Cyber ProvingGround
Col Timothy “Chewy” Franz24th Air Force
Mr Adam RasmussenAir Force Life Cycle Management Center (AFLCMC)
23 Aug 16
The Maj Gen “Benny” Foulois
2
Today’s Warfighting Perspective
• Cyberspace is a Domain…It is more ubiquitous than ever…We are more dependent on it than ever…Increasingly lower barriers to technologies and access
• Cyberspace is Man-Made…Concepts for new and diverse technologies appear daily…Primary architect and innovator of capability is private industry
• Cyberspace is Contested…Emergent/adaptive threats to Combat Ops, Wall Street, Your Street…Mission success depends on ability to apply warfighting principles
• Cyberspace is Complex…Challenges existing policy and legal framework…Challenges traditional C2 Constructs…Challenges traditional external partnerships
3
• The ability to better see the opportunities available• Staying ahead of nimble adversaries and rapid tech changes• Maintaining SA on innovation across industry, academia, govt
• The ability to better capitalize on those opportunities• Tapping into disparate pools of innovators that already exist• Overcoming Industrial Age acquisition processes
• The ability to field opportunities quickly• Meeting “Speed of Need” via more collaborative partnerships• Tighter integration of operator and ops commander early on
What is Needed?
• Faster innovative application of warfighting capabilities• Tighter partnerships with industry, academia, and government
4
We’ve Been Here Before
• Lt “Benny” Foulois & Early Airpower• Lockheed Skunk Works• SMC Rapid Reaction Branch• NRO Aerospace Data Facility Lab • USAF Big Safari
Each recognized the need to bring the right expertise together in order to provide more agile responses to the threats of their time.
Each had to overcome internal processes in order to leap ahead of adversary advances.
5
Why Here? Why Now?
• We have the right people and organizations• 24 AF / AFLMC
• We have the right authorities• Rapid Cyber Acquisition/Real-time Ops & Innovation
• We have many of the relationships already• DoD, National Labs, Commercial, Academia
• It is a low cost of entry• Most processes, personnel, equipment in place
Lends naturally to consider a “proving ground” concept
6
Cyber Proving Ground - Vision
Accelerate transition of advanced cyber concepts and emerging technologies to the operational community by leveraging innovative efforts across industry, academia,
national labs, operators, and other visionaries.
“Think Big, Start Small, Scale Fast”
7
• Collection of Emerging Concept Teams (ECT) that:• Stand-up for short periods of time (<6 months)• Partner w/ external developers, innovators, operators• Develop new innovative concepts/solutions• Test, Assess, otherwise “Prove” existing innovations
• An Operator Research and Library Element that:• Maintains active awareness of emerging tech/concepts• Connects ECTs with industry, academia, other govt• Conducts research in support of active CPG projects
• Transition Team that:• Facilitates getting CPG results back to innovators• Works w/ operators to quickly field CPG solutions• Coordinates with SPOs for sustainment/hand-off
The ORACLE
TransitionTeam
General CPG Construct
EmergingConcept Teams
8
Cyber Proving Environment (CPE)
Connections to other cyber environments(as needed)
CPG Operating Concept
The ORACLE
(Operator Research And Cyber Library Element)
ActivelyEngage
“Foundry Floor”
OperationsCommunity
Collaboration / Team
Participation
Collaboration / Team
Participation
Maintain Awareness
Commercial
Emerging Technologies & Concepts(across S&T, R&D, STEM Communities)
Government
Academia
FFRDCs
Warfighter Requirements
Combatant Commands
AFCYBER
EmergentThreats
USCYBERCOM
EmergingConceptTeams
Maintain Awareness
9
The ORACLE
(Operator Research And Cyber Library Element)
ActivelyEngage
OperationsCommunity
Maintain Awareness
CommercialEmerging Technologies & Concepts
(across S&T, R&D, STEM Communities)
Government
Academia
FFRDCs
Warfighter Requirements
Combatant Commands
AFCYBER
EmergentThreats
USCYBERCOMMaintain
Awareness
• Awareness of req’mnts/Intel• Awareness of emerging tech/concepts• Focused research support
Provide to Emerging Concept Team:
Cyber Proving Environment (CPE)
Connections to other cyber environments(as needed)
“Foundry Floor”
Emerging ConceptTeams
TransitionTeam
TT Facilitates:- Initial Fielding Sppt- Sustainment Handoff
To the Field
TransitionTeam
TT Facilitates:- Transition back to Developer- Continued Awareness by The ORACLE
More Dev
CPG Operating Concept
10
Range of CPG Projects
Problem Analysis
Technical Evaluations
Military Utility Assessments
Technology Challenges
Capability Demonstrations
Operational Testing/Assessments
Grass-Roots Innovation & Integration
EXAMPLES ONLY
This list is neither comprehensive nor
mutually exclusive. Each EGT is tailored to meet its
specific project requirements.
