1. business and industrial
2. business operations

AFCEA Hawaii Chapter
14 APR 2015
James H. Mills, CAPT, USN
This briefing is unclassified.
Disclaimer: The views presented here are those of the speaker and do not necessarily
represent the views of the DoD or DoN.
1
Voyage plan for this presentation…
 Command Mission Snapshot
 Context of the naval environment
 The maritime strategy big picture
 Maritime challenges
 Trends and Game Changers
 Strategic relevance of cyberspace
 Cyberspace imperatives
 Cyberspace as a domain of warfare
 Trends and implications
 Enterprise priorities
 Way Forward
2
NIOC HI Mission Snapshot
 “Eyes and ears” of the Pacific Fleet
 Support Fleet and National
Information Warfare and
cryptologic missions
 Man, train, and equip Pacific
elements of the Cyber Mission
Force
 Support SIGINT, IO, and
cyberspace missions
 Training, Direct Support,
Electronics Support, Planning
 Signals Intelligence, I&W, Signals
Analysis
 Information Operations
 Cyberspace operations
 PACFLT, C7F, C3F
 COMFLTCYBERCOM, C10F,
JFHQ-Cyber
 COMNAVIDFOR – TYCOM
NIOC Hawaii - Excellence in Action
3
FCC/C10F Strategic Vantage
 Continued evolution since 2009
 2014 NAVIDFOR, JFHQ-Cyber role
 Enterprise focus
 Operate the Network as a Warfighting
Platform
 Conduct tailored Signals Intelligence
 Deliver warfighting effects through
cyberspace
 Create shared Cyber situational awareness
 Establish and mature Navy’s Cyber
Mission Force
AFCEA West 2015: VADM Tighe,
Answering the Evolving Threat on
YouTube
4
Trends in the Maritime
 Globalization
 Migration
 Natural resources
competition
 Arctic opening
 Piracy
 Smuggling
 Regional
competitors
 HADR impact
The Maritime commons is the lifeblood
of the global economic system.
5
Trends
Environmental Challenges

Social & economic cyber dependency

Finding right mix of kinetic & cyber

Fiscal constraints

Organizational churn

Technology change outpaces acquisition

Seams emerging at the tactical edge

Rise of peer competitors
Cyber Domain Challenges
 Rise in volume of digitized data
 Dynamic threat
 Weak control of intellectual property
 Lower “system” confidence
(assurance, trust, resilience)
 Insufficient cadre of expertise
Disruptive Technologies
•
•
•
•
•
•
•
•
•
Cloud Computing
Virtualization
Autonomous Vehicles
Augmented Reality
Data center advances
Plastic Electronics
Social Computing
Mobility & Pervasive Sensing
Machine Learning
Indicators Imply…
 Revitalize investment in
cadre of expertise
 Cultivate acquisition agility
 Attain unity of effort
 Ensure “Assured C2”
 Build in “trust” and
“resilience”
“Game Changers”
Ironclads



