USCYBERCOM 2018 Cyberspace Strategy Symposium Proceedings

Similar documents
AIR FORCE CYBER COMMAND STRATEGIC VISION

The 19th edition of the Army s capstone operational doctrine

CYBER SECURITY PROTECTION. Section III of the DOD Cyber Strategy

To be prepared for war is one of the most effectual means of preserving peace.

The best days in this job are when I have the privilege of visiting our Soldiers, Sailors, Airmen,

24th Air Force/ AFCYBER Delivering Outcomes through Cyberspace

Revolution in Army Doctrine: The 2008 Field Manual 3-0, Operations

Information Operations

A Call to the Future

CSFI Cyberspace Operations Strategist and Planner CSFI- CCOSP

THE 2008 VERSION of Field Manual (FM) 3-0 initiated a comprehensive

National Security Cyber Trends ALAMO ACE Presentation

Statement by. Brigadier General Otis G. Mannon (USAF) Deputy Director, Special Operations, J-3. Joint Staff. Before the 109 th Congress

Force 2025 Maneuvers White Paper. 23 January DISTRIBUTION RESTRICTION: Approved for public release.

DOD STRATEGY CWMD AND THE POTENTIAL ROLE OF EOD

America s Army Reserve Ready Now; Shaping Tomorrow

LOE 1 - Unified Network

AUSA Army Artificial Intelligence and Autonomy Symposium and Exposition November 2018 Cobo Center, Detroit, MI. Panel Topic Descriptions

3 rd Annual Electromagnetic Spectrum Operations Summit

America s Airmen are amazing. Even after more than two decades of nonstop. A Call to the Future. The New Air Force Strategic Framework

The Joint Force Air Component Commander and the Integration of Offensive Cyberspace Effects

Intelligence Preparation of the Battlefield Cpt.instr. Ovidiu SIMULEAC

GOOD MORNING I D LIKE TO UNDERSCORE THREE OF ITS KEY POINTS:

1. What is the purpose of common operational terms?

Navy Information Warfare Pavilion 19 February RADM Matthew Kohler, Naval Information Forces

EVERGREEN IV: STRATEGIC NEEDS

Air Force Science & Technology Strategy ~~~ AJ~_...c:..\G.~~ Norton A. Schwartz General, USAF Chief of Staff. Secretary of the Air Force

HEADQUARTERS DEPARTMENT OF THE ARMY FM US ARMY AIR AND MISSILE DEFENSE OPERATIONS

Challenges of a New Capability-Based Defense Strategy: Transforming US Strategic Forces. J.D. Crouch II March 5, 2003

COMPLIANCE WITH THIS PUBLICATION IS MANDATORY

RECORD VERSION STATEMENT BY LIEUTENANT GENERAL JOHN M. MURRAY DEPUTY CHIEF OF STAFF OF THE ARMY, G-8 AND

Air Force Cyber Operations Command

Cybersecurity United States National Security Strategy President Barack Obama

UNCLASSIFIED R-1 ITEM NOMENCLATURE

This block in the Interactive DA Framework is all about joint concepts. The primary reference document for joint operations concepts (or JOpsC) in

Synthetic Training Environment (STE) White Paper. Combined Arms Center - Training (CAC-T) Introduction

Executing our Maritime Strategy

AIR COMMAND AND STAFF COLLEGE AIR UNIVERSITY DISTINCTIVE FUNCTIONS OF THE UNITED STATES AIR FORCE IN THE CYBERSPACE DOMAIN

THE U.S. ARMY LANDCYBER WHITE PAPER

Department of Defense DIRECTIVE

CAPT Jody Grady, USN USCYBERCOM LNO to USPACOM

38 th Chief of Staff, U.S. Army

Response to the. Call for Papers on Operational Challenges. Topic #4

How the Component Commands Support the U.S. Cyber Command Vision

ADP337 PROTECTI AUGUST201 HEADQUARTERS,DEPARTMENTOFTHEARMY

Comprehensive 360 Situational Awareness for the Crew Served Weapons Leader

Task Force Innovation Working Groups

UNCLASSIFIED. UNCLASSIFIED Air Force Page 1 of 5 R-1 Line #169

Dynamic Training Environments of the Future

LESSON 2 INTELLIGENCE PREPARATION OF THE BATTLEFIELD OVERVIEW

Department of Defense DIRECTIVE

Global Vigilance, Global Reach, Global Power for America

17 th ITEA Engineering Workshop: System-of-Systems in a 3rd Offset Environment: Way Forward

HUMAN RESOURCES ADVANCED / SENIOR LEADERS COURSE 42A

Doctrine Update Mission Command Center of Excellence US Army Combined Arms Center Fort Leavenworth, Kansas 15 January 2017

UNCLASSIFIED. Unclassified

COMPLIANCE WITH THIS PUBLICATION IS MANDATORY

Civil-Military Operations Center. May DISTRIBUTION RESTRICTION: Approved for public release; distribution is unlimited.

