Armed Forces Communications & Electronics Association (AFCEA) AFCEA International Non-profit membership association Serves the military, government, industry, and academia Advances professional knowledge and relationships in the fields of communications, IT, intelligence, and global security. AFCEA Activities SIGNAL Magazine (Monthly) SIGNAL Connections (Online Newsletter) Educational Foundation Professional Development Center AFCEA Sponsored Conferences/Symposia AFCEA Participants 20,000 individual members 11,000 corporate associates 1,400 corporate members
23
Embed
Armed Forces Communications & Electronics Association (AFCEA) AFCEA International Non-profit membership association Serves the military, government, industry,
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Armed Forces Communications & Electronics Association (AFCEA)
AFCEA International Non-profit membership association Serves the military, government, industry, and academia Advances professional knowledge and relationships in the fields
of communications, IT, intelligence, and global security.
AFCEA Activities SIGNAL Magazine (Monthly) SIGNAL Connections (Online Newsletter) Educational Foundation Professional Development Center AFCEA Sponsored Conferences/Symposia
AFCEA Participants 20,000 individual members 11,000 corporate associates 1,400 corporate members
I n t e g r i t y - S e r v i c e - E x c e l l e n c e
Operationalizing Network Defense
(or, “The Awakening of One Comm Guy”)
Colonel Mark KrossColonel Mark KrossCommanderCommander
2626thth Network Operations Group Network Operations Group
Overall Classification:UNCLASSIFIED
Overview
Importance of the Network Net-D Primer Net-D as a Recognized Operation The Big Evolution People Systems Intel Planning
Network Defense: The Operational Imperative
AF Operations today use a complex network of systems and airmen, enabling full spectrum dominance – we need our networks to fight.
“The first battle in the wars of the future will be over control of Cyberspace” - Dr Lani Kass
Threats to U.S. Air Force Networks
December 1998 – January 2003Most activity from moderately skilled individuals
• Hackers, Script kiddies, Criminals
February 2003 – 2005Skilled / organized actors (possibly state-sponsored)
““As the nation with the world’s most advanced armed forces, we can’tAs the nation with the world’s most advanced armed forces, we can’t afford to risk losing the freedom of action in the cyberspace domain.”afford to risk losing the freedom of action in the cyberspace domain.”
- SECAF Jun 07- SECAF Jun 07
5,804,970 Real-Time Alerts
28,398 Suspicious Events
257 Non Compliance
20,116,960,777 Suspicious Connections
Validate
2007: 31 validated Incidents:- 78% had TCNOs- Patches/Updates not done- Default/Weak passwords- Poor permission settings
• Physical destruction Physical destruction • Forces of NatureForces of Nature• Nation StatesNation States• Non-State ActorsNon-State Actors
CyberOps is an arms race that favors the offensive
Functionally, Network Defense (Net-D) is somewhat analogous to an Air Defense system (CRE), but…
“Missions” are not single engagements, but muiltiple and constant
No US historical precedent: Perpetual, undeclared struggle Against a myriad of peer-level adversaries
whose identities are often un-prove-able In which weapons and tactics emerge, evolve,
and become obsolete in days or weeks
Net-D as a Recognized Operation
AFDD 2-5: Net-D is a subset of Network Warfare Operations, as part of Information Operations IO: “The integrated employment of the capabilities of influence
operations, electronic warfare operations, network operations in concert with the specified integrated control enablers, to influence, disrupt, corrupt or usurp adversarial human and automated decision-making while protecting our own.”
New Doctrine pending—NetD will still be a type of op!
Sub-classCapabilities
Military Capabilities
EA
ES
EP NetANetD
NS
MD PSYOPOPSEC
PA C-PROCI
Influence Ops
ElectronicWarfare Ops
NetworkWarfare Ops
The Big Evolution
Steps on the Evolutionary Trail of Network Defense: Nothing Information Assurance Information Assurance plus Network Defense Info Assurance plus Operationalized Net-D
Operationized Net-D—the process to get there is a set of concurrent evolutions in many areas—including people, systems, intelligence, and planning!