11
CPG – A Marriage of Two Organizations
Brings to the CPG• Matured RTO&I Processes/Authorities• EGT Leads, Integrators, Developers• Test/Assessment Assets• Robust Range/ModSim Environments• Classified Foundry Floors• Close relationship w/ Ops Community
Shortfalls• External partnerships proactive and
strong, but scattered and unorganized• Lack of acquisition expertise• Limited ties to the SPO community
Brings to the CPG• Acquisition Expertise/Authorities• Strong ties to the SPO Community
• Especially Cyber WS teams• Matured partnership processes• Already moved out on Unclass FF• Immediate funding for buildout
Shortfalls • External partnerships primarily based
on passive communication• Limited EGT manpower• Limited Range/ModSim Assets
12
CPG Matrixed Organization
Matrixing in the Works…• Leadership • The ORACLE• ECT Members• Transition Team• Foundry Floor Ops• Cyber Proving Environment
13
Collaboration / Team
Participation
OperationsCommunity
Collaboration / Team
Participation
Commercial
Emerging Technologies & Concepts
(across S&T, R&D, STEM Communities)
Government
Academia
FFRDCs
Emerging ConceptTeams
What’s In Place Today, What’s Not Yet…
• ECTs currently in operation across OCO, DCO, and C2• CPG Projects: 23 On-going, 19 in Hopper• Heavy on grass-roots innovation / test & assessments• Few MUAs and “Fly Offs” at this time (this will change)• Not leveraging industry and academia enough!• Strengthening relationships with ops community
(Needs MuchImprovement)
Emerging Concept Teams
14
Cyber Proving Environment (CPE)
Connections to other cyber environments
Classified FF
What’s In Place Today, What’s Not Yet…
Unclassified FF
Classified FF
Classified FF
• Several classified Foundry Floors already in place• Supporting various ECTs across JBSA
• Unclassified Foundry Floor in build stage• ETC: Early CY2017
• Robust CPE currently supports existing ECTs• Leverages in-place JIOR and TexNet conduits to partner externally• CPE will extend out to Unclassified FF
Foundry Floors / Cyber Proving Environment
15
“Foundry Floor”
TransitionTeam
TT Facilitates:- Initial Fielding Sppt- Sustainment Handoff
To the Field
TransitionTeam
TT Facilitates:- Transition back to Developer- Continued Awareness by The ORACLE
More Dev
• Interim Transition Team comprised of a few AFLCMC personnel• Bring resident acquisition/sustainment expertise• Have pre-existing relationships with Cyber SPOs
• Currently working select CPG Projects as they complete in order to pilot processes• Establishing relationships with, learning processes of, newer transition partners
• CYBERCOM, SOCOM, Non-cyber weapon system SPOs• Other developer organizations (Currently government, will expand to non-gov)
• Developing/Codifying processes for different transition paths• Will require more work on partnership mechanisms such as CRADAs and MOUs
What’s In Place Today, What’s Not Yet…Transition Teams
16
The ORACLE
(Operator Research And Cyber Library Element)
ActivelyEngage
OperationsCommunity
Maintain Awareness
CommercialEmerging Technologies & Concepts
(across S&T, R&D, STEM Communities)
Government
Academia
FFRDCs
Warfighter Requirements
Combatant Commands
AFCYBER
EmergentThreats
USCYBERCOMMaintain
Awareness
• Awareness of req’mnts/Intel• Awareness of emerging tech/concepts• Focused research support
Provide to ECTs:EmergingConcept Teams
What’s In Place Today, What’s Not Yet…The ORACLE
• The most complex of the CPG elements and the least mature• Some functionality in place but a lot isn’t yet• Requires more heavy thinking on processes/structure than other CPG elements• Will require additional (or re-roled) manpower w/ some different skillsets• Some new stuff so will take time to mature, normalize, & reach it’s full potential
