cyber requirements - afcea unclass unclass fort gordon georgia maj hurcules murray tcm- cyber dco...
TRANSCRIPT
2
UNCLASS
UNCLASS
FORT GORDON ▪ GEORGIA
• Purpose: A broad overview of the current and emergent Army
cyberspace requirements identified through capability based
assessments, with a synopsis of all the work coming from the
cyber capabilities based analysis.
Purpose
3
UNCLASS
UNCLASS
FORT GORDON ▪ GEORGIA
TOPICS:
Army Required & Current Capabilities
IS CDD: DCO / OCO / Cyber Situational Awareness
Prioritized Gaps
Cyber CBA Conclusions
Recommended Solution Sets
Agenda
4
UNCLASS
UNCLASS
FORT GORDON ▪ GEORGIA
Required Capabilities: 2018-2030 • Each echelon requires the ability to access capabilities
resident at other echelons
• Task + Condition + Standard (metrics)
Corps
Bde/BCT
Battalion
ASCC
ARCYBER
Build, Operate and Defend a network that ensures Mission Command
Commanders SA, includes social media/layer (Cyber CBA #1 Capability Gap)
Defend in Depth; Ability to protect individuals and platforms.
Conduct CEMA; Perform DODIN operations, EW and EMSO; Deliver EA.
Conduct CEMA; Perform DODIN operations, DCO, EW & SMO; Deliver EA; Integrate
OCO.
Company
includes:
Platoon, Squad,
Fire team, Soldier
Company
Conduct: to direct or take part in the operation or management
of (administer, control, direct, lead, operate, order, organize).
Perform: to carry out an action or pattern of behavior
complete, move, observe, operate, react
Deliver: to send to an intended target
or destination
Conduct CEMA; Perform/Deliver DODIN operations, DCO, OCO, EW &
EMSO. Support to tactical forces.
Conduct CEMA. Perform/Deliver
DODIN operations, DCO,OCO, Hunt,
Support to tactical forces.
Division Conduct CEMA; Perform/Deliver DODIN operations,
DCO, OCO, EW & EMSO. Support to tactical forces.
CEM
CEM
CEM
CCMD USCC
CEM
CSE
CEM
Army Cyber Required Capabilities
Extend cyber
to Operational
and Tactical
Commanders
TEAM
S
JFHQ ACOIC
5
UNCLASS
UNCLASS
FORT GORDON ▪ GEORGIA
Joint & National
• Limited cyber doctrine, training and leader development
• Policy and authorities do not support tactical commanders.
• GENFOR limited ability to provide cyber & EW capabilities to
operational forces – “limited velocity & capacity”
• Legacy, non-standard networks, undefendable, expensive.
• Limited self-protection, understanding of…
• Limited offensive capabilities
• CEM Staff element limited capacity
and training
• Partial tactical expertise
Division/Corps
Bde/BCT
CoIST
Battalion and Below
TROJAN
TROJAN
Self protect jammers (CREW,
CVRJ, MMBJ)
MI CO
S2
G2 / ACE
Prophet
MI BN BFSB
Prophet
SBCT
SURV TRP
ASCC
G2 / ACE
MI BDE
Army Cyber
Command
Space
Systems
NTM Multi-Intel
Sensors/
Platforms
DCGS-A
JSTARS
TROJAN
DCGS-A (FIXED)
DCGS-A
DCGS-A
Army Current Capabilities
MC/NetOps (CPOF, FBCB2,
NIPR, SIPR)
Aircraft Survivability Equipment
MC/NetOps (CPOF, FBCB2,
NIPR, SIPR, JWICS)
Self protect jammers (CREW,
CVRJ, MMBJ)
MC/NetOps (GNEC)
MC/NetOps (GNEC)
S6
S3
UAS Plt
25 Series
29 Series
35Series
G3
G6
Fires
Expeditionary
Signal BN
G3
G6
Fires
Theater
Tactical Sig
Bde
Theater Signal
Command Aircraft
Survivability Equipment
NOSC
TNOSC
25 Series
35Series
NETCOM
INSCOM
1st IO (Cyber
Elements)
Cyber Bde
25 Series
29 Series
35Series
CAB
S2
S6
S3 25 Series
29 Series
35Series
25 Series
29 Series
35Series
DCGS-A
Battalion
and Below
includes:
Company
Platoon
Squad
Fire team
Soldier
5
Army Current Capabilities
6
UNCLASS
UNCLASS
FORT GORDON ▪ GEORGIA
Cyber CBA FNA Gap Overall
Priority Cyber Gap 17: Commanders’ SA (Includes social media/layer) 01
Cyber Gap 07: Defend in Depth 02
Cyber Gap 13: DCyD, Hunt and DCO-RA 03
Cyber Gap 05: Operate Networks 04
Cyber Gap 15: Collect, Process and Analyze Adversary Information 05
