1 / 38

Signal Regiment s Cyberspace Operations Communications Plan

PURPOSE. PURPOSE:To present and discuss the Signal Regiment's requirements to support Army Cyberspace Operations. OBJECTIVES: By the end of this presentation you will be able to:Understand the Signal Regiment's efforts in identifying current cyberspace operations requirements Determine how t

shaun
Download Presentation

Signal Regiment s Cyberspace Operations Communications Plan

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

    1. U.S. Army Signal Center of Excellence 20 Aug 09 Signal Regiment’s Cyberspace Operations Communications Plan

    2. PURPOSE

    3. AGENDA

    4. Sep 06 – National Military Strategy for Cyberspace Operations Jul 07 – Operational Concept for Cyberspace Operations (CONPLAN 8039) Jan 08 – Army CNO Concept Approval (CNO EXORD 096-08) Mar 08 – Information & Cyberspace ICDT (ARCIC/CAC co-lead) May 08 – DoD Approved Definition of Cyberspace Sep 08 – HQDA Message Directing Analysis of Cyberforces Sep 08 – DoD Approved Definition of Cyberspace Operations Oct 08 – HQDA Cyber Tiger Team Established May 09 – Directive to Establish USCYBERCOM

    5. DEFINITIONS Cyberspace – the global domain within the information environment consisting of the interdependent network of information technology infrastructures, including the Internet, telecommunications networks, computer systems, and embedded processors and controllers (DSD, 12 May 08) . Cyberspace Operations – The employment of cyberspace capabilities where the primary purpose is to achieve military objectives or effects in or through cyberspace. Such operations include computer network operations and activities to operate and defend the Global Information Grid (DSD 29 Sep 08).

    6. Unlike the land domain, in order for commanders to utilize the cyberspace domain for the purpose of meeting their information management requirements, network components must first be installed and integrated to establish access and connectivity. The Army’s portion of the GIG (cyberspace) domain is called the LandWarNet (LWN). Network operations (NETOPS) enables commanders to command and control their portion of cyberspace. Unlike the land domain, in order for commanders to utilize the cyberspace domain for the purpose of meeting their information management requirements, network components must first be installed and integrated to establish access and connectivity. The Army’s portion of the GIG (cyberspace) domain is called the LandWarNet (LWN). Network operations (NETOPS) enables commanders to command and control their portion of cyberspace.

    8. The mission of NETOPS is to operate and defend the network. NETOPS consists of an integration of enterprise management (EM), content management (CM), and network defense (ND) and provides integrated network visibility and end-to-end control of networks, applications, and services across Army cyberspace. As depicted, NETOPS and NETWAR have common bond – CND. CND is the operational component of information assurance (IA) and an inextricable relationship exists between CND and other network operations (NETOPS) components in order to provide the commander assured network availability, assured information protection, and assured information delivery – the same entity that operates the network, must defend the network. CND actions are performed at all Army echelons, 24/7, as part of the NETOPS capability; the CND actions integrated with CNA and CNE, by doctrine (JP 6-0), are performed as an enabling component to CNO. The mission of NETOPS is to operate and defend the network. NETOPS consists of an integration of enterprise management (EM), content management (CM), and network defense (ND) and provides integrated network visibility and end-to-end control of networks, applications, and services across Army cyberspace. As depicted, NETOPS and NETWAR have common bond – CND. CND is the operational component of information assurance (IA) and an inextricable relationship exists between CND and other network operations (NETOPS) components in order to provide the commander assured network availability, assured information protection, and assured information delivery – the same entity that operates the network, must defend the network. CND actions are performed at all Army echelons, 24/7, as part of the NETOPS capability; the CND actions integrated with CNA and CNE, by doctrine (JP 6-0), are performed as an enabling component to CNO.

