Cyber Exercise Playbook

Total Page:16

File Type:pdf, Size:1020Kb

Cyber Exercise Playbook Cyber Exercise Jason Kick Playbook The views, opinions and/or findings contained in this report are those of The MITRE Corporation and should not be construed as an official government position, policy, or decision, unless designated by other documentation. November 2014 Approved for Public Release; Distribution Unlimited. 14-3929 This technical data was produced for the U.S. Government under Contract No. W15P7T-13-C-A802, and is subject to the Rights in Technical Data-Noncommercial Items clause at DFARS 252.227- 7013 (NOV 1995). ©2014 The MITRE Corporation. All rights reserved. MP140714 Wiesbaden, Germany Approved By Mr. Charles Best Date Project Leader ii Abstract This paper provides an overview of the cyber exercise process from inception to reporting. It introduces the terminology and life cycle of a cyber exercise and then focuses on the planning and execution aspects of such exercises, to include objectives, scenarios, reporting and assessment procedures, network architecture, tools, and lessons learned from utilizing the scenarios outlined during an exercise with Partner Nations. Reading this document and reviewing the reference materials should enable exercise planners to understand the purpose, objectives, planning, and execution processes for conducting cyber exercises. iii This page intentionally left blank. iv Acknowledgements Several MITRE staff members contributed to this paper, either by reviewing it or by writing certain sections. Thank you to everyone who took part in ensuring this paper’s accuracy and completeness, especially: • Mr. Nathan Adams • Mr. Dan Aiello • Mr. Charles Best • Mrs. Margaret MacDonald • Mr. John Modrich • Mr. Scott Wilson Several staff of the US Army also reviewed this paper. Thanks are due to: • Mr. Aaron Smith • Mr. Dennis Freed • Mr. Daniel Crandall v This page intentionally left blank. vi Table of Contents Overview .................................................................................................................................................................. 1 Terminology ............................................................................................................................................................ 1 Exercise Planning .................................................................................................................................................. 4 Objectives ............................................................................................................................................................ 4 Exercise Outcomes ........................................................................................................................................... 5 Know the Training Audience ....................................................................................................................... 7 Types of Cyber Exercises ............................................................................................................................... 8 Table Top (scripted events) .................................................................................................................... 9 Hybrid (scripted injects with real probes/scans) ........................................................................ 10 Full Live (real and scripted events) ................................................................................................... 10 Ranges................................................................................................................................................................ 11 Threats .............................................................................................................................................................. 12 Sample Exercise Threats ........................................................................................................................ 12 Exercise Planning Cycle ................................................................................................................................... 13 Concept Development Meeting ................................................................................................................ 14 Initial Planning Meeting .............................................................................................................................. 14 MSEL Planning Meeting .............................................................................................................................. 15 Mid-Term Planning Meeting ..................................................................................................................... 16 Final Planning Meeting ............................................................................................................................... 17 Exercise Execution ............................................................................................................................................. 18 Observation ..................................................................................................................................................... 18 Observation Scenario .............................................................................................................................. 19 Post Exercise ........................................................................................................................................................ 19 Lessons Learned ............................................................................................................................................ 20 Exercise Planning Pitfalls ...................................................................................................................... 20 Exercise Logistical and Technical Considerations ....................................................................... 22 Conclusions .......................................................................................................................................................... 22 Appendix A: Sample Master Scenario Event List ................................................................................... 23 Appendix B: Sample Exercise Incident Response Plan ........................................................................ 24 Exercise Incident Response Plan ....................................................................................................... 24 Reporting Procedures ............................................................................................................................. 25 Appendix C: Sample Incident Response Form ........................................................................................ 26 vii Appendix D: Sample Exercise Roles and Responsibilities .................................................................. 27 Training Audience User Role Responsibilities ............................................................................. 27 Training Audience System Administrator Role Responsibilities ........................................... 28 Appendix E: Sample Network Architecture ............................................................................................. 29 Appendix F: Sample Red Team Exercise Data......................................................................................... 30 Email Address List.................................................................................................................................... 30 IP addresses for Exercise ....................................................................................................................... 30 Logs from web server ............................................................................................................................. 30 Access logs: ................................................................................................................................................. 30 Logs accessing the contaminated zip file ........................................................................................ 30 Initial Spearphishing email: Site Introduction Email (non malicious) ................................ 31 Water contamination report spearphishing (malicious link to website) ........................... 31 Appendix G: Sample Red Team Event Log ................................................................................................ 32 Appendix H: Sample Inject Observation Form ....................................................................................... 34 Appendix I: Sample Master Station Log .................................................................................................... 35 Appendix J: Sample After Action Report ................................................................................................... 36 Appendix K: Software Tools ........................................................................................................................... 37 Appendix L: References ................................................................................................................................... 39 Papers ........................................................................................................................................................... 39 Web Resources .......................................................................................................................................... 39 Appendix M: Acronyms ...................................................................................................................................
