Defense Cyber Hub Receives Major Refresh

ALGORITHMIC WARFARE: Defense Cyber Hub Receives Major Refresh

iStock illustration

The Defense Department recently released the latest version of its Cyber Resilient Weapon Systems Body of Knowledge, its online repository of specifications, data and best practices for building systems resistant to today’s cyber threats.

In the unclassified summary of the Defense Department’s 2023 Cyber Strategy released in September, the Pentagon said both China and Russia “have embraced malicious cyber activity as a means to counter U.S. conventional military power and degrade the combat capability of the Joint Force,” and across the globe, “malicious cyber activity continues to grow in both volume and severity, impacting the U.S. homeland and placing Americans at risk.”

To respond to the myriad threats in the cyber domain, the department is committed to enhancing the cyber resilience of the Joint Force to ensure it can fight “in and through contested and congested cyberspace,” the strategy stated. “Cyberspace operations represent an indispensable element of U.S. and allied military strength and form a core component of integrated deterrence.”

To ensure its technology has the necessary cyber defenses, the department maintains the unclassified, publicly available Cyber Resilient Weapon Systems Body of Knowledge, or CRWS-BoK, which “provides easy access to [more than] 600 publicly available authoritative sources … to support secure cyber resilient engineering activities,” said Melinda Reed, director for system security in the Office of the Undersecretary of Defense for Research and Engineering’s Science and Technology Program Protection Office.

The CRWS-BoK provides high-level guidance that can be applied to any cyber-enabled system.

An example of the resources available in the repository is a series of technical white papers to provide design guidance “to establish the secure cyber-resilient engineering discipline,” Reed said in an interview. These white papers include “strategic considerations” for design, loss control, design principles and security and resilience interpretation, she added.

Nearly three years since the initial launch of CRWS-BoK in May 2021, the Defense Department in January released Version 4.0. The update “enhances the user’s ability to find the best resources for their needs,” building upon feedback the department has received from prior versions, Reed said.

“New features include an updated look and feel that allows for more customized viewing options, and enhanced navigation tools that simplify resource discovery,” she said.

Version 4.0 also includes a refined algorithm that improves overall rating detail to better reflect resource quality and relevance and new guest prompts that streamline the process for new users and encourage them to register to “take full advantage of the personalized features or nominate content to be added to the CRWS-BoK repository,” an Office of the Undersecretary of Defense for Research and Engineering release stated.

The CRWS-BoK uses a “review board process to review and approve community-nominated resources using established acceptance criteria,” Reed said.

The CRWS-BoK review board consists of representatives from government, industry and academia and meets quarterly to review nominated resources that have been assessed and prepared by the system’s curation team, she said.

The makeup of the review board reflects the repository’s user base, which cuts across the Defense Department, other federal government agencies, industry and academia, she said.

“We collaborate through this body of knowledge with government, industry and academia to capture those best practices that support all of the diverse functional needs,” she added.

A major concern for many in the cybersecurity world is the Defense Department’s Cybersecurity Maturity Model Certification program, which when finalized will require any company doing business with the Pentagon to verify it is compliant with the department’s cybersecurity requirements.

The department published a proposed rule for CMMC in December, and as of press time the 60-day comment period was set to end on Feb. 26, despite several trade organizations requesting an extension.

Once the CMMC final rule is published, resources pertaining to the program will need to go through the same review board process to make it into the CRWS-BoK, Reed said, adding that the system relies on close collaboration between those inside and outside the government.

“Without our partners in industry and academia and government, we really wouldn’t have the breadth and the depth of the materials that are” available in the CRWS-BoK, she said. “So, we really do thank all of the stakeholders who participate on this.”

As the cyber threat “continues to evolve, we must continue to provide the tools to adapt to this changing environment and cultivate this workforce across government, industry and academia, as well as our allies and partners,” she said. ND

Topics: Defense Department