Cyber Gap 24: RDT&E, RDA and Technical Architecture 06
Cyber Gap 11: Offensive Architecture and Infrastructure 07
Cyber Gap 16: Cyber Attack/OCO 08
Cyber Gap 12: Access to Adversaries 09
Cyber Gap 03: Establish the Enterprise 10
Cyber Gap 14: Exploit Cyber and EW Capabilities 11
Cyber Gap 31: Electronic Protection 12
Cyber Gap 26: Security and Vul Assessments 13
Cyber Gap 32: Electronic Warfare Support 14
Cyber Gap 01 Cyber (Cyber/Electromagnetic) Integration 15
Cyber Gap 30: Conduct Electronic Attack 16
Cyber Gap 27: SE and Forensics 17
Cyber Gap 22: Integrate WfFs and Assess (BDA) 18
Cyber Gap 25: Legal and Policy Oversight 19
Cyber Gap 08: Information, Services and Applications 20
Cyber Gap 04: Access and Authentication 21
Cyber Gap 06: Integrate Mission Partners 22
Cyber Gap 29: Homeland Defense/DSCA 23
Cyber Gap 09: Unity of Command/Governance 24
Cell Color Indicates Level of Risk:
Extremely High Risk
High Risk
Moderate Risk
Low Risk
• Commanders’ SA
and understanding
the social dimension
of cyberspace are
critical to Joint and
Unified Land
Operations
•Many of the gaps cross
multiple required
capabilities
• DOTmLPF actions
such as Doctrine and
LDE&T can mitigate
large portions of these
gaps.
• Materiel development
is REQUIRED. An Army
Cyber Roadmap could
provide synergy of
these areas (RDT&E,
RDA , S&T)
Mission
critical,
we must
do!
6
Mission
essential
to take the
initiative!
Sustain the
operational
initiative!
Army Prioritized Cyber Gaps
7
UNCLASS
UNCLASS
FORT GORDON ▪ GEORGIA
Commanders’ SA and the COP
• See Yourself, the Threat & the Cyberspace Terrain
• Understand Operational Impact, Risk and Mitigation
• Cyber and the EMS in Unified Land Operations
Network as an Operational Platform
• Single, Secure Network, Must defend to operate
• Full spectrum Cyberspace and EW Operations
• Ensure Mission Command
Commanders require freedom to maneuver
• Must have tactical offensive cyber & EW capabilities
• If not, Army cedes the initiative to the adversary
Integrated Cyber Planning and Execution
• Cyber/EW Effects tied to Commander’s Objectives
• Synchronize Lethal & Non-Lethal
• Robust CEMA element tied to CNMTs (Joint teams)
Transform the Army, Trained and Ready Forces
• Doctrine, Education, Training, and Leader Development is Key 7
Fundamental Principles
8
UNCLASS
UNCLASS
FORT GORDON ▪ GEORGIA
• Commanders must understand:
• How the cyber domain and EMS influences and impacts
their operational environment
• How to fully leverage cyber and EW capabilities holistically
in Unified Land Operations
• Staffs:
• Integrate Cyber and EW in maneuver
• How to call for support, reach-back capabilities
• Cyber/EW Units:
• Ability to create the operational cyber conditions throughout
their area of operations
• Capacity to adeptly apply multiple capabilities, responsively,
simultaneously
• Synchronization and collaboration among all mission
elements, joint and Army
• Timely, responsive, continuous support for offensive cyber
and EW.
• Can be done within today's authorities, extends the joint
Title-X platform (USCC/ARCC) to the tactical level.
Units simultaneously act across the physical domains,
cyberspace, and the electromagnetic spectrum
x
8
Commanders and Units
9
UNCLASS
UNCLASS
FORT GORDON ▪ GEORGIA
• Description: The Defensive Cyberspace Operations capability is an integrated solution that provides protection against,
monitoring/detection/analysis of, and response to known/unknown network and information system threats and vulnerabilities to
achieve freedom of action in the cyberspace domain in support of unified land operations. The approval of the DCO IS CDD is a
critical step towards establishing a true defense-in-depth across a friendly, neutral, and adversary portions of the Cyberspace
domain.
