U.S. Army Signal Center of Excellence

1
Signal Regiments Cyberspace OperationsCommunica
tions Plan
Track 4 Session 7

• U.S. Army Signal Center of Excellence
• 20 Aug 09

2
PURPOSE

• PURPOSE
• To present and discuss the Signal Regiments
  requirements to support Army Cyberspace
  Operations.
• OBJECTIVES By the end of this presentation you
  will be able to
• Understand the Signal Regiments efforts in
  identifying current cyberspace operations
  requirements
• Determine how the Signal Regiment can contribute
  to future Army cyberspace initiatives

3
AGENDA

• BACKGROUND INFORMATION
• IDENTIFICATION OF CURRENT REQUIREMENTS
• ENDURING CND CAPABILITIES
• ANALYSES BEARING ON CND PROBLEMS
• CND PROBLEM STATEMENT
• CND CAPABILITY GAPS
• NEAR TERM SOLUTIONS TO CND GAPS
• LONG TERM SOLUTIONS TO CND GAPS
• FUTURE CONTRIBUTIONS
• CND Support
• Top 5
• SUMMARY

4
TIMELINE

• Sep 06 National Military Strategy for
  Cyberspace Operations
• Jul 07 Operational Concept for Cyberspace
  Operations (CONPLAN 8039)
• Jan 08 Army CNO Concept Approval (CNO EXORD
  096-08)
• Mar 08 Information Cyberspace ICDT (ARCIC/CAC
  co-lead)
• May 08 DoD Approved Definition of Cyberspace
• Sep 08 HQDA Message Directing Analysis of
  Cyberforces
• Sep 08 DoD Approved Definition of Cyberspace
  Operations
• Oct 08 HQDA Cyber Tiger Team Established
• May 09 Directive to Establish USCYBERCOM

5
DEFINITIONS

• Cyberspace the global domain within the
  information environment consisting of the
  interdependent network of information technology
  infrastructures, including the Internet,
  telecommunications networks, computer systems,
  and embedded processors and controllers (DSD, 12
  May 08) .
• Cyberspace Operations The employment of
  cyberspace capabilities where the primary purpose
  is to achieve military objectives or effects in
  or through cyberspace. Such operations include
  computer network operations and activities to
  operate and defend the Global Information Grid
  (DSD 29 Sep 08).

6
ARMY CYBERSPACE
LandWarNet The Armys Application of Cyberspace
Establish, Control, and Use LWN to Conduct
Operations in/thru the Cyberspace Domain to
Achieve Information Superiority

• Focused on
• Institutions
• Command Posts
• Leaders
• Soldiers
• Sensors

NETWORK OPERATIONS
7
Signal Contribution to the Warfight
N E T O P S
8
UNCLASSIFIED
NETOPS/CNO INTEGRATION
NETOPS
Operate (Maintain)
Content Management
Enterprise Management
Network Defense
Defend
Computer Network Defense
CNO
Computer Network Exploitation
Computer Network Attack
Attack
Exploit
NETWAR
UNCLASSIFIED
9
NETWORK DEFENSE DEFINED
UNCLASSIFIED//FOUO
10
IA vs. CND
UNCLASSIFIED//FOUO
11
ENDURING CND CAPABILITIES

• Protect Army information, information systems,
  and communications networks from unauthorized,
  malicious activity.
• Monitor Army information, information systems,
  and communications networks for unauthorized,
  malicious activity.
• Detect unauthorized, malicious activity within
  Army information, information systems, and
  communications networks.
• Analyze unauthorized, malicious activity within
  Army information, information systems, and
  communications networks.
• Respond to unauthorized, malicious activity
  within Army information, information systems, and
  communications networks.

