cyber center · 2011-10-17 · commander’s ability to effectively execute and provide effects...
TRANSCRIPT
LANDWARNET 2011 TRANSFORMING CYBER WHILE AT WAR UNCLASSIFIED
UNCLASSIFIED
Session: 5
Track: Army Cyber Command
COL Bryant Glando
Army Cyber Command / 2nd Army
Cyber Center
LANDWARNET 2011 TRANSFORMING CYBER WHILE AT WAR UNCLASSIFIED
UNCLASSIFIED
To provide an information brief on the Army’s Cyber Center Concept that can rapidly execute cyberspace operations in support of a Joint Command in order to create effects across the range of military operations to achieve strategic, operational, and tactical objectives without requiring complex coordination.
Session: 5, Track: Army Cyber Command 2011-08-24 // Army Cyber Center
LANDWARNET 2011 TRANSFORMING CYBER WHILE AT WAR UNCLASSIFIED
UNCLASSIFIED
Every Soldier as a Cyber Sensor: Network Enabled Devices in the Hand of
Every Soldier is a Significant Tactical Advantage! “Creates Opportunities”
Session: 5, Track: Army Cyber Command 2011-08-24 // Army Cyber Center
LANDWARNET 2011 TRANSFORMING CYBER WHILE AT WAR UNCLASSIFIED
UNCLASSIFIED
• DoD Cyberspace Strategic Initiatives
• Joint Concept for Cyberspace Ops
• Army Cyberspace Ops Nesting within a Joint
Framework
• Army Cyber Center Concept
• Cyber Center “Scenarios”
Session: 5, Track: Army Cyber Command 2011-08-24 // Army Cyber Center
LANDWARNET 2011 TRANSFORMING CYBER WHILE AT WAR UNCLASSIFIED
UNCLASSIFIED
Strategic Initiative 1: Treat cyberspace as an operational
domain to organize, train, and equip so that DoD can take
full advantage of cyberspace’s potential.
Strategic Initiative 2: Employ new defense operating
concepts to protect DoD networks and systems.
Strategic Initiative 3: Partner with other US gov’t dept and
agencies and the private sector to enable a whole-of-
government cyber security strategy.
Strategic Initiative 4: Build robust relationships with US
allies and international partners to strengthen collective
cybersecurity.
Strategic Initiative 5: Leverage the nation’s ingenuity
through an exceptional cyber workforce and rapid
technology innovation.
Session: 5, Track: Army Cyber Command 2011-08-24 // Army Cyber Center
LANDWARNET 2011 TRANSFORMING CYBER WHILE AT WAR UNCLASSIFIED
UNCLASSIFIED
• Cyberspace Operations have become a critical
component of our nation’s ability to combat our
adversaries and support other primary military
missions including security, engagement, relief and
reconstruction.
• Operational success will hinge on the Joint Force
Commander’s ability to effectively execute and
provide effects through the employment of
cyberspace operations.
• JFC’s must protect data and information sources, as
well as being able to provide the necessary
operational effects in a contested domain.
Session: 5, Track: Army Cyber Command 2011-08-24 // Army Cyber Center
LANDWARNET 2011 TRANSFORMING CYBER WHILE AT WAR UNCLASSIFIED
UNCLASSIFIED
“Full Spectrum”
Cyberspace Ops
Means
Cyberspace
Superiority •Ensure Friendly
Freedom of Action
•Deny Adversary
Freedom Action
Ways
Ends
•Situational
Awareness
•Intelligence
•Unity of Effort
•Policy/Legal
•Mature C2
•Manpower
•Capabilities
Session: 5, Track: Army Cyber Command 2011-08-24 // Army Cyber Center
LANDWARNET 2011 TRANSFORMING CYBER WHILE AT WAR UNCLASSIFIED
UNCLASSIFIED
• Effects are fundamental to Army operations.
• Every action produces effects
Intended and unintended.
Desired and undesired.
Lethal and non-lethal (complementary).
• Effects contribute to shaping the conditions of the operational environment that define the end state.
• The Operations Officer integrates effects into the overall operation; the entire staff is responsible for synchronizing the effects of actions in their respective areas.
• Incorporating effects, describing and assessing operations in terms of effects does not fundamentally change Army doctrine.
• The fundamentals of full spectrum operations and mission command include the idea of focusing efforts toward establishing the conditions that define the end state.
• Army operations remain purpose-based and condition focused.