    11. ENDURING CND CAPABILITIES Protect Army information, information systems, and communications networks from unauthorized, malicious activity. Monitor Army information, information systems, and communications networks for unauthorized, malicious activity. Detect unauthorized, malicious activity within Army information, information systems, and communications networks. Analyze unauthorized, malicious activity within Army information, information systems, and communications networks. Respond to unauthorized, malicious activity within Army information, information systems, and communications networks. Although carefully designed and implemented passive protection measures and principles reduce risk, they do not provide total protection. In fact, the Army’s ability to safeguard information and information systems is not keeping pace with the increased threats, vulnerabilities, and attacks. Thus, in addition to the passive CND capabilities, protection in a dynamic cyberspace environment requires "active" operational capabilities at the brigade level and higher. Active processes consist of proactive measures that enable commanders to protect against, monitor, detect, analyze, and respond to the dynamic nature of the threat within their specific portion of cyberspace in order to: Deter or Defeat Enemy Offensive Operations Gain Time Achieve Economy of Force Retain Use of Key Information Resources Develop Intelligence Although carefully designed and implemented passive protection measures and principles reduce risk, they do not provide total protection. In fact, the Army’s ability to safeguard information and information systems is not keeping pace with the increased threats, vulnerabilities, and attacks. Thus, in addition to the passive CND capabilities, protection in a dynamic cyberspace environment requires "active" operational capabilities at the brigade level and higher. Active processes consist of proactive measures that enable commanders to protect against, monitor, detect, analyze, and respond to the dynamic nature of the threat within their specific portion of cyberspace in order to: Deter or Defeat Enemy Offensive Operations Gain Time Achieve Economy of Force Retain Use of Key Information Resources Develop Intelligence

    12. ANALYSES BEARING ON CND PROBLEMS ATEC evaluation of Army performance of IA/CND tasks (2006/2008) MITRE study to identify IA/CND issues in reference to network architecture, technical specifications, and IT Soldiers (2006) SIGCEN participation in two CALL CAATs focusing on the 4th ID and 101st ABN that determined the existence of doctrinal, organizational, materiel, and personnel IA/CND issues (2006) OIA&C DOTMLPF assessment of tactical IA (June 2007) IA/CND Critical Task/Site Selection Board (July 2007) RAND “Closing the Gaps in Defense of the Army’s Network” study (May 2008) Although not all encompassing, this is a list of analyses dating back to 2006 that have identified CND issues that result from limited training; limited experience; lack of appropriate organizational structure (especially within the BCT); minimal capabilities and authority to perform all required CND functions, a lack of information technology standardization, and a lack of command emphasis in reference to the operation and defense of the network. Although not all encompassing, this is a list of analyses dating back to 2006 that have identified CND issues that result from limited training; limited experience; lack of appropriate organizational structure (especially within the BCT); minimal capabilities and authority to perform all required CND functions, a lack of information technology standardization, and a lack of command emphasis in reference to the operation and defense of the network.

    13. CND PROBLEM STATEMENT Supporting comments: Top level passive/reactive information protection measures, eg, NOSCs & CERTs, are no longer effective as networks are vulnerable to both friendly and enemy threat actions, via the proliferation of wired and wireless technologies at the lowest levels, which circumvent top level protection. Ultimately, the exponential growth of vulnerabilities has resulted in the need for NETOPS entities at the brigade level and higher to implement more extensive active network defense in order to better counteract the dynamic threat. Active network defense consists of proactive measures that enable an organization to protect against, understand, and counteract the dynamic nature of a threat. Supporting comments: Top level passive/reactive information protection measures, eg, NOSCs & CERTs, are no longer effective as networks are vulnerable to both friendly and enemy threat actions, via the proliferation of wired and wireless technologies at the lowest levels, which circumvent top level protection. Ultimately, the exponential growth of vulnerabilities has resulted in the need for NETOPS entities at the brigade level and higher to implement more extensive active network defense in order to better counteract the dynamic threat. Active network defense consists of proactive measures that enable an organization to protect against, understand, and counteract the dynamic nature of a threat.

