Cyber Security and Information SystemsInformation Analysis Center

CSIAC

Technical Focal Point Kickoff Meeting

Thomas McGibbon31 July 2012

1Quanterion Proprietary

Meeting Purpose

• Understand your role as the technical focal point in one of the CSIAC technical areas

• Begin to discuss how CSIAC will operate once operational

• Begin the collaborative process to define the short term and long term technical agenda– Year 1 has to be defined by September 30, 2012

Quanterion Proprietary 2

Meeting Agenda

• CSIAC Vision and Background (Functional + Contractual)

• Teammates• Role of Technical Focal Points (TFPs)• Priorities from DTIC

– Better Buying Power– Community of Practice

• Specific TFP Areas of Responsibility/Help Needed

Quanterion Proprietary 3

CSIAC Vision (Draft)

The CSIAC expands user’s awareness and knowledge of (cyber/IA, software engineering, M&S, KM&IS) through community facilitation, collaboration and sharing of experiences and scientific and technical information.

Quanterion Proprietary 4

CSIAC Basic Center Operations• Core Functions (funded by DTIC)

– Information Collection– Information Management– Information Analysis– Information Dissemination

• Core Analysis Tasks (CATs)– Customer funded tasks– Limited to $500k– Limited to less than 1 year– No single customer (person) can have more than one

active

Quanterion Proprietary 5

Functional Subject Areas of CSIAC

• Consolidation of:– Software Data & Analysis (formerly covered by DACS). – Information Assurance (IA) (formerly covered by IATAC). – Modeling & Simulation (M&S) (formerly covered by MSIAC). “As a result of this consolidation, all tasks and deliverables described herein shall

be applicable to all three focus areas; the contractor is not expected or required to generate work products specific to each of the three legacy categories (for example, only one CSIAC newsletter and one CSIAC website is required).” From CSIAC Performance Work Statement

• Plus New Area:– Knowledge Management & Information Sharing (KM & IS) (New

Subject Area).

6Quanterion Proprietary

Contractual Elements of CSIAC• Phase Out/Phase In Activities (Fully Funded: 01 Jul 2012

– 30 Sep 2012)– DACS Phase Out and Transition to CSIAC– IATAC Phase In. Funded through CSIAC. Booz Allen

operates IATAC– MSIAC Phase In. Funded through CSIAC. Alion operates

MSIAC• CSIAC Basic Center Operations (Oct. 1, 2012 – June 30,

2017 if options exercised). – 21 month base period (funded through December 2012)– 24 month option– 12 month option

7Quanterion Proprietary

DACS Phase Out/Continue Operations

• Continue DACS BCO Operations • Merge/Transition the DACS Community of Practice and DACS

Website and DACS ISS to create the CSIAC Foundation Website and ISS – Modify as needed to be able to accept new websites (IATAC, MSAIC,

KM&IS)– Transition Existing DACS Databases– FYI: CSIAC Website to be Operational by September 1

• Convert DACS Holdings/Inventory to CSIAC Holdings/Inventory• Enhance SDTATIC to support vendor data entry• Create Software Reliability – Security Training Course• Presenting at Australian ISSEC Conference and First Technical

Working Group Meeting

8Quanterion Proprietary

IATAC Phase In

• Booz-Allen IATAC Phase Out Contract to Begin July 16.

• Have had several discussions with Booz Allen IATAC Management– Initial Trip To Booz Allen: 19 July 2012

• Have Received Booz Allen IATAC Transition Plan• CSIAC Shares Booth Responsibilities with IATAC at

IA Exposition August 28-30 @Nashville

9Quanterion Proprietary

MSIAC Transition

• Alion MSIAC Phase Out Contract Began July 20.

• First meeting held 25 July 2012– Hard delivery of equipment – mid-September– Delivery of software/database – mid-August

• Meeting with Jesse Citizen (MSCO) – 3 Aug 2012

• Face to face with Alion – TBD. • John Dingman MSIAC transition lead

10Quanterion Proprietary

Other Efforts During 3-Month Transition

• (Stand up CSIAC Website within 60 Days) (A001)• (Stand Up ISS Within 60 Days) (A002)• First Quarterly Journal within 90 Days (A004)• Operational and Strategic Plan within 90 Days (A008)• Government Property List within 90 Days (A011)• Weekly Activity Report (A009)• Weekly Phase-In/Transition Report (A012)• Cost Tracking/Financial Report – Monthly (A015)• Quality Control Plan within 30 Days (PWS 2.1) - completed• SME Criteria Report within 30 Days (PWS 1.4.3.2) - completed

• Procure CSIAC Booth• Develop Initial CSIAC Marketing Material

11Quanterion Proprietary

Major Subcontractors• AEgis Technologies – Modeling & Simulation Technical Focal Point.