Session: 5, Track: Army Cyber Command 2011-08-24 // Army Cyber Center
LANDWARNET 2011 TRANSFORMING CYBER WHILE AT WAR UNCLASSIFIED
UNCLASSIFIED
Purpose: To seize, retain, and exploit an
advantage over adversaries in both cyberspace
and the electromagnetic spectrum, denying and
degrading adversary and enemy use of the
same, and protecting friendly mission command
networks and systems.
Enablers: A capability or activity that can be used for the purpose of
conducting or supporting cyber/electromagnetic activities. Includes
intelligence, physical attack, law, policy, critical infrastructure protect, and
others as designated.
Session: 5, Track: Army Cyber Command 2011-08-24 // Army Cyber Center
LANDWARNET 2011 TRANSFORMING CYBER WHILE AT WAR UNCLASSIFIED
UNCLASSIFIED
Mission Command (FM 3-0, C1, 22 Feb 2011)
(Army) The exercise of authority and direction by the commander using mission orders to enable disciplined initiative
within the commander’s intent to empower agile and adaptive leaders in the conduct of full spectrum operations. It is
commander-led and blends the art of command and the science of control to integrate the warfighting functions to
accomplish the mission.
The Art of Command:
The creative and skillful exercise of
authority through decision making
and leadership
The Science of Control:
Detailed systems and procedures to
improve commander’s understanding
and support execution of missions. Enabled by Mission Command
Systems & Networks
Enables: Operational Adaptability
Understand the
Operational
Environment
Adaptive Teams
that anticipate
Transitions
Acceptance of
Risk to Create
Opportunity
Influence friendly, neutrals,
adversaries, enemies, and joint
and inter-organizational partners
Result: Successful Full
Spectrum Operations
COMMANDER’S TASKS
Drives the Operations Process
Understand, Visualize, Describe, Direct, Lead & Assess
Lead Development of Teams Among Modular Formations & joint and inter-organizational Partners
Lead Inform & Influence Activities: Establish Themes and Messages & Personally Engage Key Players
STAFF TASKS
The Operation Process: Plan, Prepare, Execute and Assess
Knowledge Management & Information Management
Inform / Influence Activities & Cyber / Electromagnetic Activities
“Design Pervades
all Tasks”
Session: 5, Track: Army Cyber Command 2011-08-24 // Army Cyber Center
LANDWARNET 2011 TRANSFORMING CYBER WHILE AT WAR UNCLASSIFIED
UNCLASSIFIED
11
ELEMENTS OF COMBAT POWER
WARFIGHTING FUNCTIONS
FULL SPECTRUM OPERATIONS
REFERENCE FIELD
MANUAL
FIELD
MANUAL
FIELD
MANUAL
FIELD
MANUAL
FIELD
MANUAL
FIELD
MANUAL
FIELD
MANUAL
FIELD
MANUAL
FIELD
MANUAL
FIELD
MANUAL
FIELD
MANUAL
FIELD
MANUAL
FIELD
MANUAL
FIELD
MANUAL
FIELD
MANUAL
FIELD
MANUAL
FIELD
MANUAL
FIELD
MANUAL
SUPPORTING DOCTRINE
ARMY DOCTRINE HIERARCHY
Army Capstone Doctrine
FM 1 & FM 3-0
CONTINUUM OF OPERATIONS
Joint Doctrine
JP 1 & JP 3-0
FM 3-XX
Mission
Command
LANDWARNET 2011 TRANSFORMING CYBER WHILE AT WAR UNCLASSIFIED
UNCLASSIFIED
“In Beyond-Limits War, by contrast, the man-machine
combination performs multiple offensive functions which
span the levels from battles to war policy. One hacker +
one modem causes an enemy damage and losses almost
equal to those of a war. Because it has the breadth and
secrecy of trans-level combat, this method of individual
combat very easily achieves results on the strategic and
even war policy levels.”
-- Unrestricted Warfare
Qiao Liang and Wang Xiangsui
PLA Literature and Arts Publishing House February 1999
WE CAN’T AFFORD NOT TO!
Session: 5, Track: Army Cyber Command 2011-08-24 // Army Cyber Center
LANDWARNET 2011 TRANSFORMING CYBER WHILE AT WAR UNCLASSIFIED
UNCLASSIFIED
ARFORGEN
3 – 6 years
Organizing, equipping,
& training the force Tailoring the force CCDR, Theater Army
Campaign duration
Mission
duration
Task
organizing
the force
Strategic • “Forces For” Memorandum
• Organic
• Assigned
• Attached
• TRO and MO
• Aligned
• Habitual Relationship
• Coordinating Authority
Operational • Attached
• ADCON modifications
•Transfer of
Responsibility
• Designation of
ARFOR
• Army support to
other services
Tactical • Attached
• OPCON
• TACON (joint)
• DS, R, GSR, GS
SecDef, DA,
Army Commands,
DRUs
Tactical
HQ
Command relationships
Other
relationships
Session: 5, Track: Army Cyber Command 2011-08-24 // Army Cyber Center
LANDWARNET 2011 TRANSFORMING CYBER WHILE AT WAR UNCLASSIFIED
UNCLASSIFIED
Organization How we organize to fight; Theater/Army, Corp, Divisions, BCT’s…
1. Must transform our current structures to align with the evolving CyberSpace
Domain that is an enabler for all warfighting domains.
