Cyber Security and Information SystemsInformation Analysis Center
CSIAC
Technical Focal Point Kickoff Meeting
Thomas McGibbon31 July 2012
1Quanterion Proprietary
Meeting Purpose
• Understand your role as the technical focal point in one of the CSIAC technical areas
• Begin to discuss how CSIAC will operate once operational
• Begin the collaborative process to define the short term and long term technical agenda– Year 1 has to be defined by September 30, 2012
Quanterion Proprietary 2
Meeting Agenda
• CSIAC Vision and Background (Functional + Contractual)
• Teammates• Role of Technical Focal Points (TFPs)• Priorities from DTIC
– Better Buying Power– Community of Practice
• Specific TFP Areas of Responsibility/Help Needed
Quanterion Proprietary 3
CSIAC Vision (Draft)
The CSIAC expands user’s awareness and knowledge of (cyber/IA, software engineering, M&S, KM&IS) through community facilitation, collaboration and sharing of experiences and scientific and technical information.
Quanterion Proprietary 4
CSIAC Basic Center Operations• Core Functions (funded by DTIC)
– Information Collection– Information Management– Information Analysis– Information Dissemination
• Core Analysis Tasks (CATs)– Customer funded tasks– Limited to $500k– Limited to less than 1 year– No single customer (person) can have more than one
active
Quanterion Proprietary 5
Functional Subject Areas of CSIAC
• Consolidation of:– Software Data & Analysis (formerly covered by DACS). – Information Assurance (IA) (formerly covered by IATAC). – Modeling & Simulation (M&S) (formerly covered by MSIAC). “As a result of this consolidation, all tasks and deliverables described herein shall
be applicable to all three focus areas; the contractor is not expected or required to generate work products specific to each of the three legacy categories (for example, only one CSIAC newsletter and one CSIAC website is required).” From CSIAC Performance Work Statement
• Plus New Area:– Knowledge Management & Information Sharing (KM & IS) (New
Subject Area).
6Quanterion Proprietary
Contractual Elements of CSIAC• Phase Out/Phase In Activities (Fully Funded: 01 Jul 2012
– 30 Sep 2012)– DACS Phase Out and Transition to CSIAC– IATAC Phase In. Funded through CSIAC. Booz Allen
operates IATAC– MSIAC Phase In. Funded through CSIAC. Alion operates
MSIAC• CSIAC Basic Center Operations (Oct. 1, 2012 – June 30,
2017 if options exercised). – 21 month base period (funded through December 2012)– 24 month option– 12 month option
7Quanterion Proprietary
DACS Phase Out/Continue Operations
• Continue DACS BCO Operations • Merge/Transition the DACS Community of Practice and DACS
Website and DACS ISS to create the CSIAC Foundation Website and ISS – Modify as needed to be able to accept new websites (IATAC, MSAIC,
KM&IS)– Transition Existing DACS Databases– FYI: CSIAC Website to be Operational by September 1
• Convert DACS Holdings/Inventory to CSIAC Holdings/Inventory• Enhance SDTATIC to support vendor data entry• Create Software Reliability – Security Training Course• Presenting at Australian ISSEC Conference and First Technical
Working Group Meeting
8Quanterion Proprietary
IATAC Phase In
• Booz-Allen IATAC Phase Out Contract to Begin July 16.
• Have had several discussions with Booz Allen IATAC Management– Initial Trip To Booz Allen: 19 July 2012
• Have Received Booz Allen IATAC Transition Plan• CSIAC Shares Booth Responsibilities with IATAC at
IA Exposition August 28-30 @Nashville
9Quanterion Proprietary
MSIAC Transition
• Alion MSIAC Phase Out Contract Began July 20.
• First meeting held 25 July 2012– Hard delivery of equipment – mid-September– Delivery of software/database – mid-August
• Meeting with Jesse Citizen (MSCO) – 3 Aug 2012
• Face to face with Alion – TBD. • John Dingman MSIAC transition lead
10Quanterion Proprietary
Other Efforts During 3-Month Transition
• (Stand up CSIAC Website within 60 Days) (A001)• (Stand Up ISS Within 60 Days) (A002)• First Quarterly Journal within 90 Days (A004)• Operational and Strategic Plan within 90 Days (A008)• Government Property List within 90 Days (A011)• Weekly Activity Report (A009)• Weekly Phase-In/Transition Report (A012)• Cost Tracking/Financial Report – Monthly (A015)• Quality Control Plan within 30 Days (PWS 2.1) - completed• SME Criteria Report within 30 Days (PWS 1.4.3.2) - completed
• Procure CSIAC Booth• Develop Initial CSIAC Marketing Material
11Quanterion Proprietary
Major Subcontractors• AEgis Technologies – Modeling & Simulation Technical Focal Point.
