Iowa Air National Guard Cyber Protection Team. Maj Brian Dutcher Director of Operations, 168th Cyber Operations Squadron

Similar documents
Castles in the Clouds: Do we have the right battlement? (Cyber Situational Awareness)

Cyber Operations in the Canadian Armed Forces. Master Warrant Officer Alex Arndt. Canadian Forces Network Operations Centre

EVERGREEN IV: STRATEGIC NEEDS

JFHQ DODIN Update. The overall classification of this briefing is: UNCLASSIFIED Lt Col Patrick Daniel JFHQ-DODIN J5 As of: 21 April 2016 UNCLASSIFIED

Engaging the DoD Enterprise to Protect U.S. Military Technical Advantage

Coast Guard Cyber Command. Driving Mission Execution CAPT John Felker Deputy Commander, CGCYBERCOM August 2011

JRSS Discussion Panel Joint Regional Security Stack

Protecting US Military s Technical Advantage: Assessing the Impact of Compromised Unclassified Controlled Technical Information

Department of Defense Cyber Workforce Initiatives. April 2017

CYBER SECURITY PROTECTION. Section III of the DOD Cyber Strategy

Federal Bureau of Investigation (FBI)

Lt Gen BJ Shwedo. Chief, Information Dominance and Chief Information Officer SAF/ CIO A6

Cybersecurity TEMP Body Example

SECRETARY OF THE ARMY WASHINGTON

24th Air Force/ AFCYBER Delivering Outcomes through Cyberspace

DEPARTMENT OF THE NAVY HEADQUARTERS UNITED STATES MARINE CORPS 3000 MARINE CORPS PENTAGON WASHINGTON, DC

U.S. Air Force. AF Cyber Resiliency Office for Weapon Systems (CROWS) I n t e g r i t y - S e r v i c e - E x c e l l e n c e

U.S. DEPARTMENT OF HOMELAND SECURITY

The Role of Exercises in Training the Nation's Cyber First-Responders

UNCLASSIFIED/ AFCEA Alamo Chapter. MG Garrett S. Yee. Acting Cybersecurity Director Army Chief Information Officer/G-6. June 2017 UNCLASSIFIED

2018 NASS IDEAS Award Application State of Colorado

Nationwide Job Opportunity ANG Active Guard/Reserve AGR Vacancy

UNCLASSIFIED. UNCLASSIFIED Air Force Page 1 of 7 R-1 Line #198

EW Modeling and Simulation: Meeting the Challenge

Session: 6, Enduring Network Operational Assessment Framework

This Brief is Classified: UNCLASSIFIED. NORAD and USNORTHCOM Theater Strategy

UNCLASSIFIED. UNCLASSIFIED Air Force Page 1 of 5 R-1 Line #199

A Tool to Inject Credible Warfighter-Focused Non- Kinetic Attack Effects into the BMDS M&S Environment

U.S. Air Force. AF Cyber Resiliency Office for Weapon Systems (CROWS) I n t e g r i t y - S e r v i c e - E x c e l l e n c e

Serving as specialists in cyber communications CRYPTOLOGY TECHNICIAN

New DoD Approaches on the Cyber Survivability of Weapon Systems

Department of Defense DIRECTIVE

Department of Defense INSTRUCTION

2018 Army Signal Conference

San Francisco Bay Area

DEPUTY SECRETARY OF DEFENSE 1010 DEFENSE PENTAGON WASHINGTON, DC

DEPARTMENT OF THE NAVY OFFICE OF THE CHIEF OF NAVAL OPERATIONS 2000 NAVY PENTAGON WASHINGTON DC

INSIDER THREATS. DOD Should Strengthen Management and Guidance to Protect Classified Information and Systems

State Homeland Security Strategy (SHSS) May 24, 2004

DOD INSTRUCTION MISSION ASSURANCE (MA) CONSTRUCT

Army Enterprise Service Desk (AESD)-ARCYBER Convergence: A Contributing Element in Today s Defensive Cyber Operations (DCO)