Joint Information Environment. White Paper. 22 January 2013

navy strategy For AChIevIng InFormAtIon dominance navy strategy For AChIevIng InFormAtIon dominance Foreword

Plan Requirements and Assess Collection. August 2014

JFHQ DODIN Update. The overall classification of this briefing is: UNCLASSIFIED Lt Col Patrick Daniel JFHQ-DODIN J5 As of: 21 April 2016 UNCLASSIFIED

Crowdsourced Security at the Government Level: It Takes a Nation (of Hackers)

Tactical Technology Office

The pace of change and level of effort has increased dramatically with

Multi-Domain Battle: Evolution of Combined Arms for the 21st Century Version 1.0 December 2017

The National Military Strategy of the United States of America

HOMELAND SECURITY PRESIDENTIAL DIRECTIVE-4. Subject: National Strategy to Combat Weapons of Mass Destruction

2009 ARMY MODERNIZATION WHITE PAPER ARMY MODERNIZATION: WE NEVER WANT TO SEND OUR SOLDIERS INTO A FAIR FIGHT

Su S rface Force Strategy Return to Sea Control

Navy Medicine. Commander s Guidance

USS COLE Commission Report

Army Experimentation

Air Force Cyberspace Command NDIA 2007 DIB Infrastructure Protection Symposium

JAGIC 101 An Army Leader s Guide

UNCLASSIFIED. FY 2011 Total Estimate

Castles in the Clouds: Do we have the right battlement? (Cyber Situational Awareness)

Army Network Campaign Plan and Beyond

The Marine Corps Operating Concept How an Expeditionary Force Operates in the 21 st Century

UNCLASSIFIED/ AFCEA Alamo Chapter. MG Garrett S. Yee. Acting Cybersecurity Director Army Chief Information Officer/G-6. June 2017 UNCLASSIFIED

Trends in Security Competition

JRSS Discussion Panel Joint Regional Security Stack

The current Army operating concept is to Win in a complex

Methodology The assessment portion of the Index of U.S.

UNCLASSIFIED UNCLASSIFIED

WEST POINT CYBER INITIATIVES

Advance Questions for Vice Admiral Michael S. Rogers, USN Nominee for Commander, United States Cyber Command

SACT s KEYNOTE at. C2 COE Seminar. Norfolk, 05 July Sheraton Waterside Hotel. As delivered

GLOBAL INFORMATION GRID NETOPS TASKING ORDERS (GNTO) WHITE PAPER.

Predictive Battlespace Awareness: Linking Intelligence, Surveillance and Reconnaissance Operations to Effects Based Operations

Go Tactical to Succeed By Capt. Ryan Stephenson

Department of Defense DIRECTIVE

Marine Corps Warfighting Laboratory

Joint Staff J7 Cyberspace Environment Division / Joint Information Operations Range (JIOR) Overview

Cyberspace Operations

We Produce the Future

MC Network Modernization Implementation Plan

CHAIRMAN OF THE JOINT CHIEFS OF STAFF INSTRUCTION

Air-Sea Battle & Technology Development

Department of Defense DIRECTIVE

Transcription:

USCYBERCOM 2018 Cyberspace Strategy Symposium Proceedings

Preface US Cyber Command hosted its inaugural Cyberspace Strategy Symposium at National Defense University on February 15, 2018. This day-long event showcased thought leaders from the Command and its partners inside and outside government pondering the challenges ahead for cyberspace operations. The Symposium s four panels and keynote addresses discussed current and likely issues, and debated USCYBERCOM s strategy and operations in a collective effort to improve operational outcomes. We believe the proceedings herein shed insight on the Symposium s central question: What are the foundational organizing principles we need to operate more effectively in cyberspace? The workshop s audience felt inspired to think creatively about USCYBERCOM s potential answers to this question, and I encourage readers of this publication to do likewise. General Paul M. Nakasone CDR USCYBERCOM 1

