Armed forces communications electronics association afcea
This presentation is the property of its rightful owner.
Sponsored Links
1 / 23

Armed Forces Communications & Electronics Association (AFCEA) PowerPoint PPT Presentation


  • 80 Views
  • Uploaded on
  • Presentation posted in: General

Armed Forces Communications & Electronics Association (AFCEA). AFCEA International Non-profit membership association Serves the military, government, industry, and academia Advances professional knowledge and relationships in the fields of communications, IT, intelligence, and global security.

Download Presentation

Armed Forces Communications & Electronics Association (AFCEA)

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Armed forces communications electronics association afcea

Armed Forces Communications & Electronics Association (AFCEA)

  • AFCEA International

    • Non-profit membership association

    • Serves the military, government, industry, and academia

    • Advances professional knowledge and relationships in the fields of communications, IT, intelligence, and global security.

  • AFCEA Activities

    • SIGNAL Magazine (Monthly)

    • SIGNAL Connections (Online Newsletter)

    • Educational Foundation

    • Professional Development Center

    • AFCEA Sponsored Conferences/Symposia

  • AFCEA Participants

    • 20,000 individual members

    • 11,000 corporate associates

    • 1,400 corporate members


Operationalizing network defense or the awakening of one comm guy

Operationalizing Network Defense(or, “The Awakening of One Comm Guy”)

Colonel Mark Kross

Commander

26th Network Operations Group

Overall Classification:

UNCLASSIFIED


Overview

Overview

  • Importance of the Network

  • Net-D Primer

  • Net-D as a Recognized Operation

  • The Big Evolution

  • People

  • Systems

  • Intel

  • Planning


Network defense the operational imperative

Net-Centric

Battlespace

AFFOR

CAOC

EOC

Limited Regional Conflict

Major Regional Conflict

Disaster Relief

Humanitarian Assistance

Counter Insurgency

International War

Peacekeeping

NEO

Network Defense: The Operational Imperative

  • AF Operations today use a complex network of systems and airmen, enabling full spectrum dominance – we need our networks to fight.

PACAF

NCC

AFSPC

ACC

PENTAGON

“The first battle in the wars of the future will be over control of Cyberspace”- Dr Lani Kass


Threats to u s air force networks

Threats to U.S. Air Force Networks

2007

  • December 1998 – January 2003

    • Most activity from moderately skilled individuals

      • Hackers, Script kiddies, Criminals

20,116,960,777 Suspicious Connections

5,804,970 Real-Time Alerts

28,398 Suspicious Events

  • 2007: 31 validated Incidents:

  • 78% had TCNOs

  • Patches/Updates not done

  • Default/Weak passwords

  • Poor permission settings

257 Non Compliance

Validate

9 Root, 18 User

4 Malicious Logic

31 Incident

  • February 2003 – 2005

  • Skilled / organized actors (possibly state-sponsored)

    • Physical destruction

    • Forces of Nature

    • Nation States

    • Non-State Actors

    • 2005 – Present

  • Trend reports identify associated state-sponsored attacks

  • “As the nation with the world’s most advanced armed forces, we can’t

    afford to risk losing the freedom of action in the cyberspace domain.”

    - SECAF Jun 07


    Cyberspace is a battlespace we re at war

    PENTAGON, 11 Sep 2001:

    Adversary Used: Internet for Recruitment

    International & Cell Comms for Coord; Training on Simulators

    Cyberspace is a Battlespace…We’re at WAR!

