Castles in the Clouds: Do we have the right battlement? (Cyber Situational Awareness)

Similar documents
Cyberspace Operations

JFHQ DODIN Update. The overall classification of this briefing is: UNCLASSIFIED Lt Col Patrick Daniel JFHQ-DODIN J5 As of: 21 April 2016 UNCLASSIFIED

2018 Army Signal Conference

AFCEA Mission Command Industry Engagement Symposium

LOE 1 - Unified Network

JRSS Discussion Panel Joint Regional Security Stack

Cybersecurity United States National Security Strategy President Barack Obama

Cyber Operations in the Canadian Armed Forces. Master Warrant Officer Alex Arndt. Canadian Forces Network Operations Centre

THE U.S. ARMY LANDCYBER WHITE PAPER

Air-Sea Battle & Technology Development

Navy Information Warfare Pavilion 19 February RADM Matthew Kohler, Naval Information Forces

MC Network Modernization Implementation Plan

Army Network Campaign Plan and Beyond

Cyberspace Operations

DEFENSE INFORMATION SYSTEMS AGENCY STRATEGIC PLAN VERSION 1 A COMBAT SUPPORT AGENCY

AFCEA TECHNET LAND FORCES EAST

Cryptologic and Cyber Systems Division

UNCLASSIFIED. UNCLASSIFIED Air Force Page 1 of 5 R-1 Line #169

UNCLASSIFIED/ AFCEA Alamo Chapter. MG Garrett S. Yee. Acting Cybersecurity Director Army Chief Information Officer/G-6. June 2017 UNCLASSIFIED

DEPARTMENT OF THE NAVY HEADQUARTERS UNITED STATES MARINE CORPS 3000 MARINE CORPS PENTAGON WASHINGTON, DC

UNCLASSIFIED. UNCLASSIFIED Army Page 1 of 7 R-1 Line #9

Force 2025 Maneuvers White Paper. 23 January DISTRIBUTION RESTRICTION: Approved for public release.

Iowa Air National Guard Cyber Protection Team. Maj Brian Dutcher Director of Operations, 168th Cyber Operations Squadron

Army Enterprise Service Desk (AESD)-ARCYBER Convergence: A Contributing Element in Today s Defensive Cyber Operations (DCO)

24th Air Force/ AFCYBER Delivering Outcomes through Cyberspace

CAPT Jody Grady, USN USCYBERCOM LNO to USPACOM

PEO C3T PD Cyber Operations & Defense

Coast Guard Cyber Command. Driving Mission Execution CAPT John Felker Deputy Commander, CGCYBERCOM August 2011

CYBER SECURITY PROTECTION. Section III of the DOD Cyber Strategy

Joint Information Environment. White Paper. 22 January 2013

BUILD OPERATE SECURE DEFEND

Cybersecurity TEMP Body Example

UNCLASSIFIED. FY 2011 Total Estimate

AUSA Army Artificial Intelligence and Autonomy Symposium and Exposition November 2018 Cobo Center, Detroit, MI. Panel Topic Descriptions

Net-Enabled Mission Command (NeMC) & Network Integration LandWarNet / LandISRNet

Joint Communications System

ADP337 PROTECTI AUGUST201 HEADQUARTERS,DEPARTMENTOFTHEARMY

UNCLASSIFIED. R-1 ITEM NOMENCLATURE PE F: Requirements Analysis and Maturation. FY 2011 Total Estimate. FY 2011 OCO Estimate

The Marine Corps Operating Concept How an Expeditionary Force Operates in the 21 st Century

New DoD Approaches on the Cyber Survivability of Weapon Systems

UNCLASSIFIED FY 2016 OCO. FY 2016 Base

Research Proposal Major William Torn Tompkins ISR RTF Vigilant Horizons. Working Title

Presentation to AFCEA

AVIONICS CYBER TEST AND EVALUATION

Cyberspace and the EMS: From Awareness to Understanding AFCEA TechnetAir 23 March, 2015