Recommended publications
  • Final Report September 2020
    Coronavirus Commission for Safety and Quality in Nursing Homes Commission Final Report September 2020 Approved for Public Release; Distribution Unlimited 20-2378. © 2020 The MITRE Corporation. All Rights Reserved. Commission Final Report NOTICE This document was produced for the U. S. Government under Contract Number 75FCMC19F0012, and is subject to Federal Acquisition Regulation Clause 52.227-14, Rights in Data-General. No other use other than that granted to the U. S. Government, or to those acting on behalf of the U. S. Government under that Clause is authorized without the express written permission of The MITRE Corporation. For further information, please contact The MITRE Corporation, Contracts Management Office, 7515 Colshire Drive, McLean, VA 22102-7539, (703) 983-6000. Approved for Public Release; Distribution Unlimited 20-2378. © 2020 The MITRE Corporation. All Rights Reserved. Commission Final Report Coronavirus Commission for Safety and Quality in Nursing Homes Morgan Jane Katz, MD, MHS Assistant Professor of Medicine, Johns Hopkins Commission Members University, Maryland Roya Agahi, RN, MS HCM, WCC Beverley L. Laubert, MA Chief Nursing Officer, CareRite, New York State Long-Term Care Ombudsman, State Department of Aging, Ohio Lisa M. Brown, PhD, ABPP Professor of Psychology, Rosie D. Lyles, MD, MHA, MSc, FACA Palo Alto University, California Director of Clinical Affairs, Medline Industries, Mark Burket Illinois CEO, Platte Health Center Avera, South Dakota Jeannee Parker Martin, MPH, BSN, RN Eric M. Carlson, JD President and CEO, LeadingAge California Directing Attorney, Justice in Aging, California G. Adam Mayle, CHFM, CHC, CHE (does not endorse this report) Administrative Director of Facilities, Memorial Michelle Dionne-Vahalik, DNP, RN Healthcare System, Florida Associate Commissioner, State Health and Human David A.
    [Show full text]
  • Onebeacon Technology Insurance Whitepaper Template (2016)
    Autonomous Vehicles: Why Drive When the Vehicle Drives You Author: Tushar Nandwana, Information Technology Risk Control Published: June 2020 Executive Summary The idea of being effortlessly chauffeured by self-driving cars or autonomous vehicles (AV), has been a dream of futurists for several decades. They envision a time where we will simply input our destination and be safely driven there while we do work, relax, watch a movie, or even take a nap. Commercially, trucks will self-drive in platoon formations 24 hours a day transporting goods from one part of the country to another. Google was one of the first companies focusing on autonomous technology to hit a major milestone in 2009 when Google’s Waymo first demonstrated a 1,000 mile drive in a prototype, self-driving Toyota Prius. Since then, major automotive companies, along with hundreds of new companies, have entered into the self-driving arena. Both Waymo and Voyage now have fully self-driving robo- taxi fleets operating in specific communities in Florida, Arizona and California. There have been highly successful self-driving trucking tests by companies such as TuSimple and the now defunct Starsky Robotics. Firms tout new achievements in AV technology weekly, but for now, almost all operate in a test mode capacity as they develop data to further increase the safety and reliability of their AV systems. Reliable and unwavering safety of these systems remains elusive due to a high level of complexity. It will likely be upwards of three years minimum before we see a commercially viable AV platform that meets the necessary safety and reliability standards, likely a level 4 (L4).
