FORT GEORGE G. MEADE, Md. –
Following a successful nine-month pilot, Joint Force Headquarters – Department of Defense Information Network (JFHQ-DODIN) will officially launch its Cyber Operational Readiness Assessment program March 1.
Over the past four years, JFHQ-DODIN has made significant changes to the Department of Defense Command Cyber Readiness Inspection (CCRI) program, transforming from an inspection compliance mindset to an operational readiness mindset underpinning mission assurance. To enunciate this significant shift, the program has been renamed to the Cyber Operational Readiness Assessment (CORA).
According to Lt. Gen. Robert Skinner, commander of JFHQ-DODIN, CORA is one of the most critical components of the DoD’s cyber security strategy and lays a strong cornerstone to support the command’s goal of continuous holistic assessments. The new processes help strengthen the posture and resiliency of the Department of Defense Information Network (DODIN) by supporting DODIN Areas of Operation (DAO) commanders and directors in efforts to harden their information systems, reduce the attack surface of their cyber terrain, and enhance a more proactive defense. These are the foundational cybersecurity principles measured by the CORA program.
“CORA is a vital aspect of continually understanding our cyber readiness through fusing many risk factors including access control, detecting anomalies, adjusting to adversary threat information, and executing cyber orders,” Skinner said. “Ultimately, the assessment provides commanders and directors a more precise understanding of their high-priority cyber terrain and their overall cyber security and defensive posture enabling greater command and control and enhancing decision making.”
John Porter, JFHQ-DODIN’s acting director of DODIN Readiness and Security Inspections directorate, said “CORA represents a consolidated look at threat, vulnerability, and impact designed to give DAO commanders and directors relevant information for making decisions about cyber terrain, forces, and other resources”.
“CORA prioritizes MITRE ATT&CK mitigations to minimize adversarial risk to the Department of Defense Information Networks (DODIN) through JFHQ-DODIN’s risk-based metrics. The command created risk-based metrics after analyzing MITRE ATT&CK tactics, techniques, and procedures (TTPs) for initial access, persistence, privilege escalation, lateral movement, and exfiltration,” Porter said.
MITRE ATT&CK is a knowledge base of adversarial TTPs utilized by cyber defenders world-wide to protect and defend information systems and networks and hunt malicious actors.
Porter said “the JFHQ-DODIN CORA team developed key indicators of risk from the risk-based metrics to ensure alignment with JFHQ-DODIN cybersecurity priorities and to direct focus onto the most critical areas of remediation.” This, in turn, allows organizations to focus their mitigation efforts on risk and exposure to common adversarial TTPs. “Focusing on these essential remediation points allows DoD Components to concentrate limited resources and staffing on correcting high-risk areas,” Porter said. JFHQ-DODIN risk-based metrics and CORA key indicators of risk are adjusted as the MITRE ATT&CK TTPs and mitigations priorities shift, enabling the CORA program to keep pace with the rapidly changing cyber domain.
In addition to the key indicators of risk, Porter said “CORA is hyper-focused on securing the boundary.” The boundary consists of network perimeter devices, public and DoD facing assets servicing the public or external DoD components and any information systems with a direct interface to an external information system. The boundary reviews measure the cyber-hardening risk of information systems exposed to the public internet and the possibility that the malicious activity could spread to other DoD Components if an information system is compromised.
The Cyber Operational Readiness Assessment has become a more agile process encouraging and enabling adjustments in strides. The assessment can be adjusted as new orders, policies or directives are issued, add new assessed technology if Security Technical Implementation Guides exist, and adjust key risk indicators as the threat landscape changes.
The program will help ensure a strong cybersecurity foundation for all DoD networks. It will help DAO commanders and directors better understand the status of their high-priority terrain and their overall cyber security readiness and defensive posture and provide them with relevant information for making decisions about terrain, forces, and other resources. At the same time, it will provide the USCYBERCOM and JFHQ-DODIN commanders a greater understanding of level of risk to the DODIN. CORA is crucial for validating current, future, and emerging technologies that will help the DOD continuously monitor and assess terrain to assess and mitigate risk across the DODIN.
Joint Force Headquarters – Department of Defense information Network is the U.S. Cyber Command component that leads DoD’s unified force approach to network operations, security, and defense across the Department of Defense Information Network, commonly known as the DODIN. This global command and control responsibility underpinning all DoD missions works to ensure mission assurance and bolster DoD’s competitive advantage. The Command’s mission covers a broad range of activities on behalf of U.S. Cyber Command including proactive, threat-informed steps to reduce cyber risk across the DODIN, and leading response to attacks against the DODIN to ensure network operations remain agile and resilient. Lt. Gen. Robert J. Skinner is dual-hatted as the commander of JFHQ-DODIN and the director of the Defense Information Systems Agency (DISA).