PANEL 1 Cyber and the Information Environment Discussion The challenges of integrating cyberspace and information operations (IO) are not new, but over the last several years our adversaries have been aggressive and innovative, using a range of tools in cyberspace. It has been difficult for DOD to respond effectively. Adversaries are now employing IO and operating continuously short of armed conflict. They do not see a distinction between cyber and IO, and understand the importance of connectivity, content, and cognition. The United States government has traditionally sub-divided its IO concepts and activities, and has not adapted to these fundamental changes. In addition, Cyberspace is moving away from its hitherto civil-society dominated governance model. Synchronizing and coordinating information-related capabilities together in a coherent strategy is piecemeal and limited today. Our adversaries, by contrast, are in a persistent state of competition, conducting influence operations to gain an advantage over us. DOD must be imaginative, within the bounds of law, policy, and capabilities, in integrating IO and cyberspace capabilities to counter and contest our adversaries globally. Issues for Further Exploration 1. The relationship between cyber, what was historically called command and control (C2) warfare (adversary focused), and influence operations (which are not just adversary focused), and how to integrate these capabilities. 2. Relevance of concepts like area of responsibility and red-blue-gray space to the cyberspace domain. 3. How cyber is a subset of information operations. 4. Assumptions about the battlespace. Adversaries do not see the distinctions we do and operate more effectively at scale using a full range of tools. 2

PANEL 2 Speed and Agility for Defense and Offense Discussion Cyberspace engagements can occur almost instantaneously, simultaneously, globally, and continuously. Success in the domain requires a whole-of-government approach that aligns to the interconnected battlespace--a domain that does not recognize territorial borders, sovereign territory, or areas of hostility. The 2018 National Defense Strategy identified the need for the joint force to be agile to prevail in conflict and preserve peace through strength. The discussion explored several ways to conceive of and increase agility in cyberspace: (1) Organize intelligence processes and partner with the rest of the Defense Intelligence Enterprise to increase agility and operational impact. (2) Approach cyberspace operations like traditional fire and maneuver tactics to gain the ability to react to contact. (3) Execute cyberspace operations through mission command. (4) Approach cyberspace as a maneuver domain. Issues for Further Exploration 1. Rules of Engagement (ROE) for operational commanders to respond with latitude to enable action like in other domains, where orders are written based on understanding of terrain, how the enemy would move, and a scheme of maneuver is built accordingly. This would enable Commanders to react to contact, have fire control measures, know their causalities, and synchronize with commanders on left and right sides. 2. Enabling component commanders to organize their forces as needed to counter adversary action. 3. Understanding of the cyberspace domain to include human interaction that spans the entire spectrum from competition to conflict, and recognition that DOD is in continuous 3

engagement with adversaries, as distinct from a narrower view of the domain as one of vulnerabilities, threats, and focused technical actions to close vulnerabilities. 4. Adopting a maneuver mindset rather than a management and maintenance mindset. 5. The factor of speed. Is speed a limiting factor because we are a democracy. Can the U.S. be faster than its adversaries in cyberspace? If not, what offsets are available? 6. How do we measure risk in cyberspace? Assessment of risk at the tactical level and providing timely and relevant information to operational commanders. A reporting process using a series of stop light charts does not constitute risk management. 4

PANEL 3 Integrating Cyberspace Operations into the Joint Force Discussion For cyberspace operations to remain relevant and integral to combat power projection, they must not differ from the other warfighting domains in fires and maneuver. One of our early lessons emphasizes that we should identify, vet, validate, nominate, and approve cyber targets in the same manner as we do for conventional strikes. A level of comfort is growing among senior leaders and commanders based on operational experience. Education and expectation management are key as cyber forces and capabilities bring credible options. To deliver all-domain integrated effects synchronized in timing and tempo as required by combatant commanders, the Services must integrate the concepts of cyberspace operations into how they organize, train, and equip the force. The discussion surfaced examples from practitioners and operational commanders who applied known and familiar concepts and are seeking improvement to joint operations by asking, What might we adjust? Issues for Further Exploration 1. Fully integrating cyberspace operations into combatant commander plans as well as existing boards, bureaus, cells, and workgroups used to plan and execute warfare. 2. The nature of cyberspace as convergence and the need to integrate horizontally and vertically in thought and action. 3. Integrating the new Integrated Planning Elements with existing JCCs. Capturing best practices and lessons learned from combatant commands and sharing across combatant commands to accelerate integration and normalize cyber planning and operations. 4. Maturing cyber processes to provide cyber options and capabilities at the timing and tempo needed by operational commanders. 5. Understanding how cyber effects play out downstream, to include second and third order effects, to help operational commanders understand risk (vulnerabilities and exposures) and gain confidence. 5

