One of the biggest challenges in supporting training systems in today's ever evolving cyber threat environment is securely sustaining simulators and training systems. Training systems are special purpose systems that unlike most general purpose information systems require an additional level of analysis before security changes can be implemented. Given the unique nature of these training systems, Information Assurance Technical (IAT) personnel cannot implement patches without rigorous analysis and testing. The need to have improved IA sustainment processes designed to reduce the total time spent on IA maintenance such as vulnerability management, reducing cyber threats, and a reduction of overall lifecycle costs is paramount to the trainer's operational success and budget.
Often times an IA sustainment strategy varies significantly by each training system, and the strategy is typically an afterthought when the system is designed or fielded. Our paper analyzes many of the current labor intensive issues with securely sustaining training systems and describes a strategy for reducing the overall number of hours required to sustain. We will discuss tools, architectures, processes, and configuration management techniques designed with the common goal of minimizing sustainment time once a system is fielded. Our paper will identify and maximize the use of Government licensed IA products and security software. We will discuss the importance and need for a well trained IA sustainment staff. Multiple and proven IA sustainment strategies and case studies will be discussed to include ideas for Program Managers to reduce IA sustainment time for legacy systems, and ideas to lower the overall IA lifecycle costs while designing a new system.
Our paper's goal will be to demonstrate secure architectures, IA sustainment processes and the security tools that will protect our national security information, while keeping the training systems main purpose in mind, and lowering overall IA sustainment costs and effort.