H2F Registration - Military Expos (2023)

The workflow will consist of utilizing Authentic8 Toolbox to access Genymotion’s Android VM. Once in the VM, an email database will be uploaded and contacts will be synced. Social media applications will then be installed, the synced email contacts will then appear as friend or follow suggestions on the various social media platforms.

Presented by: Alec Feltri, Silo By Authentic8

Date: Wednesday, February 3
Location: Exhibit Hall – Cactus Theater

SAIC is investing in intelligent software solutions that leverage artificial intelligence and machine learning to transform mountains of unmanageable and unstructured content and data into fit-to-purpose engines that drive missions forward.

Presented by: Rich Dugdell, Product Director in SAIC’s Software Practice

Date: Monday, February 1
Location: Exhibit Hall – Armadillo Theater

Amazon Web Services (AWS) Worldwide Public Sector helps government, education, and nonprofit customers deploy cloud services to reduce costs, drive efficiencies, and increase innovation across the globe. With AWS, you only pay for what you use, with no up-front physical infrastructure expenses or long-term commitments. Public Sector organizations of all sizes use AWS to build applications, host websites, harness big data, store information, conduct research, improve online access for citizens, and more. AWS has dedicated teams focused on helping our customers pave the way for innovation and, ultimately, make the world a better place through technology.

The office of the Department of Defense Chief Information Officer for Special Access Programs (DOD SAP CIO) and the Contractor SAP Security Working Group (CSSWG) are excited to announce the dates for the DoD SAP IT & Cybersecurity 2020 Summit.

The third annual DoD SAP IT & Cybersecurity Summit will be held March 22-26, 2020 in Cambridge, MD.

If you would like to be added to the email distro for this event, please contact Rebecca Steppling at steppling@ncsi.com.

Registration for the 2020 DoD SAP IT & Cybersecurity Summit is now open. We expect to reach capacity in record time, so please register early to guarantee your attendance. This year’s Summit will be held in Cambridge, Maryland on March 22-26, 2020. The Summit will bring together program managers, IT, security, and cybersecurity professionals to understand the latest on the Department’s SAP IT Strategy and Roadmap. Please visit the registration page for details.

With the Summit due to take place in less than a month, we continue to plan for all educational sessions and networking activities as scheduled. The recent situation with COVID-19 (Coronavirus) is changing daily so we remain watchful but also focused on delivering a safe, secure, and successful event for all attendees. All participants in the 2020 Summit are US Citizens. No one without a badge will be allowed access to the Hyatt during the Summit. While COVID-19 is a global health concern, it’s our collective responsibility to focus on facts and use common sense and sound judgement to not spread unnecessary panic. It is important to follow official health and travel advisories, and at this point there are no restrictions that prevent the important gathering of this group of people. We will continue to closely monitor travel updates from the CDC as well as advisories from the State Department and the State of Maryland.

We are working closely with the Hyatt Regency Chesapeake to ensure the safety of all Summit participants. The Hyatt Regency continues to maintain rigorous cleanliness and safety standards throughout the guest rooms, meeting rooms, and public spaces.

We strongly encourage attendees and exhibitors to follow the guidance of the CDC for everyday preventative actions to help prevent the spread of respiratory viruses:

• Wash hands often with soap and water for at least 20 seconds, especially after going to the bathroom; before eating; and after blowing your nose, coughing, or sneezing.
• If soap and water are not readily available, use an alcohol-based hand sanitizer with at least 60% alcohol. Always wash hands with soap and water if hands are visibly dirty.
• Avoid touching eyes, nose, and mouth with unwashed hands.
• Avoid close contact with people who are sick.
• Stay home when sick.
• Cover a cough or sneeze with a tissue, then throw the tissue in the trash.
• Clean and disinfect frequently touched objects and surfaces using a regular household cleaning spray or wipe.

For the most current information about COVID-19, see the following resources:

• World Health Organization
• U.S. Centers for Disease Control and Prevention
• Recommendations to PreventCOVID-19

This lunch and learn will introduce an AI based framework and patented technologies to detect, contain, and quarantine zero day threats (both file based and file-less) deployed and operational with the USG. We will introduce an architectural view that illustrates sensor placement for pre-breach, wire speed detection. The lunch and learn will then seque into a practical demonstration at our booth where security analysts can get hands on, practical experience of “moving up the attack chain” to hunt advanced threats before they bring down the enterprise.

Date: Monday, August 3
Location: Lunch & Learn – Cactus Theater
Presented By: Bluvector

Date: Wednesday, August 21
Time: 1030 – 1130
Location: Room 22
Speakers: George Connor, DIA; Angel Rios, DIA; Andrew Kelly, DIA

Session Description:
DIA and a number of other IC Members started working on pilots for using wireless on DoDIIS several years ago. Based on the results of a Major Issue Study conducted in 2014, the ODNI has halted all wireless efforts concerning SCI, created a Wireless Steering Committee and is developing IC wide policy on the way forward in order to ensure that these efforts are secure.

DIA’s Cyber Security Services Branch, Secure Wireless Project Team and the SCIF Accreditation Team have been working with the ODNI and other IC elements on creating IC policies and developing procedures to implement those polices within DIA and on the DoDIIS network. These procedures involve creating a secure working area to operate wireless through TEMPEST and Technical security methods, creating methods of detecting wireless vulnerabilities and exploitation attempts, and ensuring that all aspects of the network being used are properly configured to eliminate risk. Elements that we are currently addressing include the Supply Chain Risk Management process, Commercial Solutions for Security, Security Assessments on the tablets and networks, RF Shielding and Wireless Intrusion Detection Systems.

While this process is still ongoing, we would like to brief on the current status, what we see as the way ahead and encourage feedback from the field to help shape our discussions. We have had hundreds of separate requests for wireless solutions to each of our offices and believe this briefing would provide guidance that would benefit the entire DoDIIS community.