Simulation software and training simulators… Offices in Huntsville; Arlington, VA; Boston/Newport, RI; Orlando.
• Assured Information Security (AIS) – Leading contributor in IO, CNO, CNE, CND. Primary Location – Rome, NY but numerous customers elsewhere
• SRC, Inc, - Formerly Syracuse Research – Capabilities in IO, IA, Data Mining, Visualization, Fusion, EW
• Syracuse University – CASE Center and iSchool – systems security, data mining, systems modeling, Community of Practice.
• George Mason University – Cyber Security/IA within their Critical Infrastructure Protection Program; Knowledge Management, ++.
• University of Southern California – World class capabilities in software/systems engineering and Modeling & Simulation (GAMEPIPE, MOVES)
12Quanterion Proprietary
Subcontractor’s Deliverables
• Each Major Funded Subcontractor asked to provide:– Journal article (week 2)– Marketing material (week 4)– Identified info and products that could be utilized
by CSIAC (week 6)– SMEs (week 6)– Suggested webinar topics (week 6)
Quanterion Proprietary 13
Other Subcontractors
• SUNYIT• Utica College• Griffiss Institute• WetStone• SURVICE• APTIMA• Minerva Engineering
Quanterion Proprietary 14
Help Needed for your Technical Area
• Interacting with relevant subcontractor(s) to– Review material provided– Marketing: Identify key skill sets– Marketing: Identify significant projects– Identify related products/training material– Identify services we can perform– SMEs– Webinar topics/presenters
Quanterion Proprietary 15
Technical Focal Points• Software Data & Analysis (formerly covered by DACS).
Technical Focal Point: Taz Daughtrey ([email protected])
• Information Assurance (IA) (formerly covered by IATAC). Technical Focal Point: Michael Weir ([email protected])
• Modeling & Simulation (M&S) (formerly covered by MSIAC). Technical Focal Point: Steve Swenson – Aegis ([email protected])
• Knowledge Management & Information Sharing (KM & IS) (New Subject Area). Technical Focal Point: David Lankes – SU ([email protected])
16Quanterion Proprietary
Technical Focal Points Responsibilities• As a group, in collaboration with CSIAC Director/Deputy, and individually within
respective Technology Area:– Contribute to technical plan/agenda for each year of contract. Supports development of
Operational Plan– Active facilitation and growth of community of practice members and participation– Interact with teammates to define capabilities of entire team within area of responsibility.
Supports development of CSIAC marketing material. Includes funded subs as well as other subcontractors.
– Support transition activities in related area– Participation in Journal Editorial Board. Identify and secure Journal articles
• Suggest members to Journal Editorial Board – Identify, secure and host 1 webinar per quarter– Identify, secure and host 2 podcasts per quarter– Steering Committee Meeting Attendance, as needed
• Suggest members to Steering Committee– Support, as needed, response to Technical Inquiries– Presentations: Steering Committee Meetings; to DTIC; Conferences, etc.– Development/Quality of other CSIAC Products, aligned with stated objectives, as defined– KM&IS – secure basic capabilities (see slide)– Other, as discussed
17Quanterion Proprietary
CSIAC Areas of Emphasis:Acquisition Community Support
• Center for Strategic and International Studies (CSIS) Study1 identified the following needs for IACs:– Support to Acquisition Community – Acquisition
Affordability Initiative• “Expanded use of steering committees will increase the
potential for IACs to add value to the DoD acquisition process”
– Focus Products on Better Buying Power Initiative• CSIS Study highlighted DACS S2CPAT Effort as a
positive step “to facilitate defense system affordability”
18
1 A Case Study for Better Buying Power: Information Analysis Centers of the Defense Technical Information Center, April 2012
Quanterion Proprietary
S2CPAT – Software & Systems Cost and Performance Analysis Toolkit
• S2CPAT is a repository of size, cost, and schedule data (SRDR format) reported on major weapon systems acquisitions at each acquisition milestone
• S2CPAT is a software interface to the repository to generate relevant statistics and graphs of data in the repository
• Goal of S2CPAT is to capture and analyze system and software engineering data and make it available to the IAC and USC CSSE communities
• Viewed as an example of what DTIC wants BCOs to do• Brief Demo…
Quanterion Proprietary 19
Quanterion Proprietary 20
Australian DMO InterestAustralian DMO Interest
CSIAC Areas of Emphasis:Community of Practice
• 1.4.1.4c Internet/Website “…The contractor shall develop/maintain an internet home page website for CSIAC within 60 days from award of contract with related collaboration areas for CSIAC groups…”
• 1.4.1.4c Internet/Website “…build an interactive CSIAC community of practice…”
• 1.4.4 Information Dissemination. “…In developing these products, the Community of Practice (CoP) will be used to gauge product interest, identify other supporting STI, and dissemination of product announcements”
• The IAC shall build a community of subject matter experts (SMEs) and provide long-term STI corporate memory for the DoD and enable DoD to avoid the creation of duplicate holdings of STI, as well as duplicate analytical capabilities in various R&D support components.
