Information Assurance Technology Analysis Center

Last updated

IATAC logo IATAC LOGO.jpg
IATAC logo

Information Assurance Technology Analysis Center (IATAC) is a United States Department of Defense (DoD) Government Organization. [1] IATAC is an Information Assurance and Cyber Security (CS) Information Analysis Center (IAC), which is administered by the Defense Technical Information Center (DTIC). [2] [3]

Contents

IATAC aims to provide knowledge needed to develop network defenses in a timely manner. IATAC has an IA scope including research, acquisition, testing, demonstration, operational implementation or logistics. IATAC provides access to IA/CS, Defensive Information Operations (DIO), and Defensive Information Warfare (DIW) security tools, situational awareness resources, and training. [4] This organization was consolidated into the Cyber Security and Information Systems Information Analysis Center (CSISAC).

IATAC's mission, [5] like the other IACs in the DTIC IAC Program, is: “To provide the Department of Defense (DoD) a central point of access for information on IA and CS (IA/CS), emerging technologies in system vulnerabilities, research and development, models, and analysis to support the development and implementation of effective defense against Information Warfare (IW) attacks." [6]

IATAC's main goal is to synchronize IA/CS across DoD, academia, and industry.

History

IATAC was established under the direction of DTIC and the sponsorship of the Assistant Secretary of Defense Research and Engineering (ASD(R&E)), [7] Assistant to Secretary of Defense/Networks and Information Integration, [8] and the Joint Staff. [9]

IATAC serves as a source for IA/CS vulnerability data, information, methodologies, models, and analyses of technologies relating to the survivability, authenticity, and continuity of operation of DoD information systems.

IATAC, along with the other IACs, supports DTIC's Scientific and Technical Information Program (STIP). [10]

Steering Committee

IATAC operates under the direction of a Government Steering Committee. The committee is made up of individuals from Government, DoD and the research and development (R&D) community, including representation from the Defense Information Assurance Program (DIAP), National Security Agency (NSA), [11] Naval Postgraduate School (NPS), [12] Office of the Secretary of Defense (OSD), and others. The Steering Committee meets annually and provides input and feedback to IATAC's operations, particularly the collection of information and information dissemination efforts. The Steering Committee also selects which technical reports IATAC will research and produce. [13]

Sponsors

IATAC is a U.S. Department of Defense Information Analysis Center (IAC) [14] sponsored by DTIC, and ASD(R&E). [15]

Services

Technical Inquiries

IATAC provides a 4-hour free Technical Inquiry research service for government employees, military service members, government contractors, and all DTIC-registered users. This research service is designed to answer relevant IA/CS questions. [16]

Subject Matter Expert (SME) Program

IATAC coordinates a Subject Matter Expert (SME) Program that facilitates the sharing of information among IA/CS SMEs across government, industry, and academia. [17] Through its network, IATAC’s SMEs are a resource for responding to technical inquiries, authoring articles for the IAnewsletter, and providing input and feedback on IATAC reports.

Scientific and Technical Information (STI) Program

IATAC collects IA/DIO related STI to share with the DoD, other federal agencies, their contractors, and the research and engineering (R&E) community. The STI program is governed by DoD Directive 3200.12, DoD STI Program. [18]

Currently, IATAC has thousands of IA/DIO-related documents in their technical repository. [19] This collection is a combination of both classified and unclassified material. All of IATAC's documents are uploaded to DTIC Online Access Control (DOAC), [20] which is an online repository of STI from all of DTIC's IAC's. [21]

IATAC's library facilitates knowledge sharing between diverse groups and organizations, and all STI is readily accessible to the IA/DIO community within the classification and secondary distribution instructions. [22]

All STI collected by IATAC is relevant to IA/CS research, development, engineering, testing, evaluation, production, operation, use, or maintenance. STI is collected in many forms including text-based documents, multimedia, and rich media files. Some topic areas include: Biometrics, Computer Network Attack, Computer Network Defense, Cyber Terrorism, Hacking, Information Warfare, Network-centric Warfare, Malicious Code, Product Evaluations, among others. IATAC collects unclassified submissions from across all of the IA/CS community.

Information Assurance Training

IATAC offers IA, DIO, and IW related training courses to government and the DoD. Some of these courses include: Introduction to the Law in Cyberspace, Introduction to Network Operations (NetOps), Applied Global Information Grid (GIG) Operations to NetOps, and NetOps 300 Training Course. Mobile Training Teams conduct all of IATAC's courses; an IA subject matter expert (SME) travels to each organization and conducts training for large groups. [16]

Conference and Event Planning

IATAC exhibits at and participates in conferences, symposiums, and technical meetings. These forums provide a setting for discussion to government, industry, and academic organizations. [23]

Products

Reports

IATAC publishes three types of reports on current IA/CS topics:

State-of-the-art (SOAR) Reports investigate developments in IA issues. Past SOAR topics include: Insider Threat, [24] [25] Software Security Assurance, [26] Risk Management for the Off-the-Shelf Information Communications Technology Supply Chain, [27] and Measuring Cyber Security and Information Assurance. [28]

Critical Reviews and Technology Assessments (CR/TA) evaluate and synthesize the latest available information resulting from recent R&D findings. They offer comparative assessments of technologies and/or methodologies based on specific technical characteristics. [29] Topics include Wireless Wide Area Network (WWAN) Security, Network-Centric Warfare, and Biotechnology.