Simulation software and training simulators… Offices in Huntsville; Arlington, VA; Boston/Newport, RI; Orlando.

• Assured Information Security (AIS) – Leading contributor in IO, CNO, CNE, CND. Primary Location – Rome, NY but numerous customers elsewhere

• SRC, Inc, - Formerly Syracuse Research – Capabilities in IO, IA, Data Mining, Visualization, Fusion, EW

• Syracuse University – CASE Center and iSchool – systems security, data mining, systems modeling, Community of Practice.

• George Mason University – Cyber Security/IA within their Critical Infrastructure Protection Program; Knowledge Management, ++.

• University of Southern California – World class capabilities in software/systems engineering and Modeling & Simulation (GAMEPIPE, MOVES)

12Quanterion Proprietary

Subcontractor’s Deliverables

• Each Major Funded Subcontractor asked to provide:– Journal article (week 2)– Marketing material (week 4)– Identified info and products that could be utilized

by CSIAC (week 6)– SMEs (week 6)– Suggested webinar topics (week 6)

Quanterion Proprietary 13

Other Subcontractors

• SUNYIT• Utica College• Griffiss Institute• WetStone• SURVICE• APTIMA• Minerva Engineering

Quanterion Proprietary 14

Help Needed for your Technical Area

• Interacting with relevant subcontractor(s) to– Review material provided– Marketing: Identify key skill sets– Marketing: Identify significant projects– Identify related products/training material– Identify services we can perform– SMEs– Webinar topics/presenters

Quanterion Proprietary 15

Technical Focal Points• Software Data & Analysis (formerly covered by DACS).

Technical Focal Point: Taz Daughtrey (hdaughtrey@quanterion.com)

• Information Assurance (IA) (formerly covered by IATAC). Technical Focal Point: Michael Weir (mweir@quanterion.com)

• Modeling & Simulation (M&S) (formerly covered by MSIAC). Technical Focal Point: Steve Swenson – Aegis (sswenson@aegis.com)

• Knowledge Management & Information Sharing (KM & IS) (New Subject Area). Technical Focal Point: David Lankes – SU (rdlankes@gmail.com)

16Quanterion Proprietary

Technical Focal Points Responsibilities• As a group, in collaboration with CSIAC Director/Deputy, and individually within

respective Technology Area:– Contribute to technical plan/agenda for each year of contract. Supports development of

Operational Plan– Active facilitation and growth of community of practice members and participation– Interact with teammates to define capabilities of entire team within area of responsibility.

Supports development of CSIAC marketing material. Includes funded subs as well as other subcontractors.

– Support transition activities in related area– Participation in Journal Editorial Board. Identify and secure Journal articles

• Suggest members to Journal Editorial Board – Identify, secure and host 1 webinar per quarter– Identify, secure and host 2 podcasts per quarter– Steering Committee Meeting Attendance, as needed

• Suggest members to Steering Committee– Support, as needed, response to Technical Inquiries– Presentations: Steering Committee Meetings; to DTIC; Conferences, etc.– Development/Quality of other CSIAC Products, aligned with stated objectives, as defined– KM&IS – secure basic capabilities (see slide)– Other, as discussed

17Quanterion Proprietary

CSIAC Areas of Emphasis:Acquisition Community Support

• Center for Strategic and International Studies (CSIS) Study1 identified the following needs for IACs:– Support to Acquisition Community – Acquisition

Affordability Initiative• “Expanded use of steering committees will increase the

potential for IACs to add value to the DoD acquisition process”

– Focus Products on Better Buying Power Initiative• CSIS Study highlighted DACS S2CPAT Effort as a

positive step “to facilitate defense system affordability”

18

1 A Case Study for Better Buying Power: Information Analysis Centers of the Defense Technical Information Center, April 2012

Quanterion Proprietary

S2CPAT – Software & Systems Cost and Performance Analysis Toolkit

• S2CPAT is a repository of size, cost, and schedule data (SRDR format) reported on major weapon systems acquisitions at each acquisition milestone

• S2CPAT is a software interface to the repository to generate relevant statistics and graphs of data in the repository

• Goal of S2CPAT is to capture and analyze system and software engineering data and make it available to the IAC and USC CSSE communities

