Army Cyber Command 1 and Second Army The Nation's Army in Cyberspace OVERALL CLASSIFICATION: UNCLASSIFIED Mr. Ronald Pontius Deputy to the Commanding General AUSA, APG Board of Directors April 21, 2015 “AMERICA’S ARMY: ‹#› The Nation's Army in Cyberspace THE STRENGTH OF THE NATION” UNCLASSIFIED Agenda • Cyberspace As a Domain • The Cyberspace Threat • Cyberspace Operations Overview • Army Cyber Mission Forces • The Cyber Operating Environment • Requirements, Resources and Acquisition 2 UNCLASSIFIED UNCLASSIFIED Cyberspace as a Domain CYBERSPACE: A global domain within the information environment consisting of the interdependent network of information technology infrastructures, including the Internet, telecommunications networks, computer systems, and embedded processors and controllers. (JP 1-02) • Man-made domain – ever changing • Physical, logical, and social characteristics • Interdependent with traditional war-fighting domains • Part of every unit’s Operating Environment • Instantaneous operational reach – global battlefield UNCLASSIFIED http://www.internetlivestats.com/ 3 UNCLASSIFIED Convergence Data Tablet, Computer U.S. Govt & Military ISP USCYBERCOM Adversary Voice VOIP, Smartphone Radio YOU! Military C2 TV Grandma Netflix, Cable Satellite Smartphone Water Financial Wall Street, Banks Gas Power Power Grid UNCLASSIFIED Pumping Stations Nuclear 4 UNCLASSIFIED The Cyber-Enabled Commander Expects 5 UNCLASSIFIED UNCLASSIFIED - Users/decision-makers - Their devices and associated IP addresses - Data, databases, and websites - Network infrastructure - Physical locations Cyber Adversary Tactics, Techniques, and Procedures Planning / Scanning Exploitation Web Server/ Webpages Lateral Movement Adversary Intent / Exfiltration Reconnaissance Espionage Destructive Malware Email Hostile Actor Users Target System UNCLASSIFIED 6 UNCLASSIFIED Cyberspace Lines of Effort Defensive Cyberspace Operations (DCO) DCO – Internal Defensive Measures (DCO-IDM) Cyber forces execute cyber actions: DCO – Response Actions (DCO-RA) DoDIN Ops Provide Freedom of Maneuver in Cyberspace Cyber Protection Teams Cyberspace OPE Cyberspace ISR Cyberspace Attack DCO – RA * Project power in and through cyberspace. Cyberspace Defense * Mission focused/Threat specific DCO – IDM Offensive Cyberspace Operations (OCO) Nat’l Mission teams Cyber Mission Teams Cyber Land JFC Mission Objectives Space Maritime Maritime DoDIN Operations *Network focused/Threat agnostic Supported by All-Source Intelligence, IT & Routine Communications Activities UNCLASSIFIED Air UNCLASSIFIED US Chain of Cyberspace Authorities Art 2/Sect 2 US Constitution, NSS, NSSC, UCP, CNCI POTUS Policy NMS, JSCP, JOE, CRA, JP 3-12, Cyber Ops, JP -0 Joint Comms (Strategy, Directives, Guidance, Instructions, Orders, Plans, Regulations, Instructions, Doctrine) CJCS USSTRATCOM USSIDs NSA Orders Title 6 Domestic Security (DHS) Security of US Cyberspace Title 10 Armed Force (DoD) Assure US interests by conducting military ops in cyberspace Title 18 Crimes and Criminal Procedures (LE) CONPLAN - Cyber Operations USCYBERCOM JFHQ-Cyber Law NDS, GEF, GFMIG, DPPG, QDR, DBPC, NIE, DSOC, DODIs, DODDs SECDEF ARCYBER Title 32 National Guard (ARNG, ANG) Support Defense of US Interests in Cyberspace US Army DAGO,2014-02, HQDA Cyber C2 EXORD, AR 25-1, AR 25-2, AR 10-87, ALARACT DA CIRM, FM 3-38 CEMA, Army Directive 2011-03 IO SECOND ARMY Title 40 Clinger - Cohen Act (CIO/G6) Establish & enforce standards for Acquisition & security of Info technologies Title 44 Foreign Information Security Management Act (CIO) E-Government Act Title 50 War & National Defense Intel gathering thru cyberspace on foreign intentions. operations, and capabilities A single point of integration is required to effectively fulfill responsibilities outlined in law and policy. 