Tools Reports outline a current technology and provide an objective listing of currently available products. [30] Topics for tools reports include Firewalls, Vulnerability Assessment, Intrusion Detection System, and Malware.

IAnewsletter

The IAnewsletter is a quarterly publication mailed out in hard copies and is available on the Web. It features articles from the IA/CS community. Past editions have focused on topics such as Cloud Computing [31] and Security Content Automation Protocol (SCAP). [32] The articles published are solicited from such organizations as OSD/Joint Staff, the Combatant Commands, Services, Systems Commands, Government R&D Labs, and Academia. [16]

IA Digest

The IA Digest is a weekly news summary for IA professionals across the government, industry, and academia. It is transmitted in an HTML formatted email, as an RSS feed, and is available on the Web. It provides hot links to articles and news summaries across a spectrum of IA and DIO topics. [33]

Cyber Events Calendar

The Cyber Events Calendar is a monthly email containing an online calendar of IA/CS events that includes both conferences and relevant training workshops. The Cyber Events Calendar is also available as an RSS feed or as HTML viewable from the IATAC website. [34]

Research Update

The IATAC Research Update is a quarterly email publication primarily for the academic community. It provides information on IATAC's R&D efforts from the past quarter. [35]

Related Research Articles

<span class="mw-page-title-main">SANS Institute</span> American security company

The SANS Institute is a private U.S. for-profit company founded in 1989 that specializes in information security, cybersecurity training, and selling certificates. Topics available for training include cyber and network defenses, penetration testing, incident response, digital forensics, and auditing. The information security courses are developed through a consensus process involving administrators, security managers, and information security professionals. The courses cover security fundamentals and technical aspects of information security. The institute has been recognized for its training programs and certification programs. Per 2021, SANS is the world’s largest cybersecurity research and training organization. SANS is an acronym for SysAdmin, Audit, Network, and Security.

Northern University High School was a small high school in Cedar Falls, Iowa, United States, run by the University of Northern Iowa. It comprised grades 9-12 of the Pk-12 Malcolm Price Laboratory School. It closed in July 2012 under controversy and university budget cuts, and was mostly demolished in June 2013, save for the athletics Wing, part of which was re-purposed into the UNI Childhood Development center, previously housed in the building's east wing.

The DoD Information Assurance Certification and Accreditation Process (DIACAP) is a deprecated United States Department of Defense (DoD) process meant to ensure companies and organizations applied risk management to information systems (IS). DIACAP defined a DoD-wide formal and standard set of activities, general tasks and a management structure process for the certification and accreditation (C&A) of a DoD IS which maintained the information assurance (IA) posture throughout the system's life cycle.

<span class="mw-page-title-main">Command and control</span> Military exercise of authority by a commanding officer over assigned forces

Command and control is a "set of organizational and technical attributes and processes ... [that] employs human, physical, and information resources to solve problems and accomplish missions" to achieve the goals of an organization or enterprise, according to a 2015 definition by military scientists Marius Vassiliou, David S. Alberts, and Jonathan R. Agre. The term often refers to a military system.

A cross-domain solution (CDS) is an integrated information assurance system composed of specialized software or hardware that provides a controlled interface to manually or automatically enable and/or restrict the access or transfer of information between two or more security domains based on a predetermined security policy. CDSs are designed to enforce domain separation and typically include some form of content filtering, which is used to designate information that is unauthorized for transfer between security domains or levels of classification, such as between different military divisions, intelligence agencies, or other operations which depend on the timely sharing of potentially sensitive information.

<span class="mw-page-title-main">Defense Technical Information Center</span> US Department of Defense repository for research and engineering information

The Defense Technical Information Center is the repository for research and engineering information for the United States Department of Defense (DoD). DTIC's services are available to DoD personnel, federal government personnel, federal contractors and selected academic institutions. The general public can access unclassified information through its public website.

Proactive cyber defense, means acting in anticipation to oppose an attack through cyber and cognitive domains. Proactive cyber defense can be understood as options between offensive and defensive measures. It includes interdicting, disrupting or deterring an attack or a threat's preparation to attack, either pre-emptively or in self-defence.