    Hundreds of Jihadi Web Sites and Internet Hosts,

    Thousands of Individual email Accounts


    Network defense primer

    Network Defense Primer

    • CyberOps is an arms race that favors the offensive

    • Functionally, Network Defense (Net-D) is somewhat analogous to an Air Defense system (CRE), but…

    • “Missions” are not single engagements, but muiltiple and constant

    • No US historical precedent:

      • Perpetual, undeclared struggle

      • Against a myriad of peer-level adversaries whose identities are often un-prove-able

      • In which weapons and tactics emerge, evolve, and become obsolete in days or weeks


    Net d as a recognized operation

    MD

    NetD

    NetA

    EP

    EA

    PSYOP

    OPSEC

    NS

    C-PRO

    PA

    CI

    ES

    Net-D as a Recognized Operation

    • AFDD 2-5: Net-D is a subset of Network Warfare Operations, as part of Information Operations

      • IO: “The integrated employment of the capabilities of influence operations, electronic warfare operations, network operations in concert with the specified integrated control enablers, to influence, disrupt, corrupt or usurp adversarial human and automated decision-making while protecting our own.”

    • New Doctrine pending—NetD will still be a type of op!

    Influence

    Ops

    Electronic

    Warfare Ops

    Network

    Warfare Ops

    Military Capabilities

    Sub-class

    Capabilities


    The big evolution

    The Big Evolution

    • Steps on the Evolutionary Trail of Network Defense:

      • Nothing

      • Information Assurance

      • Information Assurance plus Network Defense

      • Info Assurance plus Operationalized Net-D

    • OperationizedNet-D—the process to get there is a set of concurrent evolutions in many areas—including people, systems, intelligence, and planning!


    The evolution in people

    The Evolution in People

    • Steps on the Evolutionary Trail of Building a Network Defender:

      • Nothing

      • Technical Training

      • Technical Training plus Operational Training in an IQT/MQT Construct

      • Certified Training Under a Stan/Eval Process


    Armed forces communications electronics association afcea

    33 NWS Crew Qualification

    ASIM Operator

    Lead Analyst

    Sys Admin

    Commander

    Crew Chief

    Response

    CENTCOM

    Operator

    Incident

    Tech

    Crew

    Initial Assessment

    33 NWS Common Block Course

    33 NWS Technical Refresher

    IQT Test

    70% passing

    Unix

    33 NWS NSD Fundamentals Course

    Routing/Networking

    33 NWS ASIM Operators Training Course

    33 NWS CENTCOM Operators Training Course

    ASIM Tech

    MQT Test

    85 % passing

    CENTCOM Tech

    Hands on Check Ride

    Commercial Training Courses

    11


    Undergraduate network warfare training unwt

    Undergraduate Network Warfare Training (UNWT)

    One Course – Two Parts

    Advanced Distributed Learning

    UNWT In-Residence – 39 IOS

    Full Crew Training

    Officer, Enlisted, Civilian

    Comm, Intel, Space, Engineer, AFOSI

    Partner w/ Industry

    SANS GSEC Bootcamp

    DoD 8570.1M Certification

    Idaho National Labs / Sandia National LabsPacific Northwest National Labs

    Hands-On Mission Simulators & Models

    Joint Cyber Ops Range / Telephony / Wireless / SCADA

    Joint IO & Space Range / IADS / TADIL / SATCOM

    Community Development

    Cyberspace Training Summit

    Missile & Space Intelligence Command / JRAAC / JIOR

    Community of Practice (CoP) (AFKN)

    Dept. of Homeland Security (DNS)

    DoD 8570.1M

    UNWT CoP

    https://wwwd.my.af.mil/afknprod


    Standardization and evaluation

    Standardization and Evaluation

    • Stan/Eval – Professionalizes Operations

      • Methodical mission planning

      • Synchronized Ops execution

      • Rigor/discipline/control - Career long evaluations

    • How?