17
The ORACLE
(Operator Research And Cyber Library Element)
ActivelyEngage
OperationsCommunity
Maintain Awareness
CommercialEmerging Technologies & Concepts
(across S&T, R&D, STEM Communities)
Government
Academia
FFRDCs
Warfighter Requirements
Combatant Commands
AFCYBER
EmergentThreats
USCYBERCOMMaintain
Awareness
• Awareness of req’mnts/Intel• Awareness of emerging tech/concepts• Focused research support
Provide to ECTs:Emerging ConceptTeams
What’s In Place Today, What’s Not Yet…The ORACLE (Requirements Function)
• Key Functions: Maintain Awareness of existing requirements from warfighting community
• In perfect world, would only require close ties with 24AF/AFCYBER A5 community• Challenged today by lack of resourcing and organization within Requirements community• Currently the CPG’s relationship with A5s is sufficient to maintain SA• Next Steps for this Function
• Identify permanent manpower responsible• Document roles, responsibilities, and processes
18
The ORACLE
(Operator Research And Cyber Library Element)
ActivelyEngage
OperationsCommunity
Maintain Awareness
CommercialEmerging Technologies & Concepts
(across S&T, R&D, STEM Communities)
Government
Academia
FFRDCs
Warfighter Requirements
Combatant Commands
AFCYBER
EmergentThreats
USCYBERCOMMaintain
Awareness
• Awareness of req’mnts/Intel• Awareness of emerging tech/concepts• Focused research support
Provide to ECTs:Emerging ConceptTeams
What’s In Place Today, What’s Not Yet…The ORACLE (ECT Support Function)
• Key Functions: Provide research/library support to ECTs ISO on-going CPG projects. Facilitate introductions/discussions with external partners.
• Requires manpower with research and library skillsets• Working on interim players, then likely contract out permanent team members
• Requires identification and access to databases, websites, phone rosters• Will require some local database solutions (Exploring options now)• Primarily will leverage knowing “where to find the answer” across existing knowledge resources
19
• Key Functions: • Maintain awareness of emerging tech and concepts across industry, academia, and govt• Proactively collaborate w/ communities to ID innovative solutions to current/future needs
• Several mechanisms exist today thru websites and BAAs; CPG is maturing and leveraging• Proactive engagements exist via unit Tech Advisors and their personal networks
• Value to be gained here; Needs better organization in order to make centrally visible• Requires more technical currency to facilitate additional relationships / validate ideas
• Challenged with ability to leverage more “non-traditionally-DoD” organizations• Exploring how best to tap into expertise in places like Geekdom, Rocket Space, TechLink
The ORACLE
(Operator Research And Cyber Library Element)
ActivelyEngage
OperationsCommunity
Maintain Awareness
CommercialEmerging Technologies & Concepts
(across S&T, R&D, STEM Communities)
Government
Academia
FFRDCs
Warfighter Requirements
Combatant Commands
AFCYBER
EmergentThreats
USCYBERCOMMaintain
Awareness
• Awareness of req’mnts/Intel• Awareness of emerging tech/concepts• Focused research support
Provide to ECTs:EmergingConceptTeams
What’s In Place Today, What’s Not Yet…The ORACLE (External Engagements)
OperationsCommunity
Warfighter Requirements
Combatant Commands
AFCYBER
EmergentThreats
USCYBERCOMMaintain
Awareness
20
CommercialEmerging Technologies & Concepts
(across S&T, R&D, STEM Communities)
Government
Academia
FFRDCs
Cyber Proving Environment (CPE)
Connections to other cyber environments
“Foundry Floor”
Key Challenge – Getting Innovation to the CPG
?