    14. CND CAPABILITY GAPS D, T, L, and policy issues result in commanders not understanding the operational significance of properly operating and defending the network O, T, M, P, and policy issues result in the inability to achieve full situational awareness across the network D, O, T, M, P, L, and policy issues result in the inability to command and control network protection functions D, O, T, P, and policy issues limited the capability to understand the specific threats and threat TTPs related to a particular portion of the network O, T, M, and P issues limited the ability to achieve real-time prevention, detection, and analysis of threat events Materiel and policy issues limited the ability to ensure standardization across the network in order to sustain the required mission assurance level O, T, M, L, P, and policy issues result in the inability to dynamically respond to threat events in order to assure network availability, information protection, and information delivery Although current and emerging cyberspace capabilities satisfy many requirements, several key limitations exist for commanders from the tactical to the strategic level. Cyberspace is now considered a warfighting domain. This forces commanders to respect and understand the operational relevance and significance of the network. Studies have shown that when commanders proactively support the operation and defense of their network, the unit is better postured to dominate in cyberspace. Yet, even if a commander gets it, current policies and disparate tools result in him or her not gaining full situational awareness across his or her portion of cyberspace so he or she can command and control network protection functions within the network. The limited ability for the Signal and Intel community to collaborate at all echelons means that in many cases resources are being inefficiently and ineffectively utilized to counteract threats that are not applicable to the operational environment. The limited ability to achieve real-time prevention, detection, and analyzation of threat events means threats have already come and gone, with only a limited understanding of the impact even days after the event. The impact of limited standardization is faults cannot be easily detected, configurations cannot be efficiently updated, administration of resources is hindered, performance issues that may indicate a threat event cannot be effectively monitored, and security cannot be integrated. Lastly, a dynamic threat requires a dynamic response. Enterprise management and content management functions play a huge role in CND-RA. They assist by enabling activities like connection dropping, IP blocking, and rerouting of traffic. We cannot forget the importance of the “operations” piece of NETOPS; and these functions must be dynamic in order to achieve self-forming, self-healing networks. Although current and emerging cyberspace capabilities satisfy many requirements, several key limitations exist for commanders from the tactical to the strategic level. Cyberspace is now considered a warfighting domain. This forces commanders to respect and understand the operational relevance and significance of the network. Studies have shown that when commanders proactively support the operation and defense of their network, the unit is better postured to dominate in cyberspace. Yet, even if a commander gets it, current policies and disparate tools result in him or her not gaining full situational awareness across his or her portion of cyberspace so he or she can command and control network protection functions within the network. The limited ability for the Signal and Intel community to collaborate at all echelons means that in many cases resources are being inefficiently and ineffectively utilized to counteract threats that are not applicable to the operational environment. The limited ability to achieve real-time prevention, detection, and analyzation of threat events means threats have already come and gone, with only a limited understanding of the impact even days after the event. The impact of limited standardization is faults cannot be easily detected, configurations cannot be efficiently updated, administration of resources is hindered, performance issues that may indicate a threat event cannot be effectively monitored, and security cannot be integrated. Lastly, a dynamic threat requires a dynamic response. Enterprise management and content management functions play a huge role in CND-RA. They assist by enabling activities like connection dropping, IP blocking, and rerouting of traffic. We cannot forget the importance of the “operations” piece of NETOPS; and these functions must be dynamic in order to achieve self-forming, self-healing networks.