United States Army. Criminal Investigation Command. Hunting The Hackers CCIU Detectives Deliver Digital Justice

SAF/CIO A6 Mission Brief

Cyberspace Operations

Crowdsourced Security at the Government Level: It Takes a Nation (of Hackers)

How the Component Commands Support the U.S. Cyber Command Vision

Draft 2016 Emergency Management Standard Release for Public Comment March 2015

Cryptologic and Cyber Systems Division

TECHNICAL SUPPORT WORKING GROUP. Perry Pederson Infrastructure Protection Subgroup

United States Coast Guard

8/11/2015. Navigation in the Meeting Room. Cyber Enabled Threats to Cleared Industry. Host: Rebecca Morgan Counterintelligence Instructor CDSE

Subj: DEPARTMENT OF THE NAVY CYBERSECURITY/INFORMATION ASSURANCE WORKFORCE MANAGEMENT, OVERSIGHT, AND COMPLIANCE

Advance Questions for Vice Admiral Michael S. Rogers, USN Nominee for Commander, United States Cyber Command

UNCLASSIFIED. Cost To Complete Total Program Element : TECH SURVEIL COUNTER MEAS EQPT. FY 2016 Base FY 2016 OCO

Department of Defense INSTRUCTION

SUBJECT: Army Directive (Implementation of the Army Human Capital Big Data Strategy)

Agency Mission Assurance

Joint Publication Operations Security

NORAD and USNORTHCOM J8 Science & Technology

DEPARTMENT OF THE NAVY CYBERSPACE INFORMATION TECHNOLOGY AND CYBERSECURITY WORKFORCE MANAGEMENT AND QUALIFICATION

In order to cross the walls of the city, not a single act of violence was needed. All that was needed was the good faith and naivety of the enemy.

Bay Area UASI. Introduction to the Bay Area UASI (Urban Areas Security Initiative) Urban Shield Task Force Meeting

SCOTSEM Annual Meeting Aug 24, 2016

Army Identity and Access Management (IdAM)

MC Network Modernization Implementation Plan

DEPARTMENT OF THE NAVY OFFICE OF THE CHIEF OF NAVAL OPERATIONS 2000 NAVY PENTAGON WASHINGTON, DC

Joint Staff J7 / Deputy Director for Joint Training

25 AF Directorate of Communications (A6) and 625th Air Communications Squadron (ACOMS)

CHIEF NATIONAL GUARD BUREAU INSTRUCTION

Information Systems Office

Statement of FBI Executive Assistant Director for Intelligence Maureen A. Baginski. Before the House Permanent Select Committee on Intelligence

NORAD and USNORTHCOM Technology Needs Mr. John Knutson J8 Office of S&T

AVIONICS CYBER TEST AND EVALUATION

CRS Report for Congress Received through the CRS Web

December 21, 2004 NATIONAL SECURITY PRESIDENTIAL DIRECTIVE NSPD-41 HOMELAND SECURITY PRESIDENTIAL DIRECTIVE HSPD-13

Joint Base San Antonio (JBSA) 2017 Alamo Ace 14 November 2017

AFCEA Mission Command Industry Engagement Symposium

Information Assurance (IA) and Interoperability (IOP)

UNCLASSIFIED R-1 ITEM NOMENCLATURE

Developing a Tactical Environment. Cyber Operations Training Program

Department of Defense INSTRUCTION. SUBJECT: Security of Unclassified DoD Information on Non-DoD Information Systems

To be prepared for war is one of the most effectual means of preserving peace.

COMBATING TERRORISM TECHNOLOGY SUPPORT OFFICE. Leveraging the Interagency and International to Support SOF

Cyberspace Operations

CSFI Cyberspace Operations Strategist and Planner CSFI- CCOSP

APPENDIX: FUNCTIONAL COMMUNITIES Last Updated: 21 December 2015

For Immediate Release October 7, 2011 EXECUTIVE ORDER

Lieutenant General Maryanne Miller Chief of Air Force Reserve Commander, Air Force Reserve Command

Building Campus Resilience: Pre-Disaster Mitigation & Preparedness

Information Assurance (IA) and Interoperability (IOP) Evaluations

DEPARTMENT OF THE NAVY OFFICE OF THE CHIEF OF NAVAL OPERATIONS 2000 NAVY PENTAGON WASHINGTON DC

LOE 1 - Unified Network

By 2020, light-emitting diodes will reduce worldwide electrical consumption by 1,400 terawatt-hours annually.

