Army Cyber Command and Second Army

Army
Cyber Command
1
and Second Army
The Nation's Army in Cyberspace
OVERALL CLASSIFICATION:
UNCLASSIFIED
Mr. Ronald Pontius
Deputy to the Commanding General
AUSA, APG Board of Directors
April 21, 2015
“AMERICA’S ARMY:
‹#›
The Nation's Army in Cyberspace
THE STRENGTH OF THE NATION”
UNCLASSIFIED
Agenda
• Cyberspace As a Domain
• The Cyberspace Threat
• Cyberspace Operations Overview
• Army Cyber Mission Forces
• The Cyber Operating Environment
• Requirements, Resources and Acquisition
2
UNCLASSIFIED
UNCLASSIFIED
Cyberspace as a Domain
CYBERSPACE: A global domain within
the information environment consisting
of the interdependent network of
information technology infrastructures,
including the Internet,
telecommunications networks,
computer systems, and embedded
processors and controllers. (JP 1-02)
• Man-made domain – ever changing
• Physical, logical, and social characteristics
• Interdependent with traditional war-fighting
domains
• Part of every unit’s Operating Environment
• Instantaneous operational reach –
global battlefield
UNCLASSIFIED
http://www.internetlivestats.com/
3
UNCLASSIFIED
Convergence
Data
Tablet,
Computer
U.S. Govt & Military
ISP
USCYBERCOM
Adversary
Voice
VOIP,
Smartphone
Radio
YOU!
Military C2
TV
Grandma
Netflix, Cable
Satellite
Smartphone
Water
Financial
Wall Street, Banks
Gas
Power
Power Grid
UNCLASSIFIED
Pumping
Stations
Nuclear
4
UNCLASSIFIED
The Cyber-Enabled Commander Expects
5
UNCLASSIFIED
UNCLASSIFIED
- Users/decision-makers
- Their devices
and associated
IP addresses
- Data, databases,
and websites
- Network infrastructure
- Physical locations
Cyber Adversary Tactics, Techniques, and Procedures
Planning / Scanning
Exploitation
Web Server/
Webpages
Lateral Movement
Adversary Intent /
Exfiltration
Reconnaissance
Espionage
Destructive Malware
Email
Hostile Actor
Users
Target System
UNCLASSIFIED
6
UNCLASSIFIED
Cyberspace Lines of Effort
Defensive Cyberspace
Operations (DCO)
DCO – Internal
Defensive Measures
(DCO-IDM)
Cyber forces execute
cyber actions:
DCO – Response
Actions (DCO-RA)
DoDIN
Ops
Provide
Freedom of
Maneuver
in Cyberspace
Cyber
Protection
Teams
Cyberspace
OPE
Cyberspace
ISR
Cyberspace
Attack
DCO –
RA
* Project power in and
through cyberspace.
Cyberspace
Defense
* Mission focused/Threat specific
DCO –
IDM
Offensive Cyberspace
Operations (OCO)
Nat’l
Mission
teams
Cyber
Mission
Teams
Cyber
Land
JFC
Mission
Objectives
Space
Maritime
Maritime
DoDIN Operations
*Network focused/Threat agnostic
Supported by All-Source Intelligence, IT & Routine Communications Activities
UNCLASSIFIED
Air
UNCLASSIFIED
US Chain of Cyberspace Authorities
Art 2/Sect 2 US Constitution,
NSS, NSSC, UCP, CNCI
POTUS
Policy
NMS, JSCP, JOE,
CRA, JP 3-12, Cyber
Ops, JP -0 Joint
Comms
(Strategy,
Directives,
Guidance,
Instructions,
Orders,
Plans,
Regulations,
Instructions,
Doctrine)
CJCS
USSTRATCOM
USSIDs
NSA
Orders
Title 6
Domestic
Security (DHS)
Security of US
Cyberspace
Title 10
Armed Force
(DoD) Assure US
interests by
conducting
military ops in
cyberspace
Title 18
Crimes and
Criminal
Procedures
(LE)
CONPLAN - Cyber Operations
USCYBERCOM
JFHQ-Cyber
Law
NDS, GEF, GFMIG, DPPG, QDR, DBPC, NIE, DSOC,
DODIs, DODDs
SECDEF
ARCYBER
Title 32
National Guard
(ARNG, ANG)
Support Defense
of US Interests in
Cyberspace
US Army
DAGO,2014-02, HQDA Cyber C2 EXORD,
AR 25-1, AR 25-2, AR 10-87, ALARACT
DA CIRM, FM 3-38 CEMA, Army Directive
2011-03 IO
SECOND ARMY
Title 40
Clinger - Cohen
Act (CIO/G6)
Establish &
enforce standards
for Acquisition &
security of Info
technologies
Title 44
Foreign
Information
Security
Management Act
(CIO)
E-Government Act
Title 50
War & National
Defense Intel
gathering thru
cyberspace on
foreign intentions.
operations, and
capabilities
A single point of integration is required to effectively fulfill responsibilities outlined in law and policy.
