Col kevin wooton commander 31 may 2011
This presentation is the property of its rightful owner.
Sponsored Links
1 / 12

Col Kevin Wooton Commander 31 May 2011 PowerPoint PPT Presentation


  • 111 Views
  • Uploaded on
  • Presentation posted in: General

Col Kevin Wooton Commander 31 May 2011. 67th Network Warfare Wing The Air Force’s Cyber Ops Wing. Overall Classification: UNCLASSIFIED. Where we are… where we’re going. Cyber today is where Airpower was in the 1930s…. O perate. Operations Of and On the Net. A ttack. D efend.

Download Presentation

Col Kevin Wooton Commander 31 May 2011

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Col kevin wooton commander 31 may 2011

Col Kevin Wooton

Commander

31 May 2011

67th Network Warfare WingThe Air Force’s Cyber Ops Wing

Overall Classification:

UNCLASSIFIED


Where we are where we re going

Where we are… where we’re going

Cyber today is where Airpower was in the 1930s…


67 nww focus

Operate

Operations Of and On the Net

Attack

Defend

67 NWW Focus

  • Conducting the full range of Network Warfare

    • Network Operations(Establish)

    • Net Defense(Control)

    • Full Spectrum(Use)

67 NWW

690 NSG

Net Ops

26 NOG

Net Defense

67 NWG

Full Spectrum


Col kevin wooton commander 31 may 2011

CSAF’s Sep 00 One Air Force…One Network NOTAM committed AF to fundamentally changing the way we leverage our networks.

CSAF’s msg established AFNetOps, 3 Jul 03…To effectively protect Air Force networks and the advantages they provide, network control…need[s] to be applied in a coherent, disciplinedfashion under control of a single AF commander.

CSAF’s 3 Aug 05 memo on AFNETOPs support to USSTRATCOM laid out a path to provide C2 of the AF network.

CSAF’s 15 May 09 directive memorandum established AFNETOPS/CC authority to issue ordersfor the operation of AF networks.

End-Game: C2 network with focused, precision results

AFNetOps Vision


Col kevin wooton commander 31 may 2011

AFNetOps Reality

O&M responsibility Matrix

AFMCVPN managed by NCC

Except at

Kirkland where its

iNOSC-W

AFCYBER = MAJCOM NOSCs under one commander


Afnet migration niprnet

AFNet Migration (NIPRNET)

One AF-wide

Active Directory Forest

SCOPE

14 Networks into One

840K users across 413 sites

BENEFITS

E-mail for Life

Single Sign-on  Anywhere

Reduce System Complexity

AF-wide Collaboration

STATUS (9 May 11)

138K users // 29 sites

16% of AF

10 Legacy Nets Shutdown


Net defense current ttp

Net-Defense: Current TTP

DETECT

  • 24/7/365 presence

  • Crews review 10K+ suspicious events per day

  • Report foreign IP activity to IC

  • Correlation analysis - low & slow

  • Recommend IP blocks to NOD

  • Unity of effort w/other agencies

PREVENT

  • TCNOs up 28% since 2006

  • ASIMS strings – filter suspicious net activity

  • Strong relationship with vendors – share knowledge

  • Blue assessment – see what hacker sees

RESPOND

  • Highly skilled computer network/forensics analysts

  • Focal point for net intrusions

  • Isolate exploitation method & extent of compromise

  • Work closely with OSI & counter-intel agencies

Sensors

Air Force: 232

USJFCOM: 2

USCENTCOM: 108


Mission operations tempo

Mission Operations Tempo

*CAO 20 Apr 11


Full spectrum ops current units

Full Spectrum Ops Current Units

  • 91 NWS

    • Telephone Network Ops

  • 315 NWS

    • Core of AF Ops at Ft Meade

    • Daily joint operations


Col kevin wooton commander 31 may 2011

Current/Future Initiatives

  • Host-Based Security System (HBSS), desktop-level security

  • Information Operations Platform (IOP), intrusion prevention system

  • Network defense common operating picture (ArcSight)

  • EnCase – Remote Incident Response Forensics (EnCase)

  • AF Gateways (aka AF Network Increment 1), network demilitarized zone

  • Vulnerability Lifecycle Management System (VLMS)

  • Fidelis for OperationsSecurity (OPSEC): SNS monitoring/Insider threat


Current future initiatives cont d

Current/Future Initiatives (cont’d)

  • Continuity of Operations (COOP)/Alternate Operations Locations (AOL)

  • ROE-governed TTPs/Execution: Stan/Eval

  • Partnerships for rapid TTP and tool development: ESC, AFCA, Rome Labs, 688 IOW

  • Active/Dynamic Defense

  • Indications and Warnings of malicious activity based on actionable, targeted Intel


Col kevin wooton commander 31 may 2011

NetD

NetE

Full Spectrum

NetOps

67 NWW - Air Force’s Execution Arm for Cyber Warfare

UNCLASSIFIED


  • Login