Upload
others
View
13
Download
0
Embed Size (px)
Citation preview
UNCLASSIFIED
UNCLASSIFIED
Product ManagerDefensive Cyber Operations
(DCO) AFCEA Discussion
LTC Scott Helmore, Product Manager26 April 2017
UNCLASSIFIED
UNCLASSIFIED
Industry
Partnership
Cyber Battle Lab
TRADOC Capability Manager
Cyber Protection Brigade
NETCOM
RCOPEO EIS
PEO IEWSPEO C3TPEO STRI
UNCLASSIFIED
UNCLASSIFIED
PdM DCO Organization
Product ManagerLTC Scott Helmore
APM PlatformsMr. Kyle Tucker
APM ToolsMAJ Cedric Sherard
APM Mission Planning
MAJ Shakena Evans
APM Cyber Analytics(VACANT)
Emerging Technologies Director
Mr. Joe Kobsar
Deputy(VACANT)
• Deployable DCO System• Garrison DCO Platform
• CPT Tools• Forensics and Malware
• Mission Planning • Cyber Analytics• User Activity Monitoring
UNCLASSIFIED
UNCLASSIFIED
Cyberspace Material Development Efforts
Defensive Cyberspace Operations (DCO)OPR: PEO EIS, PEO C3T
Passive and active cyberspace operations intended to preserve the ability to utilize friendly cyberspace
capabilities and protect data, networks, net-centric capabilities, and other designated systems.
Offensive Cyberspace Operations (OCO)OPR: PEO IEW&S; INSCOM
Cyberspace operations intended to project power by the application of force in or through cyberspace. The Army provides forces trained to conduct OCO
across the range of military operations to target enemy and adversary activities and capabilities.
Persistent Cyber Training Environment (PCTE)
OPR: PEO STRIThe Cyber Mission Forces and associated
Command and Control (C2) will use the PCTE to conduct individual and collective training to achieve
and sustain mission readiness for full spectrum Cyberspace Operations conducted by Services and
Combatant Commands
Cyber Situational Understanding (SU)OPR: To Be Determined
Cyber SU will fully establish an integrated cyberspace, spectrum management and electronic
warfare capability for CORPS and Below data models, architectures and analytics.
UNCLASSIFIED
UNCLASSIFIED
DCO Concept of Operations
Acronym ListDDS – Deployable DCO SystemGDP – Garrison DCO PlatformNEC – Network Enterprise CenterNIPR – Non-Secure Internet Protocol RouterNOC – Network Operations CenterR – GDP – Regional Garrison DCO PlatformRHN – Regional Hub NodeSIPR – Secure Internet Protocol RouterTDI – Tactical DCO InfrastructureWIN-T – Warfighter Information Network – Tactical
UNCLASSIFIED
UNCLASSIFIED
DCO Overview
PEO C3T Program
PEO EIS Program
LEGEND
GarrisonDCOPlatform
DeployableDCO
System
DCO Tool Suite
DCO Information Systems Initial Capability Document
26 Oct 16
Current Requirements
Cyber Analytics&
Big Data Platform
DCOMission Planning
TacticalDCO
Infrastructure
Forensics&
Malware
UserActivity
MonitoringFuture
CapabilitiesFuture
CapabilitiesFuture
Capabilities
Big Data Platform DCO Infrastructure Cyber Protection Team Tools
Web Vulnerability
Driving ONS Requirements
Future Requirements
~FY18-20
DCO Information Systems Initial Capability Document
26 Oct 16
Sensors Threat Discovery
Threat Emulation
UNCLASSIFIED
UNCLASSIFIED
Requirements – Program Overview
UNCLASSIFIED
UNCLASSIFIED
Requirements
IS - ICD Description1. Tactical DCO Infrastructure Tactical system (computing infrastructure) which resides within the Command Post, at
BDE through Corps, for both organic Cyber Network Defenders as well as remote access by Cyber Protect Teams through the Local Area Network (LAN) to support defense of the Network.
2. Garrison DCO Platform Pre-positioned infrastructure equipment that enables cyber protection teams to remote into the infrastructure and conduct defensive cyberspace operations.
