National Aeronautics and Space Administration       NASA Project Management Challenge 2009       Effective PM Response for...
Why Technology Protection? – Advantage        There is a strong symbiotic relationship         between space research and ...
Protection Needs AssessmentWe asked ourselves…    •   Does NASA and its industrial base develop state-of-the-art systems a...
Policy Guidelines –Cohesive Implementation Strategy Is Needed NPR 1600.1 NASA Security Procedural Requirement Chapter 8 Pr...
Why Technology Protection? - The ThreatThe targeting and theft of U.S. innovation has significant direeffects on our natio...
Why Now?What is the national priority at this time?       • President’s Vision for Space Exploration directed NASA to desi...
The ESMD Model         The Technology Protection Working Group (TPWG)Multi-discipline Agency-wide forum with the core skil...
Technology Protection Program Full IntegrationNPR 7123.1A                                                      Technology ...
Protection Products                          Full Range of Tailored                   Security Product Offerings Include…•...
Protection Services                          Comprehensive Set of                       Security Services to Include…•   S...
TPWG Organization Structure      Exploration Systems Mission Directorate                                Office of Security...
TPWG NASA Representation – Full Integration       Constellation Program fully engaged       Scientists and engineers suppo...
Technology Protection Program – A Project Resource
ESMD TPWG Community of Practice (CoP)       Oversight by ESMD Directorate Integration Office       Community in excess of ...
Technology Protection Program IPT                                                        ES                               ...
ESMD Technology Protection Program Model                        CI         Program      TPWG        Information          P...
What is Mission Critical Information (MCI)?NASA information related to research, technologies, projects, programs,or syste...
Technology Protection Program Full IntegrationThe TP Program Model                                             The TP Prog...
MCI Assessment Participants    PM                           PM Selected Project SMEs                                      ...
MCI Assessment NASA Personnel and Contributions                             NASA Scientists and Engineers              MCI...
Technology Protection Cycle                                                                                      Requires ...
Technology Protection Program Full Integration                NASA Project Life Cycle NASA Systems Engineering Handbook, p...
Technology Protection Phases and Associated Activities                         Element Technology                         ...
Element, Project, Technology Protection Portfolios               Program Management Technology Protection Process Brief Se...
Example: J-2X Technology Protection Portfolio
The Information Dilemma   Desire / need                                                              Department of      to...
ESMD Technology Protection Program To-date             On center activities             Planned center activities (< 6 mon...
Technology Protection Program Full IntegrationPilot Program (Years 1-2)           Year 3                        Year 4+   ...
Constellation Program Work Breakdown Structure                          Pilot Program                          Year 3     ...
Horizontal Protection and Awareness of NASA MCIElement         SM                         US  MCILocationThreat
Horizontal Protection and Awareness of NASA MCIElement            SM                          US  MCI      1   2        3 ...
Horizontal Protection and Awareness of NASA MCIElement            SM                          US  MCI      1   2        3 ...
Horizontal Protection and Awareness of NASA MCIElement                        SM                                          ...
Horizontal Protection and Awareness of NASA MCIElement                        SM                                          ...
Horizontal Protection and Awareness of NASA MCIElement                        SM                                          ...
Horizontal Protection and Awareness of NASA MCIElement                        SM                                          ...
Horizontal Protection and Awareness of NASA MCIElement                        SM                                          ...
Horizontal Protection and Awareness of NASA MCIElement                        SM                                          ...
Horizontal Protection and Awareness of NASA MCIElement                        SM                                          ...
Horizontal Protection and Awareness of NASA MCIElement                        SM                                          ...
Horizontal Protection and Awareness of NASA MCIElement                        SM                                          ...
Horizontal Protection and Awareness of NASA MCIElement                        SM                                          ...
Horizontal Protection and Awareness of NASA MCIElement                        SM                                          ...
Horizontal Protection and Awareness of NASA MCIElement                        SM                                          ...
Technology Protection Program Benefits to the PM           Increased Project Manager Control           •   Puts PM in cont...
