Army Cyber Command Industry Day AFCEA Baltimore

Similar documents
DoD Strategy for Defending Networks, Systems, and Data

Advanced Threat Protection with Dell SecureWorks Security Services

UNCLASSIFIED. UNCLASSIFIED Office of Secretary Of Defense Page 1 of 8 R-1 Line #50

Network Mission Assurance

Post-Access Cyber Defense

DEFENSE INFORMATION SYSTEMS AGENCY STRATEGIC PLAN UNITED IN SERVICE TO OUR NATION

STATEMENT BY DAVID DEVRIES PRINCIPAL DEPUTY DEPARTMENT OF DEFENSE CHIEF INFORMATION OFFICER BEFORE THE

CHAPTER 20 CRYPTOLOGIC TECHNICIAN (CT) NAVPERS K CH-63

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.

Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness

Update On Smart Grid Cyber Security

Threat Intelligence & Analytics Cyber Threat Intelligence and how to best understand the adversary s operations

AUSA Background Brief

Gregg Gerber. Strategic Engagement, Emerging Markets

Space Ground Services in the Joint Information Environment (JIE)

Department of Defense NetOps Strategic Vision

The Advanced Attack Challenge. Creating a Government Private Threat Intelligence Cloud

Threat Intelligence: The More You Know the Less Damage They Can Do. Charles Kolodgy Research VP, Security Products

White Paper: Leveraging Web Intelligence to Enhance Cyber Security

Whitepaper. Advanced Threat Hunting with Carbon Black

Triangle InfoSeCon. Alternative Approaches for Secure Operations in Cyberspace

ADVANCED PERSISTENT THREATS & ZERO DAY ATTACKS

CyberSecurity Solutions. Delivering

Advanced Visibility. Moving Beyond a Log Centric View. Matthew Gardiner, RSA & Richard Nichols, RSA

Cyber Watch. Written by Peter Buxbaum

ProtectWise: Shifting Network Security to the Cloud Date: March 2015 Author: Tony Palmer, Senior Lab Analyst and Aviv Kaufmann, Lab Analyst

Symantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team

Enterprise Security Platform for Government

Defense Security Service

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

TOP SECRET//SI//REL TO USA, AUS, CAN, GBR, NZL TOP SECRET//SI//REL TO USA, AUS, CAN, GBR, NZL. (U) SIGINT Strategy February 2012

The Comprehensive National Cybersecurity Initiative

THREAT VISIBILITY & VULNERABILITY ASSESSMENT

Intelligence Driven Security

Navy Information Dominance Industry Day

BREAKING THE KILL CHAIN AN EARLY WARNING SYSTEM FOR ADVANCED THREAT

By John Pirc. THREAT DETECTION HAS moved beyond signature-based firewalls EDITOR S DESK SECURITY 7 AWARD WINNERS ENHANCED THREAT DETECTION

2011 Cyber Security and the Advanced Persistent Threat A Holistic View

A Primer on Cyber Threat Intelligence

Army Doctrine Update

Cloud and Critical Infrastructures how Cloud services are factored in from a risk perspective

The Next Generation Security Operations Center

GAO DEFENSE DEPARTMENT CYBER EFFORTS. More Detailed Guidance Needed to Ensure Military Services Develop Appropriate Cyberspace Capabilities

Department of Defense INSTRUCTION. SUBJECT: Communications Security (COMSEC) Monitoring and Information Assurance (IA) Readiness Testing

Big Data Platform (BDP) and Cyber Situational Awareness Analytic Capabilities (CSAAC)

Cybersecurity Delivering Confidence in the Cyber Domain

Into the cybersecurity breach

AF C2 Capability Modernization Leveraging Architectures to Achieve Warfighting Integration

U.S. Army Research, Development and Engineering Command. Cyber Security CRA Overview

WHITE PAPER ON SECURITY TESTING IN TELECOM NETWORK

Applying machine learning techniques to achieve resilient, accurate, high-speed malware detection

Obtaining Enterprise Cybersituational

How SPAWAR s Information Technology & Information Assurance Technical Authority Support Navy Cybersecurity Objectives

Operational Lessons from the RSA/EMC CIRC: People, Process, & Threat Intel

Rethinking Information Security for Advanced Threats. CEB Information Risk Leadership Council

Cybersecurity on a Global Scale

QRadar SIEM and FireEye MPS Integration

CYBER SECURITY GUIDANCE

National Cyber Security Policy -2013

Cyber Security Operations: Building or Outsourcing

Mike Smart Cyber Strategist & Enterprise Security Solutions, EMEA. Cyber: The Catalyst to Transform the Security Program

Hearing before the House Permanent Select Committee on Intelligence. Homeland Security and Intelligence: Next Steps in Evolving the Mission

