VERSION: 6.3 J3 Mr. Philip Glinatsis 06/06/2013 1050

The overall classification of this briefing is:

Classified By: btwill3 Derived From: USCYBERCOM SCG

Dated: 20111011 AND

Derived From: NSA/CSSM 1-52 Dated: 20070108

Declassify On: 20280102

1 UNCLASSIFIED

UNCLASSIFIED

UNCLASSIFIED//FOR OFFICIAL USE ONLY

Cyberspace Operations Prepared for the 18th International Command and Control Research and Technology Symposium

Major General Brett T. Williams

Director of Operations (J3), USCYBERCOM

VERSION: 6.3 J3 Mr. Philip Glinatsis 06/06/2013 1050 2 UNCLASSIFIED//FOUO

UNCLASSIFIED//FOUO

Operational C2 Architecture

MISSION ASSURANCE BACKPLANE

Information Conditioning & Control

Personnel Education & Awareness

Identification & Authentication

Authorization & Privilege Mgt.

Vulnerability Mgt.

Boundary Defense

Incident Mgt.

Continuity of Ops.

Network Enclave Mgt.

Physical Enclave Mgt.

HBSS Agile Coalition Environment

NETWORKING & ENCLAVING LAYER

Tactical Link 16 TADIL-J Internet

NIPRNET SIPRNET CENTRIXSs JWICS

DSN DVS-G Link 11

TADIL-A VPNs

NSANet POTS DMON / ARCNET

SENSOR & ACTUATOR LAYER Undersea Sensors Overhead Sensors

Cyber Sensors Readiness Data

Ground Sensors

Unattended Autonomous Vehicles Weapon Platforms

SENSORS, ACTUATORS & DATA LAYER

Mission Application Data

Backup / COOP Data

TELECOMMUNICATIONS LAYER

Space

DSCS

WGS UHF

EHF-LDR

EHF-MDR GBS

AEHF

LOS/BLOS Radio

HF UHF VHF

Wireless Mobile Phone / IP Data

WIMAX WiFi GSM EVDO

Terrestrial / Undersea Undersea Cabling

Defense Data Transport Services Commercial Data Transport Services

Area Cable Plants LMR TMR

CWSP

INMARSAT Iridium

BBS

Commercial Military

TSAT

JTRS

Strategic Guidance

Situational Awareness

Concept Development

Planning

Plan Assessment

Execution

How do we C2 our C2?

APPLICATIONS LAYER

Common Applications File / Print / Share / E-Mail / Web / Office / AMHS /GPS / Voice / Video / Collaboration

Command & Control

Battlespace Awareness IntelLink / Intelipedia / MIDB

Force Application TBMCS / BMD / JADOCS

Logistics GCSS / GDSS

Building Partnerships Radiant Mercury HARMONIEWEB/ APAN CENTRIXS Tools

IAMD GCCS / IWS / Chat Callblast Telecon WebARMS

TacView / C2BMC Weapons & Authorities Dashboards

Mo

ve

Info

rmat

ion

INFORMATION CONTENT LAYER

Information Retrieval Content Discovery/People Discovery

Operational Logic

Data Sourcing Timely, Accurate

Information Conditioning Common formatting/Data Tagging Business Rules

Use

In

form

atio

n

Get

In

form

atio

n

Plan Development Orders

VERSION: 6.3 J3 Mr. Philip Glinatsis 06/06/2013 1050 UNCLASSIFIED

UNCLASSIFIED

USCYBERCOM Mission and Operations

Operate and Defend DoD Information

Networks (DoDIN)

Defend the Nation Against Strategic

Cyber Attack

Combatant Command Support

Combat Mission Teams

National Mission Teams

DISA/Services Cyber Protection

Teams

USCYBERCOM plans, coordinates, integrates, synchronizes and conducts activities to: direct the operations and defense of specified Department of Defense information networks and; prepare to, and when directed, conduct full spectrum military cyberspace operations in order to enable actions in all domains, ensure US/Allied freedom of action in cyberspace and deny the same to our adversaries.

