UNCLASSIFIED

UNCLASSIFIED

Product ManagerDefensive Cyber Operations

(DCO) AFCEA Discussion

LTC Scott Helmore, Product Manager26 April 2017

UNCLASSIFIED

UNCLASSIFIED

Industry

Partnership

Cyber Battle Lab

TRADOC Capability Manager

Cyber Protection Brigade

NETCOM

RCOPEO EIS

PEO IEWSPEO C3TPEO STRI

UNCLASSIFIED

UNCLASSIFIED

PdM DCO Organization

Product ManagerLTC Scott Helmore

APM PlatformsMr. Kyle Tucker

APM ToolsMAJ Cedric Sherard

APM Mission Planning

MAJ Shakena Evans

APM Cyber Analytics(VACANT)

Emerging Technologies Director

Mr. Joe Kobsar

Deputy(VACANT)

• Deployable DCO System• Garrison DCO Platform

• CPT Tools• Forensics and Malware

• Mission Planning • Cyber Analytics• User Activity Monitoring

UNCLASSIFIED

UNCLASSIFIED

Cyberspace Material Development Efforts

Defensive Cyberspace Operations (DCO)OPR: PEO EIS, PEO C3T

Passive and active cyberspace operations intended to preserve the ability to utilize friendly cyberspace

capabilities and protect data, networks, net-centric capabilities, and other designated systems.

Offensive Cyberspace Operations (OCO)OPR: PEO IEW&S; INSCOM

Cyberspace operations intended to project power by the application of force in or through cyberspace. The Army provides forces trained to conduct OCO

across the range of military operations to target enemy and adversary activities and capabilities.

Persistent Cyber Training Environment (PCTE)

OPR: PEO STRIThe Cyber Mission Forces and associated

Command and Control (C2) will use the PCTE to conduct individual and collective training to achieve

and sustain mission readiness for full spectrum Cyberspace Operations conducted by Services and

Combatant Commands

Cyber Situational Understanding (SU)OPR: To Be Determined

Cyber SU will fully establish an integrated cyberspace, spectrum management and electronic

warfare capability for CORPS and Below data models, architectures and analytics.

UNCLASSIFIED

UNCLASSIFIED

DCO Concept of Operations

Acronym ListDDS – Deployable DCO SystemGDP – Garrison DCO PlatformNEC – Network Enterprise CenterNIPR – Non-Secure Internet Protocol RouterNOC – Network Operations CenterR – GDP – Regional Garrison DCO PlatformRHN – Regional Hub NodeSIPR – Secure Internet Protocol RouterTDI – Tactical DCO InfrastructureWIN-T – Warfighter Information Network – Tactical

UNCLASSIFIED

UNCLASSIFIED

DCO Overview

PEO C3T Program

PEO EIS Program

LEGEND

GarrisonDCOPlatform

DeployableDCO

System

DCO Tool Suite

DCO Information Systems Initial Capability Document

26 Oct 16

Current Requirements

Cyber Analytics&

Big Data Platform

DCOMission Planning

TacticalDCO

Infrastructure

Forensics&

Malware

UserActivity

MonitoringFuture

CapabilitiesFuture

CapabilitiesFuture

Capabilities

Big Data Platform DCO Infrastructure Cyber Protection Team Tools

Web Vulnerability

Driving ONS Requirements

Future Requirements

~FY18-20

DCO Information Systems Initial Capability Document

26 Oct 16

Sensors Threat Discovery

Threat Emulation

UNCLASSIFIED

UNCLASSIFIED

Requirements – Program Overview

UNCLASSIFIED

UNCLASSIFIED

Requirements

IS - ICD Description1. Tactical DCO Infrastructure Tactical system (computing infrastructure) which resides within the Command Post, at

BDE through Corps, for both organic Cyber Network Defenders as well as remote access by Cyber Protect Teams through the Local Area Network (LAN) to support defense of the Network.

2. Garrison DCO Platform Pre-positioned infrastructure equipment that enables cyber protection teams to remote into the infrastructure and conduct defensive cyberspace operations.

3. Deployable DCO Systems COTS based multi-configurable deployable system that can be loaded on an aircraft or other mobile means to facilitate deployment of CPT Tools. The systems will reside with the Cyber Protection Teams (CPT) and support deployment missions.

