armed forces communications electronics association afcea
Download
Skip this Video
Download Presentation
Armed Forces Communications & Electronics Association (AFCEA)

Loading in 2 Seconds...

play fullscreen
1 / 23

Armed Forces Communications & Electronics Association (AFCEA) - PowerPoint PPT Presentation


  • 162 Views
  • Uploaded on

Armed Forces Communications & Electronics Association (AFCEA). AFCEA International Non-profit membership association Serves the military, government, industry, and academia Advances professional knowledge and relationships in the fields of communications, IT, intelligence, and global security.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Armed Forces Communications & Electronics Association (AFCEA)' - corin


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
armed forces communications electronics association afcea
Armed Forces Communications & Electronics Association (AFCEA)
  • AFCEA International
    • Non-profit membership association
    • Serves the military, government, industry, and academia
    • Advances professional knowledge and relationships in the fields of communications, IT, intelligence, and global security.
  • AFCEA Activities
    • SIGNAL Magazine (Monthly)
    • SIGNAL Connections (Online Newsletter)
    • Educational Foundation
    • Professional Development Center
    • AFCEA Sponsored Conferences/Symposia
  • AFCEA Participants
    • 20,000 individual members
    • 11,000 corporate associates
    • 1,400 corporate members
operationalizing network defense or the awakening of one comm guy

Operationalizing Network Defense(or, “The Awakening of One Comm Guy”)

Colonel Mark Kross

Commander

26th Network Operations Group

Overall Classification:

UNCLASSIFIED

overview
Overview
  • Importance of the Network
  • Net-D Primer
  • Net-D as a Recognized Operation
  • The Big Evolution
  • People
  • Systems
  • Intel
  • Planning
network defense the operational imperative

Net-Centric

Battlespace

AFFOR

CAOC

EOC

Limited Regional Conflict

Major Regional Conflict

Disaster Relief

Humanitarian Assistance

Counter Insurgency

International War

Peacekeeping

NEO

Network Defense: The Operational Imperative
  • AF Operations today use a complex network of systems and airmen, enabling full spectrum dominance – we need our networks to fight.

PACAF

NCC

AFSPC

ACC

PENTAGON

“The first battle in the wars of the future will be over control of Cyberspace”- Dr Lani Kass

threats to u s air force networks
Threats to U.S. Air Force Networks

2007

  • December 1998 – January 2003
    • Most activity from moderately skilled individuals
          • Hackers, Script kiddies, Criminals

20,116,960,777 Suspicious Connections

5,804,970 Real-Time Alerts

28,398 Suspicious Events

  • 2007: 31 validated Incidents:
  • 78% had TCNOs
  • Patches/Updates not done
  • Default/Weak passwords
  • Poor permission settings

257 Non Compliance

Validate

9 Root, 18 User

4 Malicious Logic

31 Incident

    • February 2003 – 2005
  • Skilled / organized actors (possibly state-sponsored)
  • Physical destruction
  • Forces of Nature
  • Nation States
  • Non-State Actors
    • 2005 – Present
  • Trend reports identify associated state-sponsored attacks

“As the nation with the world’s most advanced armed forces, we can’t

afford to risk losing the freedom of action in the cyberspace domain.”

- SECAF Jun 07

cyberspace is a battlespace we re at war

PENTAGON, 11 Sep 2001:

Adversary Used: Internet for Recruitment

International & Cell Comms for Coord; Training on Simulators

Cyberspace is a Battlespace…We’re at WAR!

Hundreds of Jihadi Web Sites and Internet Hosts,

Thousands of Individual email Accounts

network defense primer
Network Defense Primer
  • CyberOps is an arms race that favors the offensive
  • Functionally, Network Defense (Net-D) is somewhat analogous to an Air Defense system (CRE), but…
  • “Missions” are not single engagements, but muiltiple and constant
  • No US historical precedent:
    • Perpetual, undeclared struggle
    • Against a myriad of peer-level adversaries whose identities are often un-prove-able
    • In which weapons and tactics emerge, evolve, and become obsolete in days or weeks
net d as a recognized operation

MD

NetD

NetA

EP

EA

PSYOP

OPSEC

NS

C-PRO

PA

CI

ES

Net-D as a Recognized Operation
  • AFDD 2-5: Net-D is a subset of Network Warfare Operations, as part of Information Operations
    • IO: “The integrated employment of the capabilities of influence operations, electronic warfare operations, network operations in concert with the specified integrated control enablers, to influence, disrupt, corrupt or usurp adversarial human and automated decision-making while protecting our own.”
  • New Doctrine pending—NetD will still be a type of op!

Influence

Ops

Electronic

Warfare Ops

Network

Warfare Ops

Military Capabilities

Sub-class

Capabilities

the big evolution
The Big Evolution
  • Steps on the Evolutionary Trail of Network Defense:
    • Nothing
    • Information Assurance
    • Information Assurance plus Network Defense
    • Info Assurance plus Operationalized Net-D
  • OperationizedNet-D—the process to get there is a set of concurrent evolutions in many areas—including people, systems, intelligence, and planning!
the evolution in people
The Evolution in People
  • Steps on the Evolutionary Trail of Building a Network Defender:
    • Nothing
    • Technical Training
    • Technical Training plus Operational Training in an IQT/MQT Construct
    • Certified Training Under a Stan/Eval Process
slide11

