CYBER REQUIREMENTS MAJ Hurcules Murray TCM- CYBER DCO Chief 1
Purpose Purpose: A broad overview of the current and emergent Army cyberspace requirements identified through capability based assessments, with a synopsis of all the work coming from the cyber capabilities based analysis. 2
Agenda TOPICS: Army Required & Current Capabilities IS D: DCO / OCO / Cyber Situational Awareness Prioritized Gaps Cyber CBA Conclusions Recommended Solution Sets 3
Army Cyber Required Capabilities Required Capabilities: 2018-2030 Each echelon requires the ability to access capabilities resident at other echelons Task + Condition + Standard (metrics) Conduct: to direct or take part in the operation or management of (administer, control, direct, lead, operate, order, organize). Perform: to carry out an action or pattern of behavior complete, move, observe, operate, react Deliver: to send to an intended target or destination Company Company includes: Platoon, Squad, Fire team, Soldier Battalion CEM Bde/BCT CEM Division Corps Defend in Depth; Ability to protect individuals and platforms. ASCC Conduct CEMA; Perform DODIN operations, EW and EMSO; Deliver EA. Build, Operate and Defend a network that ensures Mission Command Commanders SA, includes social media/layer (Cyber CBA #1 Capability Gap) CEM ARCYBER JFHQ ACOIC Conduct CEMA. Perform/Deliver DODIN operations, DCO,OCO, Hunt, Support to tactical forces. Conduct CEMA; Perform/Deliver DODIN operations, DCO, OCO, EW & EMSO. Support to tactical forces. Conduct CEMA; Perform/Deliver DODIN operations, DCO, OCO, EW & EMSO. Support to tactical forces. Extend cyber Conduct CEMA; Perform DODIN operations, DCO, EW & SMO; Deliver EA; to Operational Integrate OCO. and Tactical Commanders CEM CCMD CSE CEM USCC TEAM S 4
Army Current Capabilities Limited cyber doctrine, training and leader development Policy and authorities do not support tactical commanders. GENFOR limited ability to provide cyber & EW capabilities to operational forces limited velocity & capacity Legacy, non-standard networks, undefendable, expensive. Limited self-protection, understanding of Limited offensive capabilities CEM Staff element limited capacity and training Partial tactical expertise Battalion and Below includes: Company Platoon Squad Fire team Soldier 5 Battalion and Below CoIST DCGS-A Self protect jammers (CREW, CVRJ, MMBJ) 25 Series 29 Series 35Series S2 S3 S6 MC/NetOps (CPOF, FBCB2, NIPR, SIPR) S2 S3 S6 25 Series 29 Series 35Series Bde/BCT TROJAN DCGS-A MI CO SBCT SURV TRP MC/NetOps (CPOF, FBCB2, NIPR, SIPR, JWICS) Prophet UAS Plt Self protect jammers (CREW, CVRJ, MMBJ) G2 / ACE G3 G6 Fires 25 Series Division/Corps 29 Series 35Series MI BN BFSB Expeditionary Signal BN DCGS-A MC/NetOps (GNEC) Aircraft Survivability Equipment Prophet TROJAN CAB NOSC Joint & National G2 / ACE G3 G6 Fires MI BDE Theater Signal Command Theater Tactical Sig Bde TNOSC ASCC JSTARS TROJAN DCGS-A (FIXED) MC/NetOps (GNEC) Aircraft Survivability Equipment 25 Series 29 Series 35Series Army Cyber Command Space Systems NTM Multi-Intel Sensors/ Platforms DCGS-A 25 Series 35Series NETCOM INSCOM 1 st IO (Cyber Elements) Cyber Bde 5
Army Prioritized Cyber Gaps 6 Cyber CBA FNA Gap Overall Priority Cyber Gap 17: Commanders SA (Includes social media/layer) 01 Cyber Gap 07: Defend in Depth 02 Cyber Gap 13: DCyD, Hunt and DCO-RA 03 Cyber Gap 05: Operate Networks 04 Cyber Gap 15: Collect, Process and Analyze Adversary Information 05 Cyber Gap 24: RDT&E, RDA and Technical Architecture 06 Cyber Gap 11: Offensive Architecture and Infrastructure 07 Cyber Gap 16: Cyber Attack/OCO 08 Cyber Gap 12: Access to Adversaries 09 Cyber Gap 03: Establish the Enterprise 10 Cyber Gap 14: Exploit Cyber and EW Capabilities 11 Cyber Gap 31: Electronic Protection 12 Cyber Gap 26: Security and Vul Assessments 13 Cyber Gap 32: Electronic Warfare Support 14 Cyber Gap 01 Cyber (Cyber/Electromagnetic) Integration 15 Cyber Gap 30: Conduct Electronic Attack 16 Cyber Gap 27: SE and Forensics 17 Cyber Gap 22: Integrate WfFs and Assess (BDA) 18 Cyber Gap 25: Legal and Policy Oversight 19 Cyber Gap 08: Information, Services and Applications 20 Cyber Gap 04: Access and Authentication 21 Cyber Gap 06: Integrate Mission Partners 22 Cyber Gap 29: Homeland Defense/DSCA 23 Cyber Gap 09: Unity of Command/Governance 24 Mission critical, we must do! Mission essential to take the initiative! Sustain the operational initiative! Commanders SA and understanding the social dimension of cyberspace are critical to Joint and Unified Land Operations Many of the gaps cross multiple required capabilities DOTmLPF actions such as Doctrine and LDE&T can mitigate large portions of these gaps. Materiel development is REQUIRED. An Army Cyber Roadmap could provide synergy of these areas (RDT&E, RDA, S&T) Cell Color Indicates Level of Risk: Extremely High Risk High Risk Moderate Risk Low Risk 6
7 Commanders SA and the COP See Yourself, the Threat & the Cyberspace Terrain Understand Operational Impact, Risk and Mitigation Cyber and the EMS in Unified Land Operations Network as an Operational Platform Single, Secure Network, Must defend to operate Full spectrum Cyberspace and EW Operations Ensure Mission Command Commanders require freedom to maneuver Must have tactical offensive cyber & EW capabilities If not, Army cedes the initiative to the adversary Integrated Cyber Planning and Execution Cyber/EW Effects tied to Commander s Objectives Synchronize Lethal & Non-Lethal Robust CEMA element tied to CNMTs (Joint teams) Transform the Army, Trained and Ready Forces Fundamental Principles Doctrine, Education, Training, and Leader Development is Key 7
Commanders and Units Commanders must understand: Staffs: How the cyber domain and EMS influences and impacts their operational environment How to fully leverage cyber and EW capabilities holistically in Unified Land Operations Integrate Cyber and EW in maneuver How to call for support, reach-back capabilities Cyber/EW Units: Ability to create the operational cyber conditions throughout their area of operations Capacity to adeptly apply multiple capabilities, responsively, simultaneously Synchronization and collaboration among all mission elements, joint and Army Timely, responsive, continuous support for offensive cyber and EW. Can be done within today's authorities, extends the joint Title-X platform (USCC/ARCC) to the tactical level. Units simultaneously act across the physical domains, cyberspace, and the electromagnetic spectrum x 8 8
DCO IS D Description: The Defensive Cyberspace Operations capability is an integrated solution that provides protection against, monitoring/detection/analysis of, and response to known/unknown network and information system threats and vulnerabilities to achieve freedom of action in the cyberspace domain in support of unified land operations. The approval of the DCO IS D is a critical step towards establishing a true defense-in-depth across a friendly, neutral, and adversary portions of the Cyberspace domain. Gaps: 07 Defend in Depth 11 Offensive Architecture and Infrastructure 12 Access to Adversaries 13 DCyD, Hunt, and DCO-RA 16 Cyber Attack/OCO 22 Integrate WfFs and Assess Battle Damage 26 Security and Vulnerability Assessments 27 SE and Forensics 29 Homeland Defense/DCSA Protect JIE NEMC I Detect DCO GIG IA Response LWN Assess Capabilities: 9 P P P Gaining/Maintaining SA Discovery, Detecting, Analyzing, Mitigating Responding Outmaneuvering Actively Hunting Dynamically Re-establishing, Re-securing, Re-routing, Reconstituting, and Isolating DCO-RA Protecting Networks, Platforms, and Data Transferring Data Securely Managing User Identities Protecting Key/Critical Cyber Terrain/Infrastructure In-depth Assessments Site Exploitation/Forensics P
