Following a successful nine-month pilot, Joint Force Headquarters — Department of Defense Information Network is officially launching its Cyber Operational Readiness Assessment program today.

Over the past four years, JFHQ-DODIN has made significant changes to the Defense Department Command Cyber Readiness Inspection program, transforming mindsets from an inspection compliance to an operational readiness underpinning mission assurance. To enunciate this significant shift, the program has been renamed to the Cyber Operational Readiness Assessment.

According to Air Force Lt. Gen. Robert Skinner, commander of JFHQ-DODIN, CORA is one of the most critical components of the DOD’s cyber security strategy and lays a strong cornerstone to support the command’s goal of continuous holistic assessments. The new processes help strengthen the posture and resiliency of the DODIN by supporting the network’s Areas of Operation commanders and directors in efforts to harden their information systems, reduce the attack surface of their cyber terrain and enhance a more proactive defense. These are the foundational cybersecurity principles measured by the CORA program. 
“CORA is a vital aspect of continually understanding our cyber readiness through fusing many risk factors including access control, detecting anomalies, adjusting to adversary threat information and executing cyber orders,” Skinner said. “Ultimately, the assessment provides commanders and directors a more precise understanding of their high-priority cyber terrain and their overall cyber security and defensive posture enabling greater command and control and enhancing decision making.” 
John Porter, JFHQ-DODIN’s acting director of DODIN Readiness and Security Inspections directorate, said “CORA represents a consolidated look at threat, vulnerability and impact designed to give DAO commanders and directors relevant information for making decisions about cyber terrain, forces and other resources.”
“CORA prioritizes MITRE ATT&CK mitigations to minimize adversarial risk to the DODINs through JFHQ-DODIN’s risk-based metrics. The command created risk-based metrics after analyzing MITRE ATT&CK tactics, techniques, and procedures for initial access, persistence, privilege escalation, lateral movement and exfiltration,” Porter said.

MITRE ATT&CK is a knowledge base of adversarial TTPs utilized by cyber defenders world-wide to protect and defend information systems and networks and hunt malicious actors. 
Porter said, “the JFHQ-DODIN CORA team developed key indicators of risk from the risk-based metrics to ensure alignment with JFHQ-DODIN cybersecurity priorities and to direct focus onto the most critical areas of remediation.”

This, in turn, allows organizations to focus their mitigation efforts on risk and exposure to common adversarial TTPs. He added, “focusing on these essential remediation points allows DOD Components to concentrate limited resources and staffing on correcting high-risk areas.” JFHQ-DODIN risk-based metrics and CORA key indicators of risk are adjusted as the MITRE ATT&CK TTPs and mitigations priorities shift, enabling the CORA program to keep pace with the rapidly changing cyber domain. 
In addition to the key indicators of risk, Porter said “CORA is hyper-focused on securing the boundary.” The boundary consists of network perimeter devices, public and DOD facing assets servicing the public or external DOD components and any information systems with a direct interface to an external information system. The boundary reviews measure the cyber-hardening risk of information systems exposed to the public internet and the possibility that the malicious activity could spread to other DOD Components if an information system is compromised. 
The CORA has become a more agile process encouraging and enabling adjustments in strides. The assessment can be adjusted as new orders, policies or directives are issued, add new assessed technology if Security Technical Implementation Guides exist, and adjust key risk indicators as the threat landscape changes. 
The program will help ensure a strong cybersecurity foundation for all DOD networks. It will help DAO commanders and directors better understand the status of their high-priority terrain and their overall cyber security readiness and defensive posture and provide them with relevant information for making decisions about terrain, forces and other resources. At the same time, it will provide the U.S. Cyber Command and JFHQ-DODIN commanders a greater understanding of level of risk to the DODIN. CORA is crucial for validating current, future, and emerging technologies that will help the DOD continuously monitor and assess terrain to assess and mitigate risk across the DODIN.

Leave a comment

Powering peace, equipping nations