• Viewed as an example of what DTIC wants BCOs to do• Brief Demo…

Quanterion Proprietary 19

Quanterion Proprietary 20

Australian DMO InterestAustralian DMO Interest

CSIAC Areas of Emphasis:Community of Practice

• 1.4.1.4c Internet/Website “…The contractor shall develop/maintain an internet home page website for CSIAC within 60 days from award of contract with related collaboration areas for CSIAC groups…”

• 1.4.1.4c Internet/Website “…build an interactive CSIAC community of practice…”

• 1.4.4 Information Dissemination. “…In developing these products, the Community of Practice (CoP) will be used to gauge product interest, identify other supporting STI, and dissemination of product announcements”

• The IAC shall build a community of subject matter experts (SMEs) and provide long-term STI corporate memory for the DoD and enable DoD to avoid the creation of duplicate holdings of STI, as well as duplicate analytical capabilities in various R&D support components.

21Quanterion Proprietary

Community of Practice?A community of practice (CoP) is, according to cognitive anthropologists Jean Lave and Etienne Wenger, a group of people who share a craft and/or a profession. The group can evolve naturally because of the members' common interest in a particular domain or area, or it can be created specifically with the goal of gaining knowledge related to their field. It is through the process of sharing information and experiences with the group that the members learn from each other, and have an opportunity to develop themselves personally and professionally (Lave & Wenger 1991). CoPs can exist online, such as within discussion boards and newsgroups, or in real life, such as in a lunch room at work, in a field setting, on a factory floor, or elsewhere in the environment.

- WikipediA

22

CSIAC CoP Groups• Public CSIAC (admins: McGibbon, Burke,

Dingman)• Public (people can join)

– Public Software Data & Analysis– Public Modeling & Simulation– Public Information Assurance– Public Knowledge Management

• Private – CSIAC TFPs– CSIAC First Responders– CSIAC SMEs

Quanterion Proprietary 23

CSIAC CoP• The CSIAC website (www.thecsiac.com) will become the CoP by September 1,

2012.• The current www.thecsiac.com website is not the CoP but is just a placeholder

with contact info• The CoP can be found at community.thecsiac.com

– On or about September 1, it will become www.thecsiac.com– It is a functional work in progress

• Discuss and Demo Today:– CoP Navigation– Groups– Discussions within Groups– Our Community

• Keys to Navigation– Access to your profile (and logout) by Clicking on “Welcome _____”

• “Edit my profile” under your photo– Most of the CoP stuff is under “Community”

• Groups• Your Groups >> Tech Focal Point Group

Quanterion Proprietary 24

Usage of the CoP• In developing these products, the Community of Practice (CoP) will be used

to gauge product interest, identify other supporting STI, and dissemination of product announcements. – from CSIAC SOW– Upcoming training/webinars– Reports…

• Build reputation. – Post useful guidance/best practices– Discuss topics of the day

• Gather information for response to technical inquiries• Identify ways to address challenge problems, steering committee

guidance, etc.• Collaborate• Facilitate discussion from all sources (CSIAC CoP, LinkedIn). Reach

closure.• Turn discussion into STI (?)

Quanterion Proprietary 25

CSIAC on LinkedIn

• DACS LinkedIn (2,662 Members)• IATAC LinkedIn (635 Members)

• (Defense Modeling and Simulation – 5,686 members)

Quanterion Proprietary 26

Tying it Together

27

Priorities of DTIC?• Moving away from IACs being viewed as a

repository to that of facilitating a community of practice

• Support to and STI from the Better Buying Power/Acquisition Community over the R&D Community

• Cyber Security and Technical Focus Areas:– Software Engineering– IA– M&S– KM&IS

Quanterion Proprietary 28

Steering Committee• Role:

– Advise the COR– Identify Community STI Needs– Review CSIAC Work Items

• Meet yearly• Review previous years accomplishments• Propose upcoming year plans

• Create a discussion group

• Membership suggestions based on priorities

Quanterion Proprietary 29

Journal & Journal Editorial Board• Plan: Each issue will be topic oriented but have a

blend of topic areas. Agree?• Meet Quarterly• Feedback on Previous Issue• Identify future themes• Aid in finding authors• Author articles• They are an SME

• Membership suggestions based on prioritiesQuanterion Proprietary 30

Technical Inquiries

• 4 free hours• Count based on any request that requires

effort of significance on our part• Collected from CoP and other inquiry basis• “CSIAC First Responders” Group

Quanterion Proprietary 31

SMEs

• Need help in identifying SMEs from Taxonomy– Software – SWEBOK– IA – CISSP– M&S - ?– KMIS - ?