Date: Tuesday, August 20
Time: 1400 – 1500
Location: Room 23
Speaker: Dr. Steve Hardy, Deloitte Consulting

Session Description:
We present a new approach for conducting what-if analysis at massive scales – like entire cities, lifeline infrastructure, populations, and the networks that connect them. Analysts interact with a system of systems model to discover hidden vulnerabilities in our networks and infrastructure and to test resiliency and security options for closing gaps and exploiting opportunities. This capability opens a new frontier of analytics and preparedness for asymmetric threats.

Date: Tuesday, August 20
Time: 1400 – 1500
Location: Room 17
Speakers: Irving Townsend,DIA; Terrence Busch,DIA

Session Description:
An update on MARS.

Date: Monday, August 19
Time: 1500 – 1600
Location: Room 21
Speaker: Robert Carpenter, DIA; Yolanda Vetri, DIA; Marvin Wilson, DIA; Captain Kern, DIA; Ashleigh Callaway, DIA

Session Description:
Provide an overview of DIA’s Insider Threat Program and the mission of the Insider Threat Division, Office of Security successes, best practices and lessons learned. Additional information will include strategic initiatives to respond to the National Insider Threat Task Force Standards, innovations to mitigate the threat from trusted insiders and collaboration across the community and with FVEY partners.

Date: Tuesday, August 20
Time: 1600 – 1700
Location: Room 24
Moderator: Melissa Sutherland, Vice President, Booz Allen Hamilton

Panelists:
Jean Schaffer, Chief, Cyber and Enterprise Operations, Office of the CIO, Defense Intelligence Agency (DIA)
Lynn Schnurr, Executive Consultant, General Dynamics (former Army G2 Intelligence CIO)
Trish Goforth, Executive Vice President, Booz Allen Hamilton

Session Description:
When we, as women, collectively bring our passion and talent to bear on challenges, there is no limit to what we can achieve. When we champion other women, and celebrate their successes, our individual journeys become that much richer. And when we feel supported by our networks and draw on the immeasurable strength and knowledge within them, we become unstoppable. Join Booz Allen and DIA to learn how industry and government are creating inclusive environments and supporting diversity in their organizations.

Date: Monday, August 19
Time: 1300 – 1400
Location: Room 17
Speaker:Thomas Murphy, Combatant Command Intelligence Enterprise Management Support Office (CCI EMSO); John Hollander, Combatant Command Intelligence Enterprise Management Support Office (CCI EMSO); Michael Egley, Combatant Command Intelligence Enterprise Management Support Office (CCI EMSO)

Session Description:
Combatant Command Intelligence (CCI) Enterprise Management Support Office (EMSO) is deploying an integrated software solution which brings together industry-leading practices in enterprise architecture (EA) and IT portfolio management (ITPM) into a single platform. CCI EMSO is sponsoring the tool for accreditation on the JWICS network and plans to use it as the core capability for portfolio management, gap analysis and EA development to address the current identified gaps as well as future challenges. The CCI EMSO is leveraging the web based DoDAF compliant EA module as the application and repository for capturing the as is architecture views and the ITPM module to support analysis leading to identification of solutions to close existing gaps, nominations of material solutions to be designated as enterprise capabilities, and management of the portfolio of capabilities. In addition, the tool may be leveraged to support future state enterprise design requirements and development of the roadmaps to achieve specific required capabilities. This tool is planned to be an enterprise capability sponsored by CCI EMSO which will allow DoD users to leverage enterprise data and visualizations, expand the common lexicon and data sets to improve the current and future architectural environments. Commands will be able to utilize the tools to build their own architectures leveraging the enterprise standards that are developed by the CCI members. These future architectures will enable a more resilient, integrated and secure intelligence sharing environment.

Date: Monday, August 19
Time: 1600 – 1700
Location: Room 24
Speaker: Craig T. Harber, Fedelis Cybersecurity

Session Description:
One the most significant challenges facing cyber security professionals today is the need to simplify and streamline their existing cyber security infrastructure while gaining efficacy and reducing cyber dwell time. Security Operation Centers (SOC) are overwhelmed by the sheer volume of alerts lacking context and the number of investigations demanding their attention while the supporting security infrastructure is geared more towards being reactive than proactive. Security analysts are often presented with more alerts than are humanly possible to triage and investigate, granting adversaries more time to evade detection because of the time required by SOCs to detect and respond. These problems are further exacerbated by a rising skills gap as organizations struggle to build an adequate bench of expertise. More data is not necessarily a good thing and the focus should be on zeroing in on the right data and making it actionable. This session will discuss approaches to streamlining cyber security stacks, and why integration and automation are critical elements of a strategy to improve the overall effectiveness and efficiency of defensive cyber operations.

Date: Tuesday, August 20
Time: 1600 – 1700
Location: Room 22

Speakers:
DIA Panel Member: Penny Steinhauer, DIA, Chief Information Office, Chief of Staff, Corporate Engagement Division
NSA Panel Member: Daniel Hetrick, NSA/CSS ICT Accessibility Team Chief
CIA Panel Member: John Nemeth, Facilities Investment Program Manager
NGA Panel Member: Susan Shuback, NGA Associate Chief Information Officer

Session Description:
The Principle Deputy Director of National Intelligence (PDDNI) challenge Intelligence Community elements to devise bold strategic solutions to improve information technology accessibility. Come see and hear the collective knowledge and experience of the IC designated representatives to develop and employ solutions to accessibility challenges facing agency employees with disabilities.