4. Cyber Analytics IT cyberspace threat and vulnerability hunting capability that will allow the Army Cyber Mission forces to ingest multitudes of data sources, correlate that data, perform analysis and then turn that data into visual information in order to detect and illuminate adversaries and vulnerabilities.

5. DCO Tool Suite Flexible and dynamic set of Commercial off the Shelf software based set of warfighting capabilities that enable Cyber Mission Forces and in some cases local defenders to perform DCO and cyberspace security missions.

6. DCO Mission Planning Application-based, scalable, secure warfighting system to support cyberspace operations mission planning and command. Helps identify Cyberspace Key Terrain (KT-C); determine probable attack vectors; and produce a set of relevant internal defense measures, triggers, and decision points.

7. Forensics and Malware Analysis Tools to collect, process, search, and analyze evidence from portable electronic devices, removable media, and system hard drives and random access memory

8. User Activity Monitoring Provide the Army the technical capability to observe and record the actions and activities of an individual, at any time, on any device accessing U.S. Government information

UNCLASSIFIED

UNCLASSIFIED

Cyber Evolutionary Acquisition Execution

Deliver new capabilities every four months• Operational Evaluation• Enter Baseline Decision

Semi-annual insertions into operational baseline

Monthly Technical Interchange Meeting or Design ReviewFY18 FY19 FY20

JUN JUL AUG SEP OCT NOV DEC JAN FEB MAR APR MAY JUN JUL AUG SEP OCT NOV DEC JAN FEB MARBaseline Program

V1 V2 V3Contract Prototype OA CATF

Contract Prototype OA CATFContract Prototype OA CATF

Contract Prototype OA CATFCATF – Cyber Acquisition Task ForceOA – Operational AssessmentV - Version

UNCLASSIFIED

UNCLASSIFIED

Strategy – Potential Acquisition

Initial Approach• OTA for Prototyping (Picatinny C5) • Preferred COTS vs Development• IDIQs for material solutions• IDIQs for service approaches• BPA for Tools• CHESS for Tools

Training and Support contract • Emerging Threats/Opportunities Tool line

Services contracts for immediate configuration changes or customization

UNCLASSIFIED

UNCLASSIFIED

Potential Prototypes

Platforms• Garrison DCO Platform• Enhanced Garrison DCO Platform• Cloud Based Garrison DCO Platform• Lightweight Deployable DCO Platform

Tools• Cross Domain Management• Network mapping and visualization• Cyber Gunnery

Analytics• User Activity Monitoring • Micro Analytics

Emerging/Planning• Threat Sensor• Threat Emulation

Development Operational Environment (DEVOPS)

UNCLASSIFIED

UNCLASSIFIED

DCO Programs of Record Path

FY 2017 FY 2018 FY 2019M A M J J A S O N D J F M A M J J A S O N D J F M A M J J A S

RFP

RDP AROC APPROVAL

RFP Release Decision

Draft RDP

Draft RFP

SSEB

Contract AwardMilestone

Decision

RFI-2RFI-1

RFI Due

Industry Day

Development/Delivery

Capability 1Capability 2

Capability 3Capability 4

Capability 5

Capability 6

Capability 7

Assess

Assess

Assess

Assess

Assess

Assess

AROC – Army Requirements Oversight CouncilRDP – Requirements Definition PackageRFI – Request for InformationRFP – Request for ProposalSSEB – Source Selection Evaluation Board

UNCLASSIFIED

UNCLASSIFIED

Current Challenges

Communicating with Industry • One to Solve the Problem or Many

Staying ahead of the threat / Technology• Prototype identification vs S&T vs one off

Feedback on prototypes• What should we be asking for?• What would you like to know?

Training and Support Rapid Response Tool Changes or Procurement

• Proprietary • DEVOPS

UNCLASSIFIED

UNCLASSIFIED

Administrative

For all meeting requests with DCO, please contact Ms. Aleida Aponte at aleida.b.aponte.ctr@mail.mil; (703) 806-8549

• Meetings will be scheduled for than 30 minutes

• Please Provide the following information for each meeting requesto Who from the company will be in attendanceo Proposed agenda itemso Will there be a demonstration