Results Oriented           We Moved From…                                                         …ToNot Knowing Program E...
Acronyms   ACD    -     CI   -   Counterintelligence   CoP    -   Community of Practice   CPP    -   Certified Protection ...
Backup
When Technology Protection? Earlier the better…                                                                         De...
CxP Security Documentation Tree                                                                         Program Plan      ...
Technology Protection Program – The Early Days•    Focused on the “bigger picture” – broader national perspective•    Perf...
Benefits/Value•   Customer Focused – better able to satisfy most urgent ESMD security needs•   Early life-cycle Planning –...
Upcoming SlideShare
Loading in …5
×

Odum.t.averbeck.r

18,216
-1

Published on

Published in: Technology, Education
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
18,216
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
4
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Odum.t.averbeck.r

  1. 1. National Aeronautics and Space Administration NASA Project Management Challenge 2009 Effective PM Response for Protecting NASA’s Mission Critical Technologies in a Growing Threat Environment Terry E. Odum, CPP,1† Ryan Averbeck,2† G. A. Gaddy, Ph.D. 2 1. NASA Marshall Space Flight Center, Huntsville, AL 2. Concurrent Technologies Corporation, Huntsville, AL † Presenter 25 February 2009
  2. 2. Why Technology Protection? – Advantage There is a strong symbiotic relationship between space research and national security…Weve worked too hard and accomplished too much, to willfully forfeit our leadership in space. Lets make the necessary adjustments to maintain our supremacy. Our future depends on it. Kay Bailey Hutchinson Member of the Senate Commerce, Science And Transportation, and Appropriations, Committees Special Section: Defense & Aerospace October 2007
  3. 3. Protection Needs AssessmentWe asked ourselves… • Does NASA and its industrial base develop state-of-the-art systems and technologies that are of strong interest to other countries? • Is the risk of loss or compromise to NASA’s technologies growing? • Could the loss impact mission success, reputation, or national security? • Is a process in place to assist the PM in effectively managing security risks?ESMD addressed these questions by piloting a system protection program • Tailored for NASA after gleaning the “best of breed” approaches, methodologies and techniques from DoD protection programs. The need to implement a systematic protection process may never be greater
  4. 4. Policy Guidelines –Cohesive Implementation Strategy Is Needed NPR 1600.1 NASA Security Procedural Requirement Chapter 8 Program Security NPR 7120.5D NASA Space Flight Program and Project Management Requirements Section 3.13 NASA/SP-2007-6105 NASA Systems Engineering Handbook Appendix Q NPR 8000.4 NASA Risk Management Procedural Requirements P.1; 2.6.1 NPR 1660.1 NASA Counterintelligence Policy Para 2.10 NPR 2810.1A Security of Information Technology Preface P.1 NPR 2190.1 NASA Export Control P.1 Chapter 2 Referenced policies all serve to provide national level security guidance.
  5. 5. Why Technology Protection? - The ThreatThe targeting and theft of U.S. innovation has significant direeffects on our nation. Chamber of commerce estimates 750,000 jobs lost annually due to the theft of innovation Department of Justice estimates the loss of research and technology costs U.S. companies as much as $250 billion annually The National Counterintelligence Executive (NCIX) estimates the loss associated with foreign espionage directed at the U.S. to be $300 billion and risingNASA is a world leader in innovation, and thus, a highly targetedorganization.Exploitation of cyberspace to attempt to gain access to space systems technologies and information is growing exponentially and requires constant diligence.
  6. 6. Why Now?What is the national priority at this time? • President’s Vision for Space Exploration directed NASA to design and build systems and infrastructure to return the nation to the Moon, Mars, and beyond. • Exploration Systems represent NASA’s future and one of its highest priorities. • Under the “10 Healthy Centers” concept, all ten (10) NASA Centers have Exploration Systems Work Assignments. • The Constellation architecture involves new systems, technologies, tooling and equipment, and manufacturing processes that may provide the U.S. a technological advantage. • National Space Policy states that the U.S. will take those actions necessary to “protect its space assets”.Recently completed counterintelligence threat products address specific threats to NASA research, technologies, and programs. Contact your Center Security or Counterintelligence Office for availability.
