Upload
afcea-international
View
1.330
Download
6
Embed Size (px)
Citation preview
Approved for Public Release
Approved for Public Release
Cyber Situational AwarenessAFCEA Technet
25 August, 2015
Mr. Malcolm MartinUS Army Cyber Center of Excellence
Chief, Cyber Support Element-Ft. Leavenworth, KS.
Approved for Public Release
Approved for Public Release
Purpose
Provide discussion of Army Cyber Situational Awareness (Cyber SA): “what it is, who uses it, and how Cyber SA may be applied”, today and in the future, for Unified Land Operations (ULO).
– What has changed? Conflicts and Impacts of Cyber.– The Cyber Domain - How is it defined?– Constant threat and actors– Cyber SA Concept and Operational framework– Cyber SA Impact as holistic aspect of ULO– Army Cyber SA applied– Culture change
Approved for Public Release
Approved for Public Release
2007: Syria – Israel
• September 2007 – Israeli Air Force attacks suspected nuclear facility under construction in Syria.
• First large-scale example of combined cyber and electromagnetic means – believed that Israelis used EW to deliver a cyber attack/network control capability to the Syrian radar which executed the code on receipt.
• Prior to attack, Syrian IADS along ingress/egress routes could not ‘see’, allowing IAF planes to fly undetected by radar into Syria and attack the site unimpeded.
• Overall result was disruption of Syrian IADS by an electronic/cyber attack that enabled kinetic strike of nuclear site.
Approved for Public Release
Approved for Public Release
Georgia-Russia 2008
• August 2008 – Russian troops cross into South Ossetia w/ stated intent to defend their “Russian compatriots”.
• Combined Arms assault was preceded and enabled by a multifaceted cyber attack against Georgian gov’t and military infrastructure and defacement of web sites
• Distributed denial of service (DDoS) attacks combined with EW jamming disrupted and denied comms simultaneous to an integrated propaganda (MISO and MILDEC) campaign
• Overall operation should be considered the first large scale ‘hybrid’ combined arms operation (air, land, cyber).
Approved for Public Release
Approved for Public Release
Ukraine-Russia 2015
Russia’s battle with Ukraine is being fought partly in cyberspace where it may have greater room for escalation because nations increasingly accept covert cyber attack as a valid form of international pressure when more
traditional options are too violent – or too visible.
The rule of thumb for seeing disruptive cyber attacks before they happen is that “physical conflicts beget cyber conflicts.”
The current cyber battle also could spread if the overall strategic confrontation deepens, say toward a second Cold War. Such a stand-off, pitting Russia against the United States, NATO, and Ukraine
“The Russian occupation of Ukraine in 2014 was carried out with a military show of force – informed and supported by a
coordinated cyber-spying campaign”.• The situation in Ukraine has seen relations between Russia and the West
deteriorate to almost Cold War levels
Approved for Public Release
Approved for Public Release
Cyberspace Domain
CYBERSPACE: Cyberspace is a global domain within the information environment consisting of the interdependent network of information technology infrastructures and resident data, including the Internet, telecommunications networks, computer systems, and embedded processors and controllers (JP 1-02).
Characteristics:• Manmade domain…ever changing• Physical, functional, cognitive, logical/virtual and social• Programming code and protocols define rules of the domain• Environment and TTPs evolve at speed of code• Constant presence – Phase 0 on-going• Unlimited, instantaneous (operational) reach
Success in this domain means being smarter, more creative, faster, and stealthier than your opponent
Approved for Public Release
Approved for Public Release
Back Up Slides
UNCLASSIFIED7
The Growth of the Cyber Domain
Everyone, including the adversary, uses the Internet
Size of the Internet1.2 Zetta bytes
Size of the Internet16 Exabytes
Size of the Internet1 Exabytes
DECEMBER 199516 million Internet users
MARCH 2001458 million Internet users
March 20142.5 billion Internet users
Approved for Public Release
Approved for Public Release
Cyber Adversary Tactics, Techniques, and Procedures
Hostile Actor
Planning / Scanning
Web Server/Webpages
Users
Exploitation Lateral Movement Adversary Intent / Exfiltration
ReconnaissanceEspionage
Destructive Malware
Target System
- Users/decision-makers
- Their devices and associated IP addresses
- Data, databases, and websites
- Network infrastructure
- Physical locations
Cyberspace Threats
Approved for Public Release
Approved for Public Release
Cyber Situational Awareness Defined
JP 3-12 Cyberspace Operations (CO) • Cyberspace SA is the requisite current and predictive knowledge of
cyberspace and the OE upon which CO depend, including all factors affecting friendly and adversary cyberspace forces.
• DODIN operations activities are the foundation of cyberspace SA, therefore, DODIN operations are fundamental to the commander’s SA of the OE.
• Accurate and comprehensive SA is critical for rapid decision making in a constantly changing OE and engaging an elusive adaptive adversary.”
