Upload
others
View
0
Download
0
Embed Size (px)
Citation preview
2018 Army Signal Conference
March 8 2018
Springfield, VA
This briefing is: UNCLASSIFIED
Ronald W.
PontiusDeputy to the
Commanding
General
Ronald W. PontiusDeputy to the Commanding General
U.S. Army Cyber Command & Second Army
UNCLASSIFIED
UNCLASSIFIED
What is “Cyber” Full Spectrum Cyberspace Operations
DoD Information Network (DoDIN) Ops
• Provide effective C4IM services support
• Facilitate aggressive network defense
• Network Convergence and Modernization
Defensive Cyberspace Ops (DCO)
• Identify and protect Mission Relevant Cyber Terrain
• Clear and Harden Efforts (Analysis and Response – pre-incident)
Offensive Cyberspace Ops (OCO)
• Transition current efforts to more global lines
• Support selected Combatant Commands
Cyber-Persona
Logical
Physical
Individual
Information
Physical Network
Cyber Identity
Geographic Component
Manmade, global domain, integrated into all other domains
Used and controlled by diverse private and public entities
Domestic, Informational, Military & Economic
considerations
3 distinct but interrelated layers contribute to complexity
Public, Commercial, and Adversarial network components
UNCLASSIFIED
UNCLASSIFIED
Command Overview
• Global Presence, 24x7
• 19,000+ Personnel
• Directs and Conducts
Integrated:
– Cyberspace
Operations (DoDIN
Ops, DCO and OCO)
– Information
Operations
– Electronic Warfare
Cyber Overview
UNCLASSIFIED
UNCLASSIFIED
Where we are today
• Operations: Provide C4IM services and defend against our adversaries 24/7
• DODIN Ops, Defensive Ops, Offensive Ops, Information Operations, and Electronic Warfare
• Training: Cyber Center of Excellence is training all cohorts
• Officer, Enlisted, Warrant, Civilians – Active, Guard, Reserve
• Research: Army Cyber Institute is national resource for interdisciplinary research, advice and education in cyber domain
The Army
Cyber
Enterprise
Army Cyber
Command
Army Cyber
InstituteDAMO-CY
Cyber Center
of Excellence
UNCLASSIFIED
UNCLASSIFIED
DODIN Readiness
• Converging and Standardizing improves delivery of C4IM capabilities and reduces our attack surface
• Moving to WIN10 improves security – and readiness of the network
• NETMOD improves the effectiveness and resilience of the DODIN
• Improve our ability to see our selves (situational understanding)• Endpoint Management and Endpoint Security
• Cyber Analytics and Cyber Awareness Dashboard
How it’s
measured
• Cyber Security
Scorecard
• Command Cyber
Readiness
Inspections
• Quality and cost of
C4IM Capabilities to
Army and Joint
organizations
Improved readiness and resiliency through an overarching security
architecture and a standardized / modernized network
UNCLASSIFIED
UNCLASSIFIED
CEMA Support to Corps and Below (CSCB)
3/25 IBCT (JRTC)
MAY 2015
Objective: Integrate
DODIN OPs and
OCO
Outcome:
Conducted OCO
ISO maneuver
operations
2-2 SBCT
(NTC)
JAN 2016
Objective: Enable 2-
2 to integrate cyber
effects at NTC
Outcome:
-OCO & C-ISR ISO
ULO
-Disrupted adversary
C2 and social media
75th Ranger Reg
JUN 2015
Objective: Educate
the RSTB in OCO
Outcome:
COTS effects with
infrax deployed to
enable wireless
reconnaissance
1/82 BCT
(JRTC)
NOV 2015
Objective: Support
1/82 with DCO
Outcome:
BCT’s organic MTOE
defenders have
increased ability to
secure network
NIE 16.1
SEP/OCT 2015
Objective:
Integration of DCO
reach support
Outcome:
Executed reach
support utilizing
NIKSUN IDS
1/1 ABCT
(NTC)
AUG 2016
Objective: Provide 1/1
with full spectrum ECT
(CO/IO/EW)
Outcome:
-Effective SOF integration
-OSINT support to cyber
exploited
2/1 ABCT
(NTC)
MAY 2017
Objective:
-Full spectrum ECT
-Enable Reach
-Mass effects at decisive
point
Outcome:
-Conducted OCO & C-
ISR ISO ULO
-Disrupted adversary C2
and social media
1/4 SBCT
(NTC)
JUN 2017
Objective:
-ECT(-) / Reach ISO
R&S rotation
-Defend network
-ID enemy C2
Outcome:
-Successfully executed
remote OCO/DCO
-Successfully integrated
TRIP
Over the past 2+ years the CSCB Pilot has developed an innovative concept
for the structure and opportunities to employ Cyberspace Electromagnetic
Activities (CEMA) effects at the tactical level.
TRIP and WCCO involvement continues to evolve through each rotation
At its core, CSCB sought to answer the
following questions:
1) Is CEMA relevant to a tactical
commander’s operations?
2) If yes, then how does it integrate
into tactical operations?
3) What structure best supports
tactical CEMA?