6. How modeling and simulation environments can generate data and achieve greater levels of confidence and trust in cyberspace Battle Damage Assessment (BDA). 7. A common, formalized process to provide integrated cyber capabilities to the Joint Force. Capabilities developed by one Service need to be interoperable with capabilities and components delivered by other Services to be usable by a force comprised of personnel from yet another Service. 8. A common testing construct and process for developers, engineers, and operational commanders to determine whether a cyber effect will work as expected, one that all Services and Combat Support Agencies could adopt to calculate the spread, size of impact, and reversibility of the effect. 9. Increasing speed and agility in the development and integration of cyber tools for current operations. Testing to ensure the cyber capability performs its expected function in the operational environment, and accepting a good enough level of testing to manage risk and achieve speed and agility. Adopting standards and investing in flexible technologies. 10. A DOD measurement construct for which capabilities/tools at what quantity should reside in the armory to ensure the cyber force is equipped and ready to support operational commanders. 11. A balanced approach to account for operational gain and loss (OGL) and intelligence gain and loss (IGL) when calculating risk. 6

PANEL 4 Defend the Nation Discussion This is one of the least developed mission areas and one in which there is little consensus on what it means to defend the nation and its interests in cyberspace, or on what role the Department of Defense should be for this mission. Some participants questioned whether DOD has a role in defending the nation in cyberspace. Others accepted that DOD has a role to play but debate its scope and purview, insisting that DOD should defend more than its own networks. Issues for Further Exploration 1. Forging a DOD consensus on what its responsibility should be in defending critical infrastructure. 2. The terms and conditions of DOD s partnership with DHS, the States, critical infrastructure sector leads, and specific companies within critical infrastructure sectors. Seams between partners that inhibit planning, force sizing, capability development, and execution of military operations in support of partnership agreements. 3. Understanding public receptivity to, and tolerance of, military action in cyberspace as part of a yet-to-be-defined whole of society approach. 4. What constitutes a significant attack? Is a single attack significant? On the other hand, is significance in cyberspace a cumulative effect? 5. Clarifying the terms secure, protect, and defend to distinctly describe functions and advance the conversation. Secure is threat agnostic where everyone secures their systems and networks based on some set of standards (e.g., ISO 27001/27002, NIST guidelines). Protect is threat specific but passive where additional security may be added based on specific threats. Defend is a threat and capability focused activity designed to counter adversary strategy and capability. 6. The use of insurance to reduce critical infrastructure risks and inform DOD risk calculation and planning. 7

7. Ensuring operational realism and experience inform policy. 8. Is there a threshold of support that DOD should be expected to provide when a state or other sophisticated adversary attacks our critical information? When is it appropriate for industry and States to call on DOD for support? The value of standing Defense Support of Civil Authorities (DSCA) to shorten the decision cycle and make requests routine. 9. Federal Government barriers based on classification levels, sources and methods, and tear lines that hinder industry s ability to understand their environment and defend their networks. 10. The role of commercial intelligence processes that may outpace traditional military intelligence processes where DOD information is late-to-need. How DOD can disseminate information faster and at lower classification levels to increase its value and ability to share. 11. When do cybersecurity risks from businesses and private users take on national security implications? 12. How authorities that were issued prior to the growth of cyberspace may now increase risk of cyber attack. 8

Questions for Future Study and Analysis USCYBERCOM compiled this list of questions for scholars, students, and members of DOD to inform research at civilian and military institutions of higher education, think tanks, and other research bodies. USCYBERCOM welcomes any products that respond to these topics. MORNING KEYNOTES 1. What can we learn from our allies to inform our strategy, operations, organization, and processes? 2. How can we measure success and performance on the cyber battlefield? 3. What is the value of cyberspace operations? 4. What is (and should be) the role of DOD in defending our nation from cyberspace threats? PANEL 1. Cyber and the Information Environment 5. What is the current relationship between information operations (IO) and cyberspace operations? 6. What are the legal and policy changes needed to integrate information operations with cyberspace operations? 7. What are the resources, capabilities, authorities, and partnerships needed to conduct cyberspace operations outside areas of hostility? 8. How can USCYBERCOM augment the nation s ability to conduct strategic influence operations? 9. The intelligence requirements for successful information operations are not accounted for in the kinetic targeting model. How can we increase intelligence support for IO targeting and do it at scale? What structural issues (databases, training, etc.) exist that prevent this ramp up in intelligence support? 10. How can we predict adversary behavior in cyberspace? What trends and insights can we leverage to form such predictions? Can we use that information to destabilize or grapple with the adversary? 9