Air Education and Training Command

Training and Evaluation Outline Report

Chapter FM 3-19

After Action Report / Improvement Plan

UNCLASSIFIED. UNCLASSIFIED Air Force Page 1 of 5 R-1 Line #169

Combat Support Agency Working Group (WG)/Worldwide Joint Training and Scheduling Conference

CYBER ATTACK SCENARIO

Transcription:

Iowa Air National Guard Cyber Protection Team Maj Brian Dutcher Director of Operations, 168th Cyber Operations Squadron

Overview Cyber Mission Force Defensive Cyber Operation Capabilities Air National Guard Cyber Protection Teams 168th Cyber Operations Squadron Domestic Operations Domestic Ops Example - Cyber Shield 2016 Power of the Iowa Citizen Airmen

Cyber Mission Force

Defensive Cyber Operations (DCO) Mission Focused, Threat Specific, & Intelligence Driven Capabilities Identify Key Terrain-Cyber (KT-C) Discover, Detect, Analyze, & Mitigate Threats (includes insider threats) DCO-Internal Defensive Measures (IDM) Hunt on friendly cyber terrain Stop the arrow not the archer DCO-Responsive Actions (RA) Reactive defense Stopping the shooter Mission of National Mission Teams under USCYBERCOM

CPT Area of Operation

CPT Employment PLAN SURVEY SECURE PROTECT RECOVER OPORD Mission Plan Msn Analysis Map Terrain Assessments PDE Mitigate Risk NPDE Dynamic Defense Response Coordination Re-Baseline Hand-Off CPTs execute three distinct missions (Survey, Secure, Protect) Survey Mission -- Plan, Survey Secure Mission -- Plan, Survey, Secure Protect Mission -- All stages Each employment stage is dependent upon the previous one Each CPT squad has a unique role during each stage

Cyber Protection Teams (CPT) CYBER LEADERSHIP C2, Planning CPT Intelligence Cyber Readiness (CR) Cyber Support (CS) Mission Protection (MP) Defensive Cyber Infiltration (DCI) Cyber Threat Emulation (CTE) Conducts compliance analysis Provides detailed baseline evaluation Coord/Conduct participative & nonparticipative Defense Evaluation (PDE/NPDE) Recommendations to RMP & MDP Ongoing monitoring Assists in technical response actions Map Key Terrain- Cyber (TK-C) Provides input to RMP Assists in RMP implementation Provides training to local defenders Lead for Id TK-C Conducts comprehensive mission/risk analysis Lead for Risk Mgt Plan (RMP) Lead for MSN Defense Plan (MDP) Conducts recon to Id preexisting or active threats Performs post exploitation forensics Composes damage assessment Assists in RMP & MDP Supports PDE & NPDE Coordinate, collect, & share threat intelligence & TTPs Instructs on threat TTPs Conducts PDE and NPDE penetration testing Emulates threats Assists in RMP & MDP

Force Packages By the Numbers Scope 35 7 Configuration Employment Equipment 5 solo missions 2 formations 200+ Mission-ready cyber professionals Member teams consisting of 1 Team Lead 1 Infrastructure Tech 1-2 Analysts 3-4 Cyber Operators Can be either employed individually or as a coordinated multi-team package Industry-standard tools are utilized by teams on standalone mission systems (local and remote capable)

Air National Guard Cyber Protection Teams Federal: Support the 24 AF operations with trained and ready cyberspace protection teams (CPT) to fill USCYBERCOM's Cyber Mission Force taskings State of Iowa: Ensure cyber preparedness and incident response for rapid internal state-level and national coordination needed to defend against cyber incidents across local, state and private industry partnerships

