cyber domain situational awareness robert j. carey deputy assistant secretary of defense...
Post on 21-Dec-2015
217 views
TRANSCRIPT
CYBER DOMAIN Situational Awareness
Robert J. CareyDEPUTY ASSISTANT SECRETARY OF DEFENSE(Information Management, Integration, and Technology)& DoD DEPUTY CHIEF INFORMATION OFFICER(703) [email protected]
AFCEA, San Antonio, TX7 June 2011
Areas for Today’s Discussion
• DoD Cyber Landscape/Situation
• DoD Cyber Strategy
• DoD CIO – CYBERCOM Relationship
• Cyber Intelligence
• Challenge of Situational Awareness
• Initiatives
• The Way Ahead
2
IT Systems
• >$ 38 Billion in FY12
o>$16 Billion in IT Infrastructure
o>$2 Billion for Cyber Security
• 1.4 million active duty
• 750,000 civilian personnel
• 1.1 million National Guard and Reserve
• 5.5+ million family members and military retirees
• 146 + countries
• 6,000 + locations
• 600,000 + buildings and structures
• ~10,000 Operational systems (20% mission critical)
• >772 Data Centers
• ~67,000Servers
• ~7+ million computers and IT devices
• ~15,000 networks
• Thousands of email servers, firewalls, proxy servers, etc.
DoD IT User Base
Total IT Budget
DoD Network Landscape
Problem• Decentralized planning, standards, and operations
over the years• Rapidly evolving technology
Has Resulted In• Increased Cyber vulnerabilities • Impediments to joint operations• Large cumulative costs• Inability to fully capitalize on information technology
Defense Industrial Base
• 36 DIB partners
• 2650 Cleared Def Contractors
• Thousands of business partners 3
Our Challenge
The warfighter expects/needs access to information – from any device,
anywhere, anytime
4
Situation
• Our vast current attack surface cannot be defended well
• Absolute reliance upon networks to accomplish our
National Security mission
• Our Networks are complex and expensive
to defend and maintain
• USG and Industry largely in the same situation
• Defense Cyber Crime Center (DC3) and the DIB are our
intelligence information sharing platforms via DIBnet
• Partnership with Intelligence Community essential
5
Need Greater Connectivity, Agility, And Flexibility
DoD’s Cyber Strategy
5 Pillars• Cyberspace as a domain• New defense operating
concepts• Extending cyber defenses• International partners• Technology and innovation
Get In Front of the Threat
6
DoD CIO – USCYBERCOM Relationship
DoD CIO
• Policies• Processes• Standards
• Operational Requirements• Emerging Threats• Effectiveness Measures
USCYBERCOM
DoD Components
Operational Orders
USCYBERCOM Operates and defends DoD’s elements of
cyberspace to leverage emerging technologies and to counter evolving threats.
DoD CIO Establishes policies, processes, and standards for ensuring information
delivery and authorized access.
7
DISA
Cyber Intelligence
Collection & Analysis of Data from All Sources
• Understanding of Internet, Networks and Integration
• Indications and Warnings
• Existing Situational Awareness Tools
• Develop new tools
• Internet ‘Data-Mining’
Framework for I&W and SA Sharing• Across DOD, USG, Defense Industrial Base (DIB) a model
• Mechanism for Management & De-confliction
• While protecting sensitive information
Synthesis & Analysis of Data• Integrate Information into ‘Actionable Decisions’
• Common Operating Picture a must
USG
DIB
DoD
8
Cyber Intelligence
• Definitional Attributes: – Timely network activity information
• Proactively managed to allow operational commanders maneuver space– Trusted network activity information
• Combination of all source and organic sensor information– Actionable
• Enables risk based decisions and actions– Defensive and Offensive
9
Secretary of Defense Efficiencies
CyberSecurity
Improve the security of DoD networks and
information from all threats
Efficiency
Reduce duplication in the
DoD IT Infrastructure, and deliver significant efficiencies across the Department
Effectiveness
Improve mission effectiveness and
combat power throughout the
Department
DoD IT infrastructure optimization goals are directly tied to a CIO’s “Three Core Questions”
Key Benefits• Unity of effort• Do more with less • Reduce acquisition,
procurement and sustainment cost
• Improve IT cost awareness
• Eliminate redundant effort and cost
Key Benefits• Unity of command• Consistent and
improved user experience
• Rapidly deliver new business and mission capabilities
• Increase interoperability with in -place systems
• Global access to needed information
• Improve availability and reliability
Key Benefits• Unify command and control of
critical networks • Detect and eliminate malicious
activity• Validate access to information
based on enterprise identity and user attributes
DoD IT Strategy and Roadmap Goals
Are our IT systems working
for us?
