UNCLASSIFIED Cyber Security,…or Cyber Warfare? AFCEA Hampton Roads Monthly Luncheon April 14, 2015 Captain Doug Powers, U.S. Navy Commanding Officer, Navy Cyber Defense Operations Command (NCDOC) Commander, Task Force 1020 Overall classification of this brief is UNCLASSIFIED UNCLASSIFIED Navy Cyber Defense Operations Command Cyber Warriors – Ever Vigilant UNCLASSIFIED Fighting Through It • Platforms Warships • Processes Warplans • People Warriors UNCLASSIFIED Navy Cyber Defense Operations Command Cyber Warriors – Ever Vigilant 2 UNCLASSIFIED Platforms Warships • Armed to defend (& attack) • Sectored, water tight doors • Built to withstand • Water tight integrity • Resilient defense systems • Redundant engineering • Safety & Security - priorities • Inspected and Re-inspected • Built to fight through it! UNCLASSIFIED Navy Cyber Defense Operations Command Cyber Warriors – Ever Vigilant 3 UNCLASSIFIED Processes Warplans • Defense-in-Depth • Lines of Operation • “Fight through it” SOPs – Continually evolving • Speed, Accuracy, & Agility • Left-of-Kill Chain (LoKC) • Defensive Cyber Maneuver – Restrict, Reduce, Replicate, Randomize, Ruse, Rebuild, Retaliate? • Created to fight through it! UNCLASSIFIED Navy Cyber Defense Operations Command Cyber Warriors – Ever Vigilant 4 UNCLASSIFIED Defensive Cyber Maneuver (DCM) • Issue: IA/CND Defense-in-Depth alone is a failing, unsustainable strategy of attrition warfare • Concept: “Place the chessboard so that the sun is in your opponent’s eyes” – execute maneuver warfare • Assumptions: 1. Cyberspace is man-made & virtual = manipulation by man. 2. Cybersecurity vulnerabilities will always be exploited. 3. Cyber network defenders should expect unwanted visitors. 4. Expect, embrace and shape the experience of intruders. Leverage cyberspace’s virtual nature for DCM UNCLASSIFIED Navy Cyber Defense Operations Command Cyber Warriors – Ever Vigilant 5 UNCLASSIFIED DCM Tactics (Cyber “Warplans”) 1. Restrict: implement least privilege principle 2. Reduce: limit boundary access points 3. Replicate: build in dynamic resilience 4. Randomize: introduce fog-of-war 5. Ruse: leverage virtual machines for deception 6. Redesign: depart from the commodity rules 7. Retaliate: exercise the right to self defense Build and utilize a comprehensive DCM Strategy UNCLASSIFIED Navy Cyber Defense Operations Command Cyber Warriors – Ever Vigilant 6 UNCLASSIFIED People Warriors • Integrity is a team fight • All-hands on deck mentality – Never give up the ship (network)! • Threat-focused - vigilant • Train as we fight – drill, drill, drill • Accountability • Certifications • Inspect and Re-inspect • Redundancy & Resilience • Trained to fight through it! UNCLASSIFIED Navy Cyber Defense Operations Command Cyber Warriors – Ever Vigilant 7 UNCLASSIFIED Certification (Cyber Warriors) Mastery Certification Level Progression Training Type Master Trainer Level IV Experience Superior Performance Expert Level III Advanced Qualification Experience Journeyman Level II Apprentice Level I PQS/JQR Qualified Under Instruction Cyber Forensics Trainee Level 0 CND ACADEMY Cyber Forensics Mission Manageme nt Mission Management BOOTCAMP DCO DIRSUP DCO Intelligence DIRSUP CNDWO BWC CBT In Training UNCLASSIFIED Navy Cyber Defense Operations Command Cyber Warriors – Ever Vigilant INTERNAL DRILL /CXP/TEAM TRAINING (CRTT) CERTIFICATION (CSWF) VENDOR TRAINING UNCLASSIFIED Discussion UNCLASSIFIED Navy Cyber Defense Operations Command Cyber Warriors – Ever Vigilant 9 UNCLASSIFIED Challenges Mobility RF side/SS7/Mobile ICS HME Weapon Systems Interconnectivity Insider Threat Supply Chain Culture, Cost & Scale UNCLASSIFIED Navy Cyber Defense Operations Command Cyber Warriors – Ever Vigilant 10
© Copyright 2024