Date: Tuesday, August 20
Time: 1400 – 1500
Location: Room 18
Speaker: Anthony Kuhn, DIA

Session Description:
Today the United States faces growing national security challenges with adversaries adapting in asymmetric ways and rapidly adopting technologies, turning warfare into a case of constant uncertainty and instability. Throughout the DoD and the IC, leaders have accepted the need to implement rapid innovation and grow a workforce culture that is swift and agile. In the DIA, the CIO’s transformation has been at both the strategic and grassroots level all with the aim to improve our processes and adjust our workforce culture. After much progress, leadership identified the need to integrate some of these efforts to create a unique pathway for emerging innovative ideas and/or products to better and more quickly meet mission customer needs. Through the deliberate cohesion of these efforts the Innovation Pipeline provides a pathway to production that encompasses the innovation methodologies taught by the Innovation Program, embedding the concepts throughout each phase of the Pipeline. These innovation concepts, pulled from industry best practices and the Silicon Valley start-up community, emphasize experimentation over detailed planning and require deep customer engagement by multifunctional teams.

Date: Monday, August 19
Time: 1600 – 1700
Location: Room 22
Speakers: Shannon Paschel, DIA; Jill Ballmer, DIA; Pamela Fitzgerald, DIA

Session Description:
How do you build resiliency, redundancy and security if you aren’t enabling all of your workforce to contribute? Come hear how DIA and the Intelligence Community are moving beyond the Section 508 of the Rehabilitation Act of 1973, National Security Exemption and making information technology accessible for all.

Date: Tuesday, August 20
Time: 1600 – 1700
Location: Room 19
Speakers: Steven ‘Mike’ Harkins, NIWC; Kirk Brown, NIWC; Dylan Leckie (CTR), DIA; Jonathan Parr (CTR), DIA

Session Description:
Shift Left, March! focuses on the process, tools, and culture the cyber security team at DIA implements and manages to provide application teams with a secure, more rapid and streamlined path to production. The presentation will breakdown the current state of the DevOpsSec way of working at DIA and delve into the enhancements the cyber security team is making to further build out the toolchain, increase the types of applications that can receive authorization through the DevOpsSec path to production, and support a culture of integrating security at the start of development.

Date: Monday, August 19
Time: 1600 – 1700
Location: Room 19
Speakers: George Connor, DIA; Angel Rios, DIA; Andrew Kelly, DIA

Session Description:
DIA and a number of other IC Members started working on pilots for using wireless on DoDIIS several years ago. Based on the results of a Major Issue Study conducted in 2014, the ODNI has halted all wireless efforts concerning SCI, created a Wireless Steering Committee and is developing IC wide policy on the way forward in order to ensure that these efforts are secure.

DIA’s Cyber Security Services Branch, Secure Wireless Project Team and the SCIF Accreditation Team have been working with the ODNI and other IC elements on creating IC policies and developing procedures to implement those polices within DIA and on the DoDIIS network. These procedures involve creating a secure working area to operate wireless through TEMPEST and Technical security methods, creating methods of detecting wireless vulnerabilities and exploitation attempts, and ensuring that all aspects of the network being used are properly configured to eliminate risk. Elements that we are currently addressing include the Supply Chain Risk Management process, Commercial Solutions for Security, Security Assessments on the tablets and networks, RF Shielding and Wireless Intrusion Detection Systems.

While this process is still ongoing, we would like to brief on the current status, what we see as the way ahead and encourage feedback from the field to help shape our discussions. We have had hundreds of separate requests for wireless solutions to each of our offices and believe this briefing would provide guidance that would benefit the entire DoDIIS community.

Date: Monday, August 19
Time: 1600 – 1700
Location: Room 18
Speaker: Kathryn Lipps, DIA; Benjamin Davis, DIA

Session Description:
The Principals of the May 2019 CIO Forum and Defense Intelligence Seniors Conference of the Commonwealth and United States (DISCCUS) agreed to establish and resource a central program management organization responsible for overseeing delivery of Five Eyes Multi-INT needs across the 5EE. On behalf of the CIOF and DISCCUS, this organization will oversee and coordinate the establishment of services for the 5EE community and ensure a robust service offering that meet a multi-INT 5Eyes community requirement. DIA has taken the lead for outlining the roles and responsibilities of this organization and providing initial staffing to standup the office.

Date: Monday, August 19
Time: 1600 – 1700
Location: Room 23
Speaker: Dr. Sherry Lakes, Noblis

Session Description:
Today’s typical organization uses over 900 cloud and on-prem applications. This makes for a heavy dependence on web browsers, the tools used to access applications. Similarly, browsers depend on web servers to deliver content from websites through network connections. Nevertheless, the prevalence of cyber threats and attack vectors makes websites using susceptible to exploits possibly resulting in unintended or malicious connections; which dictates the need to protect our systems against cyberattacks.

However, it’s common knowledge that the nation has a current shortage of cybersecurity professionals, so what do we do? Industry, Academia, and Government are diligently collaborating on various initiatives to help address this shortage. A key task is recognizing factors that motivate a person to choose the cybersecurity profession; then providing training to help establish and retain those who are interested.

Much like using the proper bait to catch a certain type of fish, educators must consider the proper techniques based on “where” and “who” an individual is. “Where” characteristics align with external influences, such as a person’s presumed rewards. While, internal influences like academic performance lends to the perception of “who” a person is. These influences vary, but the concepts are constant.

A common model using semi-quantitative metrics, could assist educators in analyzing their audience’s make-up, and making more informed decisions as to which technique(s) would be most effective. Similar to the nature of influences, an effective model would be industry-agnostic, consistent, and repeatable, but contain elements that could be easily varied.

Date: Monday, August 19
Time: 1300 – 1400
Location: Room 24
Speaker: Ryan Campbell, U.S. Army

Session Description:
While the Intelligence Community has made significant progress toward adopting cloud services and implementing Risk Management Framework, the DoD’s progress has lagged. In order to take advantage of the opportunities of resiliency, redundancy and security offered in cloud operations, organizations must complete a complicated web of implementing a cloud adoption strategy to ensure success. That strategy must include a policy and governance structure to lead adoption efforts and priorities, an application portfolio review and evaluation process, a human capitol assessment and creation of a comprehensive training plan to develop relevant skill sets, and an internal and external engagement plan to establish buy-in from both internal IT resources, external mission owners, and leadership elements. Army MI has established a repeatable model for implementing these foundational elements that is applicable to additional DoD organizations with similar sets.