168th Cyber Operations Squadron Force Packages for the State of Iowa CYBER LEADERSHIP Authority for force planning, coordination, synchronization, and execution SURVEY/ASSESS PREVENT/RESPOND INVESTIGATE/EMULATE TRAIN/DEVELOP Evaluates/sustains compliance and readiness Improves defense and augments response Detects, illuminates, and emulates threats Identifies, plans, and conducts training for local defenders Conducts compliance analysis Provides detailed baseline evaluation Enhances/establishes compliance monitoring Evaluates technical and risk mitigation measures; highlights shortfalls Conducts comprehensive mission/risk analysis Performs vulnerability assessments Enhances/implements mitigations Augments incident response Identifies preexisting or active threats Instructs on threat TTPs Performs post exploitation forensics Composes damage assessment Conducts penetration testing and documents findings Reviews effectiveness of ops, policies, and procedures Evaluates training needs and develops training plan Performs immediate onsite training and recommends future formal instruction

Force Packages Development Philosophy Capabilities Structure Tasks KSAs

Cyber Shield 2016 Background Two-week defensive cyber operations (DCO) training exercise Over 900 participants from state government agencies, federal agencies, industry partners, and academia 16 members from the 132d Cyber Operations Squadron (COS) participated in a variety of roles Mission Protection (Blue Team) Cyber Threat Emulation (Red Team) Exercise Technical Analysis (White Team) Intelligence Fusion Analysis JAG Leadership

Cyber Shield 2016 Lessons Learned Relationships are critical; need for advance planning and partnering before incident arise Industry Partner (i.e. acquaintance with our critical infrastructure industry partners systems in advance of a cyber event) Agencies (FBI / Law Enforcement) Legal (JAG) Intel Other states Ability to effectively adapt to uncertainties is crucial Loss of network / range functionality Loss of critical services (domain controller, web server, firewall, IDS/IPS) Having to obtain supported partner s approval for network hardening requests Teams need a strong balance of technical skills and non-technical skills Technical Network Traffic Analysis Windows / Linux Command Line Network / Server / Host Administration Cyber Incident Response Malware Analysis Triage /Incident Response Digital Forensics Non-Technical Teamwork Composure Communication Indicators of Compromise and link analysis Assertiveness, Leadership, & Followership Ability to learn

Cyber Shield 2016 Legality Cyber Shield JAG Mission To ensure the legality of our defensive cyber operations Protect States/DoD/service members from liability Integrate Judge Advocates (JA) with CPTs Enhance partnerships with federal and state agencies involved in cyber operations Maximize training for JAs and operators in domestic cyber operations and cyber law Cyber Law Key Tasks Anticipate and identify potential legal issues; JAs prepared Cyber Shield legal resources guide Train cyber teams to recognize cyber legal issues and engage JAG based on pre-approved actions Embed JA with CPT to maximize JA training in Cyber operations; learn the area of operations Draft documents to ensure successful coordination and understanding between the National Guard, the agency partner and interagency partners Iowa Air National Guard FY17-18 Cyber Law Next Steps Cyber Operations Squadron (COS) Concept of Operations legal review Cyber MOU/MOA's with Iowa State University and State of Iowa OCIO using the Iowa Communications Network, Minnesota Air National Guard (ANG)/Army Computer Network Defense Team, MidAmerican Energy, U.S. Air Force Academy Computer Science Department/Cyber Innovation Center Iowa NG Cyber MOU and non-disclosure agreement template for future Cybersecurity support Legal Review of Cyber Airmen Status to support T10 Missions

The Power of the Iowa Citizen Airman IT Pro Technical Expertise Business Acumen Industry Leadership Skills Airman Military Training & Expertise Military Leadership Dedication, Esprit de Corps Patriotism Citizen Airman Well-rounded and Dynamic Technically Savvy Seasoned Longevity

Questions

2024 © careersdocbox.com Privacy Policy | Terms of Service | Feedback