1 / 31

Global Operations and Mission Assurance in a Contested Cyber Environment 2008 GTISC Security Summit

Global Operations and Mission Assurance in a Contested Cyber Environment 2008 GTISC Security Summit . Lt Gen Bob Elder 15 October 2008. Overview. Cyberspace as a global domain Military Operations in/through Cyberspace Mission Assurance and Cyber Deterrence.

zafirah
Download Presentation

Global Operations and Mission Assurance in a Contested Cyber Environment 2008 GTISC Security Summit

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Global Operations and Mission Assurancein a ContestedCyber Environment2008 GTISCSecurity Summit Lt Gen Bob Elder 15 October 2008

  2. Overview • Cyberspace as a global domain • Military Operations in/through Cyberspace • Mission Assurance and Cyber Deterrence The Mission of the United States Air Force is to fly, fight, and win … in air, space, and cyberspace.

  3. Cyberspace Domain Elements Produce or use data Perceptions Knowledge USER (Social) Network Share information & knowledge Make & implement decisions User Relationships System Code Logical (Virtual) Network Data Modify, store, exchange data ElectromagneticEnvironment Encapsulation Physical Network Electronics Cyberspace is a domain with characteristics comparable to the air, space, and maritime domains. Infrastructure

  4. OSI Model Comparison Human organization Mission layer Perceptions Knowledge USER (Social) Network 7. Application layer 6. Presentation layer 5. Session layer 4. Transport layer 3. Network layer User Relationships System Code Logical (Virtual) Network Data ElectromagneticEnvironment Encapsulation Physical Network Electronics 2. Datalink layer 1. Physical layer Infrastructure

  5. Cyber Cross-domain Relationships CYBER DOMAIN EM Ops (EW) Network Ops “Kinetic” Ops Influence Ops Counter-Intel Law Enforce SPACE SPACE AIR Cyberspace crosses all the domains AIR SEA LAND Cyber ops require global and theater integration across all domains

  6. Cyberspace Attributes Political • ATTRIBUTES • Anonymity • Alter Egos • Time & Distance • Virtual Presence • Info Commodity • Smart Agents Economic Military Information Social Infrastructure

  7. Cyber Organizational Model Hierarchical Model Cyber Model Hierarchy Level ---- Power ---- Connections Hierarchy Level ---- Value ----- Contribution

  8. PMESII in a Hierarchical World Political Diplomatic Military Military Economic Economic Social Information Information ? Infrastructure

  9. PMESII in a Cyber World Cyber/Social Networks Political Diplomatic Military Military Economic Economic Social Information Information Non-gov’t Infrastructure

  10. Key Cyber Functional Elements

  11. Ways: Information Operations Network Operations Kinetic Actions Law Enforcement Counterintelligence Enablers: Science & Technology Partnering Intelligence Support Law and policy Trained personnel Joint Capability Areas: Battlespace Awareness Force Generation Command and Control Information Operations Net-centric Operations Global Deterrence Homeland Defense Interagency Integration Non-governmental organization coordination National Military Strategyfor Cyberspace Ops (NMS-CO)

  12. Cyber Domain Military Missions Integrate cyber to achieve functional & theater effects: COCOMs Tactical cyber integration: Service Components Defend DoD GIG: STRATCOM (JTF-GNO) Deter cyber weapons of mass effect: STRATCOM Integrate cyber to achieve global effects: STRATCOM Homeland Defense: NORTHCOM Defense Support to Civil Authorities (DSCA): NORTHCOM Defense Industrial Base Protection (HSPD 7): Services Clandestine Cyber Ops: Intel Community (IC) Intelligence collection, processing, and sharing: IC

  13. Establish the Domain Expeditionary Cyber Ops Cyber Network Ops Control the Domain Defense Offense Use the Domain Integrated Attack Force Enhancement Support “Fly & Fight” in Cyberspace Cyber Ops WARFIGHTING Cyberspace is a WarfightingDomain

  14. Fly - Fight - Win Foundation: Network Operations • Global Expeditionary Cyber Ops • Physical Networks • Wireless Networks • Logical Networks • Establish “User” Networks • Data/Voice/VTC • Command & Control • Physical Network Security • Logical Network Security Establish, maintain, and secure the cyber domain

  15. Growing Dependence on Electromagnetic Spectrum 1975 Frequency Allocation Chart 2007 Frequency Allocation Chart

  16. “Cyber” Opportunity: Air “Satellites” Strengths • Procurement Cost • Operating Cost • Endurance • No aircrew risk Challenges • Safety and reliability • Use with manned aircraft • Bandwidth needs • Technology investment Potential Uses • Broad Area Surveillance • Persistent Surveillance • First Responder Comms • Broadband Access • Precision Navigation • Network nodes & relays • Spectrum management • Localized I&W

  17. Influence Attack ElectromagneticSpectrumAttack DigitalAttack InfluenceProtection ElectronicProtection Data/CodeProtection Force Protection Physical Networks Physical Attack (includes Directed Energy) Defend the Cyber Domain Logical Networks Wireless Networks Electromagnetic Spectrum Digital Data Social Networks Cyber Use Electronics (& Infrastructure) • Cyber Effects: • Denial of Service • Confidential Data Loss • Data Manipulation • System Integrity Loss Physical Networks

