Appendix B
Terms of Reference

At the request of the Chief of Naval Operations, the Naval Studies Board of the National Academies will conduct a study to examine information assurance for network-centric naval forces. Specifically, the study will:

  • Review the Department of Defense and the Department of the Navy responsibilities for information assurance, to include policies, plans, and manuals, and identify competing and non-competing areas of responsibility between the Departments and within the Department of the Navy, as well as recommend any organizational adaptations which facilitate rapid progress;

  • Review recent information assurance-related studies conducted by and for the Department of Defense and Department of the Navy, and summarize their key recommendations and implementation status;

  • Examine the Department of Defense and Department of Navy research, development, and acquisition process for information assurance, and recommend alternative approaches to the process that allow for greater flexibility and response time in meeting the information assurance requirements of network-centric naval forces;

  • Assess potential information assurance vulnerabilities for network-centric naval forces, to include the “last mile” of information passed to embarked forces, and identify the appropriate technology and operational means to mitigate their vulnerabilities when operating only with U.S. military forces, or coalition forces;

  • Identify methodologies, including experimentation, for dealing with degraded performance and the loss of warfighting system integrity, particularly important to the effectiveness of network-centric naval forces, due to a lack of information assurance;



The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement



Below are the first 10 and last 10 pages of uncorrected machine-read text (when available) of this chapter, followed by the top 30 algorithmically extracted key phrases from the chapter as a whole.
Intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text on the opening pages of each chapter. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

Do not use for reproduction, copying, pasting, or reading; exclusively for search engines.

OCR for page 149
Appendix B Terms of Reference At the request of the Chief of Naval Operations, the Naval Studies Board of the National Academies will conduct a study to examine information assurance for network-centric naval forces. Specifically, the study will: • Review the Department of Defense and the Department of the Navy responsibilities for information assurance, to include policies, plans, and manuals, and identify competing and non-competing areas of responsibility between the Departments and within the Department of the Navy, as well as recommend any organizational adaptations which facilitate rapid progress; • Review recent information assurance-related studies conducted by and for the Department of Defense and Department of the Navy, and summarize their key recommendations and implementation status; • Examine the Department of Defense and Department of Navy research, development, and acquisition process for information assurance, and recommend alternative approaches to the process that allow for greater flexibility and response time in meeting the information assurance requirements of network-centric naval forces; • Assess potential information assurance vulnerabilities for network-centric naval forces, to include the “last mile” of information passed to embarked forces, and identify the appropriate technology and operational means to mitigate their vulnerabilities when operating only with U.S. military forces, or coalition forces; • Identify methodologies, including experimentation, for dealing with degraded performance and the loss of warfighting system integrity, particularly important to the effectiveness of network-centric naval forces, due to a lack of information assurance; 149

OCR for page 149
150 INFORMATION ASSURANCE FOR NETWORK-CENTRIC NAVAL FORCES • Review and recommend information assurance best practices from critical industrial and commercial operations applicable to the Department of Navy and its FORCEnet initiatives; • Assess the role of different information architecture constructs, including information assurance approaches, for managing risks (e.g., building specially- protected “sub-nets” to handle particularly sensitive, high consequence informa - tion); and • Recommend investment analysis approaches, excluding cost as a consider- ation, for managing cyber attack risks to network-centric naval forces that address the consequences of possible cyber attacks, the likelihoods of these attacks actu - ally occurring, and the uncertainties surrounding assumptions about these risks. This 12-month study will produce two reports: (1) a letter report following the second full committee meeting that summarizes the key information assur- ance initiatives underway within the Naval NETWAR/FORCEnet Enterprise and recommends any near-term information assurance needs for network-centric naval forces, to include any defense-related efforts that the naval forces should take advantage of and/or assure compatibility with; and (2) a comprehensive report that addresses the full terms of reference.