    15. NEAR/MID-TERM SOLUTIONS TO CND GAPS SIGCEN is already working on the following solutions in order to eliminate gaps in the near/mid-term A warfighting concept for Army cyberspace will define the SIGCEN’s portion of any future CNO or Cyber-Electronics CCP, as well as it begins the process of identifying DOTMLPF requirements so that commanders can successfully understand, visualize, describe, and direct the performance of warfighting functions in the domain for the purposes of delivering effects in and through it. The Information Protection Warrant will provide the Army with a highly trained IA/CND subject matter expert, who is CISSP certified (IAW 8570.1) and possesses a TS/SCI clearance in order to better understand and dynamically counteract the specific threats and threat TTPs that relate to their network. The solution provides the Army with the ability to assess, train, manage, and retain Soldiers with a highly perishable skill. Reorganizing units IAW operate and defend mission will provide a unified approach for determining and coordinating the required IA/CND actions throughout the entire force. The NSC begins to provides the necessary functionality for coordination and cooperation (at all levels and across all Army components) of supporting commanders in support of one commander responsible for operations and defense of the network. Lastly, determining CND categories was the first step in providing a total resource visibility report, documenting forces that are currently engaged in CND. The effort will have the following effects: Identify organizational requirements for Soldiers and civilian personnel required to perform the CND mission. Realign the Army CND force to include both operating and generating force comprised of Soldiers and civilian personnel. Develop improved plans and programs to manage and train the Army CND force. SIGCEN is already working on the following solutions in order to eliminate gaps in the near/mid-term A warfighting concept for Army cyberspace will define the SIGCEN’s portion of any future CNO or Cyber-Electronics CCP, as well as it begins the process of identifying DOTMLPF requirements so that commanders can successfully understand, visualize, describe, and direct the performance of warfighting functions in the domain for the purposes of delivering effects in and through it. The Information Protection Warrant will provide the Army with a highly trained IA/CND subject matter expert, who is CISSP certified (IAW 8570.1) and possesses a TS/SCI clearance in order to better understand and dynamically counteract the specific threats and threat TTPs that relate to their network. The solution provides the Army with the ability to assess, train, manage, and retain Soldiers with a highly perishable skill. Reorganizing units IAW operate and defend mission will provide a unified approach for determining and coordinating the required IA/CND actions throughout the entire force. The NSC begins to provides the necessary functionality for coordination and cooperation (at all levels and across all Army components) of supporting commanders in support of one commander responsible for operations and defense of the network. Lastly, determining CND categories was the first step in providing a total resource visibility report, documenting forces that are currently engaged in CND. The effort will have the following effects: Identify organizational requirements for Soldiers and civilian personnel required to perform the CND mission. Realign the Army CND force to include both operating and generating force comprised of Soldiers and civilian personnel. Develop improved plans and programs to manage and train the Army CND force.

    17. Draft Information Protection Technician Training (Phase 1)

    18. Draft Information Protection Technician Training (Phase 2)

    19. With that as a background, reorganizing under the NetOps construct provides unity of effort, better synergy, and support in depth Build 1 FDU 06-02 increases the strength of the S6 almost triple its current size Build 2 Task organizing the S6 … Build 3 Provides unity of effort and depth in personnel resources While the warrant officer positions with the new MOS have been annotated in red, note that the Signal WO MOCS action does not include increasing inventory; this solution is only realized through an FDU This is why both the 251A/255S and the additional 25B40 are in blue, these are additional requirements we need to work on in the futureWith that as a background, reorganizing under the NetOps construct provides unity of effort, better synergy, and support in depth Build 1 FDU 06-02 increases the strength of the S6 almost triple its current size Build 2 Task organizing the S6 … Build 3 Provides unity of effort and depth in personnel resources While the warrant officer positions with the new MOS have been annotated in red, note that the Signal WO MOCS action does not include increasing inventory; this solution is only realized through an FDU This is why both the 251A/255S and the additional 25B40 are in blue, these are additional requirements we need to work on in the future

    21. LONG-TERM SOLUTIONS TO CND GAPS Based on monumental lessons learned from current and ongoing real world network defense operations, we will holistically determine overall network defense requirements, capability gaps, and recommended solutions in the very near future. Based on monumental lessons learned from current and ongoing real world network defense operations, we will holistically determine overall network defense requirements, capability gaps, and recommended solutions in the very near future.