Date: Monday, August 19
Time: 1500 – 1600
Location: Room 18
Speaker: Dr. Sean Miles, DIA

Session Description:
(U) Offshore Commercial-Off-the-Shelf (COTS) electronics manufacturing supply chains compels a complex web of contracts and subcontracts for hardware, component parts, and other manufacturing services. These globalized commercial supply chains facilitate asymmetric assault, via foreign intelligence entities (FIEs), upon DIA’s systems and networks. Our most capable adversaries can access the supply chain, at multiple points, establishing advanced, persistent, and multifaceted subversion. Additionally, our adversaries are also capable of using the complexity of the supply chain to obfuscate their efforts to penetrate, exploit, and compromise DIA’s mission critical systems. CIO SCRM will lead an informative session with select Original Equipment Manufacturers (OEM) and Re-sellers of Information and Communications Technology (ICT). Focus is centered on how DIA has partnered with industry to thwart supply chain malfeasance by: imparting discipline, integrating best practices, and enhancing the security and resiliency within the DIA supply chain. Engaging and cultivating strong relationships with industry partners throughout the DIA supply chain is critical in addressing asymmetric & emerging threats inherent to global sourcing and offshore manufacturing.

Date: Monday, August 19
Time: 1300 – 1400
Location: Room 19
Speaker: Philip Kwong, Intelsat General Communications LLC

Session Description:
Space based capabilities are critical for both public and private use. The DoD relies on space as a key enabler for precision strike and force projection capabilities. While previously space was “safe” because access was limited, that is no longer the case. Recent developments have enabled easier access to space and foreign governments, particularly Russia and China, have taken steps to challenge the US in space. Russian and Chinese military doctrine shows an appreciation of the importance of space to warfare and counter-space as a means to reduce US and allied effectiveness. Moreover, these nations have developed robust space capabilities that are “scientific” in name but have dual-use for counter-space capability. These developments call for a re-look of US Space Strategy. At issues is whether the US practice of a few very expensive military satellites can achieve the resiliency that our Space Strategy requires. A historical comparison to the infamous Maginot Line will illustrate how a system can perform as designed and still be strategically ineffective. Finally, if this current approach is incorrect, what are some options for a more effective approach to achieve the goals of our Space Strategy that are available today or in the near future.

Date: Monday, August 19
Time: 1500 – 1600
Location: Room 24
Speakers: James Kirkley, DIA; Zebulon Griggs (CTR) DIA

Session Description:
How do we know who is on the networks and what they have access to? How do we, as an agency, keep it all in check? From cutting edge technology to securing our identities, let discuss it.

Date: Wednesday, August 21
Time: 0830 – 0930
Location: Room 23
Speaker: Craig Gladu, DIA; Jonathan Coughlin, DIA

Session Description:
Discussion exploring the necessity of data tagging, identity management and their role in access control. Discussion of the level of risk exposure that your data has, based on the granularity of the metadata associated with it. Discussions of the benefits and deficiencies of relating classification at the folder-level compared to the file or element level. Once a strategy has been determined, what are common pitfalls during data-tagging implementation and managing datasets? Discussion on processes, policies, methodologies and means for sharing of data within the enterprise. This will include the options available for automated and manual capabilities for data transfer internal and external to the enterprise; discussion of approval authorities, the appropriate data transfer methods and protection requirements for data-in-transit. Discussion of the role of removable media in methodologies for data creation, handling, destruction, accountability, and data-transfer footprint reduction.

Date: Monday, August 19
Time: 1300 – 1400
Location: Room 23
Speaker: Kenneth Bowen, DoD

Session Description:
The Office of the DoD CIO for Special Programs is paving change in the Special Access Information Technology community. Following the footsteps of the Intelligence Community, the DoD Special Access Community is shifting to commercial cloud solutions to enable faster mission application hosting. The shift to the cloud will also enable easier collaboration and communication between the SAP Community and the Defense Industrial Base partners and the Intelligence Community. This breakout session will provide updates to the ICON project, creating a PL3 reference architecture to connect to the industry partners; Identity Credentialing and Access Management (ICAM); Fences, and Data Comingling.

Date: Wednesday, August 21
Time: 0830 – 0930
Location: Room 22
Speaker: Bryan Lane, AUGR LLC; ODNI

Session Description:
Data for the Intelligence community Enterprise (DICE) II is an analytic effort led by ODNI Systems & Resource Analysis that looks at data discovery, access, and use on the UNCLASSIFIED and SECRET security fabrics. This is a follow on effort to the DICE I Major Issue Study (MIS) that focused on discovery, access, and use on the TOP SECRET fabric. This breakout session will recap the findings of DICE I and the subsequent scoping of DICE II as an analytic effort. The DICE II team will discuss how leveraging use case development methods can identify additional challenges to discovery, access, and use of data across the IC when considering the added complexities of operating across multiple security fabrics. Each use case showcased the importance of interdependent, multi-fabric data services that enable authentication and authorization, digital enforcement of entitlements, cross-domain solutions, data discovery, and reliable audit capabilities. The use cases were completed with surveys and interviews from data managers, end users, and agency Chief Data Officers.