  7. 7. The ESMD Model The Technology Protection Working Group (TPWG)Multi-discipline Agency-wide forum with the core skills necessary formanaging security risks on major high priority programs / projectsFacilitates Technology Protection Program planning and implementation: Assists the PM in identifying Mission Critical Information Enhances operational readiness and mission success Protects national security interests against threats Prevents unauthorized disclosure of sensitive information Helps maintain the U.S. technological advantage in Space Ensures the proper horizontal protection of inherited technologies from DoD and other government entities TPWG processes and recommendations do not hinder the authorized sharing of NASA information. The process is designed to quickly and precisely identify the information requiring protection.
  8. 8. Technology Protection Program Full IntegrationNPR 7123.1A Technology Protection Working GroupNASA Systems Engineering Processes and Requirements CharterPurpose: Goal:The stakeholder expectations definition process is used to “The goal of the TPWG is to assist Program Managers inelicit and define use cases, scenarios, operational the identification and protection of Mission Criticalconcepts, and stakeholder expectations for the applicable Information (MCI) generated by the research,product-line life-cycle phases and WBS model. This development and acquisition communities that providesincludes requirements for: and maintains NASA’s competitive advantage in Space.” This includes requirements for: a. operational end products and life-cycle-enabling products of the WBS model; a. identifying MCI in the WBS model b. expected skills/capabilities of operators or users; b. operational protection end products and life- cycle-enabling protection processes of the WBS c. expected number of simultaneous users; model d. system and human performance criteria; c. performance criteria for protection e. technical authority, standards, regulations, and d. technical authority, standards, regulations, and laws; laws with respect to protection/security f. factors such as safety, quality, security, context e. security factors (vulnerability and threat) of use by humans, reliability, availability, maintainability, electromagnetic compatibility, f. local management constraints on how protection interoperability, testability, transportability, will be implemented (e.g., operating procedures) supportability, usability, and disposability; g. local management constraints on how work will be done (e.g., operating procedures) The TPWG mitigates program security risks, improves the efficiency of the protection program, reduces regulatory compliance costs, and streamlines security operations.
  9. 9. Protection Products Full Range of Tailored Security Product Offerings Include…• Security Management Plan • Security Classification Guide• Technology Assessment and • Life-cycle Cost Analysis Control Plan (TA/CP) • Transportation Security Plan• Export Control Plan • Preliminary System Security• Security Surveys Concept• Security Trade Studies • Systems Security Authorization• Threat & Vulnerability Reports Agreement for IT Systems• Counterintelligence Surveys • Mission Critical Information• TP Process Assurance Maps Assessment (MCIA)
  10. 10. Protection Services Comprehensive Set of Security Services to Include…• Security Requirements Definition • Risk Management and Decision• Security Policy Reviews Support • Export Control Guidance• Threat & Vulnerability Analysis • Information Technology• Protection and Mitigation Planning Security/Information Protection• Multi-Center/Multi-Agency Coordination Coordination • Technology Protection Working• Industry Partner Security Interface Group Facilitation and Performance Monitoring • Education & Awareness (e.g.,• International Cooperation SBU) Interface • Counterintelligence Support • Secure Communications Planning
  11. 11. TPWG Organization Structure Exploration Systems Mission Directorate Office of Security and Program Protection (ESMD ) Associate Administrator (OSPP) Directorate Integration Assistant Officer Administrator Technology Protection Working Group Chair CxP OCIO, S&MA,Management • Program TPOs • Counterintelligence • Center IPOs Export, etc. • Center TPOs • Industry partners • ESMD RM ACD • Scientists • Center security • Engineers CenterManagement Management Program Technology System Security Threat and Horizontal Policy Protection Trending Engineering Vulnerability Protection Compliance Program Project Element System Component “Complex System” Distributed Organizations Implementation Technology Policy Information Execution