    [Show full text]
  • NVIDIA Technical Overview | GPU-Accelerated Signal Processing
    TECHNICAL OVERVIEW GPU-ACCELERATED SIGNAL PROCESSING Delivering Real-Time, Low-Latency, and High-Performance Computing with the NVIDIA Aerial SDK A FIREHOSE OF SENSOR DATA AND SPEED-OF-LIGHT COMPUTE With high-throughput and low-latency demands, signal processing applications—from software-defined radio and communications systems to speech processing and beyond—have traditionally relied on special accelerators like FPGAs and ASICs to deliver real-time performance. Programming these devices, however, has remained a huge challenge, and the development-to-deployment cycle is prone to restarts. Additionally, as the signal processing community extends into applications of artificial intelligence and machine learning for intelligent networks, anomaly detection, and spectrum awareness, the seamless connection to software frameworks like PyTorch, NVIDIA RAPIDS™, and TensorFlow is critical. 5G, in particular, ushers in a new era in wireless communications that delivers more than 10X lower latency and 1,000X the bandwidth when compared to previous 3rd Generation Partnership Project (3GPP) standards: all while supporting millions of connected devices per square kilometer. As developers and decision-makers look toward the future, NVIDIA GPUs lead the way with a focus on fast input/output (I/O) handling, programmability, compute performance, and enablement of both AI training and inference for signal processing workloads. Whether at the edge, in a data center, or in the cloud, the NVIDIA Aerial™ SDK delivers a collection of state-of-the-art signal processing solutions for Python, CUDA®, and C++ developers alike. NVIDIA AERIAL: BIGGER, STRONGER, MORE PRODUCTIVE In 2019, NVIDIA announced Aerial—a software package targeted to the 5G signal processing surrounding virtual radio access networks (vRAN).
    [Show full text]
  • RFI Response: AI Standards
    ©2019 The MITRE Corporation. All Rights Reserved. Approved for Public Release. Distribution Unlimited. Case Number 18-2319-33 MP190421 June 10, 2019 Response of The MITRE Corporation to the National Institute of Standards and Technology (NIST) Request for Information on Artificial Intelligence Standards For additional information about this response, please contact: Duane Blackburn, S&T Policy Analyst The MITRE Corporation 7596 Colshire Drive McLean, VA 22102-7539 [email protected] (434) 964-5023 i Table of Contents Introduction .................................................................................................................................................. 1 AI Technical Standards and related tools development: status and plans ................................................ 2 1.0 AI technical standards and tools that have been developed, and the developing organization, including the aspects of AI these standards and tools address, and whether they address sector-specific needs or are cross-sector in nature...................................................................... 2 2.0 Reliable sources of information about the availability and use of AI technical standards and tools .............................................................................................................................................. 4 3.0 The needs for AI technical standards and related tools. How those needs should be determined, and challenges in identifying and developing those standards and tools ............... 5 5.0 Any
    [Show full text]
  • (“Spider-Man”) Cr
    PRIVILEGED ATTORNEY-CLIENT COMMUNICATION EXECUTIVE SUMMARY SECOND AMENDED AND RESTATED LICENSE AGREEMENT (“SPIDER-MAN”) CREATIVE ISSUES This memo summarizes certain terms of the Second Amended and Restated License Agreement (“Spider-Man”) between SPE and Marvel, effective September 15, 2011 (the “Agreement”). 1. CHARACTERS AND OTHER CREATIVE ELEMENTS: a. Exclusive to SPE: . The “Spider-Man” character, “Peter Parker” and essentially all existing and future alternate versions, iterations, and alter egos of the “Spider- Man” character. All fictional characters, places structures, businesses, groups, or other entities or elements (collectively, “Creative Elements”) that are listed on the attached Schedule 6. All existing (as of 9/15/11) characters and other Creative Elements that are “Primarily Associated With” Spider-Man but were “Inadvertently Omitted” from Schedule 6. The Agreement contains detailed definitions of these terms, but they basically conform to common-sense meanings. If SPE and Marvel cannot agree as to whether a character or other creative element is Primarily Associated With Spider-Man and/or were Inadvertently Omitted, the matter will be determined by expedited arbitration. All newly created (after 9/15/11) characters and other Creative Elements that first appear in a work that is titled or branded with “Spider-Man” or in which “Spider-Man” is the main protagonist (but not including any team- up work featuring both Spider-Man and another major Marvel character that isn’t part of the Spider-Man Property). The origin story, secret identities, alter egos, powers, costumes, equipment, and other elements of, or associated with, Spider-Man and the other Creative Elements covered above. The story lines of individual Marvel comic books and other works in which Spider-Man or other characters granted to SPE appear, subject to Marvel confirming ownership.