2. Must establish a clear C2 infrastructure that enables full spectrum operations in,
through and from cyberspace.
3. Must be an interdependent Joint Force (founded by the warfighting functions,
bounded by leadership and enabled by information) to support a Joint Cdr’s
Mission.
Doctrine – Organization – Training – Material – Leadership – Personnel – Facility
References: FM 6-02.43, FM 6-02.71 Funding: DA
Session: 5, Track: Army Cyber Command 2011-08-24 // Army Cyber Center
LANDWARNET 2011 TRANSFORMING CYBER WHILE AT WAR UNCLASSIFIED
UNCLASSIFIED
CURRENT – RCERT AND TNOSC (NETOPS and CND Constructs)
RCERT DIR
(GG14)
TNOSC Dir
(LTC, FA24)
Computer Network Defense Service Provider Focused (AR380-53)
Which is NOT Full Spectrum Ops – in and through cyberspace
Network Monitor,
Detect, Analysis
Incident Response,
Reporting,
Forensic
Persistent
Penetration Testing CDAP Assist Visit
SW/HW
Maintenance;
Analytical
Modeling
Network Sys
Admin and Data
Mgt
Command and
Control
Operations and
Mission Support
Voice Mgt
Transmission
Action Request
Center/Enterprise
Services
Configuration Mgt
Sys Spt &
Integration,
DataBase Mgt
Network Mgt,
Service Level Mgt,
Enterprise
Services
Information
Assurance
Sys Spt &
Integration,
DataBase Mgt
Information
Assurance
Session: 5, Track: Army Cyber Command 2011-08-24 // Army Cyber Center
LANDWARNET 2011 TRANSFORMING CYBER WHILE AT WAR UNCLASSIFIED
UNCLASSIFIED
ENABLES MISSION COMMAND
Cyber Center
Network
Monitor, Detect,
Analysis
Incident
Response,
Reporting,
Forensic
Persistent
Penetration
Testing
CDAP Assist
Visit
SW/HW
Maintenance;
Analytical
Modeling
Network Sys
Admin and
Data Mgt
Command and
Control
Operations and
Mission
Support
Voice Mgt
Transmission
Action Request
Center/Enterpri
se Services
Configuration
Mgt
Sys Spt &
Integration,
DataBase Mgt
Network Mgt,
Service Level
Mgt, Enterprise
Services
Information
Assurance
Cyberspace
Intelligence spt
and analyst
Knowledge,
Information,
and Content
Managers
Cyberspace
ops planners &
IO Integrators
Legal, CI and
LE integrators
and other LNOs
Defensive
Cyber Teams &
Reserve /Guard
System Design
and Integration
(Code Analysis) MORE?
Plans, coordinates, integrates,
synchronizes, directs, and conducts
network operations and defensive
cyber operations of Army networks;
when directed, conducts full
spectrum cyberspace operations in
support of Geographical Combatant
Commander to ensure U.S./Allied
freedom of action in, through and
from cyberspace and deny the same
to our adversaries.
• Enables Mission Cmd through full
spectrum operations in, through and
from cyberspace.
• Unity of Effort –vertical and horizontal.
• Fusion of Intel and Ops.
• Integration of Cyberspace capabilities
with operational plans.
• Enhances Situational Awareness &
Understanding (friend, foe and now).
• Enables the rapid employment of
cyberspace operational capabilities at a
decisive point delivering effects to set
conditions for mission success.