UNCLASSIFIED
UNCLASSIFIED
Cyber Mission Force (CMF) Readiness
• Status: 41 teams on mission conducting OCO and DCO in support of Army and Joint Force Commanders
• USAR and ARNG are building CPT capacity. Planned FOC is 2023• ARNG – 11 CPTs
• USAR – 10 CPTs
Readiness Components
Facility: New Ops and HQ facility at Gordon on track of 2020 occupation
Platform: Fielding new operational platform to both CCOE and CMF
Development: Ability to do capability development is up and running improving our responsive ness to Combatant Commander need
How it’s
measuredAll of the Army’s 41 Active Component CMF Teams are FOC and on
mission today – Continuing to build capacity in USAR and ARNGCMF
National Mission Force (7)
• National Mission Team
(NMT) – 64 PAX
• National Support Team
(NST) – 39 PAX
Combat Mission Force (14)
• Combat Mission Team
(CMT) – 64 PAX
• Combat Support Team
(CST) – 39 PAX
Cyber Protection Team
(CPT) (20)
• CPT – 39 PAX
UNCLASSIFIED
UNCLASSIFIED
Talent Management
• Coordinated and developed with NETCOM the Consolidated Hiring Cell supporting all NETCOM Civilian Hiring actions
• Reviewed and updated regulations: Recruitment, Relocation, and Retention Incentives; Foreign Overseas Tour Extension and Statutory Return Rights; Position Classification; and Civilian Hiring Process
• Contracting with two civilian headhunter companies to attract new talent - - a groundbreaking approach for Government that leverages industry’s best practices
Momentum
• 1 Feb 2018: 32 Direct
Hires, 16 Merit
Announcements, 22
Referral Lists, and 18
Job Offers
• Reduced NETCOM
personnel effected
by the 5 year rule –
placed 37 personnel
against CONUS
NETCOM positions
Support ARCYBER’s and NETCOM’s mission through improvement of
access to critical talent and expedited hiring of civilians
UNCLASSIFIED
UNCLASSIFIED
Leveraging Partnerships
• Defense Digital Service • Bug Bounty Program
• Cyber School Training Pilot
• Tiger Teams
• DIUX• Endpoint Threat Detection Analytics
• Machine Learning
• Cyber Acquisition Task Force• TRADOC Capability Manager (TCM) Cyber
• PEO EIS, C3T, IEW&S and STRI
We are leveraging partner capabilities to deliver solution we couldn’t have on our own!
UNCLASSIFIED
UNCLASSIFIED
10
Defensive Cyber Operations (DCO)Requirements Strategy
Supporting Documents MS B/C Documents
GIG IA ICD
06 Mar 06
Net-Enabled MC ICD
27 Dec 11
JIE ICD
17 Jul 14
Big data
15 Jan 14
DCO-I
31Jan 14
Web Scanning
15 Jan 14
ICDs
LWN ICD
30 Jul 14
ONSs
CPT Support
15 Aug 14
1. Cyber Analytics
2. Garrison DCO Platform
3. Deployable DCO System
4. DCO Tool Suite
5. Tactical DCO Infrastructure
6. DCO Mission Planning
7. User Activity Monitoring
(Insider Threat)
8. Forensics/Malware
9. Advanced Sensors
10. Threat Discovery/ Counter-
Infiltration
11. Threat Emulation
Requirements Definition
Packages/Capability Drops• Actively predict and hunt
• Outmaneuver adversaries
• Achieve survivability & security
enhancement
• Conduct site exploitation and
forensic analysis
• Conduct DCO mission planning
and protection
• Conduct mission assurance
actions to dynamically re-
establish, re-secure, re-route,
reconstitute, or isolate
• Evaluate the defensive posture
thru vulnerability assessments &
threat emulation
DCO IS ICD
MS A Document
DC
O M
an
eu
ver
Baseli
ne
Using rapid development process to deliver capabilities faster.
UNCLASSIFIED//FOUO
UNCLASSIFIED//FOUO 11
Capability delivery must keep pace with changing technology & evolving cyber adversaries, TTPs
DEVELOP, ASSESS, DEPLOY, LEARN, ITERATE
DCO Capability Delivery Model:
– Requirements: Broad RDPs, CDs informed by operations and accounts for technology and adversary changes
RDPs approved by ARB
CDs approved by ARCYBER CG/CCOE CG in collaboration with ASA(ALT)
– Acquisition: Tailorable, incremental model
Evolve existing operational prototypes
Rapid capability delivery
Spiral development, quick turns
– Testing: Series of incremental, discrete evaluations of Capabilities and any associated risk– Underpinned by CFT construct with “DevOps”: tight coupling between Ops, Development, and Testing
Defensive Cyber Operations (DCO)Evolutionary Capability Delivery Model
UNCLASSIFIED
UNCLASSIFIED
12
Mutually supporting capabilities operating on an integrated, standardized Infrastructure
Defensive Cyber Operations (DCO)Outmaneuvering and Engaging the Adversary
UNCLASSIFIED
UNCLASSIFIED
Way Ahead
• Acquisition • Limited Acquisition Authority
• Other Transaction Authority
• Future Transformational Technology• Artificial Intelligence / Machine Leaning
• Supply Chain Risk Management
Our processes need to be able to move at the speed of cyber
UNCLASSIFIED
UNCLASSIFIED
Conclusion
• Continual Efforts to improve DODIN Readiness and Resiliency• Convergence, WIN10, NetMod
• The Active Army’s Contribution to the Cyber Mission Force is Full Operational Capability (FOC)
• 41 teams on mission
• Helping to Build Capacity in USAR and ARNG• 21 more teams FOC by 2023
• Talent Management Efforts Are Paying Off