cyber center · 2011-10-17 · commander’s ability to effectively execute and provide effects...

LANDWARNET 2011 TRANSFORMING CYBER WHILE AT WAR UNCLASSIFIED

UNCLASSIFIED

Session: 5

Track: Army Cyber Command

COL Bryant Glando

Army Cyber Command / 2nd Army

Cyber Center


UNCLASSIFIED

To provide an information brief on the Army’s Cyber Center Concept that can rapidly execute cyberspace operations in support of a Joint Command in order to create effects across the range of military operations to achieve strategic, operational, and tactical objectives without requiring complex coordination.

Session: 5, Track: Army Cyber Command 2011-08-24 // Army Cyber Center


UNCLASSIFIED

Every Soldier as a Cyber Sensor: Network Enabled Devices in the Hand of

Every Soldier is a Significant Tactical Advantage! “Creates Opportunities”



UNCLASSIFIED

• DoD Cyberspace Strategic Initiatives

• Joint Concept for Cyberspace Ops

• Army Cyberspace Ops Nesting within a Joint

Framework

• Army Cyber Center Concept

• Cyber Center “Scenarios”



UNCLASSIFIED

Strategic Initiative 1: Treat cyberspace as an operational

domain to organize, train, and equip so that DoD can take

full advantage of cyberspace’s potential.

Strategic Initiative 2: Employ new defense operating

concepts to protect DoD networks and systems.

Strategic Initiative 3: Partner with other US gov’t dept and

agencies and the private sector to enable a whole-of-

government cyber security strategy.

Strategic Initiative 4: Build robust relationships with US

allies and international partners to strengthen collective

cybersecurity.

Strategic Initiative 5: Leverage the nation’s ingenuity

through an exceptional cyber workforce and rapid

technology innovation.



UNCLASSIFIED

• Cyberspace Operations have become a critical

component of our nation’s ability to combat our

adversaries and support other primary military

missions including security, engagement, relief and

reconstruction.

• Operational success will hinge on the Joint Force

Commander’s ability to effectively execute and

provide effects through the employment of

cyberspace operations.

• JFC’s must protect data and information sources, as

well as being able to provide the necessary

operational effects in a contested domain.



UNCLASSIFIED

“Full Spectrum”

Cyberspace Ops

Means

Cyberspace

Superiority •Ensure Friendly

Freedom of Action

•Deny Adversary

Freedom Action

Ways

Ends

•Situational

Awareness

•Intelligence

•Unity of Effort

•Policy/Legal

•Mature C2

•Manpower

•Capabilities



UNCLASSIFIED

• Effects are fundamental to Army operations.

• Every action produces effects

Intended and unintended.

Desired and undesired.

Lethal and non-lethal (complementary).

• Effects contribute to shaping the conditions of the operational environment that define the end state.

• The Operations Officer integrates effects into the overall operation; the entire staff is responsible for synchronizing the effects of actions in their respective areas.

• Incorporating effects, describing and assessing operations in terms of effects does not fundamentally change Army doctrine.

• The fundamentals of full spectrum operations and mission command include the idea of focusing efforts toward establishing the conditions that define the end state.

• Army operations remain purpose-based and condition focused.



UNCLASSIFIED

Purpose: To seize, retain, and exploit an

advantage over adversaries in both cyberspace

and the electromagnetic spectrum, denying and

degrading adversary and enemy use of the

same, and protecting friendly mission command

networks and systems.

Enablers: A capability or activity that can be used for the purpose of

conducting or supporting cyber/electromagnetic activities. Includes

intelligence, physical attack, law, policy, critical infrastructure protect, and

others as designated.



UNCLASSIFIED

Mission Command (FM 3-0, C1, 22 Feb 2011)

(Army) The exercise of authority and direction by the commander using mission orders to enable disciplined initiative

within the commander’s intent to empower agile and adaptive leaders in the conduct of full spectrum operations. It is

commander-led and blends the art of command and the science of control to integrate the warfighting functions to

accomplish the mission.