Quanterion Proprietary 32

Conferences

• Please provide prioritized list of top 3 conferences for your area:– Booth needed?– Attend only?– Present?

Quanterion Proprietary 33

Legacy Initiatives from DACS

• S2CPAT – CSIAC/USC Repository• Community of Practice• Software Development Tools and Technology

Info Clearinghouse (SDTATIC): can be used at categorizing tools against a taxonomy

• ROI Dashboard – Return on Investment Display system based on XML data

• Software Models Repository (SWMR)

Quanterion Proprietary 34

Legacy Initiatives from IATAC

• SME Program• Academic Outreach• IATAC IA Digest…• IATAC Cyber Events Calendar…

Quanterion Proprietary 35

36

IA Digest, Cyber Events Calendar, Research Update, TIPR … informing the community

Weekly news summary

Provides hot links to articles and news summaries

Transmitted in HTML formatted email

RSS Capability Tracking process for

gauging interest in specific topics

Semi-annual email Informs community of

significant TAT work Expanding to

incorporate significant work in academia

Pinpointing S&T and R&D officials within DoD and government

Online calendar of events

Updated weekly Includes both

conferences and training workshops

Significant secondary distribution

vCalendar and RSS capability

IATAC Core

36

Quarterly review of some of the technical inquires IATAC has received and answered

Profiles the IATAC Subject Matter Expert (SME) highlighted this quarter

Covers available IATAC products

Legacy Initiatives from MSIAC

• MSIS• Other TBD

Quanterion Proprietary 37

Products Requirement

Quanterion Proprietary 38

Training Requirement

Quanterion Proprietary 39

More Training Requirements

• 1 Free Webinar per Month• 2 Video Podcasts per Month; 15 minutes each

Quanterion Proprietary 40

Products and Training – Your Task• Collaboratively Identify 1-2 New Products:

– 1 to be completed by June 30, 2013– 1 to be completed by December 30, 2013

• Is there low hanging fruit from our team? Examples:– Recast our Handbook of Software Reliability and Security

Testing as a CSIAC product– Other existing reports/papers that could be easily

improved to be viewed as SOARs or CRTAs• Similar for Training• Identify Webinars• Identify Podcasts

Quanterion Proprietary 41

KM&IS – New IAC Area• Knowledge Management and Information Sharing:

Knowledge management (KM) is defined as the analysis and technical support of practices used in an organization to identify, create, represent, distribute, conduct and enable the adoption and leveraging of good practices embedded in collaborative settings and, in particular, in organizational processes. Information Sharing (IS) is defined as data exchange, communication protocols and technological infrastructures. It includes standardization of information, as well as the human functions involved in the semantic, pragmatic and social levels of organizational semiotics. The two areas of KM and IS are intertwined as information sharing is the foundation for knowledge management.

Quanterion Proprietary 42

KM&IS IAC Needs• Key teammates: SU and GMU School of Public Policy – Mark Addleson

(http://policy.gmu.edu/tabid/86/default.aspx?uid=7)• Be able to respond to technical inquiries• Identify SMEs• Identify:

– Who are the Major Organizations in KM&IS• Defense (OSD, Services,…)• Other Government (NIST, NSF, DoE, NASA,… Naval Post Graduate School, AFIT,….)• Academia (Degree Programs and Research Leaders)• Leading Companies (AEgis,….)

– “Thought leaders”– Leading Uses of KM&IS in

• -DoD• -Govt• -Commercial Industry

– Challenges in Using KM&IS– Government Requirements, if known

• -Standards• -Handbooks• -Policies• -Regulations

– Other websites– Major conferences/symposia– Databases and repositories available– Leading Periodicals and texts– Certifications in the field (by who, …)– Available training in KM&IS

• On-line• Other

– Body of Knowledge (?)

Quanterion Proprietary 43

Deliverables after Transition• Weekly Activity Reports – From Government meetings,

conference/workshop attendance (A009)• Quarterly CSIAC Journal (A004)• Quarterly Progress Report (A007)• Performance Metrics (A006)• Basic BCO Products (as generated) – requires approval

from COR before beginning work. Format has to be agreed to by Government. Requires SF298. (A010)

• DTIC IAC PMO Ad Hoc Deliverables and Data Requests (A016)

• IAC Quarterly Success Stories (A017)

Quanterion Proprietary 44

Metrics/How We Are Measured

45

Basic Center Operations (BCO) Monthly Metrics Reporting Template

Metric NameMetric Input - Reported on

Monthly BasisBrief Definition

1. Web inquiries

Number of document searches and downloads from the IAC database or Web, during the period. Does not include Web-page hits. This definition includes PDF, Word and HTML documents.

