"Cloud Computing Services for DoD – We Are Going to The Cloud!" by Dr. Michael Chipley and Ken Kurz
In March 2014, the DoD adopted the National Institute of Standards and Technology (NIST) Risk Management Framework and began the arduous task of developing the implementation guidance to migrate from the DoD Information Assurance Certification and Accreditation Process (DIACAP) to the Risk Management Framework (RMF). The application of the RMF to Industrial Control Systems is particularly challenging. This presentation provided an update on the progress made to include the publication of the NIST SP 800-82 R2, incorporate the new DoD and NIST publications into the Department of Homeland Security (DHS) Cyber Security Evaluation Tool (CSET), and integrate the Industrial Control Systems (ICS) overlay and security controls into the electronic Mission Assurance Support System (eMASS). In addition, this presentation provided an overview of efforts underway to develop the Continuous Monitoring capability with support from CYBERCOM and DHS.
Dr. Michael Chipley has over 33 years of consulting experience in Program and Project Management in the areas of Cybersecurity, Energy, Environmental and Sustainable Design (LEED, Energy Star and Carbon Footprint); Critical Infrastructure Protection and Analysis; Building Information Modeling (BIM) Technology; and Emergency Management/Disaster Recovery. He is trained as a SANS Global Industrial Control Systems Professional, a Project Management Professional, and a LEED Accredited Professional. Dr. Chipley is an active member in professional societies and teaches seminars and courses on IT and OT, security, and buildings systems convergence. For the past 5 years, he has been providing subject matter expert support to the Energy, Installations and Environment office, liaison to the Department of Homeland Security (DHS) Cyber Security Evaluation Tool (CSET) and the Department of Defense electronic Mission Assurance Support System (eMASS) development teams to incorporate control systems into traditional IT processes, and developer/webmaster of the DoD CIO RMF Knowledge Service Portal EI&E Control Systems webpage. Dr. Chipley is the creator and instructor of several National Institute of Building Sciences and DHS workshops including “Introduction and Advanced Cybersecuring Building Control Systems”, “Cybersecuring DoD Control Systems” and “Your Buildings Have Been Hacked, Now What?”. He is also the author of the Whole Building Design Guide Cybersecurity Resource page as well as numerous DHS Building Infrastructure Protection Series (BIPS) publications.
Ken Kurz is the Vice President, Information Technology and Chief Information Officer for Corporate Office Properties Trust (COPT), a Real Estate Investment Trust located in Columbia, MD. He joined COPT in February 2016. Formerly the Executive Director, Network and Information Assurance at the University of Oklahoma (OU), he led OU’s network engineering, risk and governance, identity and access management and security operations teams. Prior to working at OU, with a stop at the U.S. Naval Academy Alumni Association and Foundation in Annapolis, he spent over seven years within the Department of Defense in leadership roles working on the development of information security capabilities, security architectures and strategies, risk mitigation and remediation. His final position was as the head of the National Cryptographic Solutions Management Office responsible for the development of national cryptographic strategy, algorithm management, and associated capability roadmaps. He was also selected as ISC2’s winner of the 2010 Government Information Security Leadership Award for Technology Improvement from the community of information security professionals representing departments and agencies across the federal government.