21Quanterion Proprietary
Community of Practice?A community of practice (CoP) is, according to cognitive anthropologists Jean Lave and Etienne Wenger, a group of people who share a craft and/or a profession. The group can evolve naturally because of the members' common interest in a particular domain or area, or it can be created specifically with the goal of gaining knowledge related to their field. It is through the process of sharing information and experiences with the group that the members learn from each other, and have an opportunity to develop themselves personally and professionally (Lave & Wenger 1991). CoPs can exist online, such as within discussion boards and newsgroups, or in real life, such as in a lunch room at work, in a field setting, on a factory floor, or elsewhere in the environment.
- WikipediA
22
CSIAC CoP Groups• Public CSIAC (admins: McGibbon, Burke,
Dingman)• Public (people can join)
– Public Software Data & Analysis– Public Modeling & Simulation– Public Information Assurance– Public Knowledge Management
• Private – CSIAC TFPs– CSIAC First Responders– CSIAC SMEs
Quanterion Proprietary 23
CSIAC CoP• The CSIAC website (www.thecsiac.com) will become the CoP by September 1,
2012.• The current www.thecsiac.com website is not the CoP but is just a placeholder
with contact info• The CoP can be found at community.thecsiac.com
– On or about September 1, it will become www.thecsiac.com– It is a functional work in progress
• Discuss and Demo Today:– CoP Navigation– Groups– Discussions within Groups– Our Community
• Keys to Navigation– Access to your profile (and logout) by Clicking on “Welcome _____”
• “Edit my profile” under your photo– Most of the CoP stuff is under “Community”
• Groups• Your Groups >> Tech Focal Point Group
Quanterion Proprietary 24
Usage of the CoP• In developing these products, the Community of Practice (CoP) will be used
to gauge product interest, identify other supporting STI, and dissemination of product announcements. – from CSIAC SOW– Upcoming training/webinars– Reports…
• Build reputation. – Post useful guidance/best practices– Discuss topics of the day
• Gather information for response to technical inquiries• Identify ways to address challenge problems, steering committee
guidance, etc.• Collaborate• Facilitate discussion from all sources (CSIAC CoP, LinkedIn). Reach
closure.• Turn discussion into STI (?)
Quanterion Proprietary 25
CSIAC on LinkedIn
• DACS LinkedIn (2,662 Members)• IATAC LinkedIn (635 Members)
• (Defense Modeling and Simulation – 5,686 members)
Quanterion Proprietary 26
Tying it Together
27
Priorities of DTIC?• Moving away from IACs being viewed as a
repository to that of facilitating a community of practice
• Support to and STI from the Better Buying Power/Acquisition Community over the R&D Community
• Cyber Security and Technical Focus Areas:– Software Engineering– IA– M&S– KM&IS
Quanterion Proprietary 28
Steering Committee• Role:
– Advise the COR– Identify Community STI Needs– Review CSIAC Work Items
• Meet yearly• Review previous years accomplishments• Propose upcoming year plans
• Create a discussion group
• Membership suggestions based on priorities
Quanterion Proprietary 29
Journal & Journal Editorial Board• Plan: Each issue will be topic oriented but have a
blend of topic areas. Agree?• Meet Quarterly• Feedback on Previous Issue• Identify future themes• Aid in finding authors• Author articles• They are an SME
• Membership suggestions based on prioritiesQuanterion Proprietary 30
Technical Inquiries
• 4 free hours• Count based on any request that requires
effort of significance on our part• Collected from CoP and other inquiry basis• “CSIAC First Responders” Group
Quanterion Proprietary 31
SMEs
• Need help in identifying SMEs from Taxonomy– Software – SWEBOK– IA – CISSP– M&S - ?– KMIS - ?