The Data & Analysis Center for Software (DACS) was one of several United States Department of Defense (DoD) sponsored Information Analysis Centers (IACs), administered by the Defense Technical Information Center (DTIC). It was managed by the U.S. Air Force Research Laboratory (AFRL) and operated by Quanterion Solutions Inc. under a long term DoD contract. This organization was consolidated into the Cyber Security and Information Systems Information Analysis Center (CSIAC).

<span class="mw-page-title-main">DoDTechipedia</span> Wiki of the United States Department of Defense

DoDTechipedia is a wiki developed by the United States Department of Defense (DoD), to facilitate increased communication and collaboration among DoD scientists, engineers, program managers, acquisition professionals and operational warfighters. DoDTechipedia is a living knowledge base that reduces duplication of effort, encourages collaboration among program areas and connects capability providers with technology developers. DoDTechipedia runs on Confluence wiki engine, unlike a number of MediaWiki-based government wikis like Diplopedia and Bureaupedia.

<span class="mw-page-title-main">Department of Defense Cyber Crime Center</span> United States defense organization

The Department of Defense Cyber Crime Center (DC3) is designated as a Federal Cyber Center by National Security Presidential Directive 54/Homeland Security Presidential Directive 23, as a Department of Defense (DoD) Center Of Excellence for Digital and Multimedia (D/MM) forensics by DoD Directive 5505.13E, and serves as the operational focal point for the Defense Industrial Base (DIB) Cybersecurity program. DC3 operates as a Field Operating Agency (FOA) under the Inspector General of the Department of the Air Force.

<span class="mw-page-title-main">United States Cyber Command</span> Unified combatant command of the United States Armed Forces responsible for cyber operations

United States Cyber Command (USCYBERCOM) is one of the eleven unified combatant commands of the United States Department of Defense (DoD). It unifies the direction of cyberspace operations, strengthens DoD cyberspace capabilities, and integrates and bolsters DoD's cyber expertise which focus on securing cyberspace.

The Enterprise Mission Assurance Support Service (eMASS) is a service-oriented computer application that supports Information Assurance (IA) program management and automates the Risk Management Framework (RMF) process.

<span class="mw-page-title-main">Under Secretary of Defense for Research and Engineering</span>

The Under Secretary of Defense for Research and Engineering, abbreviated USD (R&E), is a senior official of the United States Department of Defense. The USD (R&E) is charged with the development and oversight of technology strategy for the DoD. The post has at various times had the titles Assistant Secretary of Defense for Research and Engineering, or Director of Defense Research and Engineering (DDR&E). The latter title has itself historically varied between the rank of under secretary and that of assistant secretary.

DESE Research, Inc., is a veteran-owned, small-business firm conducting Theoretical and Analytical Research Services in the fields of Defense, Energy, Space, and Environment. DESE was formed in 1982 by former U.S. Army Civil-Service Executive Dr. Wallace E. Kirkpatrick. In Addition to Research Accomplishments, DESE is recognized for high Ethical Standards and Leadership in Community Services.

Cyber Insider Threat, or CINDER, is a digital threat method. In 2010, DARPA initiated a program under the same name to develop novel approaches to the detection of activities within military-interest networks that are consistent with the activities of cyber espionage.

The United Kingdom has a diverse cyber security community, interconnected in a complex network.

Cyber Security and Information Systems Information Analysis Center (CSIAC) is a United States Department of Defense (DoD) Information Analysis Center (IAC) sponsored by the Defense Technical Information Center (DTIC). The CSIAC is a consolidation of three predecessor IACs: the Data & Analysis Center for Software (DACS), the Information Assurance Technology IAC (IATAC) and the Modeling & Simulation IAC (MSIAC), with the addition of the Knowledge Management and Information Sharing technical area.

<span class="mw-page-title-main">Leadership of the United States Southern Command</span> U.S. Southern Command leadership

This is a list of all commanders, deputy commanders, senior enlisted leaders, and chiefs of staff of the United States Southern Command.

<span class="mw-page-title-main">Kamal Jabbour</span> Senior Scientist, US Air Force

Kamal Toufic Jabbour is a retired member of the Scientific and Professional Career Service of the United States of America SES having served for 15 years as the United States Air Force Senior Scientist for Information Assurance. He is also the Founding Director of the Advanced Course in Engineering Cyber Security Boot Camp for ROTC cadets, developer of the Bachelor of Science in Cyber Engineering, and designer of the trademarked Cyber Blue Book for cyber vulnerability assessment of Air Force missions and weapons.

