Reoptimization for Great Power Competition

“I’m extremely proud of the Space Force and all the good it has accomplished. But, as good as we are, as much as we’ve done, as far as we’ve come, it’s not enough. We are not yet optimized for Great Power Competition.”

~ Chief of Space Operations
Gen. Chance Saltzman

The establishment of the U.S. Space Force was a direct response to threats arising from Great Power Competition in the space domain. Nevertheless, our legacy roots leave us sub-optimized for the security environment confronting us today, and we must finish fine-tuning the service to continue meeting its National Defense Strategy responsibilities

In early 2024, the Department of the Air Force unveiled sweeping plans for reshaping, refocusing, and reoptimizing the Air Force and Space Force to ensure continued supremacy in their respective domains while better posturing the services to deter and, if necessary, prevail in an era of Great Power Competition. Through a series of 24 DAF-wide key decisions, four core areas which demand the Department’s attention will be addressed: Develop People, Generate Readiness, Project Power and Develop Capabilities.

The space domain is no longer benign; it has rapidly become congested and contested.

We must enhance our capabilities, develop Guardians for modern warfare, prepare for the high intensity fight, and strengthen our power projection to thrive and win in this new era of Great Power Competition.

Video by Dave Pope

DoD Cybersecurity Incident Reporting

Air Force Research Laboratory

March 3, 2022 | 4:30

Welcome!

My name is Kelly Kiernan and I'm here representing the Department of the Air Force Chief Information Security Officer and AFWERX.

Today, we're going to talk about #2 in the Blue Cyber education series for small businesses. It's called DoD Cybersecurity Incident Reporting.

DoD cyber incident reporting is grounded in the DFARs. You'll remember that DFARs contain requirements of the law and DoD wide policies. The DFARs which is driving DoD incident reporting is DFARs 252-204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting.

A closer look at DFARs clause 252-204-7012 shows that there are three aspects to cyber incident reporting to consider. They are:
cyber incident reporting
submitting malicious software
and facilitating assessment

I'm often asked what to do if there's a potential breach.

If there is a potential breach, don't panic. Cyber security occurs in a dynamic environment. Hackers are constantly coming up with new ways to attack information systems and the DoD is constantly responding to these threats. DoD does not penalize contractors who act in good faith.

Do contact the DoD immediately--bad news does not get better with time. And do respond within 72 hours of the discovery of any incident.

Be helpful and transparent. Contractors must cooperate to respond with the DOD to security incidents and should immediately preserve and protect evidence and capture as much information about the incident as possible.

In a moment, I’m going to show you the DoD website where you can report cyber incidents and submit malicious software. There you will find many things to help you including a portal, helpdesk numbers, and email helpdesk.

But, it won't tell you what to report.

Here is what to report:
report all cyber incidents that may result in a significant loss of data, system availability, or control of systems
impact a large number of victims
indicate unauthorized access to or malicious software present on critical information systems
affect critical infrastructure or core government functions
or impact national security, economic security, or public health and safety

If you need to report a cyber incident, you'll go to dibnet.dod.mil. There you will see by the screenshot that it's a very modern site for your cyber report. It contains phone numbers and emails to provide assistance. The contractor shall conduct a review for evidence of compromise and rapidly report cyber incidents to the DOD at dibnet.dod.mil.

With regard to malware, if discovered and isolated in connection with a reported cyber incident, the contractor or subcontractor shall submit the malicious software to the DoD cyber crime center. If the DoD elects to conduct a damage assessment, the contracting officer will be notified by the requiring activity to request media and damage assessment information from the contractor.

You don't want the first time you visit dibnet.dod.mil to be for the reason to submit a cyber incident. There are also resources on that page. On the far-right hand column, you'll see links to the cyber threat roundup. The cyber threat roundup is a weekly collection of recently open sourced articles of interest for the defense industrial base and also I'll just mention that Blue Cyber number 12 is called “Cyber Threat Resources for Small Businesses.”

Thank you for joining me today. My name is Kelly Kiernan and I'm here representing the Department of the Air Force Chief Information Security Officer. A reminder that this talk is not a substitute for reading the FAR and DFARs in your small business contract. You will find this presentation and many more on the Department of the Air Force CISO web page under Blue Cyber. Well, thank you for your time. So long.