12
ANALYSES BEARING ON CND PROBLEMS

• ATEC evaluation of Army performance of IA/CND
  tasks (2006/2008)
• MITRE study to identify IA/CND issues in
  reference to network architecture, technical
  specifications, and IT Soldiers (2006)
• SIGCEN participation in two CALL CAATs focusing
  on the 4th ID and 101st ABN that determined the
  existence of doctrinal, organizational, materiel,
  and personnel IA/CND issues (2006)
• OIAC DOTMLPF assessment of tactical IA (June
  2007)
• IA/CND Critical Task/Site Selection Board (July
  2007)
• RAND Closing the Gaps in Defense of the Armys
  Network study (May 2008)

13
CND PROBLEM STATEMENT
Statement The Army lacks the required DOTMLPF
solutions to holistically provide effective and
efficient active and passive network
defense-in-depth from strategic to the Soldier
level.
14
CND CAPABILITY GAPS

• D, T, L, and policy issues result in commanders
  not understanding the operational significance of
  properly operating and defending the network
• O, T, M, P, and policy issues result in the
  inability to achieve full situational awareness
  across the network
• D, O, T, M, P, L, and policy issues result in the
  inability to command and control network
  protection functions
• D, O, T, P, and policy issues limited the
  capability to understand the specific threats and
  threat TTPs related to a particular portion of
  the network
• O, T, M, and P issues limited the ability to
  achieve real-time prevention, detection, and
  analysis of threat events
• Materiel and policy issues limited the ability to
  ensure standardization across the network in
  order to sustain the required mission assurance
  level
• O, T, M, L, P, and policy issues result in the
  inability to dynamically respond to threat events
  in order to assure network availability,
  information protection, and information delivery

D Doctrine, O Organization, T Training, M
Materiel, L Leadership/Education, P
Personnel, F - Facilities
15
NEAR/MID-TERM SOLUTIONS TO CND GAPS

• Develop concept document that articulates how we
  fight in Army cyberspace warfighting domain
  (addresses gaps 1-7)
• Realign Signal WO Force with Signal core
  competencies to better support warfighters
  information protection requirements (addresses
  gaps 3, 4, 5 and 7)
• Task organize Corps 4.0/Div 9.0/Bde 8.1 designs
  (awaiting approval) to provide equal focus on
  operating and defending the warfighters network
  (addresses gaps 2, 3, 4, 5 and 7)
• Development of the Network Service Center (NSC)
  reduces PoPs and begins standardize the network
  enterprise (addresses gaps 2, 3, and 6)
• Determine CND roles/responsibilities that better
  define the Armys CND force (addresses gaps 4, 5
  and 7)
•  

Solutions do not completely solve any of the CND
gaps
16
UNCLASSIFIED//FOUO
SIGNAL WO REALIGNMENT
UNCLASSIFIED//FOUO
17
Draft Information Protection Technician
Training(Phase 1)
18
Draft Information Protection Technician
Training(Phase 2)
19
Proposed Brigade S6 Redesign Task Organized IAW
NETOPS Competencies
Objective S6
Current S6
Add 2 Requirements IA/CND WO (251) IA/CND NCO
(25B) And Realign
O/W/E/Total 2/1/7/10 25A00 O4 S6
53A00 O3 INFO SYS OFF
254A0 W2 SIGNAL
SYSTEMS TECH 25U5O E8 SIGNAL SPT SYS
CH 25B4O E7 SR DATA SYS INTEGRATOR
25B3O E6 DATA SYS INTEGRATOR 25U30
E6 SIG INFO SVC SPC 25B2O E5 SR
LAN MGR 25U1O E4 SIG SPT
SYS MAINT 25U1O E3 SIGNAL SUPPORT SPC
FDU 06-02 NETOPS Section from Sig Co
into S6 ( 17 Rqmts)
20
CND PERSONNEL MATRIX
Position
Tier
21
LONG-TERM SOLUTIONS TOCND GAPS
Requires SIGCEN to conduct further analysis

• D New and revised cyber-related doctrine
  (addresses gaps 1, 3, and 4)
• O Modification to organizational structure to
  push down defense andoperate capabilities to the
  appropriate level (addressesgaps 2, 3, 4, 5, and
  7)
• T New, updated, and more CND training
  (especially for activeCND) for personnel across
  all CND categories (addresses gaps2, 3, 4, 5,
  and 7)
• M Improved materiel solutions (addresses gaps
  2, 3, 5, 6, and 7)
• Protection (e.g. Tactical PKI)
• Monitor/Detection/Analyzation (e.g. Einstein)
• Response (e.g. Self-Healing networks/Dynamic
  Routing)