      • Standard ROEs and TTPs

      • Mission Training

      • Mandatory Simulator time – critical thinking

      • Rigorous Evaluation

    • Elite Network Warriors – ready to affect the battle space

    Stan/Eval

    Weapons & Tactics

    Mission Training

    Operations


    The evolution in systems

    The Evolution in Systems

    • Steps on the Evolutionary Trail of a Net-D Weapon:

      • “Some IT Gear” bought and deployed

      • A System, tested prior to deployment

      • A System, obtained to achieve a specific Net-D effect, tested, certified, and weaponized prior to deployment


    Af info ops center afioc

    AF Info Ops Center (AFIOC)

    • Weapons

      • NetWarfare Tools OT&E

      • Countermeasure Development/Support

      • Network Warfare Systems Capability Integration

      • Wireless Signature support

      • New Technologies

    • Tactics Development

      • Architecture analysis support (incident response)

      • TTP Development

      • System/ Software Vulnerability Assessments

      • Modeling/Simulation


    Net d s weapon systems

    Net-D’s Weapon Systems

    • ASIMS – Automated Security Incident Measurement System

      • “Packet Sniffer on Steroids”: Monitors DMZ traffic, alerts on suspicious traffic

      • GOTS software – IDS signatures not shared outside of DoD

      • Working Block 3.1.1 – IPv6 logging, auto response/remediation, wild card string matches, 40% faster processing

    • BorderGuard

      • CENTCOM’s Intrusion Detection and Prevention system

      • Virtually NO major Net-D incidents in CENTCOM while deployed!

    • IO (Information Operations) Platform

      • Interoperable, survivable, real-time packet monitoring of all traffic for ID’d signatures

      • Captures context (pre/post compromise actions)

      • Allows Net-D operator to block, quarantine, log, alter, or deep-inspect traffic


    Af net d weapon systems

    + AFIOC

    + OSI

    + NOSCs

    AF Net-D Weapon Systems

    AF Sensors: 215

    USCENTCOM Sensors: 111

    79% Cisco 21% ASIM

    Enlisted: 117

    Officer: 51

    Civilian: 10

    Contractors: 107

    + DoD

    + Joint

    33 NWS

    + Civilian


    The evolution in intelligence

    The Evolution in Intelligence

    • Steps on the Evolutionary Trail of Net-D Intelligence:

      • Nothing

      • “Headline vignette” –quality Intel

      • “Headline vignette”, plus implications

      • Predictive, actionable Intel, through standard processes (PIRs, etc.)


    Operational intelligence intel drives operations

    Operational IntelligenceIntel Drives Operations

    Iterative process:

    Plan Execute Assess

    Centers

    Agencies

    Subject

    Matter

    Expertise

    Operational level C2

    Analysis

    Real-time

    Mission

    Changes

    Tactical

    Execution

    &

    Mission

    Reporting

    Boards & Cells

    Targeting

    Time

    Sensitive

    Targeting

    ISR Ops / Collections

    The ISR process should not vary from one warfighting domain to the other!


    Cyberspace intel requirements

    Cyberspace Intel Requirements

    Provide predictive, timely and actionable intelligence to Commanders conducting operations in and through cyberspace (physical, digital, social, wireless networks)

    Collaborate with USGov, public, private and allied/coalition partners on cyberspace intelligence

    Perform operational assessments to improve cyber incident response

    Support operational assessment process with tailored analysis of cyberspace effectiveness in support of ongoing missions

    Develop and implement annual intel training requirements for all cyberspace operators

    Not much difference from ISR support to other forms of warfare…


    The evolution in planning

    The Evolution in Planning

    • Steps on the Evolutionary Trail of Net-D Mission Planning:

      • None—just “do what the systems force you to do”

      • Minimal—put context around “what the systems force you to do”

      • Plan in advance for what might happen—includes deliberate planning process

      • Self-initiated, aggressive Net-D Operations—”named” operations—Mission Planning

      • Campaign Planning


    Mission planning campaign planning

    Mission Planning, Campaign Planning

    • Address specific adversaries and provide operational planning capability on the 2 week-to-1 year window

    • Focused on known adversaries

    • Focused on probable scenarios—develop mission concept from I&W to employment

    • Future capabilities will allow for more active defense, including ROE-based immediate response actions


    Questions

    Questions?


  • Login