Date: Tuesday, August 20
Time: 1400 – 1500
Location: Room 20
Speakers: Ian Fowlie, DIA; Christina Dance, DIA; Mario Contreras, JSOC; Anthony Howell, CENTCOM; Dennis Barnabe, NSA

Session Description:
The DIA’s CIO is conducting a call-to-action and soliciting best practices about the challenges of organizational transformation in a government environment. As the CIO strives to better serve the warfighter as the disruption of the digital revolution presents an increasing existential threat, one resounding fact has become clear: developing a culture that embraces change and agility is hard. Whether it is a result of funding, resources, budget, talent, or buy-in, cultivating corporate ethos of change can be incredibly difficult. CIO’s leaders have recognized the importance of addressing its current culture, and developing a workforce appetite that not only buys-in and embraces these shifts, but desires to be at the forefront of tackling new technologies and processes. To gain insights on common pain points and identify solutions for these entrenched challenges, DIA CIO will facilitate a panel discussion of DIA/DoD mission partners and attending members, who have successfully led the charge on transformation in similar environments.

Date: Wednesday, August 21
Time: 0830 – 0930
Location: Room 19
Speaker: Doug M. Poggi, Deloitte

Date: Wednesday, August 21
Time: 1030 – 1130
Location: Room 25
Speakers: Wallace Coggins, ODNI; Christopher Keller, DIA

Session Description:
The IC SCC, a joint ODNI – DIA operation, is the Federal Cybersecurity Center for the IC which coordinates the integrated defense of IC ITE and the IC Information Environment (IC IE) with IC elements, DoD, and other U.S. Government departments and agencies. The IC SCC facilitates accelerated detection and mitigation of security threats across the Intelligence Community by providing situational awareness, and incident case management within the shared IT environment. Additionally, the IC SCC monitors and coordinates the integrated defense of the greater IC Information Environment (IC IE). These capabilities support the security protections necessary to defend against threats to the IC and coordinate operational responses across the Federal Government.

Date: Tuesday, August 20
Time: 1400 – 1500
Location: Room 25
Speakers: Cynthia Mendoza, ODNI; Gil Anderson, NSA

Session Description:
The IC Reference Architecture Framework (RAF) defines a consistent, repeatable, and verifiable process for developing and applying RAs in the IC. The key aspect of what makes the RAF different from traditional RA activities is that the RAF is more than a static RA document; it includes the processes, the collaboration, the guidance, the compliance assessments, and most importantly, the operations of IC solutions. The biggest difference between historical RA-driven efforts in the IC and the IC RAF is the full commitment to ensure RAs do not simply become a documentation effort (“shelf-ware”). The RAF involves the deliberate process for not only documenting the architecture, but more importantly, the persistent assurance to ensure operational compliance for all IC Agencies.

Date: Monday, August 19
Time: 1500-1600
Location: Room 19
Speakers: William Hancock, DIA; Anthony Kuhn, DIA

Session Description:
The complex field of information technology demands modern approaches to designing, building, and deploying new software and services. This demand is the driving force behind CIO development practices and processes as applying Lean IT principles can help organizations achieve better productivity. In this brief we will discuss the current state of Lean IT in CIO, as it applies to our innovation pipeline, and focus on the future.

Date: Tuesday, August 20
Time: 1600 – 1700
Location: Room 25
Speakers:

Session Description:

Date: Monday, August 19
Time: 1500 – 1600
Location: Room 25
Speakers: Sue Dorr, ODNI; Wallace Coggins, ODNI

Session Description:
Safeguarding the Intelligence Community Information Environment (IC IE) is of utmost importance and remains a significant component of the National Intelligence Strategy. All 17 elements of the IC are responsible for taking proactive measures to secure and defend all intelligence-related enterprise, mission, and business information technology to the degree necessary to protect our people and the data that is so vital to performing our intelligence mission. In February 2018, the Principal Deputy Director for National Intelligence commissioned the development of the Improving Cybersecurity for the Intelligence Community Information Environment Implementation Plan to identify the most critical cybersecurity functions and tasks requiring attention; to raise awareness of IC element roles and responsibilities; and to foster ongoing conversation about enterprise security risks and the needed balance of investment and sustainment to mature the IC IE safeguarding posture. The plan was published in the Spring of 2019, but IC element leadership agreed to begin working on multiple high-priority tasks in mid-2018, such as performing comprehensive asset inventories, maturing vulnerability management processes, and providing automated situational awareness reports to the Intelligence Community Security Coordination Center. To keep IC senior leadership informed of progress towards achieving safeguarding objectives, the IC CIO collaborated with IC element representatives to establish an outcome-based IC IE Cybersecurity Performance Evaluation Model that kicked off in July 2019. Come learn how we all can contribute to improving cybersecurity for the IC IE.

Date: Wednesday, August 21
Time: 1030 – 1130
Location: Room 18
Speakers: David Kim, DISA; Quang Trinh, DISA; Whitney Tso, DISA; Douglas Young, DISA

Session Description:
This session will discuss DISA’s Enterprise Cross Domain initiatives, CDES Portfolio, current and future capabilities (FY19-25), CDES Cost Models, CDES project lifecycle, and the benefits of joining the CDES.

Date: Monday, August 19
Time: 1500 – 1600
Location: Room 17
Speaker: Jason Chung, Premise Data Corp.

Session Description:
Quickly-changing dynamics on the ground, particularly in complex operational environments (OEs), challenge DIA’s ability to provide military intelligence to warfighters, defense policymakers, and force planners. Our toughest challenges today are in the “grey zone” between war and peace, where our military is sub-optimized both conceptually and organizationally. Intelligence operations and data collection gaps are symptoms of this larger problem.

Countering grey zone tactics and maintaining our advantage in an era of hyper-competition and asymmetric threats requires a paradigm shift. New methods to collect data and information to understand these nuanced environments must account for local sentiment and how competitors and adversaries are influencing populations with new digitally-enabled instruments of national power. We must adapt and evolve to address the challenges of persistence, authorities and policies, access to denied and semi-denied environments, scale, cost, speed/agility, timeliness, and relevance.

