Advanced Systems Integration and Test Center

Staff members at CDA's Advanced Systems Integration and Test Center (ASITC), located in Reston Virginia, operate a state-of-the-art test bed for the development, integration, testing, and study of both classified and unclassified advanced IA technologies.

Information System Security Experimentation. ASITC employs a well-defined IA experimentation process, developed under the DARPA IA program and extended by CDA personnel, to yield sound scientific results. ASITC experimentation services include planning, execution, and data analysis. Results provide a sound basis to assess the suitability of alternative approaches, designs, and technologies for a variety of purposes. The expertise gained by ASITC staff through experimentation has provided a solid foundation for information system testing and independent verification and validation.

Research and Development of Emerging IA Concepts. ASITC staff members apply their unique skills and methodology to evolve and extend IA knowledge and concepts using experimental testbeds that model actual operational systems. Applications of gained insights include improved implementations of COTS security components, seeding sponsor R&D agendas, and furtherance of CDA's work in cyber strategies and tactics.

Research and Development of IA Systems and Supporting Technologies. ASITC staff members have developed advanced proof-of-concept information security systems in support of DARPA, AFRL, and DHS. Examples include an enterprise-level technology to automatically detect and stop BotNets and advanced cyber sensors that detect flash worms in wired and in mobile ad-hoc networks (MANETS), enabling dynamic quarantine of infected hosts. In addition, ASITC staff have integrated IA research technologies into complex prototype systems under the DARPA Cyber Panel and OASIS Programs and have designed and used advanced sensor grids to detect state-of-the-art cyber attacks. ASITC's experimentation methodology has proved useful in characterizing and selecting key technologies for advanced systems design.

Independent Testing and Evaluation of Advanced Technologies. The ASITC staff is uniquely qualified to select and evaluate candidate technologies for customer use. The ASITC staff has expertise in both operational and research environments, which enables them to effectively work with end operational users to understand technology needs and with researchers and other technology providers to understand emerging technologies that might meet those needs. ASITC staff have operated as trusted customer advisors and conducted independent verification and validation (IV&V) of both unclassified and classified advanced technology development projects for DARPA and other organizations.

The ASITC staff developed and now utilizes a comprehensive IV&V methodology that has proven highly effective in determining whether information technology performance meets expected customer requirements. This methodology involves both the customer and technology provider from the beginning to ensure a successful test event with informative results upon which decisions can be based. The ASITC methodology ensures all required data is collected and stored in a non-intrusive manner and is available for post analysis to answer any follow up questions that might arise from the testing event. Unclassified examples include designing and conducting Go/NoGo tests for the DARPA Cyber Panel correlator technologies and the DARPA Ultra*Log program. Classified projects are sponsored by DoD components that provide information operations technologies to the IC.

Operational Systems Design, Accreditation and Certification. ASITC staff have designed, implemented, and obtained accreditation for systems at the DCID 6/3 PL1 and PL2 protection levels. Staff recently implemented and deployed an eXMeritus HardwareWall high assurance PL5 guard to protect a customer-funded network. Staff worked with the vendor, system designers, and government accreditors to develop rulesets and a test suite to ensure both required mission functionality and security goals were met. The system presently has obtained Interim Authority to Test (IATT) and awaits final Authority to Operate (ATO).