11. What does a whole-of-society defense in cyberspace look like? 12. Can Joint Task Force-Ares, stood up to support C-ISIS operations, serve as a model for scaling support for operations? If so how? 13. How would seeing information as basis for power diplomatically, military, and economically change the way we approach the application and assessment of national power? 14. What actions in cyberspace fall under traditional military activity? Can DOD use this to legitimize its cyber activities? 15. How do our adversaries think about IO and cyber information operations? How is it similar or different from U.S. views? What are the implications for relative advantage? 16. How can we organize our forces so that the military can target and execute information operations through cyberspace outside the area of conflict? 17. What methods exist to depict the scale of activities by cyberspace adversaries for intelligence professionals? 18. From an IO perspective, how much of a departure from traditional IO is what we are now seeing discussed in the news daily? PANEL 2. Speed and Agility for Defense and Offense 19. How can we manage our data to ensure rapid and timely support to commanders decisionmaking? 20. How does continuous engagement with adversaries change if DOD shifts from a warfocused mindset to a competition-focused mindset? 21. How can we incorporate support elements at every echelon to enhance cyberspace operations? Current model integrates different aspects of support at different echelons (strategic, operational, and tactical). 22. How do we more effectively leverage intelligence and information to pursue our adversaries? 23. Is attribution at a tactical level irrelevant to defensive cyberspace operations? What are the benefits and costs to pursuing and tracking attribution? 10

24. How do you articulate the risks for commanders at echelon to make better decisions? 25. How should we modify or adapt plans, policies, and processes to achieve speed and agility? KEYNOTE - Cyber Persistence 26. What dynamics from information technology have led to this new, distinguishable domain of cyberspace? Why do previous constructs fail to fit to the realities of cyberspace? 27. What is the role of non-security seeking, security-relevant actors in securing the nation? What do they contribute to national security? 28. What has fundamentally changed in cyberspace since the time USCYBERCOM stood up? How do those changes create challenges for policy, strategy, and competition with adversaries? 29. Where do cybersecurity and cyberspace operations fit into US grand strategy? Into the strategies of our adversaries? 30. How do we enable cyber forces, in peacetime, to conduct cyberspace operations as traditional military activities? 31. What is the role of the private sector in seizing and maintaining the cyber initiative? PANEL 3. Integrating Cyberspace Operations into the Joint Force 32. Can, and should, the U.S. military implement the Australian military s model for cyberspace? 33. How can changes in the intelligence apparatus improve the support for foundational system analysis and targeting to more effectively employ high demand/low density teams? 34. Is it extremely difficult to perform adversarial threat modeling, especially in cyberspace? How can USCYBERCOM bridge that gap and provide a more accurate threat picture to the USG? 35. How did the transition to a calls for fires mission change USCYBERCOM support to CCMDs? 11

36. How does the application of IGL, without reference to OGL, effect cyberspace operations and national objectives? 37. How can the services coordinate the use of cyberspace capabilities, the IGL/OGL, and exposed Tactics, Techniques, and Procedures? 38. How can and should the military calculate and communicate collateral damage assessments for cyberspace operations? 39. With each service developing cyber capabilities, how do we minimize or eliminate redundancies, overlap, and waste? PANEL 4. Defend the Nation 40. How can society be encouraged and incentivized to protect cyberspace? 41. What is DOD s history with the defense of the nation mission? Why is it not in our DNA? 42. Can and should DOD defend the civilian critical infrastructure upon which it relies to execute its missions? 43. Is the war on drugs an appropriate analogy to cyberspace as an example of the home game needing the away game to defeat external threats to a permeable society? 44. Is DOD letting down its industry partners and/or companies outside the Defense Industrial Base (DIB)? How can we remedy this? 45. If USCYBERCOM had the authority, in the time of an emergency, to support Critical Infrastructure and Key Resources (CIKR) companies, what type of units would be supporting? How would they integrate into steady-state operations? 46. How do government advisories and guidance raise the bar in security for critical infrastructure? How can the government more effectively shape security rather than merely react to events? 47. How can the private sector leverage the operational capacity resident in the CNMF? What methods can help evaluate approaches to integrate the CNMF in the defense of critical infrastructure? 12

48. What are the implications of a standing DSCA request for support to CIKR from USCYBERCOM? 49. How do you define an act of significant consequence in cyberspace? What is the role for USCYBERCOM in preventing these acts? 50. Emergency response begins at the local level and escalates to the state and federal levels. Would an emergency from a cyberspace event function differently? Would any cyberpeculiar aspects change this model? 51. Is there a decision model for cyberspace for national incidents, something equivalent to the USAF taking over airspace for some length of time after 9/11? If not, what should one look like? 52. Is the U.S. populace receptive to the changes necessary to defend the nation that other countries have taken? If not, why not? 13

Notes 14

NSA Creative Imaging 199197

2024 © careersdocbox.com Privacy Policy | Terms of Service | Feedback