3. Deployable DCO Systems COTS based multi-configurable deployable system that can be loaded on an aircraft or other mobile means to facilitate deployment of CPT Tools. The systems will reside with the Cyber Protection Teams (CPT) and support deployment missions.
4. Cyber Analytics IT cyberspace threat and vulnerability hunting capability that will allow the Army Cyber Mission forces to ingest multitudes of data sources, correlate that data, perform analysis and then turn that data into visual information in order to detect and illuminate adversaries and vulnerabilities.
5. DCO Tool Suite Flexible and dynamic set of Commercial off the Shelf software based set of warfighting capabilities that enable Cyber Mission Forces and in some cases local defenders to perform DCO and cyberspace security missions.
6. DCO Mission Planning Application-based, scalable, secure warfighting system to support cyberspace operations mission planning and command. Helps identify Cyberspace Key Terrain (KT-C); determine probable attack vectors; and produce a set of relevant internal defense measures, triggers, and decision points.
7. Forensics and Malware Analysis Tools to collect, process, search, and analyze evidence from portable electronic devices, removable media, and system hard drives and random access memory
8. User Activity Monitoring Provide the Army the technical capability to observe and record the actions and activities of an individual, at any time, on any device accessing U.S. Government information
UNCLASSIFIED
UNCLASSIFIED
Cyber Evolutionary Acquisition Execution
Deliver new capabilities every four months• Operational Evaluation• Enter Baseline Decision
Semi-annual insertions into operational baseline
Monthly Technical Interchange Meeting or Design ReviewFY18 FY19 FY20
JUN JUL AUG SEP OCT NOV DEC JAN FEB MAR APR MAY JUN JUL AUG SEP OCT NOV DEC JAN FEB MARBaseline Program
V1 V2 V3Contract Prototype OA CATF
Contract Prototype OA CATFContract Prototype OA CATF
Contract Prototype OA CATFCATF – Cyber Acquisition Task ForceOA – Operational AssessmentV - Version
UNCLASSIFIED
UNCLASSIFIED
Strategy – Potential Acquisition
Initial Approach• OTA for Prototyping (Picatinny C5) • Preferred COTS vs Development• IDIQs for material solutions• IDIQs for service approaches• BPA for Tools• CHESS for Tools
Training and Support contract • Emerging Threats/Opportunities Tool line
Services contracts for immediate configuration changes or customization
UNCLASSIFIED
UNCLASSIFIED
Potential Prototypes
Platforms• Garrison DCO Platform• Enhanced Garrison DCO Platform• Cloud Based Garrison DCO Platform• Lightweight Deployable DCO Platform
Tools• Cross Domain Management• Network mapping and visualization• Cyber Gunnery
Analytics• User Activity Monitoring • Micro Analytics
Emerging/Planning• Threat Sensor• Threat Emulation
Development Operational Environment (DEVOPS)
UNCLASSIFIED
UNCLASSIFIED
DCO Programs of Record Path
FY 2017 FY 2018 FY 2019M A M J J A S O N D J F M A M J J A S O N D J F M A M J J A S
RFP
RDP AROC APPROVAL
RFP Release Decision
Draft RDP
Draft RFP
SSEB
Contract AwardMilestone
Decision
RFI-2RFI-1
RFI Due
Industry Day
Development/Delivery
Capability 1Capability 2
Capability 3Capability 4
Capability 5
Capability 6
Capability 7
Assess
Assess
Assess
Assess
Assess
Assess
AROC – Army Requirements Oversight CouncilRDP – Requirements Definition PackageRFI – Request for InformationRFP – Request for ProposalSSEB – Source Selection Evaluation Board
UNCLASSIFIED
UNCLASSIFIED
Current Challenges
Communicating with Industry • One to Solve the Problem or Many
Staying ahead of the threat / Technology• Prototype identification vs S&T vs one off
Feedback on prototypes• What should we be asking for?• What would you like to know?
Training and Support Rapid Response Tool Changes or Procurement
• Proprietary • DEVOPS
UNCLASSIFIED
UNCLASSIFIED
Administrative
For all meeting requests with DCO, please contact Ms. Aleida Aponte at [email protected]; (703) 806-8549
• Meetings will be scheduled for than 30 minutes
• Please Provide the following information for each meeting requesto Who from the company will be in attendanceo Proposed agenda itemso Will there be a demonstration