  18. Defensive Cyber Ops Planning Cyberspace Typology • Private/Open • Commercial • Regulated Commercial • Government (.gov) • Military (Admin) • Military (Ops) • Economic Security • Public Safety • WMD/E Defense/I&W Other Cyberspace & Associated Cyber Infrastructure Global Information Gridand DOD Networks US GovernmentCyberspace US Interestsin Cyberspace

  19. Military Cyberspace Activities Network Ops Activities • Comm Infrastructure • Network Maintenance • Network Security • Network Defense (CND) • Network Attack (CNA) • Intel Processes (CNE) • Self Defense (User) • Defensive Influence Ops • Packet Interdiction • DSCA (civil authorities) • HSPD 7 Support to DIB • Ops Support (Log/Admin) Integrated Cyber Ops Activities • Infrastructure Protection • EM defense measures • Infrastructure Attack • Offensive Influence Ops • Electronic Attack • Network Defense (Active) • Kinetic/non-Kinetic integration • Global/Theater Integration • Force Enhancement (C2) • EW Support (Cyber-OPE) • Deter/Dissuade Ops • Mission Assurance

  20. Situational Awareness Linked Air Ops Centers Effects-based Operations Degraded Cyberspace Use the Domain Integrated Attack & Force Enhancement Intelligence Orient Sensors Data Integration Observe Air Space Land Sea Conventional Ops Influence Ops Cognitive “Space” Cyber Act Decide Ops Integration Effects (Integrated Actions) Logistics

  21. Deny Cmd & Ctrl Cyber Attack Intelligence Orient Disrupt Sensors Observe Alter orInterdict Data Air Space Land Sea Conventional Ops Influence Ops Cognitive “Space” Cyber Act Decide Impair Collaboration Degrade Action Integration Logistics

  22. 2007 Air Force Cyber Study • Cyber will continue to be a contested environment. • The infrastructure on which the Air Force depends is controlled by both military and commercial entities and is vulnerable to attacks and manipulation. • Operations in the cyber domain have the ability to impact operations in other war-fighting domains. • Air Force must maintain capability to operate when the processing of vital information is challenged. • Nation must defend against data manipulation and denial of service; it’s not just an issue of data theft

  23. Mission Assurance Mission Assurance (CYBEROPS) “Fight Throughthe Attack” Perceptions Knowledge USER (Social) Network User Relationships System Code Logical (Virtual) Network Data Information Assurance (NETOPS) ElectromagneticEnvironment Encapsulation Physical Network Electronics Infrastructure Protection Electronic Protection (Physical Security) Infrastructure

  24. Mission Assurance Domain Control:Operations in Contested Cyberspace ATTACKS TARGETS EFFECTS Insider Attacks; Social engineering Disinformation Confusion C2 Disruption Alter Behaviors Human Organization Data and policy Corruption Mission Layer Code Manipulation Malware Inaccuracies Induced Failures Denial of Service Data Exfiltration App/Session Layer Worms, viruses Flooding OS/Network Layer Backdoor Implants Malfunctions Performance loss Lost Comms HW/Systems Layer Devices & Linkages Physical Destruction

  25. Deterrence Cyber Impose Cost (Attack Attribution) Deny Benefits (Mission Assurance) Messaging ExplainActions VisibleActivities Demonstrate Capabilities ForcePosturing DemonstrateReadiness Cyber Deterrence Operations Encourage Restraint (Identify Actions & Behaviors to Deter)

  26. Major Cyberspace Players Defense • Law Enforcement • Intelligence Community • Homeland Security • Counterintelligence • Military • Industry Consortiums • Regulatory Agencies • Commercial Providers Potential Adversaries • Organized Crime • International Terrorists • Domestic Terrorists • Nation-State Intelligence • Nation-State Military • Industrial Intelligence • Cyber “Vandals”

  27. Cyber Deterrence Building Blocks Visible, credible deterrence activities Law Enforcement Activities Non-military Government Activities (DImE) Military Ops Activities International Regimesfor national cyber activity oversight Critical Infrastructure Protection Internet Connection Norms & Protocols Network andUser Security “Lock Doors” UnderstandCritical Infrastructure Vulnerabilities

  28. Challenges Increased cyber dependence Supply chain vulnerabilities Infrastructure vulnerabilities Electronics vulnerabilities Sensor disruption & spoofing Increased wireless use More complex attack vectors Growth in cyber crime Encryption vulnerabilities Opportunities Smart users Mission Assurance Planning Attack Attribution Voluntary LE enabling tools Voluntary sector regulation Malware behavior detection Altered data/code detection Denial of service protection Insider “threat” detection Challenges and Opportunities

  29. Enable & Support the “Smart User” • User Behavior Analysis (User Recognition) • Application Wrapping & Monitoring (Adaptive Filters) • Centralized Systems Configuration Management • Software Diversity (for critical systems) • Database Clustering (Enterprise Service Units) • Application Clustering (Area Processing Centers) • Application Tampering Detection (Hash registration) • User Self-defense Tools (“Cyber Sidearm”) • Packet Assurance Checking (“Packet Escort”) • Application/System Hardening ("Cyber Body Armor")

  30. GTISC Emerging Cyber Threats 2008 • Client-side attacks • Targeted messaging • Botnets • Mobile device threats • RFID system threats --- Countermeasures --- • Developer & user education (& licensing?) • Behavioral-based detection (& user tools?) • Security/functionality balance

More Related