• Seeing Opportunities• Organizing current relationships more effectively• Identifying forums/orgs w/ broad networks• Identifying those non-traditional opportunities
• Capitalizing on Opportunities• Partnering mechanisms that meet “speed of need”
• For the operator• And for the Innovator!
• Safeguarding proprietary information• Protecting against “unfair advantage”
21
What’s In Place Today, What’s Not Yet…
Legal/Policy Questions:• How does CPG maintain Awareness of external innovation?• How does CPG share requirments?• How does CPG select innovative opportunities to “prove?”• If “proven” an immediate solution, how does CPG transition
quickly to the field?• If a long-term solution, how do we sustain it?• If more development required, how do we:
• Provide more funding?• Partner with other innovators?• Transition to long-term development?• Maintain awareness of future progress?
Emerging Concept Teams
Legal/Policy Hurdles:• Security Classification and Clearances• Consideration for “Unfair” Advantage• Protecting Proprietary Information• Partnering Vehicles (OTAs, CRADAs, Contracts, etc.)• Scalability of Solution• Sustainability of Solution• Sustainer of Solution (SPO, CDG, Other)
23
Cyber Proving Ground (OV-1)
Cyber Proving Environment (CPE)
Commercial
Emerging Technologies & Concepts(across S&T, R&D, STEM Communities)
Government
Academia
“Foundry Floors”
Emerging ConceptTeams
TransitionTeam
The ORACLE
(Operator Research And Cyber Library Element)
ActivelyEngage
Maintain Awareness
• Security Classification• Sustainment• Ops Manuals• Training
Urgent Requirements
Combatant Commands
AFCYBER
OperationsCommunity
Collaboration / Team
ParticipationCollaboration /
Team Participation
Connections to other cyber environments(as needed)
Coordination&
Handoff
• Awareness of req’mnts/Intel• Awareness of emerging tech/concepts• Focused research support
Maintain Awareness
EmergentThreats
Provide to Evil Geniuses:Steering Group(Oversight & Priorities)
FFRDCs
Leadership Element(Operations)
USCYBERCOM
24
Physical and Functional Elements
• Physical• The “Foundry Floor”• Cyber Proving Environment (CPE)
• Functional• “Evil Genius” Teams• The ORACLE• Tech Transition Team• Steering Group
25
Emerging Concept Teams
• What is it?• Tailored teams responsible for a specific project/focus
area• Can include members from operations, development, test,
acquisition, and TTP development• What does it do?
• Think Big, Start Small, Go Fast• Conceive and enable capabilities and effects that derive
from the composition and integration of emerging technologies and concepts
• Design, develop, test and transition solutions through initial operations
26
Transition Team
• What is it?• Team responsible leading transition of Evil Genius
capabilities and concepts to operator and PMO• What does it do?