    [Show full text]
  • “I Am the Villain of This Story!”: the Development of the Sympathetic Supervillain
    “I Am The Villain of This Story!”: The Development of The Sympathetic Supervillain by Leah Rae Smith, B.A. A Thesis In English Submitted to the Graduate Faculty of Texas Tech University in Partial Fulfillment of the Requirements for the Degree of MASTER OF ARTS Approved Dr. Wyatt Phillips Chair of the Committee Dr. Fareed Ben-Youssef Mark Sheridan Dean of the Graduate School May, 2021 Copyright 2021, Leah Rae Smith Texas Tech University, Leah Rae Smith, May 2021 ACKNOWLEDGMENTS I would like to share my gratitude to Dr. Wyatt Phillips and Dr. Fareed Ben- Youssef for their tutelage and insight on this project. Without their dedication and patience, this paper would not have come to fruition. ii Texas Tech University, Leah Rae Smith, May 2021 TABLE OF CONTENTS ACKNOWLEDGMENTS………………………………………………………….ii ABSTRACT………………………………………………………………………...iv I: INTRODUCTION……………………………………………………………….1 II. “IT’S PERSONAL” (THE GOLDEN AGE)………………………………….19 III. “FUELED BY HATE” (THE SILVER AGE)………………………………31 IV. "I KNOW WHAT'S BEST" (THE BRONZE AND DARK AGES) . 42 V. "FORGIVENESS IS DIVINE" (THE MODERN AGE) …………………………………………………………………………..62 CONCLUSION ……………………………………………………………………76 BIBLIOGRAPHY …………………………………………………………………82 iii Texas Tech University, Leah Rae Smith, May 2021 ABSTRACT The superhero genre of comics began in the late 1930s, with the superhero growing to become a pop cultural icon and a multibillion-dollar industry encompassing comics, films, television, and merchandise among other media formats. Superman, Spider-Man, Wonder Woman, and their colleagues have become household names with a fanbase spanning multiple generations. However, while the genre is called “superhero”, these are not the only costume clad characters from this genre that have become a phenomenon.
    [Show full text]
  • Ten Strategies of a World-Class Cybersecurity Operations Center Conveys MITRE’S Expertise on Accumulated Expertise on Enterprise-Grade Computer Network Defense
    Bleed rule--remove from file Bleed rule--remove from file MITRE’s accumulated Ten Strategies of a World-Class Cybersecurity Operations Center conveys MITRE’s expertise on accumulated expertise on enterprise-grade computer network defense. It covers ten key qualities enterprise- grade of leading Cybersecurity Operations Centers (CSOCs), ranging from their structure and organization, computer MITRE network to processes that best enable effective and efficient operations, to approaches that extract maximum defense Ten Strategies of a World-Class value from CSOC technology investments. This book offers perspective and context for key decision Cybersecurity Operations Center points in structuring a CSOC and shows how to: • Find the right size and structure for the CSOC team Cybersecurity Operations Center a World-Class of Strategies Ten The MITRE Corporation is • Achieve effective placement within a larger organization that a not-for-profit organization enables CSOC operations that operates federally funded • Attract, retain, and grow the right staff and skills research and development • Prepare the CSOC team, technologies, and processes for agile, centers (FFRDCs). FFRDCs threat-based response are unique organizations that • Architect for large-scale data collection and analysis with a assist the U.S. government with limited budget scientific research and analysis, • Prioritize sensor placement and data feed choices across development and acquisition, enteprise systems, enclaves, networks, and perimeters and systems engineering and integration. We’re proud to have If you manage, work in, or are standing up a CSOC, this book is for you. served the public interest for It is also available on MITRE’s website, www.mitre.org. more than 50 years.