OFFICE OF THE SECRETARY OF DEFENSE 1700 DEFENSE PENTAGON WASHINGTON, DC

Cyber Threat Intelligence Move to an intelligencedriven cybersecurity model

Enterprise Cybersecurity: Building an Effective Defense

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst

FREQUENTLY ASKED QUESTIONS

Army Intelligence Industry Day Foundation Layer Technology Focus Areas

Systems Engineering and Integration Efforts. 11 Dec 2013

Covert Operations: Kill Chain Actions using Security Analytics

Raytheon Cybersecurity and Small Business Engagement. Raytheon Jeff Jacoby

COUNTERINTELLIGENCE. Protecting Key Assets: A Corporate Counterintelligence Guide

WRITTEN TESTIMONY OF

IBM SECURITY QRADAR INCIDENT FORENSICS

Vulnerability Risk Management 2.0. Best Practices for Managing Risk in the New Digital War

Stay ahead of insiderthreats with predictive,intelligent security

PROJECT BOEING SGS. Interim Technology Performance Report 3. Company Name: The Boeing Company. Contract ID: DE-OE

US-CERT Year in Review. United States Computer Emergency Readiness Team

7 Homeland. ty Grant Program HOMELAND SECURITY GRANT PROGRAM. Fiscal Year 2008

JUNIPER NETWORKS SPOTLIGHT SECURE THREAT INTELLIGENCE PLATFORM

Microsoft s cybersecurity commitment

This Conference brought to you by

IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE

Palo Alto Networks. October 6

Practical Steps To Securing Process Control Networks

Some Thoughts on the Future of Cyber-security

Combating Spear-phishing:

Defending Against Data Beaches: Internal Controls for Cybersecurity

i Network, Inc Technology Solutions, Products & Services Providing the right information, to the right customer, at the right time.

Actions and Recommendations (A/R) Summary

Joint Communications System

Unstructured Threat Intelligence Processing using NLP

Cybersecurity and internal audit. August 15, 2014

Forecast to Industry 2015

Transcription:

Army Cyber Command Industry Day AFCEA Baltimore Transforming Cyberspace While at War Can t Afford Not To! OVERALL CLASSIFICATION 27 JUNE 2013

Army Cyber Command Our Mission Army Cyber Command/2 nd Army plans, coordinates, integrates, synchronizes, directs, and conducts network operations and defense of all Army networks; when directed, conducts cyberspace operations in support of full spectrum operations to ensure U.S./Allied freedom of action in cyberspace, and to deny the same to our adversaries. Serve as Cyber Proponent Conduct Information Operations 2 nd Army / Army Cyber Command Cyberspace Operations = Build + Operate + Defend + Exploit + Attack 2

Army Cyber Command Roles Serves as Service Component to U.S. Cyber Command Train, Organize and Equip Provide Trained & Ready Forces Defense of All Army Networks Integrate Cyberspace into Planning and Exercises Cyber Education, Training and Leader Development Build Partner Capacity Conduct Information Ops for the Army Cyber Proponent Develop Future Army Cyber Force Develop Concept for Land Cyber Unified Operations 3

Priorities Operate and Defend all Networks Defensible Architecture Common Operating Picture (COP) Network as a Weapons Platform Increase Capacity (Trained and ready Forces) Unify Command and Control (C2) Effort and Command Training and Leader Development Develop Army Cyber Requirements and Resources Operationalize Cyberspace and Execute Cyberspace Operations 4

Army Cyber S&T Lines of Effort Informed by Operations, Threat, and Best Practices Influenced by Current/Emerging Doctrine and Policy Prioritized by Unique Army Needs and Identified Gaps LandCyber Situational Awareness and Understanding LandCyber Operations at the Tactical Edge Moving from Conventional to Integrated Cyber Operations Defensible Architecture Advanced Training for the Future Force Identification and Integration of Emerging Technologies Linked to Emerging Army Cyber Material Development Strategy 5

Current Needs (1 of 3) Situational Awareness and Understanding See Blue/Red posture across the physical, logical and social layers Integrated sensing and automated detection and response Timely indications and warning Resilient / Defensible Networks and Systems Ensure mission assurance in a degraded environment Proactively apply and maintain advanced defensive measures to prevent threats from entering network o o o o Conduct in-depth assessments and evaluations of systems and networks Discover, detect, analyze and mitigate threats and vulnerabilities Move towards heuristic intrusion detection and prevention Dynamically reconfigure and reroute to combat incoming threats Actively combat threats once they are in the network o o Dynamically reestablish, re-secure, reroute, reconstitute, recover and restore after compromise Eradicate threats autonomously or provide substantial information to assist operators in countering threat presence 6

Current Needs (2 of 3) Network Mapping Autonomous / Semi-autonomous discovery of red and blue networks, systems, mobile devices, other nodes, etc. Enables network management, defensive cyberspace operations, and offensive cyberspace operations Malware Analysis and Reverse Engineering Analyze how malicious software acts in the compromised environment and interacts with those that employed malware Lab environment to facilitate rapid development and deployment of mitigation measures before patches are created and applied 7

Current Needs (3 of 3) Red and Blue Team Enablers Autonomous / Semi-autonomous capabilities to find vulnerabilities on red and blue networks Replicate tactics, techniques and procedures of threat actors For red team, automatically exploit vulnerability For blue team, automatically fix vulnerability Insider Threat Prevent inadvertent or deliberate input of information on systems of lower classification (i.e. email, document scanners) Big Data Analytics Integrate and correlate threat, network, and operational data to rapidly determine mission relevance Facilitate common operational picture and predictive intelligence Common standards that will work across multiple instantiations a warfighting platform 8