References

  1. "IATAC (Nov-2008)" (PDF). March 2022. Archived from the original (PDF) on July 27, 2014.
  2. "DTIC Home Page". Dtic.mil. Archived from the original on March 16, 2009. Retrieved July 17, 2014.
  3. Article title [ bare URL PDF ]
  4. "DTIC and IATAC- Resources for the War on Cyber Terrorism". Infosecisland.com. July 30, 2010. Retrieved November 22, 2011.[ permanent dead link ]
  5. "IATAC - Information Assurance Technology Analysis Center". Iac.dtic.mil. Archived from the original on August 30, 2007. Retrieved July 17, 2014.
  6. "IATAC - Information Assurance Technology Analysis Center". Iac.dtic.mil. Archived from the original on August 30, 2007. Retrieved November 22, 2011.
  7. http://www.acq.osd.mil/chieftechnologist/index.html%2%5B%5D
  8. "cio-nii.defense.gov". cio-nii.defense.gov. January 22, 2013. Archived from the original on May 28, 2011. Retrieved July 17, 2014.
  9. "jcs.mil". jcs.mil. Retrieved July 17, 2014.
  10. Article title [ bare URL PDF ]
  11. "nsa.gov". nsa.gov. Retrieved July 17, 2014.
  12. "nps.edu". nps.edu. Retrieved July 17, 2014.
  13. "IATAC - Information Assurance Technology Analysis Center". Iac.dtic.mil. February 11, 1998. Archived from the original on August 30, 2007. Retrieved November 22, 2011.
  14. "iac.dtic.mil". iac.dtic.mil. Archived from the original on July 25, 2014. Retrieved July 17, 2014.
  15. "IAC : Information Analysis Centers". Iac.dtic.mil. Archived from the original on July 25, 2014. Retrieved November 22, 2011.
  16. 1 2 3 "Defensive Cyber Security - IATAC's Critical Role in Information Assurance and Cyber Security". Journal.thedacs.com. Retrieved November 22, 2011.
  17. "State of the IA Art" (PDF). Military-information-technology.com. October 9, 2011. Archived from the original (PDF) on April 21, 2012. Retrieved November 22, 2011.
  18. http://biotech.law.lsu.edu/blaw/dodd/corres/pdf2/d320012p.pdf [ bare URL PDF ]
  19. http://www.surviac.wpafb.af.mil/iatac/download/Vol7_No4.pdf Archived April 25, 2012, at the Wayback Machine [ bare URL PDF ]
  20. "DTIC Online Access Controlled". Archived from the original on October 23, 2011. Retrieved October 31, 2011.
  21. "DTIC Online Access Controlled". Dtic.mil. Archived from the original on October 23, 2011. Retrieved November 22, 2011.
  22. Goertzel et al. (2010) IATAC's Critical Role in Cyber Security, SoftwareTech News, Vol. 13 No. 2
  23. "IATAC - Information Assurance Technology Analysis Center". Iac.dtic.mil. Archived from the original on December 25, 2003. Retrieved November 22, 2011.
  24. Gabrielson et al. (2008) The Insider Threat to Information Systems, An IATAC State-of-the-Art Report.
  25. "Archived copy" (PDF). Archived from the original (PDF) on October 19, 2011. Retrieved November 14, 2011.{{cite web}}: CS1 maint: archived copy as title (link)
  26. "Archived copy" (PDF). Archived from the original (PDF) on September 14, 2012. Retrieved November 2, 2011.{{cite web}}: CS1 maint: archived copy as title (link)
  27. Goertzel et al. (2010) Security Risk Management for Off-the-Shelf (OTS) Information and Communications Technology (ICT) Supply Chain, An IATAC State-of-the-Art Report.
  28. Article title [ bare URL PDF ]
  29. "IATAC - Information Assurance Technology Analysis Center". Iac.dtic.mil. Archived from the original on September 12, 2007. Retrieved November 22, 2011.
  30. "Report". Iac.dtic.mil. Archived from the original on September 12, 2007. Retrieved July 17, 2014.
  31. https://web.archive.org/web/20111019020917/http://iac.dtic.mil/iatac/download/Vol13_No2.pdf. Archived from the original (PDF) on October 19, 2011. Retrieved November 7, 2011.{{cite web}}: Missing or empty |title= (help)
  32. https://web.archive.org/web/20120425070055/http://iac.dtic.mil/iatac/download/Vol14_No4.pdf. Archived from the original (PDF) on April 25, 2012. Retrieved November 7, 2011.{{cite web}}: Missing or empty |title= (help)
  33. "IATAC - Information Assurance Technology Analysis Center". Iac.dtic.mil. Archived from the original on December 20, 2003. Retrieved November 22, 2011.
  34. "IATAC - Information Assurance Technology Analysis Center". Iac.dtic.mil. Archived from the original on May 25, 2011. Retrieved November 22, 2011.
  35. "IATAC - Information Assurance Technology Analysis Center". Iac.dtic.mil. Archived from the original on September 27, 2006. Retrieved November 22, 2011.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.