Army Cyber Command Industry Day AFCEA Baltimore

Transcription

1 Army Cyber Command Industry Day AFCEA Baltimore Transforming Cyberspace While at War Can t Afford Not To! OVERALL CLASSIFICATION 27 JUNE 2013

2 Army Cyber Command Our Mission Army Cyber Command/2 nd Army plans, coordinates, integrates, synchronizes, directs, and conducts network operations and defense of all Army networks; when directed, conducts cyberspace operations in support of full spectrum operations to ensure U.S./Allied freedom of action in cyberspace, and to deny the same to our adversaries. Serve as Cyber Proponent Conduct Information Operations 2 nd Army / Army Cyber Command Cyberspace Operations = Build + Operate + Defend + Exploit + Attack 2

3 Army Cyber Command Roles Serves as Service Component to U.S. Cyber Command Train, Organize and Equip Provide Trained & Ready Forces Defense of All Army Networks Integrate Cyberspace into Planning and Exercises Cyber Education, Training and Leader Development Build Partner Capacity Conduct Information Ops for the Army Cyber Proponent Develop Future Army Cyber Force Develop Concept for Land Cyber Unified Operations 3

4 Priorities Operate and Defend all Networks Defensible Architecture Common Operating Picture (COP) Network as a Weapons Platform Increase Capacity (Trained and ready Forces) Unify Command and Control (C2) Effort and Command Training and Leader Development Develop Army Cyber Requirements and Resources Operationalize Cyberspace and Execute Cyberspace Operations 4

5 Army Cyber S&T Lines of Effort Informed by Operations, Threat, and Best Practices Influenced by Current/Emerging Doctrine and Policy Prioritized by Unique Army Needs and Identified Gaps LandCyber Situational Awareness and Understanding LandCyber Operations at the Tactical Edge Moving from Conventional to Integrated Cyber Operations Defensible Architecture Advanced Training for the Future Force Identification and Integration of Emerging Technologies Linked to Emerging Army Cyber Material Development Strategy 5

6 Current Needs (1 of 3) Situational Awareness and Understanding See Blue/Red posture across the physical, logical and social layers Integrated sensing and automated detection and response Timely indications and warning Resilient / Defensible Networks and Systems Ensure mission assurance in a degraded environment Proactively apply and maintain advanced defensive measures to prevent threats from entering network o o o o Conduct in-depth assessments and evaluations of systems and networks Discover, detect, analyze and mitigate threats and vulnerabilities Move towards heuristic intrusion detection and prevention Dynamically reconfigure and reroute to combat incoming threats Actively combat threats once they are in the network o o Dynamically reestablish, re-secure, reroute, reconstitute, recover and restore after compromise Eradicate threats autonomously or provide substantial information to assist operators in countering threat presence 6

7 Current Needs (2 of 3) Network Mapping Autonomous / Semi-autonomous discovery of red and blue networks, systems, mobile devices, other nodes, etc. Enables network management, defensive cyberspace operations, and offensive cyberspace operations Malware Analysis and Reverse Engineering Analyze how malicious software acts in the compromised environment and interacts with those that employed malware Lab environment to facilitate rapid development and deployment of mitigation measures before patches are created and applied 7

8 Current Needs (3 of 3) Red and Blue Team Enablers Autonomous / Semi-autonomous capabilities to find vulnerabilities on red and blue networks Replicate tactics, techniques and procedures of threat actors For red team, automatically exploit vulnerability For blue team, automatically fix vulnerability Insider Threat Prevent inadvertent or deliberate input of information on systems of lower classification (i.e. , document scanners) Big Data Analytics Integrate and correlate threat, network, and operational data to rapidly determine mission relevance Facilitate common operational picture and predictive intelligence Common standards that will work across multiple instantiations a warfighting platform 8

9 Emerging Gaps Threat Discovery, Reporting and Eradication Autonomous / Semi-autonomous Actionable intelligence feeding defensive operations Find threats on the network Report to defensive operators and intelligence analysts Autonomous Computing Self-configuring, -healing, and optimizing networks Modeling and Simulation In-depth representation of red and blue networks Show how blue networks will react to change in defensive posture Show how red networks will react after the delivery of effects 9