The Art of Command:

The creative and skillful exercise of

authority through decision making

and leadership

The Science of Control:

Detailed systems and procedures to

improve commander’s understanding

and support execution of missions. Enabled by Mission Command

Systems & Networks

Enables: Operational Adaptability

Understand the

Operational

Environment

Adaptive Teams

that anticipate

Transitions

Acceptance of

Risk to Create

Opportunity

Influence friendly, neutrals,

adversaries, enemies, and joint

and inter-organizational partners

Result: Successful Full

Spectrum Operations

COMMANDER’S TASKS

Drives the Operations Process

Understand, Visualize, Describe, Direct, Lead & Assess

Lead Development of Teams Among Modular Formations & joint and inter-organizational Partners

Lead Inform & Influence Activities: Establish Themes and Messages & Personally Engage Key Players

STAFF TASKS

The Operation Process: Plan, Prepare, Execute and Assess

Knowledge Management & Information Management

Inform / Influence Activities & Cyber / Electromagnetic Activities

“Design Pervades

all Tasks”



UNCLASSIFIED

11

ELEMENTS OF COMBAT POWER

WARFIGHTING FUNCTIONS

FULL SPECTRUM OPERATIONS

REFERENCE FIELD

MANUAL

FIELD

MANUAL

FIELD

MANUAL

FIELD

MANUAL

FIELD

MANUAL

FIELD

MANUAL

FIELD

MANUAL

FIELD

MANUAL

FIELD

MANUAL

FIELD

MANUAL

FIELD

MANUAL

FIELD

MANUAL

FIELD

MANUAL

FIELD

MANUAL

FIELD

MANUAL

FIELD

MANUAL

FIELD

MANUAL

FIELD

MANUAL

SUPPORTING DOCTRINE

ARMY DOCTRINE HIERARCHY

Army Capstone Doctrine

FM 1 & FM 3-0

CONTINUUM OF OPERATIONS

Joint Doctrine

JP 1 & JP 3-0

FM 3-XX

Mission

Command


UNCLASSIFIED

“In Beyond-Limits War, by contrast, the man-machine

combination performs multiple offensive functions which

span the levels from battles to war policy. One hacker +

one modem causes an enemy damage and losses almost

equal to those of a war. Because it has the breadth and

secrecy of trans-level combat, this method of individual

combat very easily achieves results on the strategic and

even war policy levels.”

-- Unrestricted Warfare

Qiao Liang and Wang Xiangsui

PLA Literature and Arts Publishing House February 1999

WE CAN’T AFFORD NOT TO!



UNCLASSIFIED

ARFORGEN

3 – 6 years

Organizing, equipping,

& training the force Tailoring the force CCDR, Theater Army

Campaign duration

Mission

duration

Task

organizing

the force

Strategic • “Forces For” Memorandum

• Organic

• Assigned

• Attached

• TRO and MO

• Aligned

• Habitual Relationship

• Coordinating Authority

Operational • Attached

• ADCON modifications

•Transfer of

Responsibility

• Designation of

ARFOR

• Army support to

other services

Tactical • Attached

• OPCON

• TACON (joint)

• DS, R, GSR, GS

SecDef, DA,

Army Commands,

DRUs

Tactical

HQ

Command relationships

Other

relationships



UNCLASSIFIED

Organization How we organize to fight; Theater/Army, Corp, Divisions, BCT’s…

1. Must transform our current structures to align with the evolving CyberSpace

Domain that is an enabler for all warfighting domains.

2. Must establish a clear C2 infrastructure that enables full spectrum operations in,

through and from cyberspace.

3. Must be an interdependent Joint Force (founded by the warfighting functions,

bounded by leadership and enabled by information) to support a Joint Cdr’s

Mission.

Doctrine – Organization – Training – Material – Leadership – Personnel – Facility

References: FM 6-02.43, FM 6-02.71 Funding: DA



UNCLASSIFIED

CURRENT – RCERT AND TNOSC (NETOPS and CND Constructs)

RCERT DIR

(GG14)

TNOSC Dir

(LTC, FA24)

Computer Network Defense Service Provider Focused (AR380-53)

Which is NOT Full Spectrum Ops – in and through cyberspace

Network Monitor,

Detect, Analysis

Incident Response,

Reporting,

Forensic

Persistent

Penetration Testing CDAP Assist Visit

SW/HW

Maintenance;

Analytical

Modeling

Network Sys

Admin and Data

Mgt

Command and

Control

Operations and

Mission Support

Voice Mgt

Transmission

Action Request

Center/Enterprise

Services

Configuration Mgt

Sys Spt &

Integration,

DataBase Mgt

Network Mgt,

Service Level Mgt,

Enterprise

Services

Information

Assurance

Sys Spt &

Integration,

DataBase Mgt

Information

Assurance



UNCLASSIFIED

ENABLES MISSION COMMAND

Cyber Center

Network

Monitor, Detect,

Analysis

Incident

Response,

Reporting,

Forensic

Persistent

Penetration

Testing

CDAP Assist

Visit

SW/HW

Maintenance;

