Andrea Schaumann, Fortress’s director of federal programs and partnerships, gave a keynote address...
Fortress Promotes Supply Chain Risk Management at I/ITSEC 2022
Fortress Information Security attended the Interservice/Industry Training, Simulation and Education Conference (I/ITSEC) Nov. 28 through Dec. 2 in Orlando, where industry leaders discussed accelerating change by transforming training.
I/ITSEC is organized and sponsored by the National Training & Simulation Association (NTSA), which promotes international and interdisciplinary cooperation in modeling and simulation (M&S), training, education, analysis, and related disciplines. The NTSA is an affiliate subsidiary of the National Defense Industrial Association (NDIA), therefore, I/ITSEC also emphasizes themes related to defense and security.
“It’s not just about transforming the training criteria or the training materials,” said Andrea Schaumann, director of federal programs and partnerships at Fortress, “but also the development of training tools and enhanced modality of delivery, and then hardening the environment to protect the data.”
The Multi-Faceted Challenges of the DoD’s Training Environment
The complex nature of the military’s live, distributed training model presents a risk because it isn’t isolated within a simulator — it’s integrated with online DoD networks. The security of the data moving through those networks is critical.
“The same cyber issues we’re tracking in the real-world environment are relevant to providing safe training environments that don’t insert vulnerabilities and potentially become the next battlespace,” Schaumann said.
Those issues include leveraging the value of investments while keeping up with a rapidly changing landscape, the evaluation and protection of legacy systems as well as new acquisitions of both hardware and software, and ensuring that basic cyber hygiene controls are implemented across both.
There are multiple challenges presented by the training environment: the protection of assets such as aircraft and understanding exactly what components are going into those assets; costly investments in simulators that need constant upgrading and may be intermittently disconnected and reconnected to the whole ecosystem; and ensuring the software deployed in these environments is being vetted for vulnerabilities.
Hardware and software bills of materials (HBOM/SBOM) provide the means to break down and document those components to provide greater visibility into the supply chain, which in turn means a greater understanding of where vulnerabilities may lurk and how to mitigate them.
“You want to understand, if something goes wrong, how you recover as quickly as possible with as little downtime as possible, with as little risk as possible. Nobody wants to be inexorably linked to a breach, particularly if there’s safety involved,” Schaumann said. “Having that holistic view of the cyber supply chain risk management ecosystem and how all of those parts coexist within the training components is critical to recovery.”
I/ITSEC – An Opportunity to Educate
Fortress provides the tools and expertise to help defense organizations and the defense industrial base conduct hardware and software assessments, develop HBOMS and SBOMs, and understand how that information can be applied holistically to protect their supply chain. Educating both public and private entities on the cyber risk factors inherent to the DoD environment is key.
“Almost all of the conversations I’ve had this week have hinged on education first and then application of the tools second,” said Schaumann. “If you don’t fully understand what the requirements are, what you’re looking at, where the vulnerabilities exist, then you don’t know what the appropriate solutions are without over-hardening the environment and making it more difficult to function.”
Attending conferences like I/ITSEC provide the opportunity to speak with attendees directly about the unique challenges their organizations face and how we can build custom solutions to those challenges.
“We are really proud that we can build custom solutions, but what that means is a lot of times there are custom questions,” said Schaumann. “We like to have those conversations one-on-one so we can really build something meaningful and valuable to the customer.”
Listen to Andrea Schaumann’s appearances on the Defense and Aerospace podcast during I/ITSEC here:
Nov 30, 2022 - Cyber Report [Nov 30, 22] Andrea Schaumann's ITSEC Update & Justin Sherman on Russia Top Hacking Unit 'GRU 26165' - Defense & Aerospace Report (defaeroreport.com)
Dec 1, 2022 - Defense & Aerospace Daily Podcast [Dec 01, 22] Defending Taiwan & IITSEC Takeaways - Defense & Aerospace Report (defaeroreport.com)