Session: 5, Track: Army Cyber Command 2011-08-24 // Army Cyber Center
LANDWARNET 2011 TRANSFORMING CYBER WHILE AT WAR UNCLASSIFIED
UNCLASSIFIED
REPORTS
EXPLOITS INTEL
LO
GIS
TIC
S
TR
AN
S
FIN
AN
CE
TR
AIN
IN
G
C2
MAC 1
UN
IT
A
UN
IT
B
UN
IT
C
UN
IT
D
UN
IT
E
IAVA STATUS
CCIR ALERTS
DIGITAL RADAR
(SENSORS: IDS, IPS, HBSS…)
Session: 5, Track: Army Cyber Command 2011-08-24 // Army Cyber Center
LANDWARNET 2011 TRANSFORMING CYBER WHILE AT WAR UNCLASSIFIED
UNCLASSIFIED
18
Inte
gra
tion
Mission Cell
Intel Fusion
Counter Cyber
FUOPS
CUOPS
NetOps
Session: 5, Track: Army Cyber Command 2011-08-24 // Army Cyber Center
LANDWARNET 2011 TRANSFORMING CYBER WHILE AT WAR UNCLASSIFIED
UNCLASSIFIED
• Scenario 1 (sensor driven)
• Scenario 2 (intel driven)
• Scenario 3 (the unknown)
Session: 5, Track: Army Cyber Command 2011-08-24 // Army Cyber Center
LANDWARNET 2011 TRANSFORMING CYBER WHILE AT WAR UNCLASSIFIED
UNCLASSIFIED 20
ENABLES MISSION SUCCESS OF THE JOINT COMMANDER
SUPPORT TO THE WARFIGHTER Shape Deter Seize Dominate Stabilize
Enable
Civil Auth
ISR x x x x x x
Maneuver x x x x x x
Fires/Effects/
Engagement x x x
Protection x x x x x x
CSS/Log/
Sustainment x x
Maneuver
Support x x x x x x
M/CM/S x x x x x x
ADA x x x
DoD GiG Ops x x x x x x
Cyber DCO x x x x x x
Fully synchronized with operations
that enables the supported mission
command
Session: 5, Track: Army Cyber Command 2011-08-24 // Army Cyber Center
LANDWARNET 2011 TRANSFORMING CYBER WHILE AT WAR UNCLASSIFIED
UNCLASSIFIED
COL Glando, Bryant
Deputy Director, Cyberspace Proponent
Army Cyber Command/2d Army
(301) 677-4724
Session: 5, Track: Army Cyber Command 2011-08-24 // Army Cyber Center
LANDWARNET 2011 TRANSFORMING CYBER WHILE AT WAR UNCLASSIFIED
UNCLASSIFIED
INTERNET
Switch Cisco CE-550
Catalyst 2924
1 9 2 0 2 1 2 2 2 3 2 4 1 3 1 4 1 5 1 6 1 7 1 8 7 8 9 1 0 1 1 1 2 1 2 3 4 5 6
4 3 4 4 4 5 4 6 4 7 4 8 3 7 3 8 3 9 4 0 4 1 4 2 3 1 3 2 3 3 3 4 3 5 3 6 2 5 2 6 2 7 2 8 2 9 3 0
Catalyst 3550
STATU S
PacketShape r 4500
PACKET EER
T/R LIN K OUTSI DE
T/R LIN K INSID E CONS OLE FAULT POW E
R
Catalyst 3550
Catalyst 3550
T/R T/R LIN LIN
K STATU S
INSIDE OUTSI DE CONS OLE P ACKET S HAPER
1 0 0 0
Catalyst 2924
S u n U l t r a 1 0
Switch Cisco CE-550
Catalyst 2924
1 9 2 0 2 1 2 2 2 3 2 4 1 3 1 4 1 5 1 6 1 7 1 8 7 8 9 1 0 1 1 1 2 1 2 3 4 5 6
4 3 4 4 4 5 4 6 4 7 4 8 3 7 3 8 3 9 4 0 4 1 4 2 3 1 3 2 3 3 3 4 3 5 3 6 2 5 2 6 2 7 2 8 2 9 3 0
Catalyst 3550
STATU S
PacketShape r 4500
PACKET EER
T/R LIN K OUTSI DE
T/R LIN K INSID E
CONS OLE FAULT POW E
R
Catalyst 3550
Catalyst 3550
T/R T/R LIN LIN
K STATU S
INSIDE OUTSI DE CONS OLE P ACKET S HAPER
1 0 0 0
Catalyst 2924
S u n U l t r a 1 0
Switch Cisco CE-550
Catalyst 2924
1 9 2 0 2 1 2 2 2 3 2 4 1 3 1 4 1 5 1 6 1 7 1 8 7 8 9 1 0 1 1 1 2 1 2 3 4 5 6
4 3 4 4 4 5 4 6 4 7 4 8 3 7 3 8 3 9 4 0 4 1 4 2 3 1 3 2 3 3 3 4 3 5 3 6 2 5 2 6 2 7 2 8 2 9 3 0
Catalyst 3550
STATU S
PacketShape r 4500
PACKET EER
T/R LIN K OUTSI DE
T/R LIN K INSID E