The Evolution in People
Steps on the Evolutionary Trail of Building a Network Defender: Nothing Technical Training Technical Training plus Operational Training in
an IQT/MQT Construct Certified Training Under a Stan/Eval Process
ASIM Tech
CENTCOM Tech
Routing/Networking
Unix
11
33 NWS Crew Qualification
Crew
Initial Assessment
33 NWS Common Block Course
33 NWS ASIM Operators Training Course
Commercial Training Courses
MQT Test – 85 % passing
33 NWS CENTCOM Operators Training Course
IQT Test – 70% passing
Hands on Check Ride
Crew
Chi
efLe
ad A
naly
stASIM
Ope
rato
rIn
cide
nt
CENTCO
M
Sys
Adm
inTe
ch
33 NWS Technical Refresher
Ope
rato
r
Res
pons
e
Comm
ande
r
33 NWS NSD Fundamentals Course
Undergraduate Network Warfare Training (UNWT)
One Course – Two Parts Advanced Distributed Learning UNWT In-Residence – 39 IOS
Full Crew Training Officer, Enlisted, Civilian Comm, Intel, Space, Engineer, AFOSI
Partner w/ Industry SANS GSEC Bootcamp DoD 8570.1M Certification Idaho National Labs / Sandia National Labs
Pacific Northwest National Labs
Hands-On Mission Simulators & Models Joint Cyber Ops Range / Telephony / Wireless / SCADA Joint IO & Space Range / IADS / TADIL / SATCOM
Community Development Cyberspace Training Summit Missile & Space Intelligence Command / JRAAC / JIOR Community of Practice (CoP) (AFKN) Dept. of Homeland Security (DNS)
Standard ROEs and TTPs Mission Training Mandatory Simulator time –
critical thinking Rigorous Evaluation
Elite Network Warriors – ready to affect the battle space
Operations
Stan/Eval
Mission Training
Weapons & Tactics
The Evolution in Systems
Steps on the Evolutionary Trail of a Net-D Weapon: “Some IT Gear” bought and deployed A System, tested prior to deployment A System, obtained to achieve a specific Net-D
effect, tested, certified, and weaponized prior to deployment
AF Info Ops Center (AFIOC)
Weapons NetWarfare Tools OT&E Countermeasure Development/Support Network Warfare Systems Capability
Integration Wireless Signature support New Technologies
Tactics Development Architecture analysis support (incident
response) TTP Development System/ Software Vulnerability
Assessments Modeling/Simulation
Net-D’s Weapon Systems
ASIMS – Automated Security Incident Measurement System “Packet Sniffer on Steroids”: Monitors DMZ traffic, alerts on
suspicious traffic GOTS software – IDS signatures not shared outside of DoD Working Block 3.1.1 – IPv6 logging, auto response/remediation, wild
card string matches, 40% faster processing
BorderGuard CENTCOM’s Intrusion Detection and Prevention system Virtually NO major Net-D incidents in CENTCOM while deployed!
IO (Information Operations) Platform Interoperable, survivable, real-time packet monitoring of all traffic for
ID’d signatures Captures context (pre/post compromise actions) Allows Net-D operator to block, quarantine, log, alter, or deep-inspect
traffic
AF Net-D Weapon Systems
+ AFIOC
+ OSI
+ NOSCs
AF Sensors: 215
Enlisted: 117
Officer: 51
Civilian: 10
Contractors: 107
33 NWS
+ DoD
+ Joint
+ Civilian
USCENTCOM Sensors: 111
79% Cisco 21% ASIM
The Evolution in Intelligence
Steps on the Evolutionary Trail of Net-D Intelligence: Nothing “Headline vignette” –quality Intel “Headline vignette”, plus implications Predictive, actionable Intel, through standard
processes (PIRs, etc.)
Operational IntelligenceIntel Drives Operations
Iterative process:
Plan Execute Assess
Centers
Agencies
Subject Matter
Expertise
Operational level C2
Analysis
Targeting
ISR Ops / Collections
Bo
ard
s &
C
ells
Tactical Execution
&Mission
ReportingTime
SensitiveTargeting
Real-timeMissionChanges
The ISR process should not vary from one warfighting domain to the other!
Cyberspace Intel Requirements
Provide predictive, timely and actionable intelligence to Commanders conducting operations in and through cyberspace (physical, digital, social, wireless networks)
Collaborate with USGov, public, private and allied/coalition partners on cyberspace intelligence
Perform operational assessments to improve cyber incident response
Support operational assessment process with tailored analysis of cyberspace effectiveness in support of ongoing missions
Develop and implement annual intel training requirements for all cyberspace operators
Not much difference from ISR support to other forms of warfare…
The Evolution in Planning
Steps on the Evolutionary Trail of Net-D Mission Planning: None—just “do what the systems force you to do” Minimal—put context around “what the systems
force you to do” Plan in advance for what might happen—includes
deliberate planning process Self-initiated, aggressive Net-D Operations