• L Development of leaders who possess knowledge,
  skills, and abilities to understand the
  operational significance of operating and
  defending the network (addresses gaps 1, 3, and
  7)
• P Highly trained IA/CND Soldiers who receive
  the repetitive assignments required to retain a
  highly perishable skill set (addresses gaps 2, 3,
  4, 5 , and 7)
• F New and improved facilities that better
  support standardization and unity of command
  (addresses gaps 2, 3, 6)

22
Information Cyberspace ICDT Timeline
CONOPS Workshop 2-5 Jun
UQ Future Game 3-8 May
EB VTC 12 Jun
EB / SOG VTCs 11/13 Jun
EB / SOG VTCs 24/26 Sep
EB / SOG VTCs 13/15 Oct
GORB/SAG VTC 16 Oct
CONOPS DEVELOPMENT Starting Points Operational
Expertise Joint Guidance / docs Draft C-E
CONOPS Draft Fighting in Army Cyberspace Draft
CNO CONOPS LandWarNet CONOPS INSCOM/NSA
docs Other source docs Joint Experiments
CAPABILITY DEVELOPMENT CBA/DOTMLPF
Assessment Starting Points Existing
Studies Cyber Tiger Team efforts Organizational
efforts
Pre-CBA Analysis Efforts (June start of CBA,
potential working groups)
Draft CBA Study Plan
CBA(s) Scope Decision
CBA Decision Study Plan Approval
Joint Army Experiments
UQ10 Seminar
UQ10 Seminar
CNA Conf.
UQ10 Planning
SIGCEN Conf.
USCYBERCOM
WWIO Conf.
Information Doctrine GORB
EW GOSC
AF Cyberspace Symposium
STRATCOM/ JFCOM LOE
Cyber Tiger Team
STRATCOM/ JFCOM Workshop
J-8 FCB
23
FUTURE SIGNAL REGIMENT CONTRIBUTION TO CYBERSPACE
OPERATIONS
24
ARMY CYBER C2 TODAY

• Army C2 relationships for CNO defined in existing
  EXORD and OPORD 8039
• NETCOM, INSCOM, and 1st IO CMD maintain global
  presence
• ARSTRAT provides integrated Army Cyber forces
  and planning (National to Tactical) with
  significant task organization
• A-GNOSC OPCON to JTF GNO, thru ARSTRAT
• ACERT TACON to A-GNOSC for day-to-day CND
• ACERT instantaneous TACON to JTF GNO for global
  CND
• 1st IO Cmd (-) DS to NETCOM for CND, INSCOM for
  CNA//CNE

COCOM
ASCC
JFCC
JFCC-NW
JTF
JTF
-
-
GNO
GNO
JFCC
-
NW
JTF
-
GNO
CND / NETOPS
CNA / CNE
Title 10
Title 10
DISA
DISA
NSA
NSA
DISA
NSA
NETOPS
NETWAR
DEP
DEP
DEP
DEP
DEP
DEP
NETWAR
NETOPS
NETWAR
NETOPS
NETWAR
NETOPS
CNA / CNE
XX
(INSCOM)
(NETCOM)
(INSCOM)
(NETCOM)
Title 50
(INSCOM)
(NETCOM)
Army meets National/ Joint Requirements through
existing relationships but needs to grow
Direct Support
25
Army CNO C2 Reality
26
USCYBERCOM MISSION
USSTRATCOM Cyber Mission Transitions to USCYBERCOM

• Directing GIG operations and defense
• Planning against cyber threats
• Coordinating with other COCOMS and appropriate
  U.S. government agencies to generate cyber
  effect across AOs
• Providing military reps to U.S. national
  agencies, commercial entities, and
  international agencies for matters related to
  cyber
• Integrate theater security cooperation
  activities, deployments and capabilities that
  support cyberops, ICW the geographical COCOMs,
  and making priority recommendations to the
  Secretary
• Planning OPE, and as directed, executing OPE or
  synchronizing execution of OPE ICW the
  geographical COCOMs
• Executing cyberops as directed

27
ARMY CYBER TASK FORCE
28
CND SUPPORT
29
CYBER STRATEGY

• Establish a TRADOC Capabilities Manager with
  Focus on cyber in coordination with CIO/G6
• Develop the Regiments Vision for Cyber
• Development of a CONPLAN Focused on CND
  Resourcing
• Team with the INTEL and IO Communities to
  Synchronize
• LEAD SIGCEN