8
UNCLASSIFIED
UNCLASSIFIED
Cyber Operating Environment
NTOC
RDO
Legend
Cyber Mission Forces
Operational Capabilities
DoDIN
CPT
Cross Domain
Solution
DoDIN
JRSS
Botnet
National
Capability
Service
CPT
Tier 3
B/P/C/S
DTN
CPT
Tier 1
IAP
Tier 2
RCC
GEOC
DCO-I
Defense in Depth
• Different, but complementary, tools
arrayed within the network
• Mutually supporting units defend at
echelon with appropriate tools,
knowledge, skills, and abilities
Data Sources:1
IDS, IPS, DLP, PCAP
Network device logs
Ticketing
Performance Monitoring
Firewall, Proxy logs
Web server logs
Database logs, App server logs
Load balancing logs, Host logs
UNCLASSIFIED
Botnet
Controller
Army Cyber Command & Second Army
Mission, Roles, Forces, and Locations
Mission:
Army Cyber Command and Second Army directs and
conducts cyberspace operations as authorized,
or directed, to ensure freedom of action in and through
cyberspace, and to deny the same to our adversaries.
Forces:
HQ, U.S. Army Cyber Command
& Second Army
FT Belvoir VA
FT Meade MD
FT Gordon GA
780th Military
Intelligence Brigade
FT Meade, MD
1st IO Command (Land)
FT Belvoir, VA
Network Enterprise
Technology Command
FT Huachuca, AZ
Joint Force
Headquarters – Cyber
FT Gordon, GA
U.S. Army Cyber
Protection Brigade
FT Gordon, GA
USSTRATCOM
US Army
USCYBERCOM
JFHQ-Cyber
ARCYBER
Provide Cyber
support to Joint
Combatant
Commands
Support US
CYBERCOM
with Army
Cyber Forces
Combat Mission
Teams
CCMD Cyber
Protection Teams
National Mission
Teams
2nd ARMY
Build, Operate,
Maintain, and
Secure All
Army Networks
Regional Cyber
Centers
Support Army
with Cyber and
IO Capabilities
Service Cyber
Protection Teams
Computer
Network Defense
Service Providers
9
UNCLASSIFIED
UNCLASSIFIED
Cyber Mission Force
Joint Force
Headquarters – Cyber
Provide operational and tactical planning support
to Combatant Commands
Cyber National
Mission Force
Defend the Nation by seeing adversary activity,
blocking attacks and maneuvering to defeat them
Cyber Combat
Mission Force
Highlights
• Defends against cyber threats and
executes decisive action in cyberspace
• Provides cyber support to Combatant
Commands, U.S. Cyber Command, DISA,
and Army
• Improves cyber defenses across Army
and Joint networks
Conduct military cyber operations in support of
Combatant Commands
• Cyber Force trained to the Joint standard
Cyber Protection
Force
• CMF is operating today
Defend DoD Information Networks (DODIN) and,
when authorized, other infrastructure
10
UNCLASSIFIED
UNCLASSIFIED
Delivering Cyber Capabilities
DELIBERATE
CBA
(18 MONTHS )
JROC Approved
IS ICD/CDDs
Delegated
Validation
Authority
CBA
02 July 2013
JCIDS
GIG IA ICD
06 Mar 06
JIE ICD
17 Jul 14
Cyber Acquisition,
Requirements, and
Resources (CARR)
OPT
RDPs
(agility, flexibility
CDs and
e.g. Platforms, accountability)
CDs
tools, PTE
CDs
CDs
Net- Enabled MC ICD
27 Dec 11
Cyber Attack ICD
LWN ICD
30 Jul 14
Cyber Mission Forces
Materiel
Solutions
PEO
IEW&S
DCO / OCO ONSs
Rapid
Equipping Force
(I.E. OTA)
PEO
C3T
PEO
EIS
DCO
OCO
DCO
OCO
URGENT
(0 – 180 DAYS)
EMERGENT
(180 DAYS TO 18 MONTHS)
UNCLASSIFIED
13
UNCLASSIFIED
Questions?
You are
here
14
UNCLASSIFIED