Offensive Cyber Operations IS I Description: The Offensive Cyberspace Operations (OCO) Information System Initial Capability Document (IS I) will establish the framework for the rapid identification, validation, development and fielding of capabilities required to execute OCO by ARCYBER operational forces in support of Service and Joint operations and requirements. The OCO IS I will align existing programs, emergent technologies, and resources to form an all-inclusive offensive cyber capabilities portfolio. This will enable the transition or acquisition of people, processes and technologies into a development methodology consistent with the Joint Capability Integration and Development System (JCIDS) and the Defense Acquisition System, promoting unity of effort throughout the community. Gaps: Offensive Architecture and Infrastructure Collect, Process and Analyze adversary information Cyber Attack/OCO Access to adversaries Exploit Cyber and EW capabilities DCyD, Hunt and DCO-RA Capabilities: An Army offensive infrastructure A common offensive firing platform Gaining and maintaining situational awareness Offensive Capabilities against tactical military communications Offensive Capabilities against critical ground force support infrastructure Offensive Capabilities against ground force systems OCO IS I OCO Infrastructure OCO Firing Platform Situation Awareness Tactical Military Communications Critical Ground Force Support Infrastructure Ground Force Systems 10
Cyber SA D Description: Situational Awareness (SA) ranges from understanding how tactical level actions within the cyber domain can have strategic implications within DoD, public, and private sector cyberspace to shared scalable awareness of joint, coalition, and interagency, operational status and intent. Cyber SA provides the Army and Joint Forces commanders an understanding of cyberspace infrastructure, its use by adversaries and neutral users, and impact on decisive operations. Gaps: 17 Commander s SA 05 Operate Networks 15 Collect Process and Analyze adversary Information 11 Offensive Architecture and Infrastructure 14 Exploit Cyber and EW Capabilities 31 Electronic Protection 26 Security and Vulnerability Assessments 32 Electronic warfare Support 01 Cyber (Cyber Electromagnetic SA is required) Integration 22 Integrate Warfighting Functions (WfF) and Assess BDA 23 Integrate Mission Partners Capabilities: Corps SA of the cyberspace domain and EMS; blue, white, grey, and red Internet Topography Targeting in cyber (includes EMS) and as part of land operations Connection to National Capacities (IC, National and Service Labs, AMC) Division SA/Identification Friend or Foe capability; blue, white, grey and red; internet topography Targeting in cyber (includes EMS) and as part of land operations CEM deconfliction with Organic and non-organic Elements and BCT and BCT and Below (ATO, Cyber, IC) May be restricted to TS level (limited STO) Visualization of task/org elements from BDE and Below to echelons above ASCC Brigade SA/Identification Friend or Foe capability; blue, white, grey and red; graphic representation (dash board) Highly Defined Targeting-e.g. route clearance support, mapped key terrain (cyber to geo and/or mission impact) Provide Real-Time/Near Real Time data; BW limits, EMS Considerations; MC System Capable; Tied to Physical 11 Topography
Solution Sets FSA identified 45 solutions to mitigate 24 FNA gaps Solutions were aligned to the gaps in the RSA worksheet focusing on the Technical Risk, Supportability, Feasibility, Affordability, and DOTMLPF-P implications Solutions were then prioritized by the overall gap priority and by the number of gaps the solution addressed Interdependent solutions were grouped together Based on the above, solutions were grouped into first, second and third priority groups. Within each priority are interdependent solutions that support each other and need to be implemented on a similar timeline (supporting and related solutions). 12 12