Analytical

Modeling

Network Sys

Admin and

Data Mgt

Command and

Control

Operations and

Mission

Support

Voice Mgt

Transmission

Action Request

Center/Enterpri

se Services

Configuration

Mgt

Sys Spt &

Integration,

DataBase Mgt

Network Mgt,

Service Level

Mgt, Enterprise

Services

Information

Assurance

Cyberspace

Intelligence spt

and analyst

Knowledge,

Information,

and Content

Managers

Cyberspace

ops planners &

IO Integrators

Legal, CI and

LE integrators

and other LNOs

Defensive

Cyber Teams &

Reserve /Guard

System Design

and Integration

(Code Analysis) MORE?

Plans, coordinates, integrates,

synchronizes, directs, and conducts

network operations and defensive

cyber operations of Army networks;

when directed, conducts full

spectrum cyberspace operations in

support of Geographical Combatant

Commander to ensure U.S./Allied

freedom of action in, through and

from cyberspace and deny the same

to our adversaries.

• Enables Mission Cmd through full

spectrum operations in, through and

from cyberspace.

• Unity of Effort –vertical and horizontal.

• Fusion of Intel and Ops.

• Integration of Cyberspace capabilities

with operational plans.

• Enhances Situational Awareness &

Understanding (friend, foe and now).

• Enables the rapid employment of

cyberspace operational capabilities at a

decisive point delivering effects to set

conditions for mission success.



UNCLASSIFIED

REPORTS

EXPLOITS INTEL

LO

GIS

TIC

S

TR

AN

S

FIN

AN

CE

TR

AIN

IN

G

C2

MAC 1

UN

IT

A

UN

IT

B

UN

IT

C

UN

IT

D

UN

IT

E

IAVA STATUS

CCIR ALERTS

DIGITAL RADAR

(SENSORS: IDS, IPS, HBSS…)



UNCLASSIFIED

18

Inte

gra

tion

Mission Cell

Intel Fusion

Counter Cyber

FUOPS

CUOPS

NetOps



UNCLASSIFIED

• Scenario 1 (sensor driven)

• Scenario 2 (intel driven)

• Scenario 3 (the unknown)



UNCLASSIFIED 20

ENABLES MISSION SUCCESS OF THE JOINT COMMANDER

SUPPORT TO THE WARFIGHTER Shape Deter Seize Dominate Stabilize

Enable

Civil Auth

ISR x x x x x x

Maneuver x x x x x x

Fires/Effects/

Engagement x x x

Protection x x x x x x

CSS/Log/

Sustainment x x

Maneuver

Support x x x x x x

M/CM/S x x x x x x

ADA x x x

DoD GiG Ops x x x x x x

Cyber DCO x x x x x x

Fully synchronized with operations

that enables the supported mission

command



UNCLASSIFIED

COL Glando, Bryant

Deputy Director, Cyberspace Proponent

Army Cyber Command/2d Army

[email protected]

(301) 677-4724


mailto:[email protected]




UNCLASSIFIED

INTERNET

Switch Cisco CE-550

Catalyst 2924

1 9 2 0 2 1 2 2 2 3 2 4 1 3 1 4 1 5 1 6 1 7 1 8 7 8 9 1 0 1 1 1 2 1 2 3 4 5 6

4 3 4 4 4 5 4 6 4 7 4 8 3 7 3 8 3 9 4 0 4 1 4 2 3 1 3 2 3 3 3 4 3 5 3 6 2 5 2 6 2 7 2 8 2 9 3 0

Catalyst 3550

STATU S

PacketShape r 4500

PACKET EER

T/R LIN K OUTSI DE

T/R LIN K INSID E CONS OLE FAULT POW E

R

Catalyst 3550

Catalyst 3550

T/R T/R LIN LIN

K STATU S

INSIDE OUTSI DE CONS OLE P ACKET S HAPER

1 0 0 0

Catalyst 2924

S u n U l t r a 1 0

Switch Cisco CE-550

Catalyst 2924

1 9 2 0 2 1 2 2 2 3 2 4 1 3 1 4 1 5 1 6 1 7 1 8 7 8 9 1 0 1 1 1 2 1 2 3 4 5 6

4 3 4 4 4 5 4 6 4 7 4 8 3 7 3 8 3 9 4 0 4 1 4 2 3 1 3 2 3 3 3 4 3 5 3 6 2 5 2 6 2 7 2 8 2 9 3 0