Air-Sea Battle: Concept and Implementation

Common Operating Environment, Interoperability, and Command Post Modernization (LOEs 2, 3, and 4)

Subj: DEPARTMENT OF THE NAVY CYBERSECURITY/INFORMATION ASSURANCE WORKFORCE MANAGEMENT, OVERSIGHT, AND COMPLIANCE

The Armed Forces Communications and Electronics Association (AFCEA)

DEPUTY SECRETARY OF DEFENSE 1010 DEFENSE PENTAGON WASHINGTON, DC SUBJECT: Implementation of Microsoft Windows 10 Secure Host Baseline

DEFENSE LOGISTICS AGENCY THE NATION S COMBAT LOGISTICS SUPPORT AGENCY

Army Space An Operational Perspective

Defense Daily Open Architecture Summit EMS Panel

A Call to the Future

Tactical Edge Command and Control On-The-Move A New Paradigm

Assessing the State of the Joint IO Enterprise. Mr. Gregory Radabaugh, SES Director Joint Information Operations Warfare Center

An Enterprise Environment for Information Assurance / Computer Network Defense Testing and Evaluation

Rapid Innovation Fund (RIF) Program

UNCLASSIFIED FY 2016 OCO. FY 2016 Base

Joint Warfare System (JWARS)

GLOSSARY - M Last Updated: 6 November 2015 ABBREVIATIONS

Department of Defense DIRECTIVE

COE. COE Snapshot APPLICATIONS & SERVICES CONNECTING OUR SOLDIERS EXAMPLE SERVICES. COE Enables. EcoSystem. Generating Force

USCYBERCOM 2018 Cyberspace Strategy Symposium Proceedings

AGI Technology for EW and AD Dominance

WARFIGHTER MODELING, SIMULATION, ANALYSIS AND INTEGRATION SUPPORT (WMSA&IS)

UNCLASSIFIED FY 2016 OCO. FY 2016 Base

NORAD and USNORTHCOM Technology Needs Mr. John Knutson J8 Office of S&T

Crowdsourced Security at the Government Level: It Takes a Nation (of Hackers)

Cybersecurity FY16 CYBERSECURITY. Cybersecurity 441

UNCLASSIFIED R-1 ITEM NOMENCLATURE

AUSA ILW LANPAC 2018 Forum 2: Industry Multi-Domain Operations in the Pacific

UNCLASSIFIED. R-1 Program Element (Number/Name) PE F / Distributed Common Ground/Surface Systems. Prior Years FY 2013 FY 2014 FY 2015

Modern Leaders: Evolution of today s NCO Corps

Department of Defense Fiscal Year (FY) 2016 IT President's Budget Request Overview

Army Identity and Access Management (IdAM)

UNCLASSIFIED. UNCLASSIFIED Navy Page 1 of 6 R-1 Line #162

Air Force Cyber Operations Command

Military theory is a primary component. Expanding Combat Power Through Military Cyber Power Theory. By Sean Charles Gaines Kern

NETWORK INTEGRATION EVALUATION OPENING REMARKS

25 AF Directorate of Communications (A6) and 625th Air Communications Squadron (ACOMS)

OUR MISSION PARTNERS DISA S BUDGET. TOTAL DOD COMPONENT/AGENCY ORDERS FOR DISA DWCF FY16 (in thousands)

GLOBAL INFORMATION GRID NETOPS TASKING ORDERS (GNTO) WHITE PAPER.

