Critical infrastructure
Industrial Cyber Attacks
Malware, Phishing & Ransomware
News

US DoD launches CORA program to revolutionize cybersecurity strategy

March 06, 2024
US DoD launches CORA program to revolutionize cybersecurity strategy

The U.S. Department of Defense (DoD) through its Joint Force Headquarters — Department of Defense Information Network, has recently rolled out its Cyber Operational Readiness Assessment (CORA) program, building on the success of a nine-month pilot phase. The move marks a pivotal transformation in the department’s approach to cybersecurity, moving from a focus on compliance through the Command Cyber Readiness Inspection program to emphasizing operational readiness as a foundation for mission assurance. Reflecting this substantial shift, the program has been aptly renamed to the CORA.

The CORA program is one of the most critical components of the DOD’s cyber security strategy and lays a strong cornerstone to support the command’s goal of continuous holistic assessments. CORA is crucial for validating current, future, and emerging technologies that will help the DOD continuously monitor and assess terrain to assess and mitigate risk across the DODIN.

The new processes help strengthen the posture and resiliency of the DODIN by supporting the network’s Areas of Operation commanders and directors in efforts to harden their information systems, reduce the attack surface of their cyber terrain, and enhance a more proactive defense. These are the foundational cybersecurity principles measured by the CORA program. 

“CORA is a vital aspect of continually understanding our cyber readiness through fusing many risk factors including access control, detecting anomalies, adjusting to adversary threat information and executing cyber orders,” Air Force Lt. Gen. Robert Skinner, commander of JFHQ-DODIN, said in a media statement. “Ultimately, the assessment provides commanders and directors a more precise understanding of their high-priority cyber terrain and their overall cyber security and defensive posture enabling greater command and control and enhancing decision making.”

John Porter, JFHQ-DODIN’s acting director of DODIN Readiness and Security Inspections directorate, said “CORA represents a consolidated look at threat, vulnerability, and impact designed to give DAO commanders and directors relevant information for making decisions about cyber terrain, forces, and other resources.”

He detailed that CORA prioritizes MITRE ATT&CK mitigations to minimize adversarial risk to the DODINs through JFHQ-DODIN’s risk-based metrics. “The command created risk-based metrics after analyzing MITRE ATT&CK tactics, techniques, and procedures for initial access, persistence, privilege escalation, lateral movement, and exfiltration,” Porter said.

Porter said, “the JFHQ-DODIN CORA team developed key indicators of risk from the risk-based metrics to ensure alignment with JFHQ-DODIN cybersecurity priorities and to direct focus onto the most critical areas of remediation.”

This, in turn, allows organizations to focus their mitigation efforts on risk and exposure to common adversarial TTPs. He added, “focusing on these essential remediation points allows DOD Components to concentrate limited resources and staffing on correcting high-risk areas.” JFHQ-DODIN risk-based metrics and CORA key indicators of risk are adjusted as the MITRE ATT&CK TTPs and mitigations priorities shift, enabling the CORA program to keep pace with the rapidly changing cyber domain.
 
In addition to the key indicators of risk, Porter said “CORA is hyper-focused on securing the boundary.” 

The boundary consists of network perimeter devices, public and DOD facing assets servicing the public or external DOD components, and any information systems with a direct interface to an external information system. The boundary reviews measure the cyber-hardening risk of information systems exposed to the public internet and the possibility that the malicious activity could spread to other DOD Components if an information system is compromised.
 
The CORA has become a more agile process encouraging and enabling adjustments in strides. The assessment can be adjusted as new orders, policies, or directives are issued, add new assessed technology if Security Technical Implementation Guides exist, and adjust key risk indicators as the threat landscape changes. 

The program will help ensure a strong cybersecurity foundation for all DOD networks. “It will help DAO commanders and directors better understand the status of their high-priority terrain and their overall cyber security readiness and defensive posture and provide them with relevant information for making decisions about terrain, forces, and other resources. At the same time, it will provide the U.S. Cyber Command and JFHQ-DODIN commanders a greater understanding of level of risk to the DODIN.” 

In January, the DoD released its inaugural National Defense Industrial Strategy (NDIS) that offers a strategic vision to coordinate and prioritize actions to build a modernized defense industrial ecosystem over the next three to five years. The proposed pathway to modernize the defense industrial ecosystem recognizes that this is not and cannot be a DoD-only solution. The NDIS document will require effort, cooperation, and coordination between the U.S. government, private industry, and international allies and partners.

Anna Ribeiro
Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.

Webinar: A Sense of Urgency - Industrial Cybersecurity and Compliance Under the NIS2 Directive

Register: June 27, 2024 2pm CET

http://industrialcyber.co

Related

HC3 releases threat profile on Qilin ransomware targeting global healthcare, other critical sectors
HC3 releases threat profile on Qilin ransomware targeting global healthcare, other critical sectors
Symantec warns of espionage campaign by Chinese Intelligence targeting Asian telecom operators
Symantec warns of espionage campaign by Chinese Intelligence targeting Asian telecom operators
CISA's Chemical Security Assessment Tool hit by cyberattack, sensitive documents potentially exposed
CISA’s Chemical Security Assessment Tool hit by cyberattack, sensitive documents potentially exposed
Analyzing role of C-Level executives, management in enhancing cybersecurity within industrial sectors
Analyzing role of C-Level executives, management in enhancing cybersecurity within industrial sectors
breaking down the strategic guidance and national priorities for u.s. critical infrastructure security and resilience expert
Breaking Down the Strategic Guidance and National Priorities for U.S Critical Infrastructure Security and Resilience
DHS Secretary Mayorkas unveils strategic guidance to bolster US critical infrastructure security and resilience
DHS Secretary Mayorkas unveils strategic guidance to bolster US critical infrastructure security and resilience
House Committee urges DHS, DOE to declassify risks of Chinese-manufactured drones
House Committee urges DHS, DOE to declassify risks of Chinese-manufactured drones
US DHS partners with Indonesia to strengthen maritime cybersecurity in Indo-Pacific region
US DHS partners with Indonesia to strengthen maritime cybersecurity in Indo-Pacific region
Broadcom's Symantec solutions achieve IRAP certification, meeting Australian government standards
Broadcom’s Symantec solutions achieve IRAP certification, meeting Australian government standards
MITRE launches ACID to boost OT security with ATT&CK-based indicators using CISA's ICSNPP Parsers
MITRE launches ACID to boost OT security with ATT&CK-based indicators using CISA’s ICSNPP Parsers