10 How You Can Help Information sharing is critical Look for opportunities to partner Develop pluggable and extensible solutions designed to support interoperability with current and future systems Avoid stove-piped solutions Nest with USCYBERCOM and others ARCYBER Point of Entry: ARCYBER focal points: Chief Technology Office (CTO) G38 (Requirements Division) Command Acquisition Advisor NETCOM: We value, want, and need your help 10

11 Cyber Warriors Vision: Professional team Elite, trusted, precise, disciplined warriors Culture of trust, respect, and dignity Who Defend and operate all military networks Provide dominant effects in cyberspace Ensure Mission Command Enable Unified Land Operations Ensure a decisive advantage Land and Cyber The Key to Cyberspace Operations is People, not Technology 11

12 Questions 12

13 How You Can Help Work with ARCYBER Primary Point of Entry: Command Acquisition Advisor will ensure regulatory and administrative requirements are met. Initial evaluation will be conducted comparing the capability against current formal requirements and emerging needs/gaps/challenges ARCYBER focal points: Chief Technology Office (CTO) G38 (Requirements Division) Follow-up meetings/demos will be scheduled for those capabilities of interest to the command. Work with NETCOM Primary Point of Entry: 13

14 LOE: LandCyber Situational Awareness and Understanding Threat-driven Cyber Terrain of the battlefield. Integrated view of mission space and cyberspace showing dependencies enhanced red/blue picture based on cyber effects adversary cyber intelligence integrated with red picture land strength. Integrated sensing and automated detection and response Red Cyber terrain of the battlefield identify cyberspace targets, CIKR and key resources, risks, vulnerabilities and capabilities. Global Integrated Theatre and Area of Interest (AOI) cyberspace SA Status of Blue Critical infrastructure and key resources ( CI/KR) Views across OPORD stages of battle, different level of Commander spheres of control ( time and hierarchy) Decision support and predictive analysis 14

15 LOE: Moving from Conventional to Integrated Cyber Operations Actionable intelligence feeding defensive operations Based on understanding of adversary goals and TTPs and best practices Predictive analysis to enhance effective responses (drive automation) Cyber Threat Intelligence Cell with big data analytics to derive Adversary intelligence on campaigns techniques, tools, and indication and warnings. Integrated adaptive sensors grids Instantiated Cyber Threat Sharing (support JIIM, coalition) Advanced detection technologies - detonation chambers Malware analysis and reverse engineering at speed and scale Proactive Hunting Military Deception networks High Assurance Operations Center architecture/design Secure C2 and management protocols 15

16 LOE: Defensible Architecture Defendable and resilient architectures Self-healing networks and protocols Respond to network performance Compensate for equipment outages Respond to cyber attack Operational C2 agility (maneuver, decision support, Automation/ autonomic computing) Composable systems Assurance ( HW, SW, Firmware, protocols) static, dynamic, runtime; formal methods/protocol analysis Supply Chain Risk Management (SCRM) assurance for critical assets Crypto and Key management; Trust Zones/containers that separate critical from less critical Leverage of TPMs Advanced MLS and cross domain solution (for cloud, mobile, and collapsed networks) Attestation and measurement (NAC, trusted boot) Next generation end-point security Attack surface reduction (e.g. Thin client) Least privilege ( 2 factor) Risk adaptive IdAM ( for users and NPE) 16

17 LOE: LandCyber Operations at the Tactical Edge Advanced sensors capable of providing early warning of intrusions during the reconnaissance and planning phases of the attack kill chain Automated battle damage assessment, forensic analysis tools Counter reconnaissance (hunting) Model/standards for cyber intel sharing with partner nations Integrate with networks of unified action partners (different intelligence sharing relationships) Higher assurance cross domain technologies to automatically and securely transfer information between IP networks Mobile devices for classified environments Assured operation of robotics and intelligent array grids 17

18 LOE: Advanced Training for the Future Force Live, virtual, constructive and gaming training models Cyber operations: Cyber fire/maneuver/knowledge Realistic Integrated land cyber and joint Exercises for all AOIs (with APT specific threats) 18

19 LOE: Identification and Integration of Emerging Technologies Behavior analytics/distributed cloud based analytics Modeling and simulation model offensive cyberspace operations, estimate collateral damage and analysis impact after delivery 3-D printing. 19