    [Show full text]
  • Cyber Threats Facing America: an Overview of the Cybersecurity Threat Landscape
    S. Hrg. 115–298 CYBER THREATS FACING AMERICA: AN OVERVIEW OF THE CYBERSECURITY THREAT LANDSCAPE HEARING BEFORE THE COMMITTEE ON HOMELAND SECURITY AND GOVERNMENTAL AFFAIRS UNITED STATES SENATE ONE HUNDRED FIFTEENTH CONGRESS FIRST SESSION MAY 10, 2017 Available via the World Wide Web: http://www.fdsys.gov/ Printed for the use of the Committee on Homeland Security and Governmental Affairs ( U.S. GOVERNMENT PUBLISHING OFFICE 27–390 PDF WASHINGTON : 2018 COMMITTEE ON HOMELAND SECURITY AND GOVERNMENTAL AFFAIRS RON JOHNSON, Wisconsin, Chairman JOHN MCCAIN, Arizona CLAIRE MCCASKILL, Missouri ROB PORTMAN, Ohio THOMAS R. CARPER, Delaware RAND PAUL, Kentucky JON TESTER, Montana JAMES LANKFORD, Oklahoma HEIDI HEITKAMP, North Dakota MICHAEL B. ENZI, Wyoming GARY C. PETERS, Michigan JOHN HOEVEN, North Dakota MAGGIE HASSAN, New Hampshire STEVE DAINES, Montana KAMALA D. HARRIS, California CHRISTOPHER R. HIXON, Staff Director GABRIELLE D’ADAMO SINGER, Chief Counsel COLLEEN BERNY, Professional Staff Member MARGARET E. DAUM, Minority Staff Director JULIE KLEIN, Minority Professional Staff Member LAURA W. KILBRIDE, Chief Clerk BONNI DINERSTEIN, Hearing Clerk (II) C O N T E N T S Opening statements: Page Senator Johnson ............................................................................................... 1 Senator McCaskill ............................................................................................ 2 Senator Lankford .............................................................................................. 15 Senator Daines
    [Show full text]
  • Wolverine Logan, of the X-Men and the New Avengers
    Religious Affiliation of Comics Book Characters The Religious Affiliation of Comic Book Character Wolverine Logan, of the X-Men and the New Avengers http://www.adherents.com/lit/comics/Wolverine.html Wolverine is the code name of the Marvel Comics character who was long known simply as "Logan." (Long after his introduction, the character's real name was revealed to be "James Howlett.") Although originally a relatively minor character introduced in The Incredible Hulk #180-181 (October - November, 1974), the character eventually became Marvel's second-most popular character (after Spider-Man). Wolverine was for many years one of Marvel's most mysterious characters, as he had no memory of his earlier life Above: Logan and the origins of his distinctive (Wolverine) prays at a Adamantium skeleton and claws. Like Shinto temple in Kyoto, much about the character, his religious Japan. affiliation is uncertain. It is clear that [Source: Wolverine: Wolverine was raised in a devoutly Soultaker, issue #2 (May Christian home in Alberta, Canada. His 2005), page 6. Written by family appears to have been Protestant, Akira Yoshida, illustrated although this is not certain. At least by Shin "Jason" Nagasawa; reprinted in into his teen years, Wolverine had a Wolverine: Soultaker, strong belief in God and was a Marvel Entertainment prayerful person who strived to live by Group: New York City specific Christian ethics and moral (2005).] teachings. Above: Although Logan (Wolverine) is not a Catholic, and Over the many decades since he was a Nightcrawler (Kurt Wagner) is not really a priest, Logan child and youth in 19th Century nevertheless was so troubled by Alberta, Wolverine's character has his recent actions that he changed significantly.
    [Show full text]
  • Planning for On-Campus Education During COVID-19
    PLANNING FOR ON-CAMPUS K-12 EDUCATION DURING COVID-19 AUGUST 6, 2020 PLANNING FOR ON-CAMPUS K-12 EDUCATION DURING COVID-19 AUTHORS Rich Byrne, MITRE Corporation Gail H. Cassell, Harvard Medical School, Brigham and Women’s Hospital, Boston Matthew E. Downs, MITRE Corporation Florida International University John Halamka, Mayo Clinic Shayri M. Kansagra, MITRE Corporation Leavitt Partners Rakhee Palekar, MITRE Corporation Neelima Ramaraju, LLamasoft Kunal J. Rambhia, MITRE Corporation Kippy Rudy, Center for Mind and Culture Jay Schnitzer, MITRE Corporation Taylor Wilkerson, MITRE Corporation COALITION REVIEWERS Hannah Darrington, Leavitt Partners Mark R. Ginsberg, George Mason University Leigha Witt Humphries, Oak Ridge Associated Universities John Poelman, Leavitt Partners Jennifer Tyrell, Oak Ridge Associated Universities The complex decision-making regarding reopening of schools compels careful thought, planning, and collaboration, within and across communities. Through this document, the COVID-19 Healthcare Coalition provides clarifications, interpretations, and estimates that can be used as a resource by school leaders to develop and implement plans for returning to on-campus learning, in the context of the COVID-19 pandemic. This document summarizes guiding principles and lessons learned, to provide current information (as of publication date) as well as additional resources to facilitate discussions and decisions regarding return to on-campus learning policies. The reopening of schools—either to virtual or on-campus learning—is approaching quickly. Communities should give particular consideration to the socioeconomic challenges and disparities within their districts; the need for transparency in development and implementation of plans; and the provision of funding and resources to schools, teachers, and other school staff to ensure safety and efficacy of on-campus or virtual-learning environments.