Premise is a completely unique, fundamentally new ISR capability that delivers persistent, non-provocative access to any OE with scale, agility, and speed. Premise transforms any individual with a smartphone into a human sensor (more than 600,000 online today) that is dynamically taskable/re-taskable in near real-time. Premise validates submissions using machine learning modules (Python) for data quality control, providing a decision advantage in dynamic, complex OEs. Response outputs and data visualizations are available through the user interface or can be easily integrated directly into existing DIA enterprise software systems like DCGS or other Joint C5ISR systems available in today’s and future OEs.

Date: Wednesday, August 21
Time: 1030 – 1130
Location: Room 24
Speakers: Cletus Dailey, DIA; Jeremy Glesner (CTR), DIA

Session Description:
Cloud computing has evolved from a niche service to a full-blown industry that caters to every conceivable business. With the growth of cloud computing, organizations find themselves using more than one cloud provider. DIA’s CloudTracker is a flagship example of building cloud-agnostic applications that are able to take advantage of features and services from multiple cloud environments.

Date: Monday, August 19
Time: 1600 – 1700
Location: Room 21
Speaker: Christopher Sutton, DIA; Randy Gladish, DIA

Session Description:
DIA CIO CTO will develop a detection, discovery, and cueing system using a variety of techniques to include machine-learning methodologies.The system will discover semantically similar and disaggregated data across disparate Intelligence databases.Current DIA mission impediments will be significantly reduced with the implementation of new data traversing capabilities: stream and bulk ingestion, differentiation on traditional and non-traditional data, and data discovery.The ability to parse & bin intelligence data, leveraging machine learning, using the latest commercially available technologies will be a significant force multiplier in the mission of DIA. The system will portray foundational data layers and depict mission sets upon aggregation and integration of various file formats, feeds, and functions (i.e. shape files, unstructured data, semi-structured data, etc.), and deliver just-in-time data to analysists, operators and decision-makers. The system will use machine-learning tools and new computing paradigms to discover, define and aggregate, and deliver data-analytic products, with high confidence, while closing gaps that currently exist between limited personnel and time constraints.

Date: Wednesday, August 21
Time: 0830 – 0930
Location: Room 18
Speaker: Sheri Wolfrom, DIA

Session Description:
Present an A4 program overview. An A4 overview would include the foundational infrastructure services along with a suite of capabilities to expose, enable, and create DIA advanced analytics, automation techniques, and artificial intelligence algorithms. In addition, we present the A4 collaboration portal and data science development environment to synchronize efforts and create data analytic efficiencies.

Date: Tuesday, August 20
Time: 1400 – 1500
Location: Room 24
Speaker: Matthew Thompson, U.S. Army

Session Description:
Effective risk management is a constant challenge for elements across the DoD and IC that is further complicated by commercial cloud service offerings due to rapid and continual technology insertion. By using the foundational C2S shared security model and establishing baseline security controls under a common control provider (CCP), the complexity of implementing Risk Management Framework (RMF) across an enterprise can be dramatically reduced. An Army Military Intelligence (MI) Cloud CCP model has been implemented that delivers these controls to Army MI tenant organizations facilitating efficient and secure cloud adoption. By doing so, tenant organizations and capability owners are responsible for a significantly reduced control set through sharing and inheritance. Additionally, Army is working on a reciprocity model which allows the Army MI AO to accredit across all three security fabrics for C2S offerings, engaging with Army to expedite authority to connect (ATC) for cloud-based capabilities designed to be delivered to forward disadvantaged areas.

Date: Wednesday, August 21
Time: 1030 – 1130
Location: Room 19
Speaker: Bret Kapinus, DIA; Fernand Pecot, DIA

Session Description:
The audit data routing capability is an on-going requirement intended to be an operational system providing near continuous, near real-time data services for the agency. Discussions will focus on JWICS audit collection and distribution requirements for Community Shared Resources (CSRs) as outlined in the Intelligence Community Standard (ICS) 500-27. This session will outline how DIA provides mentoring and technical coordination to ensure collections are performed and managed over time to maintain currency with changing community requirements by providing technical guidance and sharing engineering “best practices”, as applicable. Provide guidance on how best to plan/program the ICS 500-27 mandate into the requirements process and how to implement auditing requirement’s into existing applications.

Date: Wednesday, August 21
Time: 0830 – 0930
Location: Room 25
Speakers: David Salvagnini, DIA; Nancy Morgan, IC CDO; Michael Conlin, DoD CDO; John Turner, DoD

Session Description:
Intelligence agencies are racing to grapple with the exponential volume, variety, and velocity of data to provide analysts, operators, decision makers, and policy makers with timely and accurate information. Harnessing and exploiting these vast quantities of data is crucial to maintaining strategic advantage and ensuring mission success. IC agencies are collaborating closely on a host of initiatives to develop strategies, policies, and tools to build a data foundation to drive future technologies. With an IC data strategy driving community goals, an IC data catalog established to facilitate secure discovery and sharing, and data services being developed and deployed, where are we on our journey toward data dominance?

Join the IC CDO Nancy Morgan, DoD CDO Michael Conlin, and IC element Chief Data Officers for a panel discussion highlighting IC and DoD integration to enable the goal of a data centric enterprise supporting secure discovery, access, and sharing of information. Hear IC and DoD perspectives on today’s data environment and steps being taken to address modern data challenges. Participants will gain valuable insight into how individual agencies are working collectively to break down barriers to secure data discovery and sharing, and harnessing insights from collaboration efforts. This session will feature a question and answer segment to allow engagement with conference attendees.

Date: Wednesday, August 21
Time: 1030 – 1130
Location: Room 20
Speaker: Prem Saggar, DIA

Session Description:
The exponential increase in the volume, velocity, and variety of data provides intelligence agencies with a wealth of advantages to extract greater amounts of information and generate knowledge to thwart our adversaries. However, this expansive data environment also presents serious challenges to fully comprehend and scrutinize our data assets to draw meaning and actionable intelligence. Gone are the days of hiring throngs of analysts to pour over each piece of information looking for clues. Succeeding in today’s data environment requires the successful development and deployment of a robust data science practice to harness the potential of big data.