• Gaps:
– 07 Defend in Depth
– 11 Offensive Architecture and Infrastructure
– 12 Access to Adversaries
– 13 DCyD, Hunt, and DCO-RA
– 16 Cyber Attack/OCO
– 22 Integrate WfFs and Assess Battle Damage
– 26 Security and Vulnerability Assessments
– 27 SE and Forensics
– 29 Homeland Defense/DCSA
• Capabilities:
– Gaining/Maintaining SA
– Discovery, Detecting, Analyzing, Mitigating
– Responding
– Outmaneuvering
– Actively Hunting
– Dynamically Re-establishing, Re-securing, Re-routing, Reconstituting, and Isolating
– DCO-RA
– Protecting Networks, Platforms, and Data
– Transferring Data Securely
– Managing User Identities
– Protecting Key/Critical Cyber Terrain/Infrastructure
– In-depth Assessments
– Site Exploitation/Forensics
DCO IS CDD
JIE GIG
IA
LWN
DCO
Protect
RDP
Detect
RDP
Response
RDP
Assess
RDP
CDP CD
CDP CDP
CD
CDP CD
CD
NEMC
ICD
10
UNCLASS
UNCLASS
FORT GORDON ▪ GEORGIA
OCO IS ICD
OCO Infrastructure
RDP
CD
OCO Firing Platform
RDP
CD
Situation Awareness RDP
CD
Tactical Military Communications
RDP
CD
Critical Ground Force Support Infrastructure
RDP
CD
Ground Force Systems RDP
CD
• Description: The Offensive Cyberspace Operations (OCO) Information System Initial Capability Document (IS ICD) will establish the
framework for the rapid identification, validation, development and fielding of capabilities required to execute OCO by ARCYBER
operational forces in support of Service and Joint operations and requirements. The OCO IS ICD will align existing programs, emergent
technologies, and resources to form an all-inclusive offensive cyber capabilities portfolio. This will enable the transition or acquisition of
people, processes and technologies into a development methodology consistent with the Joint Capability Integration and Development
System (JCIDS) and the Defense Acquisition System, promoting unity of effort throughout the community.
•Capabilities:
An Army offensive infrastructure
A common offensive firing platform
Gaining and maintaining situational awareness
Offensive Capabilities against tactical military
communications
Offensive Capabilities against critical ground force
support infrastructure
Offensive Capabilities against ground force systems
•Gaps:
Offensive Architecture and Infrastructure
Collect , Process and Analyze adversary
information
Cyber Attack/OCO
Access to adversaries
Exploit Cyber and EW capabilities
DCyD, Hunt and DCO-RA
Offensive Cyber Operations IS ICD
11
UNCLASS
UNCLASS
FORT GORDON ▪ GEORGIA
• Description: Situational Awareness (SA) ranges from understanding how tactical level actions within the cyber domain can have strategic
implications within DoD, public, and private sector cyberspace to shared scalable awareness of joint, coalition, and interagency,
operational status and intent. Cyber SA provides the Army and Joint Forces commanders an understanding of cyberspace infrastructure,
its use by adversaries and neutral users, and impact on decisive operations.
• Gaps:
– 17 Commander’s SA
– 05 Operate Networks
– 15 Collect Process and Analyze adversary Information
– 11 Offensive Architecture and Infrastructure
– 14 Exploit Cyber and EW Capabilities
– 31 Electronic Protection
– 26 Security and Vulnerability Assessments
– 32 Electronic warfare Support
– 01 Cyber (Cyber Electromagnetic SA is required) Integration
– 22 Integrate Warfighting Functions (WfF) and Assess BDA
– 23 Integrate Mission Partners
• Capabilities:
Corps
– SA of the cyberspace domain and EMS; blue, white, grey, and red
• Internet Topography
– Targeting in cyber (includes EMS) and as part of land operations
– Connection to National Capacities (IC, National and Service Labs, AMC)
Division
– SA/Identification Friend or Foe capability; blue, white, grey and red; internet topography
– Targeting in cyber (includes EMS) and as part of land operations
– CEM deconfliction with Organic and non-Organic Elements and BCT and BCT and Below (ATO, Cyber, IC)
– May be restricted to TS level (limited STO)
– Visualization of task/org elements from BDE and Below to echelons above ASCC
Brigade
– SA/Identification Friend or Foe capability; blue, white, grey and red; graphic representation (dash board)
– Highly Defined Targeting-e.g. route clearance support, mapped key terrain (cyber to geo and/or mission impact)
– Provide Real-Time/Near Real Time data; BW limits, EMS Considerations; MC System Capable; Tied to Physical
Topography
Cyber SA CDD
12
UNCLASS
UNCLASS
FORT GORDON ▪ GEORGIA
• FSA identified 45 solutions to mitigate 24 FNA gaps
• Solutions were aligned to the gaps in the RSA worksheet focusing on the Technical Risk, Supportability, Feasibility, Affordability, and DOTMLPF-P implications
• Solutions were then prioritized by the overall gap priority and by the number of gaps the solution addressed
• Interdependent solutions were grouped together
• Based on the above, solutions were grouped into first, second and third priority groups.
• Within each priority are interdependent solutions that support each other and need to be implemented on a similar timeline (supporting and related solutions).
