Improving Cyber with Certified Blue Teams
The Assistant Secretary of the Army Acquisition, Logistics, and Technology (ASA(ALT)) designated the Project Manager for Cyber, Test and Training (PM CT2), under the Program Executive Office for Simulation, Training and Instrumentation (PEO STRI), as the office of primary responsibility to provide management and oversight of Acquisition Blue Teams and execution of relevant Acquisition Blue Team vulnerability assessment capabilities. PM CT2 is the United States Army Acquisition Cyber Blue Teams principal and the Army's single manager for providing test and evaluation related capabilities in support of the Acquisition Community.
The Cyber Acquisition Blue Team (CABT) Management Office (MO) has been delegated the Standards and Certifying Authority and is charged with producing, maintaining, and providing official recommendations to the Standards Authority regarding updates to the standards. The CABT MO is further charged with overseeing all team evaluations and providing official recommendations to the Certifying Authority regarding team certification status.
Technical Approach and Methods
This paper will explain how candidate Blue Teams can utilize the Certification & Standards Manual (CSM) and the Evaluation Scoring Metrics (ESM) to seek certification as a Cyber Acquisition Blue Team, ensuring they are consistent, and capable of performing cyber vulnerability prevention, identification, assessment, and mitigation assistance to Army Programs. The CABT MO Blue Team standards are in accordance with National Institute for Standards and Technology (NIST) guidelines, the NIST Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework, industry standards, and DoD regulations, making the adoption of these standards relatable across different services.
Innovations, Research Findings, etc.
A series of attributes and metrics have been developed and traced to the required skills needed to perform formal tests as defined by the Deputy Assistant Secretary of Defense for Developmental Test & Evaluation and form the basis of the ESM used to evaluate the CABT candidate's suitability. It establishes the minimum standards to operate as a CABT MO certified blue team and is used by the CABT MO to validate the ability of future blue team candidates.
The Risk Management Framework (RMF) ensures that risk from cyberspace-based threats are understood, identified, and mitigated to the greatest extent possible. However, there are gaps when utilizing only the processes defined within RMF. To combat this issue, cooperative (Blue Team) cybersecurity assessments and assistance are required throughout the acquisition lifecycle. The CABT MO was formulated to oversee the standards development and certification processes in support of Army Acquisition Programs to increase the effectiveness of blue team assessments across the Army acquisition lifecycle.
A CABT MO certified blue team identifies security threats and risks in the current or proposed operating environment, and in cooperation with the Program Office, analyzes cybersecurity readiness. Based on their findings and expertise, they provide advice and recommendations that integrate into an overall security solution, increasing the program's cyber survivability posture. Having a standards and certification process will ensure all certified blue teams operate within a high level of effectiveness.