Dreadnoughts

Coal

Steam
Propulsion

Torpedo
•
•
Hull
innovation
New warship
class
Carrier aviation

Over the Horizon

Submarine warfare

Amphibious warfare

Nuclear
power

Precision
Guided
Munitions

Network Centric
Warfare

Autonomous
systems
?
7
Cyberspace: Military Imperative
 National Military Strategy for Cyberspace Operations (2006) (declassified 2008)
 DoD’s role:
 Defense of the Nation
 National incident response
 Critical infrastructure protection
 Strategic priorities:
 Gain and maintain the initiative to operate within adversary decision cycles.
 Integrate capabilities across full range of military operations using
cyberspace.
 Build capacity for cyberspace operations
 Manage risk to cyberspace operations
“Enemies in the future, however, need not destroy our aircraft, ships, or tanks to reduce our
conventional and even nuclear effectiveness. A well-timed and executed cyber attack may prove just as
severe and destructive as a conventional attack.”
General James N. Mattis (USMC), Commander, United States Joint Forces Command
8
Cyber War Defined (2010)
Cyber Warfare: An armed conflict conducted in whole
or part by cyber means. Military operations conducted
to deny an opposing force the effective use of cyberspace
systems and weapons in a conflict. It includes cyber
attack, cyber defense, and cyber enabling actions.
(From Joint Terminology for Cyberspace Operations)
9
“Cyber” as a Domain of Warfare
Use of Spectrum
Command & Decision
Info Operations
Critical Infrastructure Assurance & Trust
Networks & NetOps Cyber Intelligence
Another means of national power and influence
10
Supporting  Supported
 Supporting
 Most recent operations have had IW/IO/”Cyber” as a
supporting element
 Disrupt/degrade: C2, IADS; MILDEC; CNE
 IW/IO/”Cyber” continues in supporting role in military
planning and execution
 CNA/CNE largely at strategic level control
 Tactics and organization mature
 Supported
 Shift beginning where operation may be solely Cyber or a
supported Cyber operation
 Value of non-kinetic greater as Cyber capabilities mature
 Shift to allow more Cyber ops at operational and tactical
levels of war
 Tactics and organization still maturing
11
Why should you care?
 Modern combat systems,
weapons and platforms are
increasingly software intensive
(F-22, JSF…)
 Use of Cyberphysical
(embedded network) systems
growing in DoD
 SCADA, machinery
control, critical navigation,
damage control
 Supply chain increasingly
from untrusted entities
 Primary C2 systems rely on
information networks
 Data breaches degrade
operations
F-22 Squadron Shot Down by the
International Date Line (2007)
Pentagon ‘Aware’ of China
Internet Rerouting (Nov. 2010)
Computer Spies Breach
Fighter-Jet Project
(April 21, 2009)
2008 Buckshot Yankee (USB)
Case targets
microchips sold to
Navy
(Sep. 15, 2010)
2010
US Says Iran Hacked Navy
Computers (Sept. 27, 2013)
US Sanctions North Korea Over
TIME Sony Hack (Jan. 2, 2015)
12
Nature of Cyber Warfare
FLTCYBERCOM
Perspective
 We operate, attack and defend on the
same platform as the adversaries
 Threat characterization and attribution
are challenging
 Offense and defense have similar
features
 Industry drives cyberspace technology
 Public, high profile adversary
successes will breed additional actors
McAfee, November 2010
 Inexpensive, anonymous and effective
 Cyber operations require a force that
lives “on-the-network”
 Global Cyber Common Operational
Picture
 Predictive cyber threat/response
capability
 Integrated NetOps, Attack, Defense,
Exploit operations
BBC, Visualising the Internet, January 2010
State, Non-State Actors and Individuals All Operate Within Cyberspace
From RDML Leigher brief, 18NOV10, graphics updated.
13
Attack trends
14
Political Aims in Cyber “War”
 Platform for Propaganda
 Hacktivism
 Arab / Israeli conflicts
 Terrorist recruitment
 Political consequence
 US/China Hacker Wars
 Iran, Tunisia, Egypt social media
 North Korea
 Disruption
 Estonia
 Stuxnet
 Aramco
 Exploitation
 Operation Aurora
 Internet Hijacking
 Decisive Effects (combined)
 Georgia, Ukraine
Cyber Domain Challenges
 Rise in volume of digitized data
 Dynamic threat
 Weak control of intellectual property
 Lower “system” confidence
(assurance, trust, resilience)
 Insufficient cadre of expertise
15
Example: Chinese Activity
Chinese embassy
accidental bombing
EP-3E forced landing
“Sino-US ‘Hacker War’”
Exploitation campaign
DoD program data
exfiltration
US Naval War College
Source: US-China Economic and
Security Review Commission
Report (2010)
16
Chinese Strategy
 PLA actively developing Computer Network Ops capabilities,
strategy and training
 Open press reports of 60,000 in Cyber War corps
 Achieve information dominance
 Seize control of information flow and establish information dominance
 Integrate network and electronic warfare





