24th air force (afcyber) col robert skinner commander, 688th information operations wing overall...
TRANSCRIPT
24th Air Force(AFCYBER)
Col Robert Skinner
Commander, 688th Information Operations Wing
OVERALL CLASSIFICATION OF THIS BRIEFING IS UNCLASSIFIED
11 Jun10
2
Unclassified
Unclassified
24 AF Perspectives on Cyberspace
• Only operational domain that is man-made• Physical Domain (A place, Not a mission)• Where Operations are conducted (Like Land,
Sea, Air & Space)• Integrate operations conducted across
domains (don’t integrate domains)• About Mission Assurance (not Network
Assurance)"Cyberspace is not a mission, it is a place where "Cyberspace is not a mission, it is a place where
operations are conducted … and is about assuring operations are conducted … and is about assuring the mission, not about assuring the network” the mission, not about assuring the network”
––Maj Gen Dick Webber, AFNS, 20 Nov 09Maj Gen Dick Webber, AFNS, 20 Nov 09
3
Unclassified
Unclassified
Joint C2 Relationships
USCYBERCOMUSCYBERCOM
STRATCOMSTRATCOM
624 OC
COCOMsCOCOMs
C-NAFs
AOC
AFSPCC-MAJCOM
COLE
AF CYBER FORCES
USCYBERCOM CSE
ACCE
ACCE: Air Component Coordination ElementCOLE: Cyber Operations Liaison ElementCSE: Cyber Support ElementDAL: Defended asset list
AF CYBER LNO?
As Required
AFCYBER(24 AF*)
ACCE – Support to: - Joint planning - Targeting - Weaponeering - Interagency coord - Synchronization - COCOM/OPLAN CCIR - Joint effects - Deconfliction - Other cyber components
COLE– Provides support to: - Theater planning - Joint effects coordination - Mission assurance - Synchronization
DAL CC Intentions CC Priority Hunter Team
As Required
JFCOMJFCOM
ACC
Combat Communications Forces
AE
F T
ask
ing
Lead MAJCOM MOU
Desired
4
Unclassified
Unclassified
Operational Integration
AF Cyber Force Capabilities
14 AFAFSTRAT
624 OC*
24 AF / AFNETOPSAFCYBER
AFISRA
614 AOC
67th NWW 688th IOW 689th CCW 659th ISRG
Cyber C2 Operational planning Mission integration
Cyber fusion
•Law Enforcement/AFOSI Presence
ESSA: Electronic System Security AssessmentCORA: Cyber Operational Risk Assessment
Hammer Ace: Rapid deployable commNTI: National Tactical Integration
Full Spectrum NetOps
Net Control ESSA CORA
AFCERT*
Hunter teams TTPs
Cyber OT&E Rapid tool
development Blue Team
assessment Engineering and installation
Combat Comms Hammer Ace Global Net
extension
SIGINT support Threat analysis
NTI Threat warning
Target development
Combat Comm Engineering and
Installation Blue Team assessment
Full Spectrum Cyber Ops
MCCC 3x(CACS)
608 AOC
8 AF AFSTRAT
ARC Forces
Direct Support
5
Acquisition & Development Process
• Increasingly dynamic environment
• Streamline acquisition processes
• Rapid capability delivery
•Meet warfighter needs
• Leverage DISA/NSA tools and capabilities
Foundational
Ops&
Innovation
Current Rapid
(UON/JUON)
AFM
C
E
SC
A
FSP
C
Unclassified
Unclassified
6
Unclassified
Unclassified
Mission Assurance vs. Network Assurance
Mission Assurance Network Assurance• Operator business (A3) • Service provider business (A6)
• Assure mission accomplishment • Assure the network works
• Focuses on operational need • Focuses on service availability
• Prioritizes defense • May deny mission to ensure
the network is protected
• Establishes operational “crown
jewels”
• Attempts to defend everything
• Integrates intelligence
preparation into threat response
• Can dismiss the greater threat
due to lack of tangible effects
• Response to attack:
fight through
• Response to attack:
disconnect
Our Mission Is To Make Sure The Warfighter Can Perform The Joint Our Mission Is To Make Sure The Warfighter Can Perform The Joint Mission Mission
7
Unclassified
Unclassified
Priorities
• Real time situational awareness• Filter mountains of data for relevance• Be proactive with vigilant monitoring• Standardize network architecture• Fight through an attack• Reroute critical traffic• Kill malicious traffic• Respond with active forces
Build The Foundation For The OODA Loop Build The Foundation For The OODA Loop
8
Unclassified
Unclassified
Challenges
• Cyber: High demand, low density• Command and control at the speed of war• Real-time situational awareness• Size and complexity of the network• Heterogeneous networks• Time to build Cyber capabilities• Advanced adversaries
9
Unclassified
Unclassified
Services Working Together
• CJCSM 6510.10 directs services to: “share and corroborate [incident info] for validation and situational awareness.” • Accomplished through incident reporting process• Response actions directed by USCYBERCOM via TCNOs,
IAVAs or OPORDS as needed
• Joint Exercise BULWARK DEFENDER• Annual CND exercise, all services participate• Robust scenarios developed by services and USSTRATCOM• Services attend valuable lessons learned conf. POST-EX
• Service Liaison Officers• 688 IOW has LNOs from all services and NSA • Ensures valuable exchange of tactics and lessons learned
10
• Working on partnerships with large enterprise-focused commercial companies
• Academic Partnerships:• Saint Mary’s University Cyber Security Conference• Defense Technological Cluster (DTC) • Air Force Institute of Technology• UTSA• Vanderbilt• George Mason
Teaming with Industry/Academia
“We must establish close & continuing relationships with our joint partners, industry and academia”
- Secretary of the Air Force, “Air Force Cyberspace Mission Alignment”, 20 Aug 2009
11
Unclassified
Unclassified
24 AF Way Ahead
• Build cyber situational awareness
• Create mission assurance paradigm
• Normalize NetOps and defense
• Complete Ops Center transformation
• Operationalize cyber C2
• Space and Cyber integration
• Mature joint relationships
• Partner with industry
• Increase capacity
• Total Force Integration
• Grow component-NAF staff
Crawl Crawl Walk Walk Run Run