITEA.
New T&E Professional (less than 5 years of T&E experience) VERIFICATION REQUIRED – Includes a one-year ITEA membership for Non-ITEA Member.
SUBSTITUTION AND CANCELLATION POLICY: Substitutions are permitted. Refunds are not available within two (2) days prior to the start of the event. Requests for cancellation submitted after 2 days prior to the event will be subject to a 50% cancellation fee.
Each of the 4-hour Pre-Workshop Tutorials provide 4 contact hours of instruction (4 CEUs) that are directly applicable to your professional development program, including the Certified Test and Evaluation Professional Credential (CTEP).
In addition to the Pre-Workshop Tutorials, the Workshop provides 4 contact hours of instruction (4 CEUs) for each half-day, 8 contact hours of instruction (8 CEUs) for each full-day, or 20 contact hours of instruction (20 CEUs) for attending the full Workshop, that are directly applicable to your professional development program, including the Certified Test and Evaluation Professional Credential (CTEP).
ITEA is a 501(c)(3) professional education association dedicated to the education and advancement of the test and evaluation profession. Registration fees, membership dues, and sponsorships are tax deductible.
Your sponsorship dollars help defer the cost of the Symposium and support the ITEA scholarship fund, which assists deserving students in their pursuit of academic disciplines related to the test and evaluation profession. Sponsorship and related benefits will become effective on receipt of payment.
NOTE: This ITEA event is a non-competitive environment meant for a free exchange of ideas and information.
Don’t miss the chance to get your message out to over 300 attendees who will gather for the first-ever VIRTUAL Cybersecurity Workshop. Contact Lena@itea.org for more information.
ABSTRACT SUBMISSION FORM
Abstracts will be accepted on a “Space Available” basis through September 30
Sessions will be unclassified and open to the general T&E community, however, restricted sessions (up to FOUO) may be made available. Abstracts will be reviewed for a presentation during a conference session or as a poster paper. Presentations will be published in proceedings and made available to all attendees.
Abstracts should be non-commercial in scope, pertinent to conference topic, no longer than 500 words, and releasable to the general public. Visit the ITEA website for the Abstract submission form that must be submitted to firstname.lastname@example.org.
TOPICS FOR CONSIDERATION
Workshop Chair – Min Kim, 96th Cyberspace Test Group
Technical Program Co-Chairs
– Bob Baggerman, ATAC
– Scott Thompson, EWA
– Jennifer Sen, Jacobs
– Shelby Pearce, Jacobs
– Joshua Turnier, Reliance Test & Technology
– John Rafferty, F35 PSC / EWD
Tutorial Chair – Gene Hudgins, KBR
Exhibit and Sponsor Chair – Steven Schrader, GSEC, CISSP, C|EH, C|NDA, DAF, 605th Test & Evaluation Sq
17 - 19 Nov 2020