Join DIA’s Chief Data Office for a collaborative discussion about DIA’s emerging data science practice, our ongoing data challenges, and how data science can be leveraged to empower DIA’s data future. CDO technical experts will provide an overview of data science in action and why the role of data scientist, and what that means, is more important than ever. CDO will discuss the power of big data and machine learning, and how specific examples offer a roadmap for future innovation across the IC. CDO presenters look forward to a wide-ranging discussion with the audience at the data science session.

Date: Wednesday, August 21
Time: 0830 – 0930
Location: Room 20
Speaker: John David McPeak, UCDMO

Session Description:
The DOD and NSA are leveraging the DODCAR Cybersecurity Framework to enhance information sharing across stakeholder communities. The DODCAR framework has been termed a “Rosetta Stone” to help translate the actual cybersecurity threats seen on networks into meaningful language for IT System Security Engineers and Acquisition Specialists responsible for designing and/or procuring more robust information environments.

Date: Wednesday, August 21
Time: 0830 – 0930
Location: Room 21
Speakers: Esther Woods, DIA; Edward Lane, DIA

Session Description:
This session will provide the PEO and Contracting Officers overview and discussion of upcoming requirements, as well as provide an opportunity for industry to interact with the PEO and the lead Contracting Officer that supports the DIA CIO. This breakout session will offer industry a chance to ask questions about the new PEO structure and upcoming procurements.

Date: Wednesday, August 21
Time: 0830 – 0930
Location: Room 24
Speakers: James Borders, NSA-NCDSMO; Dorian Pappas, NSA

Session Description:
This session will cover the changing landscape in Cross Domain Solution (CDS) requirements in the quest to combat the increasing frequency and effectiveness of cyberattacks. NSA and the National Cross Domain Strategy & Management Office (NCDSMO) have launched an initiative sanctioned by the DoD CIO to Raise the Bar (RTB) that CDS products must reach in order to thwart these attacks. This presentation will provide an overview of the Raise the Bar (RTB) Strategy and the RTB Requirements for CDS Design and Implementation, changes to the NCDSMO Lab Based Security Assessment (LBSA) process, various US Gov CDS policy changes, and the changes to the NCDSMO Baseline process.

Date: Tuesday, August 20
Time: 1600 – 1700
Location: Room 21
Speaker: Michael McCabe, DIA

Session Description:
Artificial Intelligence and the explosion of open source data is enabling a tremendous amount of change and progress in the commercial world. This technology represents both a risk and an opportunity for the IC and we must quickly address both aspects. AI allows us to quickly gather, make sense of and act on information at machine speeds. Several entities within the US Government, the IC, and DoD are working on enabling AI. One of those groups, ODNI’s Augmenting Intelligence with Machines (AIM) Initiative is concentrating on taking advantage of these advances of the IC. AIM has recognized that the IC has legal, policy, cultural, and structural challenges that need to be addressed. This briefing will discuss some of the opportunities and strategies for addressing these hurdles. It will share some of the unclassified concepts and strategies with the DoDIIS Enterprise.

Date: Tuesday, August 20
Time: 1600 – 1700
Location: Room 20
Speakers: Cove Binion, DIA; John Lundgren, DIA

Session Description:
Over the past year, DIA has made several changes to the DIA RMF Process, among them are clarification for assessing authorized IS undergoing changes, a new DevSecOps Process, a new Application Assessment Process (AAP) replacing the Scan After Deploy (SAD) process, a new Privacy Assessment Process, a new Applying Reciprocity Process, and newly-developed Critical Control Lists (CCL) to guide assessments and continuous monitoring. The proposed briefing would cover these unclassified processes and assist Information System Owners in navigating the new processes.

Date: Tuesday, August 20
Time: 1400 – 1500
Location: Room 21
Speakers: Nicholas La Pietra, DIA; John Pistolessi, DIA

Session Description:
This presentation will provide an overview of the new CIO Governance decision framework, high level processes, and roles/expectations of all participants. Focus will be on successful planning for future requirements to drive the Planning, Programming, Budgeting, and Execution processes.

Date: Tuesday, August 20
Time: 1400 – 1500
Location: Room 22
Speakers: Villa Sara, DIA; Joseph Kinzler, DIA

Session Description:
Today’s computing environment demands resiliency, redundancy, and security now more than ever. All three of these are offered through the DIA Platform and cloud computing, which can be leveraged to improve application availability, scalability, and security. These can be achieved either when building a new application, migrating your app to the platform, or taking a hybrid approach.

Date: Monday, August 19
Time: 1600 – 1700
Location: Room 20
Speaker: John Pistolessi, DIA

Session Description:
The CIO PEO has been chartered to align acquisition strategies to the CIO Strategic Priorities, and oversee acquisition of systems, programs, and capabilities to enhance modernization efforts in support of stakeholders, executive decision makers, and the acquisition workforce within CIO. The PEO acts as the Acquisition advisor to the CIO for coordination and oversight of approved information technology (IT) acquisition programs and procurement activities. The PEO is working to provide advice on innovative acquisition opportunities and methods for acquiring IT. The PEO also works to improve development of acquisition requirements documentation, e.g., Statements of Work. The purpose of this breakout session will be threefold:

1. 1. Expose industry and other mission partners to CIO’s investment management process;
   2. Identify potential for new technology areas and markets.
   3. Engage industry in dialogue for enhancing relationships and improving acquisition documentation.