33 NWS Crew Qualification

ASIM Operator

Lead Analyst

Sys Admin

Commander

Crew Chief

Response

CENTCOM

Operator

Incident

Tech

Crew

Initial Assessment

33 NWS Common Block Course

33 NWS Technical Refresher

IQT Test

70% passing

Unix

33 NWS NSD Fundamentals Course

Routing/Networking

33 NWS ASIM Operators Training Course

33 NWS CENTCOM Operators Training Course

ASIM Tech

MQT Test

85 % passing

CENTCOM Tech

Hands on Check Ride

Commercial Training Courses

11

undergraduate network warfare training unwt
Undergraduate Network Warfare Training (UNWT)

One Course – Two Parts

Advanced Distributed Learning

UNWT In-Residence – 39 IOS

Full Crew Training

Officer, Enlisted, Civilian

Comm, Intel, Space, Engineer, AFOSI

Partner w/ Industry

SANS GSEC Bootcamp

DoD 8570.1M Certification

Idaho National Labs / Sandia National LabsPacific Northwest National Labs

Hands-On Mission Simulators & Models

Joint Cyber Ops Range / Telephony / Wireless / SCADA

Joint IO & Space Range / IADS / TADIL / SATCOM

Community Development

Cyberspace Training Summit

Missile & Space Intelligence Command / JRAAC / JIOR

Community of Practice (CoP) (AFKN)

Dept. of Homeland Security (DNS)

DoD 8570.1M

UNWT CoP

https://wwwd.my.af.mil/afknprod

standardization and evaluation
Standardization and Evaluation
  • Stan/Eval – Professionalizes Operations
    • Methodical mission planning
    • Synchronized Ops execution
    • Rigor/discipline/control - Career long evaluations
  • How?
    • Standard ROEs and TTPs
    • Mission Training
    • Mandatory Simulator time – critical thinking
    • Rigorous Evaluation
  • Elite Network Warriors – ready to affect the battle space

Stan/Eval

Weapons & Tactics

Mission Training

Operations

the evolution in systems
The Evolution in Systems
  • Steps on the Evolutionary Trail of a Net-D Weapon:
    • “Some IT Gear” bought and deployed
    • A System, tested prior to deployment
    • A System, obtained to achieve a specific Net-D effect, tested, certified, and weaponized prior to deployment
af info ops center afioc
AF Info Ops Center (AFIOC)
  • Weapons
    • NetWarfare Tools OT&E
    • Countermeasure Development/Support
    • Network Warfare Systems Capability Integration
    • Wireless Signature support
    • New Technologies
  • Tactics Development
    • Architecture analysis support (incident response)
    • TTP Development
    • System/ Software Vulnerability Assessments
    • Modeling/Simulation
net d s weapon systems
Net-D’s Weapon Systems
  • ASIMS – Automated Security Incident Measurement System
    • “Packet Sniffer on Steroids”: Monitors DMZ traffic, alerts on suspicious traffic
    • GOTS software – IDS signatures not shared outside of DoD
    • Working Block 3.1.1 – IPv6 logging, auto response/remediation, wild card string matches, 40% faster processing
  • BorderGuard
    • CENTCOM’s Intrusion Detection and Prevention system
    • Virtually NO major Net-D incidents in CENTCOM while deployed!
  • IO (Information Operations) Platform
    • Interoperable, survivable, real-time packet monitoring of all traffic for ID’d signatures
    • Captures context (pre/post compromise actions)
    • Allows Net-D operator to block, quarantine, log, alter, or deep-inspect traffic
af net d weapon systems

+ AFIOC

+ OSI

+ NOSCs

AF Net-D Weapon Systems

AF Sensors: 215

USCENTCOM Sensors: 111

79% Cisco 21% ASIM

Enlisted: 117

Officer: 51

Civilian: 10

Contractors: 107

+ DoD

+ Joint

33 NWS

+ Civilian

the evolution in intelligence
The Evolution in Intelligence
  • Steps on the Evolutionary Trail of Net-D Intelligence:
    • Nothing
    • “Headline vignette” –quality Intel
    • “Headline vignette”, plus implications
    • Predictive, actionable Intel, through standard processes (PIRs, etc.)
operational intelligence intel drives operations
Operational IntelligenceIntel Drives Operations

Iterative process:

Plan Execute Assess

Centers

Agencies

Subject

Matter

Expertise

Operational level C2

Analysis

Real-time

Mission

Changes

Tactical

Execution

&

Mission

Reporting

Boards & Cells

Targeting

Time

Sensitive

Targeting

ISR Ops / Collections

The ISR process should not vary from one warfighting domain to the other!

cyberspace intel requirements
Cyberspace Intel Requirements

Provide predictive, timely and actionable intelligence to Commanders conducting operations in and through cyberspace (physical, digital, social, wireless networks)

Collaborate with USGov, public, private and allied/coalition partners on cyberspace intelligence

Perform operational assessments to improve cyber incident response

Support operational assessment process with tailored analysis of cyberspace effectiveness in support of ongoing missions

Develop and implement annual intel training requirements for all cyberspace operators

Not much difference from ISR support to other forms of warfare…

the evolution in planning
The Evolution in Planning
  • Steps on the Evolutionary Trail of Net-D Mission Planning:
    • None—just “do what the systems force you to do”
    • Minimal—put context around “what the systems force you to do”
    • Plan in advance for what might happen—includes deliberate planning process
    • Self-initiated, aggressive Net-D Operations—”named” operations—Mission Planning
    • Campaign Planning
mission planning campaign planning
Mission Planning, Campaign Planning
  • Address specific adversaries and provide operational planning capability on the 2 week-to-1 year window
  • Focused on known adversaries
  • Focused on probable scenarios—develop mission concept from I&W to employment
  • Future capabilities will allow for more active defense, including ROE-based immediate response actions
ad