c4isr: positioned for cyber innovation and...
TRANSCRIPT
24 March 2017
C4ISR: Positioned for Cyber Innovation and ReadinessAFCEA Aberdeen Chapter Luncheon
Distribution Statement A: Approved for public release. Distribution is unlimited. 23 March 2017
2
Army PEO Alignment
Defensive Cyberspace Operations (DCO)
OPR: PEO EIS, PEO C3T
Requirement Status: IS ICD validated 1QFY17;
RDPs set to enter HQDA staffing
Passive and active cyberspace operations intended to
preserve the ability to utilize friendly cyberspace
capabilities and protect data, networks, net-centric
capabilities, and other designated systems.
Offensive Cyberspace Operations (OCO)
OPR: PEO IEW&S; (INSCOM)
Requirement Status: IS ICD in TRADOC staffing;
RDPs in development
Cyberspace operations intended to project power by
the application of force in or through cyberspace. The
Army provides forces trained to conduct OCO across
the range of military operations to target enemy and
adversary activities and capabilities.
Persistent Cyber Training Environment (PCTE)
OPR: PEO STRI
Requirement Status: ICD validated 4QFY16; IS
CDD in development
The Cyber Mission Forces and associated Command
and Control (C2) will use the PCTE to conduct
individual and collective training to achieve and sustain
mission readiness for full spectrum Cyberspace
Operations conducted by Services and Combatant
Commands
Cyber Situational Understanding (SU)
supporting CEMA
OPR: To Be Determined
Requirement Status: IS ICD in HQDA staffing
Cyber SU supporting CEMA will fully establish an
integrated cyberspace, spectrum management and
electronic warfare capability for CORPS and Below
data models, architectures and analytics.
All Programs have authorities and funding from previous requirements documents or directives to move forward
UNCLASSIFIED
3
Other Transaction Authority (OTAs)
for Cyber
Five separate initiatives so far:Challenge #1: Deployable Defensive Cyberspace Operations (DCO) System (DDS)
-Completed Phase III delivery of prototypes; assessing plan to initiate production
Challenge #2: Cyberspace Analytics-Awarded and deliverables on-schedule
Challenge #3: Micro-cloud Management Solutions-Entered final stage; ensuring proper alignment to requirement
Challenge #4: Cyber Operations Integration Platform-Entered final stage; ensuring proper alignment to requirement
Challenge #5: Persistent Cyber Training Environent (PCTE)-Received/reviewing proposal submissions; pending FY17 budget to schedule vendor engagement
Future: Up to 4-5 annually across Cyber Portfolio (DCO, OCO, CyberSU, PCTE, Insider Threat, etc) as
part of respective acquisition strategies:
OTA
Materiel SolutionsAnalysis Operations & SupportProduction & Deployment
Engineering Manufacturing& Development
IOC
TechnologyDevelopment& Risk Reduction
System Integration
System Demonstration
Design Readiness Review
Sustainment Disposal
FOC
A
CBA
Concept
DecisionLRIP
Full-Rate Prod & Deployment
Commercial Tech – Existing Program / Tech Insert
B C
FRP Decision Review
UNCLASSIFIED
4
Figure is UNCLASSIFED
Figure is UNCLASSIFED
Near-Peer Adversary TTP’s
Size, Density, Capacity, Complexity
Technology refresh & adoption rate
Encryption
Data flows spanning multiple technologies
UNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
5
CEMA Operational Framework
(FM 3-12 Final Draft)
(U) Trust: Establish known degree of assurance that devices, networks and cyber dependent functions perform as expected, despite attack or error
(U) Resilient & Agility: Withstand cyber attacks and sustain or recover critical functions. Dynamically reshape cyber systems as conditions/goals change to escape harm
(U) Access & Effects: Focus on emerging technologies. (U) CEMA Situational Understanding (SA)
(Blue/Gray/Red): Use cyberspace and the EMS to provide near real-time information to commanders and Soldiers. Mapping of mission to supporting network infrastructure and systems
(U) OCO Architecture: Develop new capabilities based on common SW frameworks that maximize reuse of core components. Enable remote deployment of OCO capabilities from tactical systems.
UNCLASSIFIED
(U) Cyber Deterrence: How to reduce an adversary’s willingness to utilize cyberspace to achieve an asymmetric advantage (e.g. Attribution, Cost to benefit reduction, etc..)
(U) 3rd offset: Autonomy, Artificial Intelligence, Machine Learning
(U) Shift to Near Peer: Focus on next fight
• (U) Automated SW Review
• (U) Tactical Multi-factor Authentication
• (U) Weapon system / platform Security
• (U) Deception• (U) Containerization
• (U) Tactically enabled
Integrated
Cyber, EW
& SIGINT
Figure is UNCLASSIFED
Figure is UNCLASSIFEDUNCLASSIFIED
6
Product Manager (PdM) Defensive Cyberspace Operations (DCO)
PEO C3T Program
PEO EIS Program
LEGEND
GarrisonDCOPlatform
DeployableDCO
System
DCO Tool Suite
TacticalDCO
Infrastructure
Forensics&
Malware
UserActivity
Monitoring
Future Capabilities
Future Capabilities
Future Capabilities
DCO Information Systems Initial Capability Document
26 Oct 16
THE JOINT STAFF
WASHINGTON, D.C.. 20318-8000
Big Data Platform DCO InfrastructureCyber Protection
Team ToolsWeb Vulnerability
Driving ONS Requirements
Future Requirements
Current Requirements
Cyber Analytics&
Big Data Platform
DCOMission Planning
Mission: Create Defensive Cyberspace capabilities for US Army Cyber Protection Teams (CPTs) and other Cyber Mission Forces, in a dynamic environment, in order to take immediate action to protect data and networks, in all operating environments and conditions.