CONS OLE FAULT POW E R
Catalyst 3550
Catalyst 3550
T/R T/R LIN LIN
K STATU S
INSIDE OUTSI DE
CONS OLE P ACKET S HAPER
1 0 0 0
Catalyst 2924
S u n U l t r a 1 0
Intrusion Detection
Intrusion Prevention
Firewalls
Reverse Proxy
Sniffer
Router
MAC 1 SYSTEMS MAC 1 SYSTEMS
AREA RECON
R
O
U
T
E ROUTE
R
O
U
T
E
POINT
POINT
Session: 5, Track: Army Cyber Command 2011-08-24 // Army Cyber Center
LANDWARNET 2011 TRANSFORMING CYBER WHILE AT WAR UNCLASSIFIED
UNCLASSIFIED
EXPLOITS INTEL
LO
GIS
TIC
S
TR
AN
S
FIN
AN
CE
TR
AIN
IN
G
C2
MAC 1
UN
IT
A
UN
IT
B
UN
IT
C
UN
IT
D
UN
IT
E
IAVA STATUS
CCIR ALERTS
Cross-site scripting (XSS) Dept of XYZ rpts
IAVA ### System 123 Vulnerable
FRAGO 1: execute
counter cyber ops
A…
RETURN
Session: 5, Track: Army Cyber Command 2011-08-24 // Army Cyber Center
LANDWARNET 2011 TRANSFORMING CYBER WHILE AT WAR UNCLASSIFIED
UNCLASSIFIED
EXPLOITS INTEL
LO
GIS
TIC
S
TR
AN
S
FIN
AN
CE
TR
AIN
IN
G
C2
MAC 1
UN
IT
A
UN
IT
B
UN
IT
C
UN
IT
D
UN
IT
E
IAVA STATUS
CCIR ALERTS
Root Kit ABC Dept of XYZ rpts
(open for playback)
IAVA ### System 123 Vulnerable
FRAGO 1: execute
counter cyber ops
ABC…
RETURN
Session: 5, Track: Army Cyber Command 2011-08-24 // Army Cyber Center
LANDWARNET 2011 TRANSFORMING CYBER WHILE AT WAR UNCLASSIFIED
UNCLASSIFIED
Intruder
Hop Point A
(24.56.216.12)
Hop Point B
(169.112.233.5)
Hop Point C
(81.24.65.10)
Hop Point D
(219.23.45.122)
Hop Point E
(68.98.211.54)
Intruder scans network to
find vulnerable host
Intruder locates one host
that is vulnerable
Intruder probes deeper to
collect more information
Intruder now has enough
Information to attack host
Intruder downloads tools to
further exploit network
Rootkit
Intruder uses tools to attack
other hosts on network
Intruder exfiltrates data
from compromised hosts
Return
Session: 5, Track: Army Cyber Command 2011-08-24 // Army Cyber Center
LANDWARNET 2011 TRANSFORMING CYBER WHILE AT WAR UNCLASSIFIED
UNCLASSIFIED
EXPLOITS INTEL
LO
GIS
TIC
S
TR
AN
S
FIN
AN
CE
TR
AIN
IN
G
C2
MAC 1
UN
IT
A
UN
IT
B
UN
IT
C
UN
IT
D
UN
IT
E
IAVA STATUS
CCIR ALERTS
Registry Hooking XYZ Dept of XYZ rpts
IAVA ### System 123 Vulnerable
ALERT: CCIR 3
FRAGO 2: Execute
Counter Cyber ops
123
RETURN
Session: 5, Track: Army Cyber Command 2011-08-24 // Army Cyber Center
LANDWARNET 2011 TRANSFORMING CYBER WHILE AT WAR UNCLASSIFIED
UNCLASSIFIED
INSTRUCTION SET
10100100001001001
00100101100010101
00101111101001010
10101110101010101
01010101010100000
11111101011110110
10101100110101100
10100110101011110
10010100100100010
10010110100101010
10101010100100101
DATA REGISTERS
10100100001001001
00100101100010101
00101111101001010
10101110101010101
01010101010100000
11111101011110110
10101100110101100
10100110101011110
10010100100100010
10010110100101010
10101010100100101
OUTPUT
INPUT
Return
Session: 5, Track: Army Cyber Command 2011-08-24 // Army Cyber Center
LANDWARNET 2011 TRANSFORMING CYBER WHILE AT WAR UNCLASSIFIED
UNCLASSIFIED Session: 5, Track: Army Cyber Command 2011-08-24 // Army Cyber Center