  12. 12. TPWG NASA Representation – Full Integration Constellation Program fully engaged Scientists and engineers supported Ares I and Orion Technology Protection Portfolios 70% complete “Ten healthy Centers”
  13. 13. Technology Protection Program – A Project Resource
  14. 14. ESMD TPWG Community of Practice (CoP) Oversight by ESMD Directorate Integration Office Community in excess of 60 active members Risk Managers, Engineers, Export Officials, Security Industry partners
  15. 15. Technology Protection Program IPT ES MD ou ction an ng Prote d p n Pro ea atio Gr Pro nd E e n f o rm gr a m Wo logy gra ng a m sm In tT m inee rki no ses itical Ma Sc ch ien rs na r Te C tis ge on ts As ss i me Mi nt Center Chiefs of Security NASA Office of Security and Program Protection
  16. 16. ESMD Technology Protection Program Model CI Program TPWG Information Project Protection TPO IPO MCI Information Technology Security
  17. 17. What is Mission Critical Information (MCI)?NASA information related to research, technologies, projects, programs,or systems that, if released outside established protocols could: Significantly affect NASA resources, requiring additional research, development, tests, or evaluation to overcome the adverse effects of unauthorized releases - and / or - Significantly reduce the performance or effectiveness of NASA research, projects, technologies, programs, or systems - and / or - Have a significantly adverse affect on the United States’ advantage in space and other current and emerging technologies With a multitude of technologies and systems under review, the definition of significant will be specific to each potential MCI during an assessment, with a basis of concepts such as Evolutionary/Revolutionary, State-of-the- Art (SOA) vs. State-of-the-World (SOW), and specific impacts to NASA’s programs and missions.
  18. 18. Technology Protection Program Full IntegrationThe TP Program Model The TP Program Team ES CI MD ou ction nd a ng Prote n p ea atio Pro Pro nd E Gr en form Program TPWG Information m g Wo ology gra ng a ram Project Protection ssm l In tT m inee rki TPO IPO sse itica Sc Ma n ch ien rs MCI n Cr Te ag tis on ts em ssi A en Mi t Center Chiefs of Security Information Technology Security NASA Office of Security and Program ProtectionThe NASA TP Program model works because of the MCI team’s understanding of the Program’s cost, schedule and performance drivers. The technology protection team is respectful of the NASA mission, history and culture. These characteristics are the key to minimizing the impact to the Program schedule and is one of the reasons for the Program’s success.
  19. 19. MCI Assessment Participants PM PM Selected Project SMEs (as needed) TPO Mission Critical Information Assessment TPWG Team Oversight Counterintelligence, IA, IT, security, etc. Mission Critical Information Assessment Team• Team of scientists, engineers, and security analysts• Technical connection with NASA Program personnel• Recommends MCI for PM consideration• Develops and delivers all associated documentation (Technology Protection Portfolio)• Collaborates with the Security and Intelligence functions of the TPWG team
  20. 20. MCI Assessment NASA Personnel and Contributions NASA Scientists and Engineers MCI Project/Element Manager Protective Services (OSPP)
  21. 21. Technology Protection Cycle Requires NASA ProgramP1 Level Decision Discovery Activities P2 P4 Assessment Initiate NASA Perform Preparation TVA Process Risk Analysis Technical Initiate Select Final Discussions Controls v Controls P3 P5 Technical Discussion Evaluate Develop Analysis Vulnerabilities Protection Plan MCI Continuously Develop Confirmation Implementation Plan Periodically
  22. 22. Technology Protection Program Full Integration NASA Project Life Cycle NASA Systems Engineering Handbook, page 20, DECEMBER 2007 *MCI re-assessments performed as required MCI review Technology MCI assessment completion Protection Identify initial controls and threats Activities Identify vulnerabilities and validate threat Final controls selection / continuous risk management