    23. FUTURE SIGNAL REGIMENT CONTRIBUTION TO CYBERSPACE OPERATIONS

    25. Army CNO C2 Reality

    26. USCYBERCOM MISSION

    27. ARMY CYBER TASK FORCE

    28. CND SUPPORT

    29. CYBER STRATEGY

    30. The recent STRATCOM Cyberspace Operations DCR and GEN Petraeus memo requesting the Army work to create a CNO Planner provide insight to the CNO integration requirement. Unlike EW capabilities, tactical and operational commanders do not possess organic CNO integration capabilities by which they can use to holistically plan, integrate, synchronize, and coordinate the computer network attack, computer network exploitation , and active network defense actions necessary to create non-kinetic effects in and through cyberspace in support of land operations. Current capabilities are maintained at the strategic and national level; and those capabilities must be requested from applicable organizations, with little to no guarantee actions will be executed at the time required. Additionally, even if commanders did possess organic CNO capabilities, the Army does not have a process to assess, train, manage, and retain Soldiers with the required skill sets to perform CNO integration. A “Bridging Strategy” is the best COA based on current analysis. Similar to most capabilities within the Army, CNO is performed though the integration of people, processes, and technology. Both the Signal Regiment and MI Corps leadership are convinced that the Army already possesses people throughout the NETOPS and NETWAR communities with most of the skill sets required to meet current and future missions. Although gaps exist within all capabilities, CNO integration gaps are at the forefront given the CSA’s concerns and the dynamic nature of the threat. For efficiency and effectiveness in supporting full spectrum operations, all approaches and models must harness already existing unit mission objectives and personnel skill sets to support a force model, not a new CMF. More analysis will have to be conducted through the Information and Cyberspace ICDT to determine long-term (2014-2025) requirements. The recent STRATCOM Cyberspace Operations DCR and GEN Petraeus memo requesting the Army work to create a CNO Planner provide insight to the CNO integration requirement. Unlike EW capabilities, tactical and operational commanders do not possess organic CNO integration capabilities by which they can use to holistically plan, integrate, synchronize, and coordinate the computer network attack, computer network exploitation , and active network defense actions necessary to create non-kinetic effects in and through cyberspace in support of land operations. Current capabilities are maintained at the strategic and national level; and those capabilities must be requested from applicable organizations, with little to no guarantee actions will be executed at the time required. Additionally, even if commanders did possess organic CNO capabilities, the Army does not have a process to assess, train, manage, and retain Soldiers with the required skill sets to perform CNO integration. A “Bridging Strategy” is the best COA based on current analysis. Similar to most capabilities within the Army, CNO is performed though the integration of people, processes, and technology. Both the Signal Regiment and MI Corps leadership are convinced that the Army already possesses people throughout the NETOPS and NETWAR communities with most of the skill sets required to meet current and future missions. Although gaps exist within all capabilities, CNO integration gaps are at the forefront given the CSA’s concerns and the dynamic nature of the threat. For efficiency and effectiveness in supporting full spectrum operations, all approaches and models must harness already existing unit mission objectives and personnel skill sets to support a force model, not a new CMF. More analysis will have to be conducted through the Information and Cyberspace ICDT to determine long-term (2014-2025) requirements.