12
Solution Sets
13
UNCLASS
UNCLASS
FORT GORDON ▪ GEORGIA
Organization
O01 - Army Construct for USCC C2
CONOPS
O02 - Develop Robust CEM Element
O06 - Army Cyber CoE
Training
T01 - Develop Army Cyber LDE&T Strategy
Materiel
M02 - Produce Cyber JCIDS Documents
M04 - Transition Cyber Ops
Arch/Infrastructure
M06 - Implement IEWS
M07 - Army Cyberspace Ops Arch/Infra
Leader Development
L01 - Specialized CMF Cyber LDE&T
L02 - Incorporate basic cyberspace
objectives
L03 – Develop cyber specific LD&E
objectives in non-cyber LDE&T training
Personnel
P03 - Cyberspace Planners BCT to ASCC
P05 - Manpower study (USCC & CEM
Element)
Facilities
F02 - Ensure Adequacy of Facilities &
Ranges
Policy
Policy06 - Army Materiel Development
Strategy
Priority Solution Sets
Organization
O03 - 2-3-6 Integration
Training
T04 - Continue NETOPS Training Program
T05 - Cyberspace / EW Modeling &
Simulation
T06 - Develop Digital Literacy Fitness
Program
T07 - Enterprise IA Awareness Training
Materiel
M01 - Providing Timely Cyber / EA
Payloads
Personnel
P02 - MOS 25D / 35Q / 255S / FA 26
Facilities
F01 - Service Facilities Assessment
Policy
Policy01 - Update Regulations (Army / DoD
/ USC)
Policy02 - Update Title 10 for DCO-RA
Policy03 - LandWarNet / JIE & GNE
alignment
Policy04 - Securing CONUS Infrastructure
Policy05 - RC Alignment for ARFORGEN
Solution Set # 1
Organization
O04 - Army Service Theater Cyber
Organizations
O05 - Develop Army Cyber and EW Tactical
Units
Training
T02 - Legal/JAG Cyber Operations Training
T03 - Leverage Joint Cyber Training
Exercise
Materiel
M03 - Develop Mobile SCIFs
M05 - Army Cyberspace Innovation
Program
Personnel
P01 - Cyber S&T/RDT&E Personnel
P04 - Review roles of cyber workforce
Facilities
F03 - Identify agency for facilities / ranges
Policy
Policy07 - Army Service Cyber Roadmap
Policy08 - Cyber QRCs and Review Board
Policy09 - Support to Cyber Mobilization
Strategy
Policy10 - JCIDS Modification
Solution Set # 2 Solution Set # 3
15
UNCLASS
UNCLASS
FORT GORDON ▪ GEORGIA
The DICR focuses on those Cyber CBA Solutions not currently being implemented.
• Doctrine
• FM 3-12 Cyberspace Operations (in progress)
• Organization Organization
• Develop a robust and capable Cyber Electromagnetic (CEM) Element, ASCC to BCT (Cyber CBA O02).
• Create Army Service Theater Cyber Organizations (Cyber CBA O04) COMPLETE
• Develop Army Cyber and EW tactical units (Cyber CBA O05).
• Training
• Assess and identify legal support to cyberspace operations for Judge Advocate General (JAG) Training (Cyber CBA T02).
• Leverage a Joint Cyber Training Enterprise (Cyber CBA T03).
• Incorporate cyberspace and EW modeling and simulation (M&S) capabilities into cyberspace and EW training and exercises
(Cyber CBA T05).
• Leadership & Education
• Incorporate additional specialized cyberspace training into specified Career Management Fields (CMF) and Functional
Areas (FA) (Cyber CBA L01).
• Incorporate basic cyberspace learning objectives into the Officer Education System, Warrant Officer Education System,
Noncommissioned Officer Education System, and Civilian Education System (Cyber CBA L02).
• Develop cyber specific LD&E objectives in non-cyber LDE&T training (educate and train the force) (Cyber CBA L03).
• Personnel
• Determine Personnel Requirements in the Research, Development, Test, and Evaluation (RDT&E)
• Research Development, Acquisition (RDA), and Science and Technology (S&T) Communities (Cyber CBA P01).
• Add Cyberspace Operations Planners to the CEM Element, at BCT to ASCC (Cyber CBA P03).
• Conduct a manpower study for USCC C2 CONOPS and CEM Element (Cyber CBA P05).
• Facilities
• Conduct Army Service Facilities Assessment and Strategy (Cyber CBA F01).
• Ensure adequate facilities and ranges are available (Cyber CBA F02).
• Identify a Service coordination agency for Army and joint cyber ranges (Cyber CBA F03).
15
DOMTMLPF Integrated Capabilities
Recommendation (DICR)