  23. 23. Technology Protection Phases and Associated Activities Element Technology Determine Determine impact Utilize security “best P2 - Initiate TVA P5 - Protection ImplementationP1 - MCI Assessment P4 - Risk Analysis Information adversary intent on NASA if practices” (trade gathering and and capability to exploitation occurs studies, etc.) review exploit technology Determine Implement cost Conduct technical Determine facilities, appropriate / effective and discussions with personnel acceptable level of efficient controls scientists, (government and risk based on risk engineers, security, contractor, US and analysis and CI professionals foreign), Develop controls components where Review final which mitigate risks Continuously P3 - Evaluate Vulnerabilities Reach back to MCI resides (element specific) and bring risk into monitor and contractor threat product “acceptable” limits improve the teammates Implement initial protection process scientists and transparent controls Determine threats engineers as to MCI in programs, Ensure necessary facilities, systems, improvements are components, and documented and MCI and information personnel considered for requiring controls implementation identified Prioritize vulnerabilities of Immediate controls MCI placed on information as Adjust initial required controls if necessary MCIA Report Initial Controls Final Controls Report Implementation Plan Significant Issues Report Portfolio Sections I - V Portfolio Section VI Portfolio Section VII Portfolio Section VIII
  24. 24. Element, Project, Technology Protection Portfolios Program Management Technology Protection Process Brief Section I This brief provides an overview of the NASA Technology Protection (TP) Process. This overview includes key participants, defines key terminology, outlines the phases of the TP Process and provides details of the products from the various phases of the TP Process. Technology Protection Process Execution Plan (EP) Section II This plan describes in detail the TP Process phases and associated documentation. The plan also provides a schedule, personnel selected by the Element Manager (EM), and NASA TP Program points of contact. Scientist and Engineers Technology Protection Process BriefSection III This brief provides an overview of the NASA TP Program and outlines the roles and responsibilities of the scientists and engineers identified by the EM. The brief also presents the initial results of the discovery phase of the TP Process. Mission Critical Information (MCI) Technical Discussions Results BriefSection IV This brief provides the EM MCI recommendations from the Technology Protection Working Group (TPWG) based on the analysis of the technical discussions with Element scientists and engineers. Mission Critical Information Assessment Report (MCIA-R)Section V This report documents the EM determination of MCI. The report also provides detailed information about Element MCI and highlights any significant issues identified during the TP Process. Initial Controls Report (ICR)Section VI This report documents the TPWG recommendations for initial Element controls to immediately enhance the protection of MCI based on the baseline threats to the Element MCI. The report also includes Element general threat awareness. Final Controls Report (FCR)Section VII This report contains the NASA Headquarters Counterintelligence (CI) validated threats to Element MCI, vulnerability analysis, and TPWG recommended final controls based on the level of risk acceptable to the EM and metrics obtained from the initial controls selected in the ICR. Implementation GuidanceSection VIII This document provides recommendations to the EM detailing the manner in which the EM selected final controls may be implemented. This guidance is focused on the MCI only.
  25. 25. Example: J-2X Technology Protection Portfolio
  26. 26. The Information Dilemma Desire / need Department of to publish Commerce Mandate to Department of collaborate State International National partnerships Security Need to Share Need to ProtectNational Aeronautics and Space Act of 1958 calls National Space Policy, 2006, states that spacefor the widespread dissemination of newfound capabilities are vital to the Nation’s interests andtechnologies to the public. the U.S. will “take those actions necessary to protect its space capabilities.”