8 UNCLASSIFIED UNCLASSIFIED Cyber Operating Environment NTOC RDO Legend Cyber Mission Forces Operational Capabilities DoDIN CPT Cross Domain Solution DoDIN JRSS Botnet National Capability Service CPT Tier 3 B/P/C/S DTN CPT Tier 1 IAP Tier 2 RCC GEOC DCO-I Defense in Depth • Different, but complementary, tools arrayed within the network • Mutually supporting units defend at echelon with appropriate tools, knowledge, skills, and abilities Data Sources:1 IDS, IPS, DLP, PCAP Network device logs Ticketing Performance Monitoring Firewall, Proxy logs Web server logs Database logs, App server logs Load balancing logs, Host logs UNCLASSIFIED Botnet Controller Army Cyber Command & Second Army Mission, Roles, Forces, and Locations Mission: Army Cyber Command and Second Army directs and conducts cyberspace operations as authorized, or directed, to ensure freedom of action in and through cyberspace, and to deny the same to our adversaries. Forces: HQ, U.S. Army Cyber Command & Second Army FT Belvoir VA FT Meade MD FT Gordon GA 780th Military Intelligence Brigade FT Meade, MD 1st IO Command (Land) FT Belvoir, VA Network Enterprise Technology Command FT Huachuca, AZ Joint Force Headquarters – Cyber FT Gordon, GA U.S. Army Cyber Protection Brigade FT Gordon, GA USSTRATCOM US Army USCYBERCOM JFHQ-Cyber ARCYBER Provide Cyber support to Joint Combatant Commands Support US CYBERCOM with Army Cyber Forces Combat Mission Teams CCMD Cyber Protection Teams National Mission Teams 2nd ARMY Build, Operate, Maintain, and Secure All Army Networks Regional Cyber Centers Support Army with Cyber and IO Capabilities Service Cyber Protection Teams Computer Network Defense Service Providers 9 UNCLASSIFIED UNCLASSIFIED Cyber Mission Force Joint Force Headquarters – Cyber Provide operational and tactical planning support to Combatant Commands Cyber National Mission Force Defend the Nation by seeing adversary activity, blocking attacks and maneuvering to defeat them Cyber Combat Mission Force Highlights • Defends against cyber threats and executes decisive action in cyberspace • Provides cyber support to Combatant Commands, U.S. Cyber Command, DISA, and Army • Improves cyber defenses across Army and Joint networks Conduct military cyber operations in support of Combatant Commands • Cyber Force trained to the Joint standard Cyber Protection Force • CMF is operating today Defend DoD Information Networks (DODIN) and, when authorized, other infrastructure 10 UNCLASSIFIED UNCLASSIFIED Delivering Cyber Capabilities DELIBERATE CBA (18 MONTHS ) JROC Approved IS ICD/CDDs Delegated Validation Authority CBA 02 July 2013 JCIDS GIG IA ICD 06 Mar 06 JIE ICD 17 Jul 14 Cyber Acquisition, Requirements, and Resources (CARR) OPT RDPs (agility, flexibility CDs and e.g. Platforms, accountability) CDs tools, PTE CDs CDs Net- Enabled MC ICD 27 Dec 11 Cyber Attack ICD LWN ICD 30 Jul 14 Cyber Mission Forces Materiel Solutions PEO IEW&S DCO / OCO ONSs Rapid Equipping Force (I.E. OTA) PEO C3T PEO EIS DCO OCO DCO OCO URGENT (0 – 180 DAYS) EMERGENT (180 DAYS TO 18 MONTHS) UNCLASSIFIED 13 UNCLASSIFIED Questions? You are here 14 UNCLASSIFIED
© Copyright 2024