30
CYBER VISION (Bridging Strategy)
N E T O P S
SIGINT
CYBER Integration
P L A N N I N G
CNA / CNE Capabilities
CND Capabilities
35 CMF
25 CMF
All Branches?
MI
Signal
31
ENGAGEMENT PLAN

• Identify Organizations/Agencies that Require a
  Regimental Presence
• Identify the Right People by Name to Fill
  Positions
• Enables Regiment to Gain an Understanding of the
  Cyber Landscape
• Establishes a Periodic Communications Process to
  Keep Regiment Informed
• LEAD ACTF

32
PERSONNEL

• Must Acknowledge the Status Quo Does Not Work
• Analyze the need for a new CND Enlisted MOS and
  Officer AOC and/or ASI
• Develop Career Paths for Cyber Work Force
• Use Apprentice/Journeyman/Master Concept
• Address Gap (Active Defense)
• LEAD SIGCEN

33
CYBER PROGRESSION

• Know the Domain First (APPRENTICE)
• Technical/Functional Expert
• Network Mission Assurance Focus (Priorities /
  Impacts)
• Understands Vulnerabilities Risks
• Know the Enemy Second (JOURNEYMAN)
• Capabilities and Limitations
• Tactics, Techniques, and Procedures
• Become a Warfighter (MASTER)
• Plan/Direct/Execute Offensive/Defensive Actions
• Mission Qualified to Employ Weapons/Tools

34
APPRENTICE TO MASTER
25X/24X/53X
Meet Criteria
Integrate/ Synch
Master
Meet Criteria
PLAN
Deliver Capabilities
Meet Criteria
DEFEND
Journeyman
Ensure Freedom of Action
OPERATE
Meet Criteria
Understand Domain
PROVIDE
Apprentice
SAMS-LIKE APPROACH (High-level expertise in the
science and art of cyberspace operations)
35
TRAINING

• Determine Required Tasks from CND MOS/AOC
  Crosswalk Aligned with the Apprentice/Journeyman/M
  aster Concept
• Review Current Training and Determine Training
  Gap
• Identify Resources Necessary to Meet Training Gap
• Think Jointness
• Partner with Industry/Academia
• LEAD SIGCEN

36
DEVELOPING LEADERS

• Streamlining Development Process
• Cyber Center of Excellence
• Partnerships with Industry and Academia
• Partnership with Cyberspace Innovation Centers
• System/Unit/Positional Qualification Training
  (Mentorship)
• Rigorous Standards, Recurring Evaluations
• Combat Mission Ready / Cyber Defense Exercises
  (CDX)
• Professional Development
• Cyber 200/300/400 distance learning courses
• Journals, Conferences, On-Line Forums
• Advanced/Graduate Education Partnerships
• University of Pittsburgh
• NPGS/AFIT
• Other

37
ORGANIZATIONAL PLAN

• Participate in the Mission Analysis of Operation
  Gladiator Phoenix OPORD to determine specified
  and implied tasks
• Review Available Assets (No Growth)
• Identify Constraints
• Propose Mission Statement
• Develop and Wargame COAs
• Play to an Agnostic View (Non-Parochial)
• Achieves Unity of Effort
• Provides Holistic Solution (Soldier to
  Strategic)
• LEAD NETCOM (AGNOSC)

38
SUMMARY

• Operate and defense of Army Cyberspace
  (LandWarNet) are core competencies of the Signal
  Regiment, performed at all Army echelons, 24/7,
  as part of the overall operate and defense
  mission of NETOPS
• NETOPS integrates CND capabilities with NETWAR to
  enable overall CNO capabilities
• Current CND problem statement based on analyses
  dating back to at least 2006 (Army requires the
  holistic execution of both active and passive CND
  from the strategic to the Soldier level)
• SIGCEN currently working efforts to address CND
  gaps
• Current Army Cyber C2 structure exists today, but
  creation of USCYBERCOM will influence future C2
  structure, as well as ACTF guidance
• Signal Regiment leadership approved top 5
  objectives to support future Army initiatives