Keynote: USMC Mobile Security Overview
Upcoming SlideShare
Loading in...5

Like this? Share it with your network


Keynote: USMC Mobile Security Overview



Ray Letteer, Director, Cyber Security Division, U.S. Marine Corps

Ray Letteer, Director, Cyber Security Division, U.S. Marine Corps



Total Views
Views on SlideShare
Embed Views



2 Embeds 150 149 1



Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment
  • This is a great analogy for policy… We as policy developers have an obligation to stay current with the Technology S-Curve so the Marine Corps can leverage capabilities. We shouldn ’t do things just because an outdated policy says so – we should be proactive about policy and keep it current to support the Marine’s requirements.
  • This provides a hierarchy of policies for USMC. If you have network connectivity, I would click on the IATAC policy link at the bottom right to show just how many policies there really are.
  • Transition into our ECSDs. These Directives provide strategic IA frameworks for incorporating mobility into the MCEN.
  • Talk about our “Zones” concept, and how we were the pioneer for this. DISA has taken this model for their STIGs (e.g., Non Enterprise Activated Mobile Device STIG is a Zone 1 PED) The chart shows that as the Zone gets higher, the security requirements are more stringent, thus the costs go up. However, the animation changes the cost arrow down, as we are slowly shifting out of GOTS to COTS for Classified.
  • This slide provides examples of our PEDs policy in effect. The MAW ’s iPads are a Zone 1 example (e.g., no touching the network, etc.) BlackBerrry smartphones are an example of Zone 2 PEDs (e.g., connected to NIPR) The SME PED is an example of a Zone 3 PED (e.g., Classified).
  • This slide talks about our WIDS/WIPS strategy moving forward. We want to get out of the business of doing manual walk-throughs for a number of reasons: Resource intensive (spreads the Blue Team thin) Doesn ’t provide 24/7 monitoring DoD 8420.01 and ECSD 14 encourages use of WIDS/WIPS (soon to be mandate)
  • This slide discusses LPS and our current status with the ATO for remote access. On the last bullet, you can talk about how USMC participated in the DISA Bootable Media pilot with their specific build. That build recently received a DISA ATO and is now available for all the services. However, we are making a specific build for USMC. Red line shows where we are at.
  • This slides discusses the progressing of cellular communications, and how it is important to protect not only data, but voice as well. This will be easier once we transition to 4G communications and everything is IP. CSD is phasing out leaving us a capability gap with Classified Voice. Discuss how we have data requirements, but no voice requirements at the FOUO level.
  • This slide discusses mobile applications at a high level. We would like to have the process look like the following: Develop apps or take apps from commercial sites Vet them through an attestation tool (e.g., Veracode, Fortify, etc.) Establish enterprise licensing, purchasing options, etc. White list applications on a DoD/USMC application store.
  • This slide discusses a high level view of DoD mobility tied into the MCIENT, tied into specific initiatives… Per usual, emphasize IA baked in vs. bolted on.
  • Ends the presentation showing we are working across agencies/DoD. These are all the WGs we are involved with.

Keynote: USMC Mobile Security Overview Presentation Transcript

  • 2. HQMC C4Mobile & Wireless Initiatives McAfee Summit 2012
  • 3. “The Way It’s Always Been Done”
  • 4. Mobile and Wireless Related Policies Information Assurance Policies
  • 5. Enterprise Cybersecurity Directives (ECSDs) Mobile /Wireless Related Policies:• ECSD 014: Wireless Local Area Networks (WLANs)• ECSD 006: Virtual Private Networks (VPNs)• ECSD 005: Portable Electronic Devices (PEDs)• ECSD 004: Remote Access
  • 6. USMC ECSDs: WLANs & PEDs Zone 3 GOTS/NSA Approved COTS/CSfC Secret R E Q U I C Zone 2 R O Controlled Unclassified Stringent/Certified Products Information E S M T E N T S Zone 1 Best Practices/CommercialPublically Available Information Grade
  • 7. ECSD 005: PEDs (example) MARINE AIR WING S EC RET
  • 8. Monitoring the Air Waves Y T A R - MA S EP -M RIL 12 G- 2 B FE 2013AP 20 AU 201 Continuous Monitoring Flying Squirrel WIDS/WIPS
  • 9. Remote Access• “Virtual GFE” solution for untrusted hardware• Ignores local hard drive – no malware vector• Boots from read-only media, saves no state• Includes VPN and remote desktop software• CAC/PKI required to boot• DISA Bootable Media Build received DISA ATOIdentify USMC RA Develop C&A Enterprise Requirements USMC Package Use LPS Build
  • 10. Secure Voice CELLULAR COMMS Voice & Data All IP 4G PacketSwitching 3G • USMC will have a capability gap for Classified Voice when CSD is phased out • Need interoperable and cost effective solution • Need IA controls on legacy/current/emerging cellular Circuit standards Switched 2G • FOUO = FOUO no matter voice, data, drawings, etc. Data
  • 11. Mobile Application Control Primary App ConcernsApp Development App Attestation App Acquisition App Distribution &
  • 12. Mobility Strategy & Initiatives DoD Mobility Strategy MCIENT Strategic Objectives USMC Initiatives1. Advance the wireless (1) Improving reach back support • DON iOS PoC infrastructure and interoperability of our forward • NOTM deployed forces • Secure PAN3. Institute mobile device (2) Leverage cloud computing and • Trusted H2 w/ Tactical Sleeve virtualization technologies where5. Promote the development and sensible • MSA use of mobile apps (5) Employ and operate a flexible • MCEITS network that can adjust rapidly and • ATOs/IATOs/IATTs dynamically to counter external and - MAW Tablets internal degradation and mission - WWR changes (10) Distribute enterprise services - BlackBerry PlayBook regionally and to forward deployed - … forces • Secure Voice (13) Ensure IA is built into the SDLC • Remote Access where feasible IA (Baked In vs. Bolted On)
  • 13. Wireless & Mobility Working Groups1. CNSS Wireless Security WGPOC: Norbert SnobeckE-mail: norbert.snobeck@ocio.usda.gov2. DoD Commercial Mobile Device WGPOC: Will AlbertsE-mail: will.alberts@osd.mil3. DoD Mobility Group – Committee DoD CollaborationPOC: Greg YoustE-mail: greg.youst@disa.mil4. NIST Technical Exchange MeetingsPOC: Captain Joshua LoveE-mail: DON Mobility IPTPOC: Mike HernonE-mail: michael.hernon.ctr@navy.mil21. NPS Wireless Working GroupPOC: John GibsonE-mail:
  • 14. Contact InformationRay LetteerChief, Cybersecurity Division (CY)USMC Senior Information Assurance OfficialMarine Corps Enterprise Network Approval OfficialNIPR: ray.letteer@usmc.milSIPR: 01010011 01100101 01101101 01110000 01100101 01110010 00100000 01000110 01101001 00100001