• SA of friendly cyberspace is provided today by the Services and agencies operating their portions of the DODIN. DISA does this through the theater NETOPS centers to the CCMD theater/global NETOPS control centers, USCYBERCOM Joint Operations Center, Joint Functional Component Command for Space’s Joint Space Operations Center and their Service/agency leadership. They coordinate with each other as required to ensure operational effectiveness.
Approved for Public Release
Approved for Public Release
Why do we need Cyber SA?
• The Internet was originally designed as an open system to allow scientists and researchers to send data to one another quickly, rather than with built in security measures.• Without stronger investments in cyber security and cyber defenses, data systems across the world remain open and susceptible to exploitation and attack.• Malicious actors use cyberspace to steal data and intellectual property for their own economic or political goals.• The increased use of cyber attacks as a political instrument reflects a dangerous trend for international relations.• Therefore, the U.S. assumes that potential adversaries will seek to target U.S. or allied critical infrastructure and military networks to gain a strategic advantage.
Source: THE DEPARTMENT OF DEFENSE CYBER STRATEGY, April 2015
Approved for Public Release
Approved for Public Release
The Operational Framework
“The inclusion of the cyberspace domain and the EMS greatly expands and complicates the operational framework transforming a limited physical battlefield to a global battlefield.” – FM 3-38
FM 3-12 (TBP)/FM 3-38: Operate in the Cyberspace Domain / Electromagnetic
Spectrum
xx
xx
xxxx
x
x
xx
x
x
x
xDIV
xSUST
ADRP 3-0: Operate in the Land Domain
“The operational framework provides Army leaders with basic conceptual options for visualizing and describing operations.” – ADRP 3-0
Approved for Public Release
Approved for Public Release
Cyber SA Functional Elements
(U) TRADOC Pamphlet (TP) 525-3-0, The Army Capstone Concept (ACC), asserts that future Army requires the capability to provide leaders and Soldiers that understand how and when adversaries employ CO and cyberspace capabilities, how to mitigate adversary actions, and how to respond to gain and maintain the cyberspace advantage within the OE in support of ULO
Approved for Public Release
Approved for Public Release
Army Cyber SA CONOPS
13
Cyber SA Functional Delineation
Data Collection
Data Store
User Defined Operational
Picture
Big Data Network View
Cyber Mission ForcesDODIN, DCO and OCO
CONUS and Expeditionary
JIE, COE, LWN
Corps, Division and BCT Commanders & Staffs
Home Station and Deployed
Command Post Computing Environment
Contextualizes three interrelated
“Awareness” outputs: Threat, Network, and Mission;
And the ability to plan operations!
xxxCEM
x
xxCEM
CEM
e.g.Big Data Analytics/ Dagger-
like
e.g. GoogleEarth-like
Cyber Analytics (Big Data)
JIMIndustry Commercial
JTF-L
“What is needed to achieve Cyber SA; how will Cyber SA be integrated into the COP; and how will Cyber SA be used to plan, prepare, execute, and assess operations?”
JTF-C
Approved for Public Release
Approved for Public Release
Depicting Cyber in ULO
Cyber SA utilizes standard geospatial reference map displays resident in future command post computing environment. Overlay creation tools available and provide export/sharing of displayed data directly to the Common Operational Picture (COP).
Standard geospatial reference maps
Web application accessibility through future computing environment
14
Approved for Public Release
Approved for Public Release
Aspects of Cyber SA
• Cyber SIGACTS
• Display Active Emitters
• Filters: 3G, 4G, WiFi, Radar
• Cyber actors & activity
15
• Should be able to select actors by multiple functions or entities*
* Entity refers to operational units & organizations w/n AOR
Approved for Public Release
Approved for Public Release
Unified Land/Cyber Ops & Planning
• CEMA Running Estimate
• Mission Analysis, COA Development, Wargaming
16
Approved for Public Release
Approved for Public Release
“Changing your organizational culture is the toughest task you will ever take on. Your organizational culture was formed over years of interaction between the participants in the organization. Changing the accepted organizational culture can feel like rolling rocks uphill.”
“How to Change Your Culture: Organizational Culture Change”Susan M. Heathfield
Management and Organization Development
“The most important area for transformation is the space "between our warfighters' ears," said the chairman of the Joint Chiefs of Staff. "If you don't try, and you stay locked in the doctrine that brought you there, you're going to fail. You've got to adapt." “Changing military culture key to transformation”
General Richard B. MyersChairman, Joint Chiefs of Staff
“Transforming the Army means more of a mindset change, as opposed to just changing wiring diagrams or equipment. Transformation is a journey, not a destination.”
Army Chief of Staff Gen. George W. Casey Jr.
Change in Cultural Thinking
Approved for Public Release
Approved for Public Release
Mr. Malcolm W. “Mack” MartinUS Army Cyber Center of Excellence
Chief, Cyber Support Element – Fort Leavenworth, [email protected]
Office: (913) 684-4600Mobile: (913) 991-3505
Questions?