An Overview of Large US Military Cybersecurity Organizations

An Overview of Large US Military

Cybersecurity Organizations

Colonel Bruce D. Caulkins, Ph.D.

Chief, Cyber Strategy, Plans, Policy, and Exercises Division

United States Pacific Command

Agenda

2

• United States Cyber Strategy

• US Federal Cybersecurity Operations Team

• DOD Cyber Strategy

• JP 3-12 (R) Example: DODIN Operations

• Cyber Framework

• Conclusions

United States Cyber Strategy

UNCLASSIFIED

U.S. International Strategy for Cyberspace:

“…combine Diplomacy, Defense & Development to enhance

prosperity, security & openness…”

• Dissuading and Deterring

• Strengthening Partnerships

• Building Prosperity and Security

Our strategic approach is always grounded by our unshakable

commitments to fundamental freedoms of expression, privacy,

and the free flow of information

3U.S. Joint Cyberspace Doctrine is Emerging and Evolving

Glo

bal

Cyb

ersp

ace

US

Go

vern

men

t Dep

artm

ents

an

d A

gen

cies

UNCLASSIFIED

U.S. Federal Cybersecurity Operations Team National Roles and Responsibilities

• Investigate, attribute, disrupt and

prosecute cyber crimes

• Lead domestic national security

operations

• Conduct domestic collection,

analysis, and dissemination of

cyber threat intelligence

• Support the national protection,

prevention, mitigation of, and

recovery from cyber incidents

• Coordinate cyber threat

investigations

• Defend the nation from attack

• Gather foreign cyber threat intelligence

and determine attribution

• Secure national security and military

systems

• Support the national protection,

prevention, mitigation of, and recovery

from cyber incidents

• Investigate cyber crimes under military

jurisdiction

DOJ/FBI DoD DHS• Coordinate the national protection,

prevention, mitigation of, and

recovery from cyber incidents

• Disseminate domestic cyber threat

and vulnerability analysis

• Protect critical infrastructure

• Secure federal civilian systems

• Investigate cyber crimes under

DHS’s jurisdiction

DHSLEAD FOR

Protection

NPPD, USSS,ICE

DOJ/FBILEAD FOR

Investigation and

EnforcementFBI, NSD, CRM,

USAO

USCYBERCOM, NSA,

DISA, DC3

DoDLEAD FOR

National Defense

Coordinate with Public, Private, and International Partners

UNCLASSIFIED

* Note: Nothing in this chart alters existing DOJ, DHS, and DoD roles, responsibilities, or authorities

*AGREED

March 5, 2013

Department of Defense Cyber Strategy (2015)

• Build and maintain ready forces and capabilities to

conduct cyberspace operations;

• Defend the DoD information network, secure DoD data,

and mitigate risks to DoD missions;

• Be prepared to defend the U.S. homeland and U.S.

vital interests from disruptive or destructive

cyberattacks of significant consequence;

• Build and maintain viable cyber options and plan to

use those options to control conflict escalation and to

shape the conflict environment at all stages;

• Build and maintain robust international alliances and

partnerships to deter shared threats and increase

international security and stability.

JP 3-12 (R) Example: DODIN Operations

DOD Information Network operations are actions taken:

• To design, build, configure, secure, operate, maintain, and sustain

DOD communications systems and networks in a way that creates

and preserves data availability, integrity, confidentiality, as well as

user/entity authentication and non-repudiation

7

USPACOM Cyberspace Security Capabilities Framework

• Provides foundation for assisting cyberspace maturity of allied and

partner nations

• Facilitates collective cyber defense in the Pacific region

• Offers stable, flexible catalog of security controls to meet

information protection needs

• Incorporates internationally-recognized best practices based on

National Institute of Standards and Technology (NIST) 800-53 and

International Organization for Standardization (ISO) 27001 security

controls

• Aligns with operational structure of defense establishments using

the DOTMLPF-P construct to categorize security controls

Self-Assessment DOTMLPF-P

Methodology Examples

Sample Assessment: Maturity Level by DOTMLPF-P Group

After scoring maturity levels within 17 security control categories, we can evaluate

the organization’s cyberspace security maturity based on DOTMLPF-P

0.0

0.5

1.0

1.5

2.0

2.5

3.0

3.5

4.0

4.5

5.0

Matu

rity

Lev

el

Country X Cybersecurity Maturity Level (DOTMLPF-P)

Maturity Level Scoring Mapped to DOTMLPF-P

DOTMLPF-P Example

• Doctrine

• Organizations

• Training

• Materiel

• Leadership & Education

• Personnel

• Facilities

• Policy

“Are there organization(s) with

the mission and appropriate

authorities to implement and

monitor the execution of

cyberspace defensive

measures?” (Cyber Workforce

Requirements)

DOTMLPF-P Example

• Doctrine

• Organizations

• Training

• Materiel

• Leadership & Education

• Personnel

• Facilities

• Policy “Does the defense

establishment conduct

recurring (annual) training for

all network users on basic

network security principles

and awareness?”

DOD 8570

DOTMLPF-P Example

• Doctrine

• Organizations

• Training

• Materiel

• Leadership & Education

• Personnel

• Facilities

• Policy“Does the defense

establishment have leader

education modules stressing

the importance of security in

cyberspace?”

DOTMLPF-P Example

• Doctrine

• Organizations

• Training

• Materiel

• Leadership & Education

• Personnel

• Facilities

• Policy

“Does the organization

promote cyber awareness

and cooperation at the

national level about the need

for national action,

international cooperation, and

a whole-of-government

approach to cyber?”

Conclusions

Robust cyber strategy from US Government and DOD

Key components for any organization

Cyber framework construct will enable U.S. and allies

and partners in the USPACOM area to bolster our

collective cyberspace defenses

Ultimately, we need to continue to promote international

norms and standards in cyberspace security concepts

while promoting a whole-of-government approach

Questions?