Priority Solution Sets Organization O01 - Army Construct for USCC C2 CONOPS O02 - Develop Robust CEM Element O06 - Army Cyber CoE Training T01 - Develop Army Cyber LDE&T Strategy Materiel M02 - Produce Cyber JCIDS Documents M04 - Transition Cyber Ops Arch/Infrastructure M06 - Implement IEWS M07 - Army Cyberspace Ops Arch/Infra Leader Development L01 - Specialized CMF Cyber LDE&T L02 - Incorporate basic cyberspace objectives L03 Develop cyber specific LD&E objectives in non-cyber LDE&T training Personnel P03 - Cyberspace Planners BCT to ASCC P05 - Manpower study (USCC & CEM Element) Facilities F02 - Ensure Adequacy of Facilities & Ranges Policy Policy06 - Army Materiel Development Strategy Organization O03-2-3-6 Integration Training T04 - Continue NETOPS Training Program T05 - Cyberspace / EW Modeling & Simulation T06 - Develop Digital Literacy Fitness Program T07 - Enterprise IA Awareness Training Materiel M01 - Providing Timely Cyber / EA Payloads Personnel P02 - MOS 25D / 35Q / 255S / FA 26 Facilities F01 - Service Facilities Assessment Policy Policy01 - Update Regulations (Army / DoD / USC) Policy02 - Update Title 10 for DCO-RA Policy03 - LandWarNet / JIE & GNE alignment Policy04 - Securing CONUS Infrastructure Policy05 - RC Alignment for ARFORGEN Organization O04 - Army Service Theater Cyber Organizations O05 - Develop Army Cyber and EW Tactical Units Training T02 - Legal/JAG Cyber Operations Training T03 - Leverage Joint Cyber Training Exercise Materiel M03 - Develop Mobile SCIFs M05 - Army Cyberspace Innovation Program Personnel P01 - Cyber S&T/RDT&E Personnel P04 - Review roles of cyber workforce Facilities F03 - Identify agency for facilities / ranges Policy Policy07 - Army Service Cyber Roadmap Policy08 - Cyber QRCs and Review Board Policy09 - Support to Cyber Mobilization Strategy Policy10 - JCIDS Modification Solution Set # 1 Solution Set # 2 Solution Set # 3 13
Way Ahead 14 14
15 DOMTMLPF Integrated Capabilities Recommendation (DICR) The DICR focuses on those Cyber CBA Solutions not currently being implemented. Doctrine FM 3-12 Cyberspace Operations (in progress) Organization Organization Develop a robust and capable Cyber Electromagnetic (CEM) Element, ASCC to BCT (Cyber CBA O02). Create Army Service Theater Cyber Organizations (Cyber CBA O04) COMPLETE Develop Army Cyber and EW tactical units (Cyber CBA O05). Training Assess and identify legal support to cyberspace operations for Judge Advocate General (JAG) Training (Cyber CBA T02). Leverage a Joint Cyber Training Enterprise (Cyber CBA T03). Incorporate cyberspace and EW modeling and simulation (M&S) capabilities into cyberspace and EW training and exercises (Cyber CBA T05). Leadership & Education Incorporate additional specialized cyberspace training into specified Career Management Fields (CMF) and Functional Areas (FA) (Cyber CBA L01). Incorporate basic cyberspace learning objectives into the Officer Education System, Warrant Officer Education System, Noncommissioned Officer Education System, and Civilian Education System (Cyber CBA L02). Develop cyber specific LD&E objectives in non-cyber LDE&T training (educate and train the force) (Cyber CBA L03). Personnel Determine Personnel Requirements in the Research, Development, Test, and Evaluation (RDT&E) Research Development, Acquisition (RDA), and Science and Technology (S&T) Communities (Cyber CBA P01). Add Cyberspace Operations Planners to the CEM Element, at BCT to ASCC (Cyber CBA P03). Conduct a manpower study for USCC C2 CONOPS and CEM Element (Cyber CBA P05). Facilities Conduct Army Service Facilities Assessment and Strategy (Cyber CBA F01). Ensure adequate facilities and ranges are available (Cyber CBA F02). Identify a Service coordination agency for Army and joint cyber ranges (Cyber CBA F03). 15
Questions 16