Are we using our resources efficiently?
Are our IT systems secure? Enterprise Approach
Is Critical
10
IT Infrastructure Consolidation Initial Actions
1. Data Center consolidation
2. Network Standardization / Optimization
3. Enterprise Identity Management – secure authentication to network and data – drive anonymity from networks
4. Enterprise Email – Single global directory service (Single DoD “Phone Book”)
5. Enterprise Hardware/Software Contracts & Procurement - Leverage Department’s buying power
11Reduce footprint, simplify architecture, increase our ability to defend
Network Optimization
12
Enterprise-Wide CND Initiatives
Implementing a broad set of initiatives for Computer Network Defense:• Trust based Certification and Accrediation• Situational Awareness Capabilities• Host-Based Security System (HBSS)• Defense Industrial Base (DIB) Support• Supply Chain Risk Management (SCRM) strategy• Insider Threat Mitigation• Continuous Monitoring
• Secure Configuration Management• Demilitarized Zones (DMZ)
• Web Content Filtering• E-Mail Security Gateway• DNS Hardening
• Network Scanners
13
Partnering in key areas with the IC, Combatant Commands, Services, DoD Agencies and Industry
Challenge of ‘Situational Awareness’
• Information necessary for a Cyberspace Common Operational Picture (COP) supporting Situational Awareness (SA) and enabling C2 decision making comes from disparate Indications & Warnings (I&W) sources
– Diverse set of capabilities making interoperability a challenge
– Legacy point-to-point interfaces inhibiting information sharing
– Synthesis of “Internet ” feeds (Data Mining) is essential to feed a COP and
understand the environment
– Need validated requirements for a customizable unified community resource
for detection, analysis, or presentation
– Need a cohesive ‘Data Strategy’ linked to net as part of network optimization
14Must Overcome Obstacles to Information Access & Sharing
Situational Awareness Initiatives
•Seeking to leverage technologies to create a net centric architecture which easily allows current and future, unintended, data sources to be combined and utilized for SA:
– Continuous Monitoring (CM)• Secure Configuration Management (SCM)• Host Based Security System (HBSS)
– Identity Management – PKI enablement
– Situational Awareness - Global NetOps Information Sharing Environment (GNISE)
– Internet Data Mining – In combination with CM
•0
15Allow for more balanced Risk Management
Developing Situational Awareness Capabilities
DIBNet
DC3Data
Sources
DIB CS/IA Data
User Interface
Integration
OtherData
Sources
CustomData
Sources
GNA, GEM, GCM, CIP Data Sources
WebServices
Enterprise Services (Auth, Messaging, Cross Domain)
NetOpsApps SIM
CDC
Shared SA Info Sharing
NetOps SA DataNetOps SA Data
Data Analytics / Service Gadgets
Information Portal
Information Portal
Enterprise 2.0 for NetOps SA
WebServices
DashboardsReports
Data StreamsData Visualization
Service Mashup CND UDOPcd
DISA NetOps Data
User Interface
IntegrationJIMS
Transition
CustomData
Sources
JCD Data
WebServices
JCD
StrategicStrategic OperationalOperationalTacticalTactical CivilianCivilian ICIC CoalitionCoalition
Mission Needs Communities
Data Mining
16
The Way Ahead
• Pursue our goal of affording secure access to information for the warfighter from any device
• Our strategy is to consolidate and standardize elements of the networks to more effectively defend them and confront threats with agile information sharing
• Our focus is to embed the policies, procedures, oversight, and culture that enable information sharing into the Defense community and its mission partner
• Continue to leverage extensive and unprecedented capabilities afforded by the Information Age
• Continue to partner with industry to deliver National Security in Cyberspace
We are creating an information advantage.17
• Ask hard questions• Leverage your best and
brightest• Innovate• Help us find lasting
solutions that scale• Be part of our success
18
Partnership
How Can You Help?
19
Robert J. CareyDEPUTY ASSISTANT SECRETARY OF DEFENSE
(Information Management, Integration, and Technology)
& DOD DEPUTY CHIEF INFORMATION OFFICER(703) 614-7323
Agile and secure information capabilities to enhance combat power
and decision-making.
Back Up Slides
Back Up
20
Defense Industrial Base Network (DIBNet)
• A classified and unclassified collaboration and information sharing capability for DoD and Defense Industrial Base (DIB) partner use.
– To protect sensitive DoD data residing in Defense contractor facilities.
– To develop and deploy a secure infrastructure for DoD to exchange threat products and to collaborate with DIB partners in a timely fashion in defense of their network assets.