    31. ENGAGEMENT PLAN

    32. PERSONNEL

    33. CYBER PROGRESSION 33

    34. APPRENTICE TO MASTER The required baseline skill set of the Army’s Cyberforce cannot begin with “defense”. It has to start with an understanding of the domain’s three diverse and complex networks used by both friendly and enemy forces: 1) physical; 2) logical; and 3) social. Once the domain is understood, cultivating knowledge in reference to cyberspace management, defense, and information flow guarantees CyberSoldiers possess the skills needed to move freely within the domain. Next, CyberSoldiers must comprehend how to execute actions that deliver crucial capabilities such as information management/knowledge management. Finally, similar to a SAMS like approach, developing the skills necessary to plan the integration and synchronization (the art) of cyberspace operations solidifies the essence of a true CyberWarrior. The Signal Regiment already utilizes a similar progressive approach for developing its CyberSoldiers, which accesses individuals from society and within the Army, providing them initial technical training/assignments focused on establishing cyberspace. As CyberSoldiers meet certain criteria, they receive more advanced “control”, “use”, and “plan” training/assignments. The Signal Regiment is committed to ensuring units possess increased cyber-capabilities in the future by organizing, training, and equipping Soldiers that can “fight through the attack”, as well as have the ability to identify vulnerabilities faster by executing active information protection measures, thus achieving a better balance between security and functionality. Based on the proposed operational concept that pushes tailored cyber-planning, engineering, analyzing, and execution activities down to the operational and tactical levels, the Army can leverage much of the current Signal force structure at those echelons in order to meet future cyber-requirements – eliminating the need to identify bill payers. Soldiers who have proven themselves and met certain criteria at the lower echelons would then be given the opportunity to receive even more advanced training in order to move up into organizations that meet joint, strategic, or national requirements. The required baseline skill set of the Army’s Cyberforce cannot begin with “defense”. It has to start with an understanding of the domain’s three diverse and complex networks used by both friendly and enemy forces: 1) physical; 2) logical; and 3) social. Once the domain is understood, cultivating knowledge in reference to cyberspace management, defense, and information flow guarantees CyberSoldiers possess the skills needed to move freely within the domain. Next, CyberSoldiers must comprehend how to execute actions that deliver crucial capabilities such as information management/knowledge management. Finally, similar to a SAMS like approach, developing the skills necessary to plan the integration and synchronization (the art) of cyberspace operations solidifies the essence of a true CyberWarrior. The Signal Regiment already utilizes a similar progressive approach for developing its CyberSoldiers, which accesses individuals from society and within the Army, providing them initial technical training/assignments focused on establishing cyberspace. As CyberSoldiers meet certain criteria, they receive more advanced “control”, “use”, and “plan” training/assignments. The Signal Regiment is committed to ensuring units possess increased cyber-capabilities in the future by organizing, training, and equipping Soldiers that can “fight through the attack”, as well as have the ability to identify vulnerabilities faster by executing active information protection measures, thus achieving a better balance between security and functionality. Based on the proposed operational concept that pushes tailored cyber-planning, engineering, analyzing, and execution activities down to the operational and tactical levels, the Army can leverage much of the current Signal force structure at those echelons in order to meet future cyber-requirements – eliminating the need to identify bill payers. Soldiers who have proven themselves and met certain criteria at the lower echelons would then be given the opportunity to receive even more advanced training in order to move up into organizations that meet joint, strategic, or national requirements.

    35. TRAINING

    36. Streamlining Development Process Cyber Center of Excellence Partnerships with Industry and Academia Partnership with Cyberspace Innovation Centers System/Unit/Positional Qualification Training (Mentorship) Rigorous Standards, Recurring Evaluations Combat Mission Ready / Cyber Defense Exercises (CDX) Professional Development Cyber 200/300/400 distance learning courses Journals, Conferences, On-Line Forums Advanced/Graduate Education Partnerships University of Pittsburgh NPGS/AFIT Other 36

    37. ORGANIZATIONAL PLAN

    38. SUMMARY Operate and defense of Army Cyberspace (LandWarNet) are core competencies of the Signal Regiment, performed at all Army echelons, 24/7, as part of the overall operate and defense mission of NETOPS NETOPS integrates CND capabilities with NETWAR to enable overall CNO capabilities Current CND problem statement based on analyses dating back to at least 2006 (Army requires the holistic execution of both active and passive CND from the strategic to the Soldier level) SIGCEN currently working efforts to address CND gaps Current Army Cyber C2 structure exists today, but creation of USCYBERCOM will influence future C2 structure, as well as ACTF guidance Signal Regiment leadership approved top 5 objectives to support future Army initiatives

More Related