Coordinated network and EW effects
Focus on C2 and logistics
Non-kinetic first (degrade info systems) then force-on-force
Degrade civilian cyber infrastructure that supports military ops
Deny or degrade C2 (DDoS, false data, EW)
 View of CNO as a strategic deterrent comparable to nuclear weapons
“A victorious army first wins and then seeks battle. A defeated army first battles
and then seeks victory.”
Sun Tzu, The Art of War
Source: US-China Economic and Security Review Commission Report (2010)
17
Defense: Layered, Adapt to Risk,
Active
Community
Info Sharing
Cyber Key
Terrain
Protection &
Assured C2
Expert
Workforc
e
Reducing
Attack Surface
(Patching, SW
currency,
firewall
policies, etc)
Cyber
Situational
Awareness
Information
Assurance &
Systems
Engineering
Traditional model of defense in depth (Liu/Ormaner)
Defensive
Maneuver
Force
18
Something to think about…
 AirSea Battle & A2/AD
 Cyber dimension
Source: Why AirSea Battle? Krepinevich, 2010.
19
How to Help
 Support local and enterprise STEM efforts
 People are our competitive advantage
 “Bake in security” vice “bolt on”
 Invest in systems engineering expertise in design and acquisition
 Develop a trusted supply chain and take a systems-wide resilience
approach
 Participate in cybersecurity sharing venues
 Develop and deliver enhanced cyber situational awareness tools
 Tune operations to cyber “attack” risk
 Key terrain analysis
 Continuity of Operations
 Vital information protection
20
Questions?
21
What is cyberspace?
 Information’s Global Commons
(From TRADOC Cyberspace Operations Concept Capability Plan, 2010)
DoD defined, May 2008
22
Network Attacks: Method & Adversaries
National Infrastructure attack
surface and methods. (Amoroso)
Adversaries and exploitation
points. (Amoroso)
 Motivations:
 Sponsored warfare
(Assure, Dissuade, Deter, Defeat)
 Terrorism (Propaganda, Influence)
 Commercial interest ($, IP)
 Criminal activity ($, corruption)
 Hacking ($, challenge)
Factors leading to breaches.(Liu, Cheng)
23
Terms of Reference
•
Computer Network Attack: A category of fires employed for offensive purposes in which actions are
taken through the use of computer networks to disrupt, deny, degrade, manipulate, or destroy information
resident in the target information system or computer networks, or the systems / networks themselves.
•
Computer Network Exploitation: Enabling operations and intelligence collection capabilities conducted
through the use of computer networks to gather data about target or adversary automated information
systems or networks.
•
Counter-Cyber: A mission that integrates offensive and defensive operations to attain and maintain a
desired degree of cyberspace superiority.
•
Cyber Attack: A hostile act using computer or related networks or systems, and intended to disrupt
and/or destroy an adversary’s critical cyber systems, assets, or functions.
•
Cyber Defense: The integrated application of DoD or US Government cyberspace capabilities and
processes to synchronize in real-time the ability to detect, analyze and mitigate threats and vulnerabilities,
and outmaneuver adversaries, in order to defend designated networks, protect critical missions, and
enable US freedom of action.
•
Cyberspace Operations: The employment of cyber capabilities where the primary purpose is to achieve
objectives in or through cyberspace.
•
Cyberspace Superiority: The degree of dominance in cyberspace by one force that permits the secure,
reliable conduct of operations by that force, and its related land, air, sea, and space forces at a given time
and sphere of operations without prohibitive interference by an adversary.
•
Cyber warfare: An armed conflict conducted in whole or part by cyber means.
•
Network Operations (NetOps): Activities conducted to operate and defend the DoD’s Global Information
Grid.
See “Joint Terminology for Cyberspace Operations” for complete and additional definitions.
24