  27. 27. ESMD Technology Protection Program To-date On center activities Planned center activities (< 6 months) Planned center activities (> 6 months)
  28. 28. Technology Protection Program Full IntegrationPilot Program (Years 1-2) Year 3 Year 4+ Program Development Lunar Lander Ares V Ares I Extravehicular Activities Science and Technology Elements Orion Program refinement Systems Integration Elements
  29. 29. Constellation Program Work Breakdown Structure Pilot Program Year 3 Sustainment
  30. 30. Horizontal Protection and Awareness of NASA MCIElement SM US MCILocationThreat
  31. 31. Horizontal Protection and Awareness of NASA MCIElement SM US MCI 1 2 3 4 5 6 7LocationThreat
  32. 32. Horizontal Protection and Awareness of NASA MCIElement SM US MCI 1 2 3 4 5 6 7LocationThreat
  33. 33. Horizontal Protection and Awareness of NASA MCIElement SM US MCI 1 2 3 4 5 6 7Location A B C D E F G H I J K L MThreat
  34. 34. Horizontal Protection and Awareness of NASA MCIElement SM US MCI 1 2 3 4 5 6 7Location A B C D E F G H I J K L MThreat
  35. 35. Horizontal Protection and Awareness of NASA MCIElement SM US MCI 1 2 3 4 5 6 7Location A B C D E F G H I J K L MThreat α β γ δ
  36. 36. Horizontal Protection and Awareness of NASA MCIElement SM US MCI 1 2 3 4 5 6 7Location A B C D E F G H I J K L MThreat α β γ δ
  37. 37. Horizontal Protection and Awareness of NASA MCIElement SM US MCI 1 2 3 4 5 6 7Location A B C D E F G H I J K L MThreat α β γ δ
  38. 38. Horizontal Protection and Awareness of NASA MCIElement SM US MCI 1 2 3 4 5 6 7Location A B C D E F G H I J K L MThreat α β γ δ
  39. 39. Horizontal Protection and Awareness of NASA MCIElement SM US MCI 1 2 3 4 5 6 7Location A B C D E F G H I J K L MThreat α β γ δ
  40. 40. Horizontal Protection and Awareness of NASA MCIElement SM US MCI 1 2 3 4 5 6 7Location A B C D E F G H I J K L MThreat α β γ δ
  41. 41. Horizontal Protection and Awareness of NASA MCIElement SM US MCI 1 2 3 4 5 6 7Location A B C D E F G H I J K L MThreat α β γ δ
  42. 42. Horizontal Protection and Awareness of NASA MCIElement SM US MCI 1 2 3 4 5 6 7Location A B C D E F G H I J K L MThreat α β γ δ
  43. 43. Horizontal Protection and Awareness of NASA MCIElement SM US MCI 1 2 3 4 5 6 7Location A B C D E F G H I J K L MThreat α β γ δ
  44. 44. Horizontal Protection and Awareness of NASA MCIElement SM US MCI 1 2 3 4 5 6 7Location A B C D E F G H I J K L MThreat α β γ δ
  45. 45. Technology Protection Program Benefits to the PM Increased Project Manager Control • Puts PM in control of Technology Protection process • Program specific tailored execution plan • Programs will be proactive instead of remaining reactive • Function is responsive to the Program • Real time Technology Protection status and metrics • Not an audit or inspection Increased Value • Multi-disciplinary team of unbiased subject matter experts • Extremely useful products (TP Portfolio with 8 sections) which is 100% consistent with existing NPR and other policy requirements • Horizontal aspects Communication Integration Protection resulting in consolidated ESMD MCI List • Team develops all Technology Protection related documents Coordinating with all relevant Program, Center, Directorate, and NASA HQ Technology Protection stakeholders
  46. 46. Results Oriented We Moved From… …ToNot Knowing Program Expectations and Security Needs Direct PM Involvement and Decision MakingMinimal Direct Security Staff Involvement w/ Projects Cohesive Team w/ Core Security Competencies Implementation of Security Risk Management;No candidate program security risks Mitigation of two Top Directorate Security RisksInconsistent Adherence to Security Policy and Practices PM approved comprehensive Security Management Plan“Reactive” Security Response to Projects “Proactive” Security Response/Results Oriented Greater Employee Security Awareness, online educationNegligible Program Workforce Security Awareness tools, and quality briefingsMinimal Understanding of Threats directed at NASA Current Program Threat AssessmentNo Process to Determine Mission Critical Information Model Process for Determining MCIFew Quality Security Products Multiple High Quality Security ProductsNo Cross-cutting Communications Established Integrated Product Team (IPT)No overall Program Protection Strategy Protection Strategies Designed to Ensure Success TPWG is the controlling element of a Closed-Loop Security System