FM AIR DEFENSE ARTILLERY BRIGADE OPERATIONS

The best days in this job are when I have the privilege of visiting our Soldiers, Sailors, Airmen,

Department of Defense DIRECTIVE

Department of Defense INSTRUCTION. Protection of Mission Critical Functions to Achieve Trusted Systems and Networks (TSN)

Army National Guard. Deputy Chief of Staff for Intelligence and Security. COL Brent Richards

ABOUT MONSTER GOVERNMENT SOLUTIONS. FIND the people you need today and. HIRE the right people with speed, DEVELOP your workforce with diversity,

HUMAN RESOURCES ADVANCED / SENIOR LEADERS COURSE 42A

Air Force Science & Technology Strategy ~~~ AJ~_...c:..\G.~~ Norton A. Schwartz General, USAF Chief of Staff. Secretary of the Air Force

Advance Questions for Vice Admiral Michael S. Rogers, USN Nominee for Commander, United States Cyber Command

Cleared for Public Release

Rapid Force Structure Analysis

Training and Evaluation Outline Report

Go Tactical to Succeed By Capt. Ryan Stephenson

Computer Network Defense Roadmap

Effects-Based Information Operations: Some Observations

UNCLASSIFIED R-1 ITEM NOMENCLATURE FY 2013 OCO

C-IED Working Group Update to the C-IED Conference. COL Juan GÓMEZ MARTIN C-IED WG Chairman

Transcription:

Castles in the Clouds: Do we have the right battlement? (Cyber Situational Awareness) The Nation's Army in Cyberspace OVERALL CLASSIFICATION: US Army Cyber Command and Second Army 1 COL Mark Schonberg, ARCYBER G6 (CIO) 11 March 2016 AMERICA S ARMY: The Nation's Army in Cyberspace 1 THE STRENGTH OF THE NATION

DOD Cyber Security Planning Process This is a Hyper-Complex Environment The Nation's Army in Cyberspace 2

Agenda Convergence: A whole lot going on Lines of Effort Three Keys moving Forward Design: Security Upfront gives you the right battlement Data Management Strategy Work Force Development (Training) Take Aways Questions? The Nation's Army in Cyberspace 3

Convergence Data Tablet, Computer ISP Adversary U.S. Govt & Military USCYBERCOM Voice VOIP, Smartphone Radio Military C2 YOU! TV Netflix, Cable Grandma Satellite Smartphone Financial Wall Street, Banks Power Power Grid Gas Nuclear Water Pumping Stations The Nation's Army in Cyberspace 4

Cyberspace Lines of Effort Defensive Cyberspace Operations (DCO) Offensive Cyberspace Operations (OCO) DCO Internal Defensive Measures (DCO-IDM) DCO Response Actions (DCO-RA) * Mission focused/threat specific DCO IDM Cyber Protection Teams (CPT) Cyber forces execute cyber actions: Cyberspace OPE Cyberspace ISR Cyber Mission Teams (CMT) * Project power in and through cyberspace. Land DoDIN Ops Provide Freedom of Maneuver in Cyberspace DCO RA Nat l Mission Teams (NMT) Cyber Space JFC Mission Objectives Maritime Air DoDIN Operations *Network focused/threat agnostic The Nation's Army in Cyberspace 5

Cyberspace Environment Each layer of Attacker s Infrastructure and malware tools used can provide opportunities for mitigation. Adversary Infrastructure Every layer of the targeted victim s organization (people and infrastructure) must be defended against attacks. Victim s Attack Surface Physical Persona Cyber Persona Logical Network Physical Network Geographic Information users Information devices Data, databases, webpages and associated IP addresses ISP Infrastructure Attackers have the advantage since they need only succeed once. Defenders must succeed every time. Adam Smith Cyb3rK1ll3r IP 172.16.31.126 Physical locations Bethesda, MD The Nation's Army in Cyberspace 6

Security Upfront Joint Regional Security Stack (JRSS) Architecture Standardization (NIST) Common lexicon; shared understanding of definitions Globally Directed Regionally Aligned Locally Responsive The Nation's Army in Cyberspace 7

Data Management Concept Commander Mission Requirements Critical information requirements: Priority intelligence requirements Essential elements of friendly information Friendly force information requirements OUTPUT: Commander s decision Maneuver Current operations DCO-IDM JIMS* Common operational picture Logic / Patterns Intelligence support to cyberspace operations (enabling) Operations Center Operations Tools Products Data (common event format) Situational Awareness Big Data Big data platform Within context of attack chain methodology (enabling) Data management strategy critical non-materiel artifact, what you collect determines your ability to see yourself *Joint Information Management System The Nation's Army in Cyberspace 8