3

VERSION: 6.3 J3 Mr. Philip Glinatsis 06/06/2013 1050 4 UNCLASSIFIED

UNCLASSIFIED

The Three Layers of Cyberspace

Cyber-Persona Layer

Physical Network Layer

Logical Network Layer

People

• Digital representation of an entity in cyberspace

• Abstract from Physical Network

VERSION: 6.3 J3 Mr. Philip Glinatsis 06/06/2013 1050 5 UNCLASSIFIED//FOUO

UNCLASSIFIED//FOUO

Cyber Terrain

VERSION: 6.3 J3 Mr. Philip Glinatsis 06/06/2013 1050 6 UNCLASSIFIED//FOR OFFICIAL USE ONLY

UNCLASSIFIED//FOR OFFICIAL USE ONLY

Cyberspace Operations Per Joint Publication 3-12 (05 FEB 2013)

*Network focused

* Mission focused

DCO – Response Actions (DCO-RA)

DCO – Internal Defensive Measures

(DCO-IDM)

* Mission focused

DCO – IDM

DCO – RA

DODIN Ops

Provide Freedom of Maneuver

in Cyberspace

Cyber forces execute cyber actions:

Cyberspace Defense

Cyberspace ISR

Cyberspace OPE

Cyberspace Attack

Defensive Cyberspace Operations (DCO)

* Project power in and through cyberspace.

DoDIN Global Operations

Offensive Cyberspace Operations (OCO)

NMT

CPT

CMT

Maritime

JFC Mission Objectives

Land

Air

Space

Cyber

Maritime

VERSION: 6.3 J3 Mr. Philip Glinatsis 06/06/2013 1050

Preserve Friendly Freedom of Maneuver in Cyberspace

DoD Information Networks Global

Operations (DoDIN Global Ops)

LIMITS • Network performance

Defensive Cyberspace Operations – Internal Defensive Measures

(DCO-IDM)

LIMITS • Identify Key Cyber Terrain • Link vulnerabilities to threat • Capability and capacity • Authorities

Defensive Cyberspace Operations – Response

Actions (DCO-RA) LIMITS

• Policy • Rules of Engagement • Authority -------------------------------- • Intelligence • Access • Capability

UNCLASSIFIED//FOUO

UNCLASSIFIED//FOUO 7

VERSION: 6.3 J3 Mr. Philip Glinatsis 06/06/2013 1050 8 UNCLASSIFIED //FOUO

UNCLASSIFIED //FOUO

An Option for Cyber C2

JFMCC

Mission Forces

JSOTF TSOC

Supported / Supporting Relationship

CCMD CPP

CCMD CPP

CCMD CPP

CPT CCMD

CPP

CCMD CPP

CCMD CPP

CPT CCMD CCMT

CCMD CCMT

CCMD CCMT

CMT

National Mission

Force (NMF)

CCMD CCMT CCMD CCMT CCMD CCMT

NMT

COCOM OPCON TACON SIGINT Authorities Direct Spt

Joint Force HQ-Cyber

DST DST DST NST DST

DS DST

CST

GEOC

DISA

Commander

USCYBERCOM

Authorities OPCON

EOC

JFCCC JFACC

Mission Forces

Mission Forces

JFLCC

Mission Forces

Commander

CCMD

VERSION: 6.3 J3 Mr. Philip Glinatsis 06/06/2013 1050

Major General Brett T. Williams Director of Operations (J3) USCYBERCOM

UNCLASSIFIED//FOUO

UNCLASSIFIED

9

VERSION: 6.3 J3 Mr. Philip Glinatsis 06/06/2013 1050 10 UNCLASSIFIED//FOUO

UNCLASSIFIED//FOUO

Analytic Framework for Responding to Cyber Attack Against the U.S.

1. Target

2. Severity/Impact

3. Attacker (Attribution)

4. Attack Vector

5. Advanced Warning

Characterize Attack Level 0 – Absorb the Blows Level 1 – Deny Objectives Level 2 – Deny Objectives and Impose Costs

Level 3 – Deny Objectives, Impose Costs, and Deter Future Attacks

Response Spectrum

• Time (+target/severity) drives requirement for pre-approved, pre-planned actions. • Response execution by agency with capability and capacity, then align authorities.

INC

REA

SED SEV

ERITY

Determine Appropriate

Response

Constraints/Restraints:

• SROE

• Intel/Access/Capability

• Proportionality

• Escalation

• Precedence

• Deconfliction

• Intel/Ops Gain-Loss

• Cyber Response

• Low visibility • Cyber/Physical Response • Proportional, non-escalatory

• High Visibility • High Cost Imposing