21
DoD CIO runs the DIB Cyber Security/IA Program.
Defense Cyber Crime Center (DC3) provides the threat products and incident analysis capability.
2650 Cleared Defense Contractor companies are the targeted users of DIBNet capabilities.
DIBNet
DC3Data
Sources
DIB CS/IA Data
User Interface
OtherData
Sources
DoD
Continuous Monitoring (CM)
22
•Continuous monitoring is maintaining ongoing awareness to support organizational risk decisions.
•CM unifies existing disparate capabilities of operational management and control to build out a robust and integrated solution for decision processes.
Host Based Security System (HBSS)
23
Secure Configuration Management (SCM)
• SCM is the integration and optimization of enterprise IA applications, Services, Policy, and standards in to a multi-tiered architecture
Optimization
• SCM automates risk management processes that are manual todayAutomation
• SCM supports the delivery of Continuous Monitoring and Advanced Threat Analysis and Risk Scoring
Innovation
Configuring assets securely in the first place
Maintaining secure configuration
Providing continuous situational awareness to the
right people
24
Identity Management
• Goal: All applications and systems use a single trusted database of all DoD employees
• Approach:– Utilize the DMDC and Database– PKI authentication– Develop policies and processes– Cyber security credentialing– Enterprise Email
25
DoD CIO Approach
• Customer Focus - “The warfighter expects access…”
• Centralized Guidance - Responsible for “standardization”
• Collaboration Emphasis - Partnerships and stakeholders
• Consolidated Effort - Enterprise solutions
• Capability Investment - The right talent and expertise
26
Purpose (TEMP Slide)
While USCYBERCOM must be focused on the now/near-term and strategic , DoD CIO must work to ensure that optimal policies, guidance and
oversight is in place to design, acquire and operate Networks that map themselves, continuously sense and report all normal and abnormal
activity levels, and provide a global Common Operational Picture of key data sets that can truly provide current Situational Awareness and
Indications and Warning of future threat vectors.
Focus Questions:
• What enterprise wide initiatives are you working to provide real-time and near term insights into threats to the DOD Cyber Domain?
• In what key areas are you partnering with USCYBERCOM to ensure that unclassified Cyber Intelligence is collected, analyzed and appropriately disseminated across DOD and the DIB?
• How does DOD CIO define Cyber Intelligence?
27
OSD/CIO Mission
Bring the power of information to the achievement of mission success in all operations of the Department; war fighting, business, and intelligence.
Lead the Department in achieving a persistent and dominant information advantage for ourselves and our mission partners.
Lead the Department in changing those policies, processes, and culture necessary to provide the speed, accuracy, and agility to ensure mission success in a rapidly changing and uncertain world.
Ensure a robust and secure information environment.
Provide modern command and control capabilities through persistent collaboration at all levels and among all mission partners.
Acquire new information capabilities rapidly (9-12 months) and at low cost by delivering them as enterprise services.
28
CIO Major Areas of Activity
• Policy Development – The establishment of the direction and expectations to ensure a Defense Information Enterprise capable of accessing information, sharing it, and collaborate to achieve mission success.
• Program Oversight – The leadership and expertise that provides the recommendations for effective IT investment, avoid duplicative efforts, prevent capability gaps, and ensure the tenants of net centricity are adhered to.
• Acquisition Support – The guidance and oversight needed to ensure IT programs adhere to acquisition directives, meet information sharing expectations, and quickly progress to fielded capabilities.
29
Refashioned DoD CIO
• Customer Focus – “The warfighter expects access…”
• Centralized Guidance – CIO responsible for “standardization” (policy, architecture, standards, governance)
• Collaboration Emphasis – Renewed emphasis on partnerships and stakeholders (MILDEPS, DISA, USCC, AT&L, DCMO, USD(P), Industry, Academia)
• Enterprise Effort – Enterprise approaches; improved security
• Competence Priority – Get the right talent; leverage DISAtechnical expertise
30
Enterprise Wide Initiatives
Enterprise Services – Secure access to the data
Data Strategy – Tag and share the data
Information Transport – Securely move the data
Information Assurance – Keep it dependable
Net Ops – See and manage the networks & data
31
Partnering in key areas with Combatant Commands, Services, DoD Agencies and the commercial sector
Link to Mission
•Success is dependent upon our ability to connect people with information anytime, anywhere
•The DoD CIO is responsible for ensuring the delivery of critical enabling capabilities that:
– Allow information to be accessed and shared
– Ensure partners can collaborate
– Support decision makers at all levels to make better decisions faster and to take action sooner
32
Information must be given the same priority and protection as any mission critical system or platform.