Cyber Situational Awareness Situational Awareness: Knowledge and understanding of the current situation which promotes timely, relevant and accurate assessment of friendly, enemy and other operations within the battle space in order to facilitate decision making (Army FM 5.0) Cyber Situational Awareness: The ability to aggregate and visualize specific network and intelligence data from key terrain in a manner that provides understanding of perimeter defense, coverage and control, availability/reliability, application security and mission context Cyber Situational Awareness Functional Category Perimeter defense Coverage and control Availability and Reliability Application Security External Threat and Current Operations Data Source E-mail threat, HBSS, Time to Remediate, web proxy logs, Attacks, full packet capture HBSS signature updates, patch management system, host configuration, vulnerability management Network up time, historical outages, network flow Red team reports, pen testing reports, defense in depth reports Intel reports, Operational reports The Nation's Army in Cyberspace 9

1 2 Every data project has four components: Understanding the business need. In our case it is threat detection. Gathering, messaging and preparing the data. 3 4 Doing the modeling. Operationalizing the outcome. Defined End-States The Nation's Army in Cyberspace 10

Evolving Operational of the Environment (Emergence of Cyberspace Demands Training Evolution) Past Classical AirLand Battle Today Classical Network Enabled Future LandCyber WW II thru Vietnam DS/DS thru OEF/OIF Network Enabled operations - PED from back in CONUS Network Effects Force-on-force in Cyberspace operating in Phase 0 No going back to grease pencils Our Adversaries have leveraged cyberspace to organize a new kind of force that leverages cyberspace as operational terrain and exploits the virtual dimension of human and machine behavior to revolutionize operations. 11 The Nation's Army in Cyberspace 11

Incident Response Lifecycle Best Practice Post-incident Analysis/Forensics Recovery & Restoration Remediation Planning Containment Incident Prevention Detection Incident Response Lifecycle Failure Points / Gaps Problem Post-incident Analysis/Forensics Planning Incident Prevention Recovery & Restoration Remediation Containment Detection Automated Failure Point / Gap Remediation Solution Post-incident Analysis/Forensics Planning / Indicators of Compromise Incident Prevention Recovery & Restoration Remediation Containment Detection The Nation's Army in Cyberspace 12

Training Environment Today Tomorrow ESM / ArcSight Mandated Systems / Existing Doctrine ACAS EPO Field Operate Train HBSS ACAS Open Source / DCO Focus D E M O Joint Information Environment (JIE) Integrated Capability / New Doctrine IA TOOLS NETOPS TOOLS Developed Software Cyber Protect Teams -- Cyber Combat Mission Teams -- Cyber National Mission Teams Anytime Anywhere OPERATE & TRAIN Baseline Platform Task Order (Requirement) Integrate, Test, Field and Train = Integrate in to the Army environment while fully automating manual incident response actions The Nation's Army in Cyberspace 13

OT Training Challenges No Common Lexicon Cost prohibitive: function specific software Lack of Security tools Lack of Cyber Ranges for OT and associated systems Limited ability to execute operations The Nation's Army in Cyberspace 14

Take Aways Embrace Cyberspace as a contested domain; Design Security Upfront Understand your network and cyber key terrain; emplace sensors and monitor key reporting tools to create the right Cyber Situational Awareness (SIEM/BDP) Focus on Common standards; System Integration is key (OT - to - IT) Train your Cyber Workforce on processes do not get focused on tools; build the high-end engineering bench Don t be afraid to take something off of the table; resources are limited The Nation's Army in Cyberspace 15

Questions? You are here The Nation's Army in Cyberspace 16

2024 © careersdocbox.com Privacy Policy | Terms of Service | Feedback