UNCLASSIFIED
7
Programs
1. Garrison DCO Platform (GDP) – GDP is pre-positioned infrastructure (at installations) consisting of
Commercial-off-the-shelf hardware and software (proprietary and open source), and limited
Government-off-the-shelf (GOTS) hardware and software that enables Cyber teams to remotely conduct
defensive operations missions.
2. Deployable DCO System (DDS) – A multi-configurable deployable kit that is transportable by aircraft
or other means to support deployed missions relative to defensive cyberspace operations.
3. Cyber Analytics/Big Data Platform (BDP) – A cyber threat and vulnerability hunting capability that
will allow the Cyber teams to ingest rapidly large volumes of structured and unstructured data; correlate,
perform analysis, and visualize the data in order to rapidly detect and illuminate adversaries and
vulnerabilities.
4. DCO Mission Planning (MP) – An application-based scalable, secure warfighting capability to
support cyber operations, mission command and planning that integrates wargaming, control of plans,
app store, intelligence threat and vulnerability analyses, execution and assessment.
5. DCO Tool Suite – A set of software applications that are the fundamental tools enabling Cyber
Mission Forces to perform defensive cyberspace operations missions that are executed and managed on
the DCO platforms.
6. Forensics and Malware Analysis – A capability to rapidly triage malware incidents; return impacted
systems/services to full operations; to detect, analyze, mitigate and eradicate malicious activity (malware)
on defended networked environments; and to identify the root cause/threat actor.
7. User Activity Monitoring/Insider Threat – A software-based, scalable capability that proactively
identifies and mitigates internal risks associated with unauthorized actions, including theft and misuse of
critical, mission essential data.
8
Pilots & Risk Reduction Activities
Fiscal Year 2017 Pilots & Prototypes Focus:
Training Integration and Support Regional GDP (RGDP) GDP (Ft Drum) Cross Domain Management Insider Threat Analytics as a Service DDS-Lite
Fiscal Year 2018 Pilots & Prototypes Focus:
Insider Threat Analytics CPT Tools Mission Planning Web Sensors DDS Expansion Development and Integration Assessment Environment Network Visualization Suite Micro Data Analytics
UNCLASSIFIED
9
Request for Information & Industry Day
Industry Collaboration:
Product Manager (PdM) Defensive Cyber Operations has posted a Request for Information
(RFI) and Qualification Notice on the 3rd of March to allow for the exchange of information
regarding the identification of future PdM DCO acquisitions, "mission objectives", increase
and encourage competition, gain insight on the Army's operational and functional needs,
address the feasibility of future requirements and potential projects.
Industry Day:Location: Wood Theater Post Bldg. 2120n, Fort Belvoir, VA 22060Date: 19 April 2017 Session 1: 0900-1100hrsSession 2: 13:30-15:30hrs
Primary Point of Contact.:Jennifer Smith,Contract [email protected]: (309) 782-2142
10
PdM Tactical Network Cyber Operations
(TCNO) Rechartered from WIN-T Increment 3 (July 2016)
PdMTCNO
PdMInc. 3
DCO
INO
JENMBuild4/5
WIN-T Increment 3 Tactical Network Cyber Operations
Integrated NetworkOperations (INO)*FY19 New Start POR
JENMJTNT
DCO-I * FY 15-17 ONSHBSS - HBSSaaS
ProgramOffice
Products
Tactical DCO-I (TDI) is the pre-positioned infrastructure at Echelons Corps and Below (ECB) that provides the materiel solution for the both the tactical (organic unit forces) and global cyberspace defenders (Cyber Protection Teams) to defend the network. TDI is continuing a pilot effort at NIE 17.2 to inform subsequent PoR materiel development efforts and the integrated CONOPS for DCO.
For Host Base Security Solutions, PdM TCNO will be migrating PEO C3T Programs of Record (PoR) from the current Enterprise HBSS infrastructure to the new Army HBSS as a Service (HBSSaaS) infrastructure starting FY18.
UNCLASSIFIED
11
UNCLASSIFIED
Software Engineering CenterSoftware Assurance (SwA)
CECOM SEC continually coordinates with our DoD Joint Federated Assurance
Center (JFAC), CERDEC, ASA (ALT), PEO C3T and PEO IEW&S Partners.
This past year SEC has:
• Established a Team Command, Control, Communications, Computers, Intelligence,
Surveillance and Reconnaissance (C4ISR) Software Assurance Memorandum of
Agreement (MOA)
• Hosted two major Army Level Software Solariums at APG, more on the horizon
• Completed software assurance assessment of eleven systems as a JFAC Service
Provider with more being worked and more in the pipeline
• Authored the new Software Assurance DA PAM 25-2-X to be published with the new
AR 25-2, Army Cybersecurity
Distribution A – Approved for Public Release – CECOM Item 7078
UNCLASSIFIED
12
Questions
UNCLASSIFIED