Quanterion Proprietary 32
Conferences
• Please provide prioritized list of top 3 conferences for your area:– Booth needed?– Attend only?– Present?
Quanterion Proprietary 33
Legacy Initiatives from DACS
• S2CPAT – CSIAC/USC Repository• Community of Practice• Software Development Tools and Technology
Info Clearinghouse (SDTATIC): can be used at categorizing tools against a taxonomy
• ROI Dashboard – Return on Investment Display system based on XML data
• Software Models Repository (SWMR)
Quanterion Proprietary 34
Legacy Initiatives from IATAC
• SME Program• Academic Outreach• IATAC IA Digest…• IATAC Cyber Events Calendar…
Quanterion Proprietary 35
36
IA Digest, Cyber Events Calendar, Research Update, TIPR … informing the community
Weekly news summary
Provides hot links to articles and news summaries
Transmitted in HTML formatted email
RSS Capability Tracking process for
gauging interest in specific topics
Semi-annual email Informs community of
significant TAT work Expanding to
incorporate significant work in academia
Pinpointing S&T and R&D officials within DoD and government
Online calendar of events
Updated weekly Includes both
conferences and training workshops
Significant secondary distribution
vCalendar and RSS capability
IATAC Core
36
Quarterly review of some of the technical inquires IATAC has received and answered
Profiles the IATAC Subject Matter Expert (SME) highlighted this quarter
Covers available IATAC products
Legacy Initiatives from MSIAC
• MSIS• Other TBD
Quanterion Proprietary 37
Products Requirement
Quanterion Proprietary 38
Training Requirement
Quanterion Proprietary 39
More Training Requirements
• 1 Free Webinar per Month• 2 Video Podcasts per Month; 15 minutes each
Quanterion Proprietary 40
Products and Training – Your Task• Collaboratively Identify 1-2 New Products:
– 1 to be completed by June 30, 2013– 1 to be completed by December 30, 2013
• Is there low hanging fruit from our team? Examples:– Recast our Handbook of Software Reliability and Security
Testing as a CSIAC product– Other existing reports/papers that could be easily
improved to be viewed as SOARs or CRTAs• Similar for Training• Identify Webinars• Identify Podcasts
Quanterion Proprietary 41
KM&IS – New IAC Area• Knowledge Management and Information Sharing:
Knowledge management (KM) is defined as the analysis and technical support of practices used in an organization to identify, create, represent, distribute, conduct and enable the adoption and leveraging of good practices embedded in collaborative settings and, in particular, in organizational processes. Information Sharing (IS) is defined as data exchange, communication protocols and technological infrastructures. It includes standardization of information, as well as the human functions involved in the semantic, pragmatic and social levels of organizational semiotics. The two areas of KM and IS are intertwined as information sharing is the foundation for knowledge management.
Quanterion Proprietary 42
KM&IS IAC Needs• Key teammates: SU and GMU School of Public Policy – Mark Addleson
(http://policy.gmu.edu/tabid/86/default.aspx?uid=7)• Be able to respond to technical inquiries• Identify SMEs• Identify:
– Who are the Major Organizations in KM&IS• Defense (OSD, Services,…)• Other Government (NIST, NSF, DoE, NASA,… Naval Post Graduate School, AFIT,….)• Academia (Degree Programs and Research Leaders)• Leading Companies (AEgis,….)
– “Thought leaders”– Leading Uses of KM&IS in
• -DoD• -Govt• -Commercial Industry
– Challenges in Using KM&IS– Government Requirements, if known
• -Standards• -Handbooks• -Policies• -Regulations
– Other websites– Major conferences/symposia– Databases and repositories available– Leading Periodicals and texts– Certifications in the field (by who, …)– Available training in KM&IS
• On-line• Other
– Body of Knowledge (?)
Quanterion Proprietary 43
Deliverables after Transition• Weekly Activity Reports – From Government meetings,
conference/workshop attendance (A009)• Quarterly CSIAC Journal (A004)• Quarterly Progress Report (A007)• Performance Metrics (A006)• Basic BCO Products (as generated) – requires approval
from COR before beginning work. Format has to be agreed to by Government. Requires SF298. (A010)
• DTIC IAC PMO Ad Hoc Deliverables and Data Requests (A016)
• IAC Quarterly Success Stories (A017)
Quanterion Proprietary 44
Metrics/How We Are Measured
45
Basic Center Operations (BCO) Monthly Metrics Reporting Template
Metric NameMetric Input - Reported on
Monthly BasisBrief Definition
1. Web inquiries
Number of document searches and downloads from the IAC database or Web, during the period. Does not include Web-page hits. This definition includes PDF, Word and HTML documents.