2. Web page requests Total Web page requests. Includes all document searches plus views of all pages on Web site.3. Technical inquiries completed

Personal contacts, phone calls, or email exchanges on a science and technology inquiry, completed during the period, regardless when initiated.

4. STI Documents added to the IAC collection

All science and technology documents added to IAC library during the period, regardless whether uploaded to TEMS. Includes CD-ROM and video.

5. STI Documents generated by TATs/CATs

New STI documents produced by the IAC in the course of Technical Area Task (TAT)/Core Analysis Task (CAT) work during the period. Includes CD-ROM and video.

6. Customer Funding from CATs Total customer funding from CATs7. Customer Funding from other IAC sales and services

Dollar value of all non-CAT customer funding. Includes publications, training, non-core products and services, databases, and software provided to IAC customers during the period.

8. Total Base Center Operations (BCO) spending

Dollar value of IAC spending during the month for Core activities. Broken out into TAT/CAT and non TAT/CAT related activities:

9. TAT/CAT related BCO spending

Directly supports work under a particular IDIQ TAT or a CAT (incorporating an article on a TAT/CAT into the newsletter, adding documents produced under a TAT/CAT to the collection, etc).

10. Non TAT/CAT related BCO spending

Other activities that fall under the general scope of BCO operations (e.g., production of newsletters [non-TAT/CAT content], answering technical inquiries [non-TAT/CAT-related], collecting STI [not for a TAT/CAT], etc.).

11. Number of training, symposia, seminars, or similar events

Number of training sessions, meetings, or seminar events attended during the period. Includes any events attended by the IAC, even if not presenting or staffing a booth.

12. Number of attendees at training or similar events

Number of non-IAC persons who attend IAC-hosted training events during the period. Includes attendees for training at external venues, as long as an IAC representative led the training session.

13. Inquiry and Product customer satisfaction

Average response to one or more five-point questions relating to technical inquiries, newsletters, software, and other products. Incorporate informal phone and email feedback. (For informal feedback: positive feedback will be recorded as a ‘5’ and negative feedback as a ‘2’; these numbers will be included as part of the monthly average, weighted the same as the surveys.)

14. CAT/training customer satisfaction

Average response to one or more five-point questions relating to trainings and CATs. Incorporate informal phone and email feedback. (For informal feedback: positive feedback will be recorded as a ‘5’ and negative feedback as a ‘2’; these numbers will be included as part of the monthly average, weighted the same as the surveys.)

Quanterion Proprietary

Technical Focal Points Responsibilities – Final (to be completed during presentation)

• As a group, in collaboration with CSIAC Director/Deputy, and individually within respective Technology Area:

– Contribute to technical plan/agenda for each year of contract. Supports development of Operational Plan

– Active facilitation and growth of community of practice members and participation– Interact with teammates to define capabilities of entire team within area of responsibility.

Supports development of CSIAC marketing material. Includes funded subs as well as other subcontractors.

– Support transition activities in related area– Participation in Journal Editorial Board. Identify and secure Journal articles

• Suggest members to Journal Editorial Board – Identify, secure and host 1 webinar per quarter– Identify, secure and host 2 podcasts per quarter– Steering Committee Meeting Attendance, as needed

• Suggest members to Steering Committee– Support, as needed, response to Technical Inquiries– Presentations: Steering Committee Meetings; to DTIC; Conferences, etc.– Development/Quality of other CSIAC Products, aligned with stated objectives, as defined– KM&IS – secure basic capabilities (see slide)– Other, as discussed

46Quanterion Proprietary

Due Dates• Interact with related subcontractors (slide 15) – within 1 week• Utilize Tech Focal Point Group CoP – within 1 week• Steering committee member suggestions (slide 29) - • Journal Editorial Board member suggestions (slide 30) - • SMEs (slide 32) -• Conferences (slide 33) –• Product suggestions (slide 38, 41) –• Training suggestions (slide 39, 41) –• Webinar suggestions (slide 40, 41) –• Video podcast suggestions (slide 40, 41) –• KM&IS Resources (slide 43) -• KM&IS SMEs (slide 43) -

Quanterion Proprietary 47

Discussion/Questions

• “Always looking for low hanging fruit”

Quanterion Proprietary 48