  47. 47. Acronyms ACD - CI - Counterintelligence CoP - Community of Practice CPP - Certified Protection Professional CxP - Constellation Program DIO - Directorate Integration Office EP - Execution Plan ESMD - Exploration Systems Mission Directorate FCR - Final Controls Report HQ - Headquarters IA - Information Assurance ICR - Initial Controls Report IPO - Information Protection Officer IT - Information Technology MCI - Mission Critical Information MCIA - Mission Critical Information AssessmentMCIA-R - Mission Critical Information Assessment Report NCIX - National Counterintelligence Executive NPR - NASA Procedural Requirements OCIO - Office of the Chief Information Officer OSPP - Office of Security and Program Protection RM - Risk Manager S&MA - Safety and Mission Assurance SM - Service Module TBD - To be determined TP - Technology Protection TPO - Technology Protection Officer TPWG - Technology Protection Working Group TVA - Threat and Vulnerability Assessment US - Upper Stage WBS - Work Breakdown Structure
  48. 48. Backup
  49. 49. When Technology Protection? Earlier the better… Desired Capability X >> Y X Y Capability s ss s re gre g ro rp pro a ne Li ted elera Acc We are here….. But on this track? Or, on this track? Capability / maturation level when initial implementation of TP is too late Time http://www.foresight.org/UTF/Unbound_LBW/chapt_4.html
  50. 50. CxP Security Documentation Tree Program Plan A1: Needs, Goals & Objectives CxP 70003 A2: Integrated Master Plan A3: Acquisition Plan System s M anagem ent Architecture Cx Architecture Safety, Reliability & Program Description Engineering Risk M anagem ent System s Plan Requirement Quality Assurance M anagem ent Plan Docum ent M anagem ent Plan Plan (RM ) (M SP)Docum ent (CARD ) (SR&QA) (PMP) (ADD ) (SEMP) 70056 70072 70000 70055 70070 70077 70013 CxP 70070-ANX05-03 - SMP CxP 70171 – Information CxP 70170 - Functional CxP 70070-ANX05 Book 3: Information Systems Contingency Planning & Technology Security Security Requirements Security Reporting Architecture (Form erly (Formerly SMP Book 1) SMP Book 2) M anagement Plan CxP 70070-ANX05-04 - SMP Book 4: Technology Protection (SMP) Program Plan (TPPP) CxP 70070-ANX05-05 - SMP Book 5: Emergency Response & Continuity of Operations Plan (COOP) M ission Ground EVA System s Lunar System s Orion Ares Operations Operations Altair (ES) Surface Project Plan Project Plan (M O) (GO) Project Plan Project Plan Project Plan Project Plan Project Plan
  51. 51. Technology Protection Program – The Early Days• Focused on the “bigger picture” – broader national perspective• Performed an early Gap Analysis to determine in-place vs. desired end state for security• Identified and applied security Lessons Learned from past NASA and DoD programs• Heavily leveraged use of institutional security support, thus gaining PM backing• Tracked the program “flow of events” to establish what issues are most important to attack first• Recruited team players; valued all contributions• Brought energy, intensity, and a creative new approach to security planning• Took small steps over time and quietly overcame objections or obstacles• Established a holistic approach for prioritizing security goals based on mission objectives• Leveraged use of in-house (no cost) software tools to enhance efficiency Building future capability and gaining respect from within the intelligence and DoD communities
  52. 52. Benefits/Value• Customer Focused – better able to satisfy most urgent ESMD security needs• Early life-cycle Planning – so that resources can be applied and managed; early discovery and resolution of problems• Maximum Flexibility – encourage creative problem solving• Event Driven – to ensure security product maturity is incrementally demonstrated, i.e., response to key decision point / critical milestone reviews• Multi-disciplinary Teamwork – Synergy: right people at the right place and at the right time to make timely decisions• Seamless Management and Communication Tools – to ensure teams have all available information, i.e., risk management tool, community of practice, etc.• Proactive Risk Identification – rapid reduction of risk/uncertainty Technology Protection must demonstrate a Return on Investment
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×