• Advise Evil Genius Teams early on in the process• Assist in development of courses of action, analyzing
alternatives, and understanding the solution trade space• Advise and assist operational operational community
w/ID, clarification, and documentation of new capabilities• Coordinate and work with SPO in transition of new
capabilities• Responsible for authoring Ops Manuals/Tech Orders and
developing training
27
“Foundry Floors”
• What is it?• Modular/configurable/open-air working space and support
infrastructure• Operator-Acquirer development area
• What does it do?• Provide easily accessible, collaborative setting to rapidly
design, develop, test, and/or transition capabilities• Enable teams to adapt technology/processes to meet
rapidly changing environment• Facilitate ability to develop/display requirements,
architecture, and S&T focus including gaps and WS evolution plans
• Maintain/share technology, S&T, and vendor information
28
Cyber Proving Environment (CPE)
• What is it?• Highly and quickly configurable network, equipment, and
modeling & simulation capability
• What does it do?• Provide easily accessible environment to conduct rapid and
agile creation, development, adaptation, and/or incorporation of new capabilities
• Federation of existing cyber development, testing, integration facilities to allow outside entities to remotely connect solutions and assess security/performance within simulated networks
• Create and refine high fidelity models of cyberspace systems and networks, their vulnerabilities, the threats they face, and the material/non-material solutions required to secure our systems
• Include cyber weapon system instantiations to allow for rapid sandboxing, evaluation, assessment, etc.
29
The ORACLE
• What is it?• Operator Research And Cyberspace Library Element• Research librarians and engagement teams
• What does it do?• Develop and maintain a knowledge base of needs,
technologies, current research efforts, and contracts• Proactively interact w/diverse communities including
industry, labs, FFRDCs, and academia• ID potential tech/ideas that can used for future use and
connections between projects• Aid in development of solution COAs• Assist in providing a continuous flow of new tech• Deconflict/synchronize internal/external efforts
30
Leadership Element
• What is it?• Full-time team responsible for day-to-day ops
• What does it do?• Execution arm for Steering Group• Guide development of core, cross-cutting technologies
and drive knowledge/tech transfer• Foster development of adaptable cyber capes, state-of-
the-art tech, innovative techniques, and agile solutions for cyberspace needs
31
Steering Group
• What is it?• O-6 representation for Operations, Requirements,
Development/Test, and Transition/Acquisition• What does it do?
• Provide advocacy, strategic vision, deconfliction, and prioritization for Proving Ground projects
• Facilitate integration across NAFs to enable interoperability, orchestration, and ensure effectiveness of new capabilities
• Vet and vector potential projects• Fight for additional resources/support
32
Additional Partnerships
Standing• 24 AF• 25 AF• AFLCMC• CSC• 318 COG• AFRL• AFTENCAP• Silicon Eagle
Collaborating• RRB• DARPA I20• ACADIA(USCC)• Service Partners• DASD (DT&E)
Collaboration Critical for Success
33
Example Range of CPG Projects
Problem Analysis
TechnicalEvaluations Military Utility
Assessments
Tech Challenges
Capability Demonstrations
Operational Testing/Assessments
Grass-Roots Innovation
34
• The ability to better see the opportunities available• Staying ahead of nimble adversaries and rapid tech changes• Maintaining SA on innovation across industry, academia, govt
• The ability to better capitalize on those opportunities• Tapping into disparate pools of expertise that already exist• Overcoming Industrial Age acquisition processes
• The ability to field opportunities quickly• Meeting “Speed of Need” via more collaborative partnerships• Tighter integration of operator and ops commander early on
What is Needed?
Today’s environment requires:• Quicker, more creative application of warfighting concepts and capabilities• Tighter partnerships with industry, academia, and other national entities
35
CPG Project Proposal
External Innovation
Opportunities
Sets PrioritySchema
Steering Group
Leadership Element(CPG Ops Management Board)
Informed By
• Resources Team
• Determines Feasibility• Establishes Priority
Industry
Academia
Other Govt
FFRDCs
CNFs
TDIs RTO&Is
TASRs
HHQTaskings
CC Directed
New ProjectProposal
• Evaluates Opportunities• Recommends to CPG OMB Warfighter
Requirements
Plans & Strategies
36
Tailored EGTs
Testers
TDIs ECT LeadsRTO&Is
Range Support
Developers
Tactics Evaluators
37