    [Show full text]
  • Comic Book Collection
    2008 preview: fre comic book day 1 3x3 Eyes:Curse of the Gesu 1 76 1 76 4 76 2 76 3 Action Comics 694/40 Action Comics 687 Action Comics 4 Action Comics 7 Advent Rising: Rock the Planet 1 Aftertime: Warrior Nun Dei 1 Agents of Atlas 3 All-New X-Men 2 All-Star Superman 1 amaze ink peepshow 1 Ame-Comi Girls 4 Ame-Comi Girls 2 Ame-Comi Girls 3 Ame-Comi Girls 6 Ame-Comi Girls 8 Ame-Comi Girls 4 Amethyst: Princess of Gemworld 9 Angel and the Ape 1 Angel and the Ape 2 Ant 9 Arak, Son of Thunder 27 Arak, Son of Thunder 33 Arak, Son of Thunder 26 Arana 4 Arana: The Heart of the Spider 1 Arana: The Heart of the Spider 5 Archer & Armstrong 20 Archer & Armstrong 15 Aria 1 Aria 3 Aria 2 Arrow Anthology 1 Arrowsmith 4 Arrowsmith 3 Ascension 11 Ashen Victor 3 Astonish Comics (FCBD) Asylum 6 Asylum 5 Asylum 3 Asylum 11 Asylum 1 Athena Inc. The Beginning 1 Atlas 1 Atomic Toybox 1 Atomika 1 Atomika 3 Atomika 4 Atomika 2 Avengers Academy: Fear Itself 18 Avengers: Unplugged 6 Avengers: Unplugged 4 Azrael 4 Azrael 2 Azrael 2 Badrock and Company 3 Badrock and Company 4 Badrock and Company 5 Bastard Samurai 1 Batman: Shadow of the Bat 27 Batman: Shadow of the Bat 28 Batman:Shadow of the Bat 30 Big Bruisers 1 Bionicle 22 Bionicle 20 Black Terror 2 Blade of the Immortal 3 Blade of the Immortal unknown Bleeding Cool (FCBD) Bloodfire 9 bloodfire 9 Bloodshot 2 Bloodshot 4 Bloodshot 31 bloodshot 9 bloodshot 4 bloodshot 6 bloodshot 15 Brath 13 Brath 12 Brath 14 Brigade 13 Captain Marvel: Time Flies 4 Caravan Kidd 2 Caravan Kidd 1 Cat Claw 1 catfight 1 Children of
    [Show full text]
  • FFRDC Research and Development Survey: Fiscal Year 2012 Detailed Statistical Tables | NSF 14-302 | January 2014
    FFRDC Research and Development Survey: Fiscal Year 2012 Detailed Statistical Tables | NSF 14-302 | January 2014 Ronda Britt Project Officer Research and Development Statistics Program (703) 292-7765 General Notes The data presented in this report were compiled from the National Science Foundation (NSF) FY 2012 Federally Funded Research and Development Center (FFRDC) Research and Development Survey. ICF International currently conducts the survey under contract to NSF. The reference period of this annual survey is the fiscal year of the surveyed FFRDC. The survey collects the separately budgeted R&D expenditures by source of funding and type of cost reported by FFRDCs. The FFRDC survey is administered in conjunction with the Higher Education Research and Development (HERD) Survey, previously the Survey of Research and Development Expenditures at Universities and Colleges (Academic R&D Survey). Prior to FY 2009, the resulting FFRDC data were published in the Academic R&D Expenditures series of detailed statistical tables. The FY 2008 FFRDC data were published both in the Academic R&D Expenditures report and separately in a FY 2008 report, establishing a new detailed statistical tables series solely for FFRDC data. Terms used are defined below. • Separately budgeted R&D expenditures. All funds expended for activities specifically organized to produce research outcomes. These activities are either commissioned by an agency external to the FFRDC or are separately budgeted by the FFRDC. • Expenditures. Funds actually spent by the FFRDC during its fiscal year. • Federally funded research and development centers. R&D-performing organizations that range in organizational structure from traditional contractor-owned/contractor-operated or government- owned/contractor-operated to structures in which degrees of contractor/government control and ownership vary.
    [Show full text]