Date: Monday, August 19
Time: 1300 – 1400
Location: Room 20
Speakers: Capt Arianna Niro, DIA; Capt Jeffrey Guion, DIA

Session Description:
IT is the weapons system for much of the intelligence community, who depend on classified networks to securely collect, report, and analyze intelligence. This session touches on the mission of the DIA IT Operations Center (ITOC): 24 x 7 command & control of IT operations and cyber defense incidents to ensure intelligence systems remain functional in support of the global DoD/IC. It will then explore ITOC initiatives to address challenges in troubleshooting, and rapidly resolving major DIA IT outages. Focus areas include: improvements to monitoring & visualization of systems, data-driven trend analysis of outages, enhancing customer collaboration with the Help Desk, cross-agency coordination, and developing our workforce.

Date: Monday, August 19
Time: 1600-1700
Location: Room 17
Speaker: Christopher Pfennig, DIA

Session Description:
Customer focused UNCLASS discussion on background and procedures for obtaining JCAP ATC for JWICS and Directors interest in ensuring JWICS resiliency through increased focused on connection standards and accountability.

Date: Monday, August 19
Time: 1500 – 1600
Location: Room 23
Speakers: Prem Saggar, DIA; Jon Benedict, DIA

Session Description:
Agencies are rapidly modernizing their Continuous Monitoring and Cyber Alerting capabilities through Data Science. Moreover, as robust and scalable Data Science platforms are further commoditized by cloud providers, agency Cybersecurity Programs will spend less time implementing and maintaining complex data science platforms and more time improving the IA and Cybersecurity Mission by leveraging managed data science services to add new cybersecurity data sets, business rules, alerts, and dashboards. The Cyberscience field merges the skills of Data Engineers, Data Scientists, and Visualization Engineers with Cybersecurity Experts in IT Security, IA Compliance, Vulnerability Management, and Active Cyber Defense to provide a near real-time risk pictures for Cybersecurity Executives and Information Security Professionals alike.

Date: Monday, August 19
Time: 1500-1600
Location: Room 22
Speaker: Brian Drake, DIA

Session Description:
This presentation will share results of the SABLE SPEAR program. Fentanyl kills approximately 24,000 Americans every year. This is equivalent to an airliner falling out of the sky every day. The White House designated the threat of fentanyl as a national health emergency. As part of DIA’s support to defense elements in the counternarcotics mission, the Americas Regional Center (AMRC) commissioned SABLE SPEAR. SABLE SPEAR is a mass data analytics effort using open sources and machine learning to understand the synthetic opioid supply chain from “nature to needle.” SABLE SPEAR ingests large datasets residing on the Internet, looks for indicators of illegal or suspicious activity, and surfaces military, diplomatic, and law enforcement opportunities to abate the threat.

Date: Monday, August 19
Time: 1600 – 1700
Location: Room 25
Speaker: Ian Stewart, NSA

Session Description:
The National Security Agency (NSA) Identity Credentials and Access Management (ICAM) program’s Technical Director will lead a technical discussion of the NSA’s ICAM approaches, for leveraging identities, credentials and authorizations to manage the access to data, services and resources. ICAM is foundational to ensuring the integrity of any information-sharing environment. With the evolution of virtual and cloud based technologies, data and resource sharing between man different service providers, organization and end customers, has become the standard occurrence. Consistencies between all components of the environment with identifying individuals, managing authorizations and controlling each access, is essential to protecting vital data and resources. The discussion will cover tools, policies, and systems that allow an organization to manage, monitor, and secure access to protected resources, as well as disciplines for establishing trust and interoperability between groups and organizations that want to share information.

Date: Monday, August 19
Time: 1500 – 1600
Location: Room 20
Speakers: Vickie Paytas, NSA; Tracy D. Fisher, NSA; Mark Woodcock, NSA; Najah McDonald, NSA

Session Description:
The National Security Agency (NSA) will cover end-to-end data lifecycle management and will lead a panel discussion that addresses cross-provider synchronization and coordination to deliver information to support multiple missions. Data is the core to every mission activity. The volume of data created around the world doubles in size every two years and the ability to consume the data at that growing rate mandates the need for smarter data analysis and management. The ODNI Chief Data Office has referred to data as an “IC Asset”. The NSA representatives will discuss some of these key methodologies and approaches to manage different types of IC data sets to allow ingestion and discovery within the IC-GovCloud. Managing IC data requires bringing together the expertise of the different services (e.g., policy and strategy, data conditioning, data tagging, data ingest, identity and access, hosting and compute, and discovery) to establish standard, consistent and interoperable, but flexible processes to support the various mission needs, while maintaining the security and integrity of IC data.

Date: Tuesday, August 20
Time: 1600 – 1700
Location: Room 18

Date: Wednesday, August 21
Time: 0830 – 0930 and 1030 – 1130 (Repeat)
Location: Room 17
Speaker: Katie Arrington, DoD

Session Description:
The Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) recognizes that security is foundational to acquisition and should not be traded along with cost, schedule, and performance. The Department is actively working with the Defense Industrial Base (DIB) to enhance the protection of controlled unclassified information (CUI) within the supply chain.

As part of this effort, OUSD(A&S) is collaborating with DoD stakeholders, University Affiliated Research Centers (UARCs), Federally Funded Research and Development Centers (FFRDC), and industry to develop the Cybersecurity Maturity Model Certification (CMMC).

The CMMC will combine various cybersecurity standards, controls, and best practices to create levels ranging from basic cyber hygiene to advanced. Once implemented, the CMMC will reduce risk against a specific set of cyber threats.

The CMMC builds upon existing regulations and control frameworks while adding a verification component with respect to cybersecurity requirements.

The goal is for CMMC to be cost-effective and affordable for small businesses to implement.

Certified, independent, 3rd party organizations will conduct audits and inform risk.

Date: Wednesday, August 21
Time: 1030 – 1130
Location: Room 23

Date: Tuesday, August 20
Time: 1600 – 1700
Location: Room 23

Location: Tampa Convention Center – Central and East Halls – 3rd Floor

Visit the Exhibit Hall to check out 300+ innovative technology solutions! The Exhibit Hall is also a great place to find snacks and refreshments for a quick pick-me-up in between sessions.