Emerging Gaps Threat Discovery, Reporting and Eradication Autonomous / Semi-autonomous Actionable intelligence feeding defensive operations Find threats on the network Report to defensive operators and intelligence analysts Autonomous Computing Self-configuring, -healing, and optimizing networks Modeling and Simulation In-depth representation of red and blue networks Show how blue networks will react to change in defensive posture Show how red networks will react after the delivery of effects 9

How You Can Help Information sharing is critical Look for opportunities to partner Develop pluggable and extensible solutions designed to support interoperability with current and future systems Avoid stove-piped solutions Nest with USCYBERCOM and others ARCYBER Point of Entry: USARMY.ARCYBER.IEG@mail.mil ARCYBER focal points: Chief Technology Office (CTO) G38 (Requirements Division) Command Acquisition Advisor NETCOM: http://www.netcom.army.mil/vendor/instructions.aspx We value, want, and need your help 10

Cyber Warriors Vision: Professional team Elite, trusted, precise, disciplined warriors Culture of trust, respect, and dignity Who Defend and operate all military networks Provide dominant effects in cyberspace Ensure Mission Command Enable Unified Land Operations Ensure a decisive advantage Land and Cyber The Key to Cyberspace Operations is People, not Technology 11

Questions 12

How You Can Help Work with ARCYBER Primary Point of Entry: USARMY.ARCYBER.IEG@mail.mil Command Acquisition Advisor will ensure regulatory and administrative requirements are met. Initial evaluation will be conducted comparing the capability against current formal requirements and emerging needs/gaps/challenges ARCYBER focal points: Chief Technology Office (CTO) G38 (Requirements Division) Follow-up meetings/demos will be scheduled for those capabilities of interest to the command. Work with NETCOM Primary Point of Entry: http://www.netcom.army.mil/vendor/instructions.aspx 13

LOE: LandCyber Situational Awareness and Understanding Threat-driven Cyber Terrain of the battlefield. Integrated view of mission space and cyberspace showing dependencies enhanced red/blue picture based on cyber effects adversary cyber intelligence integrated with red picture land strength. Integrated sensing and automated detection and response Red Cyber terrain of the battlefield identify cyberspace targets, CIKR and key resources, risks, vulnerabilities and capabilities. Global Integrated Theatre and Area of Interest (AOI) cyberspace SA Status of Blue Critical infrastructure and key resources ( CI/KR) Views across OPORD stages of battle, different level of Commander spheres of control ( time and hierarchy) Decision support and predictive analysis 14

LOE: Moving from Conventional to Integrated Cyber Operations Actionable intelligence feeding defensive operations Based on understanding of adversary goals and TTPs and best practices Predictive analysis to enhance effective responses (drive automation) Cyber Threat Intelligence Cell with big data analytics to derive Adversary intelligence on campaigns techniques, tools, and indication and warnings. Integrated adaptive sensors grids Instantiated Cyber Threat Sharing (support JIIM, coalition) Advanced detection technologies - detonation chambers Malware analysis and reverse engineering at speed and scale Proactive Hunting Military Deception networks High Assurance Operations Center architecture/design Secure C2 and management protocols 15

LOE: Defensible Architecture Defendable and resilient architectures Self-healing networks and protocols Respond to network performance Compensate for equipment outages Respond to cyber attack Operational C2 agility (maneuver, decision support, Automation/ autonomic computing) Composable systems Assurance ( HW, SW, Firmware, protocols) static, dynamic, runtime; formal methods/protocol analysis Supply Chain Risk Management (SCRM) assurance for critical assets Crypto and Key management; Trust Zones/containers that separate critical from less critical Leverage of TPMs Advanced MLS and cross domain solution (for cloud, mobile, and collapsed networks) Attestation and measurement (NAC, trusted boot) Next generation end-point security Attack surface reduction (e.g. Thin client) Least privilege ( 2 factor) Risk adaptive IdAM ( for users and NPE) 16

LOE: LandCyber Operations at the Tactical Edge Advanced sensors capable of providing early warning of intrusions during the reconnaissance and planning phases of the attack kill chain Automated battle damage assessment, forensic analysis tools Counter reconnaissance (hunting) Model/standards for cyber intel sharing with partner nations Integrate with networks of unified action partners (different intelligence sharing relationships) Higher assurance cross domain technologies to automatically and securely transfer information between IP networks Mobile devices for classified environments Assured operation of robotics and intelligent array grids 17

LOE: Advanced Training for the Future Force Live, virtual, constructive and gaming training models Cyber operations: Cyber fire/maneuver/knowledge Realistic Integrated land cyber and joint Exercises for all AOIs (with APT specific threats) 18

LOE: Identification and Integration of Emerging Technologies Behavior analytics/distributed cloud based analytics Modeling and simulation model offensive cyberspace operations, estimate collateral damage and analysis impact after delivery 3-D printing. 19

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information