Catalyst 3550

STATU S

PacketShape r 4500

PACKET EER

T/R LIN K OUTSI DE

T/R LIN K INSID E

CONS OLE FAULT POW E

R

Catalyst 3550

Catalyst 3550

T/R T/R LIN LIN

K STATU S

INSIDE OUTSI DE CONS OLE P ACKET S HAPER

1 0 0 0

Catalyst 2924

S u n U l t r a 1 0

Switch Cisco CE-550

Catalyst 2924

1 9 2 0 2 1 2 2 2 3 2 4 1 3 1 4 1 5 1 6 1 7 1 8 7 8 9 1 0 1 1 1 2 1 2 3 4 5 6

4 3 4 4 4 5 4 6 4 7 4 8 3 7 3 8 3 9 4 0 4 1 4 2 3 1 3 2 3 3 3 4 3 5 3 6 2 5 2 6 2 7 2 8 2 9 3 0

Catalyst 3550

STATU S

PacketShape r 4500

PACKET EER

T/R LIN K OUTSI DE

T/R LIN K INSID E

CONS OLE FAULT POW E R

Catalyst 3550

Catalyst 3550

T/R T/R LIN LIN

K STATU S

INSIDE OUTSI DE

CONS OLE P ACKET S HAPER

1 0 0 0

Catalyst 2924

S u n U l t r a 1 0

Intrusion Detection

Intrusion Prevention

Firewalls

Reverse Proxy

Sniffer

Router

MAC 1 SYSTEMS MAC 1 SYSTEMS

AREA RECON

R

O

U

T

E ROUTE

R

O

U

T

E

POINT

POINT



UNCLASSIFIED

EXPLOITS INTEL

LO

GIS

TIC

S

TR

AN

S

FIN

AN

CE

TR

AIN

IN

G

C2

MAC 1

UN

IT

A

UN

IT

B

UN

IT

C

UN

IT

D

UN

IT

E

IAVA STATUS

CCIR ALERTS

Cross-site scripting (XSS) Dept of XYZ rpts

IAVA ### System 123 Vulnerable

FRAGO 1: execute

counter cyber ops

A…

RETURN



UNCLASSIFIED

EXPLOITS INTEL

LO

GIS

TIC

S

TR

AN

S

FIN

AN

CE

TR

AIN

IN

G

C2

MAC 1

UN

IT

A

UN

IT

B

UN

IT

C

UN

IT

D

UN

IT

E

IAVA STATUS

CCIR ALERTS

Root Kit ABC Dept of XYZ rpts

(open for playback)


FRAGO 1: execute

counter cyber ops

ABC…

RETURN



UNCLASSIFIED

Intruder

Hop Point A

(24.56.216.12)

Hop Point B

(169.112.233.5)

Hop Point C

(81.24.65.10)

Hop Point D

(219.23.45.122)

Hop Point E

(68.98.211.54)

Intruder scans network to

find vulnerable host

Intruder locates one host

that is vulnerable

Intruder probes deeper to

collect more information

Intruder now has enough

Information to attack host

Intruder downloads tools to

further exploit network

Rootkit

Intruder uses tools to attack

other hosts on network

Intruder exfiltrates data

from compromised hosts

Return



UNCLASSIFIED

EXPLOITS INTEL

LO

GIS

TIC

S

TR

AN

S

FIN

AN

CE

TR

AIN

IN

G

C2

MAC 1

UN

IT

A

UN

IT

B

UN

IT

C

UN

IT

D

UN

IT

E

IAVA STATUS

CCIR ALERTS

Registry Hooking XYZ Dept of XYZ rpts


ALERT: CCIR 3

FRAGO 2: Execute

Counter Cyber ops

123

RETURN



UNCLASSIFIED

INSTRUCTION SET

10100100001001001

00100101100010101

00101111101001010

10101110101010101

01010101010100000

11111101011110110

10101100110101100

10100110101011110

10010100100100010

10010110100101010

10101010100100101

DATA REGISTERS

10100100001001001

00100101100010101

00101111101001010

10101110101010101

01010101010100000

11111101011110110

10101100110101100

10100110101011110

10010100100100010

10010110100101010

10101010100100101

OUTPUT

INPUT

Return



UNCLASSIFIED Session: 5, Track: Army Cyber Command 2011-08-24 // Army Cyber Center

cyber center · 2011-10-17 · commander’s ability to effectively execute and provide effects...

Documents