2. Web page requests Total Web page requests. Includes all document searches plus views of all pages on Web site.3. Technical inquiries completed
Personal contacts, phone calls, or email exchanges on a science and technology inquiry, completed during the period, regardless when initiated.
4. STI Documents added to the IAC collection
All science and technology documents added to IAC library during the period, regardless whether uploaded to TEMS. Includes CD-ROM and video.
5. STI Documents generated by TATs/CATs
New STI documents produced by the IAC in the course of Technical Area Task (TAT)/Core Analysis Task (CAT) work during the period. Includes CD-ROM and video.
6. Customer Funding from CATs Total customer funding from CATs7. Customer Funding from other IAC sales and services
Dollar value of all non-CAT customer funding. Includes publications, training, non-core products and services, databases, and software provided to IAC customers during the period.
8. Total Base Center Operations (BCO) spending
Dollar value of IAC spending during the month for Core activities. Broken out into TAT/CAT and non TAT/CAT related activities:
9. TAT/CAT related BCO spending
Directly supports work under a particular IDIQ TAT or a CAT (incorporating an article on a TAT/CAT into the newsletter, adding documents produced under a TAT/CAT to the collection, etc).
10. Non TAT/CAT related BCO spending
Other activities that fall under the general scope of BCO operations (e.g., production of newsletters [non-TAT/CAT content], answering technical inquiries [non-TAT/CAT-related], collecting STI [not for a TAT/CAT], etc.).
11. Number of training, symposia, seminars, or similar events
Number of training sessions, meetings, or seminar events attended during the period. Includes any events attended by the IAC, even if not presenting or staffing a booth.
12. Number of attendees at training or similar events
Number of non-IAC persons who attend IAC-hosted training events during the period. Includes attendees for training at external venues, as long as an IAC representative led the training session.
13. Inquiry and Product customer satisfaction
Average response to one or more five-point questions relating to technical inquiries, newsletters, software, and other products. Incorporate informal phone and email feedback. (For informal feedback: positive feedback will be recorded as a ‘5’ and negative feedback as a ‘2’; these numbers will be included as part of the monthly average, weighted the same as the surveys.)
14. CAT/training customer satisfaction
Average response to one or more five-point questions relating to trainings and CATs. Incorporate informal phone and email feedback. (For informal feedback: positive feedback will be recorded as a ‘5’ and negative feedback as a ‘2’; these numbers will be included as part of the monthly average, weighted the same as the surveys.)
Quanterion Proprietary
Technical Focal Points Responsibilities – Final (to be completed during presentation)
• As a group, in collaboration with CSIAC Director/Deputy, and individually within respective Technology Area:
– Contribute to technical plan/agenda for each year of contract. Supports development of Operational Plan
– Active facilitation and growth of community of practice members and participation– Interact with teammates to define capabilities of entire team within area of responsibility.
Supports development of CSIAC marketing material. Includes funded subs as well as other subcontractors.
– Support transition activities in related area– Participation in Journal Editorial Board. Identify and secure Journal articles
• Suggest members to Journal Editorial Board – Identify, secure and host 1 webinar per quarter– Identify, secure and host 2 podcasts per quarter– Steering Committee Meeting Attendance, as needed
• Suggest members to Steering Committee– Support, as needed, response to Technical Inquiries– Presentations: Steering Committee Meetings; to DTIC; Conferences, etc.– Development/Quality of other CSIAC Products, aligned with stated objectives, as defined– KM&IS – secure basic capabilities (see slide)– Other, as discussed
46Quanterion Proprietary
Due Dates• Interact with related subcontractors (slide 15) – within 1 week• Utilize Tech Focal Point Group CoP – within 1 week• Steering committee member suggestions (slide 29) - • Journal Editorial Board member suggestions (slide 30) - • SMEs (slide 32) -• Conferences (slide 33) –• Product suggestions (slide 38, 41) –• Training suggestions (slide 39, 41) –• Webinar suggestions (slide 40, 41) –• Video podcast suggestions (slide 40, 41) –• KM&IS Resources (slide 43) -• KM&IS SMEs (slide 43) -
Quanterion Proprietary 47
Discussion/Questions
• “Always looking for low hanging fruit”
Quanterion Proprietary 48