1

National Cyber Range Complex 15 May 2019

Christina CrowleyNCRC Director - Patuxent River SiteIntegrated Battlespace Simulation and Test Department (IBST), 5.4Christina.crowley@navy.mil(301)-757-3095

2

Cybersecurity Testing – a DOD Imperative

Director, Operational Test and Evaluation FY 2016 Annual Report:“…our threats are increasing their capabilities faster than our test infrastructure…I cannot emphasize enough the need for early, adequate, realistic, and rigorous independent operational testing on all systems to ensure what is being developed will, in fact, provide our Service men and women the capabilities they need in combat.”

“The cyber threat has become as real a threat to U.S. military forces as the missile, artillery, aviation, and electronic warfare threats which have been represented in operational testing for decades.”

“Operational Test Agencies (OTAs) will include cyber threats among the threats to be encountered in operational testing for DOT&E oversight systems with the same rigor as other threats.”

“All oversight systems capable of sending or receiving digital information are required to conduct cybersecurity testing.”

OSD (DOT&E) Apr 2014 Memo Procedures for Operational Test and Evaluation of Cybersecurity in Acquisition Programs:

2018 National Defense Strategy - US Secretary of Defense Jim Mattis

“We will also invest in cyber defense, resilience, and the continued integration of cyber capabilities into the full spectrum of military operations”

3

What is a “Cyber Range”?

The NCRC provides virtualized, high-fidelity representations of cyber-contested environments

▼ Traditional Open Air Ranges Physical Environment

− Weapons Testing− Mission Rehearsal− TTP Development

▼ Cyber Ranges Virtual Environment

− Cyber Capabilities Testing− Mission Rehearsal− TTP Development

4

NCRC at a Glance

Automation Maximizes Utilization of Range Resources

SME Available for Planning, Design, Execution, OPFOR and Analysis

Hi-fidelity Virtualized Representations of Networks, Platforms, C2, etc.

Mission: Improve the resiliency of our nation in the cyber-contested battlespace by conducting testing, training, and mission rehearsal in operationally-representative cyberspace environments

NCRC Key Capabilities

• Rapid emulation of complex, operationally representative network environments

• Automation provides significant efficiencies that enables high OPTEMPO

• Sanitization to restore all exposed systems to a known, clean state

• Support multiple concurrent events at varying classification levels

• Secure connectivity

Typical NCRC Use Cases

• Vulnerability Assessment

• Cyber Mission Force Training

• Product/Solution Evaluations

• Architecture Evaluations

Expanding Capacity to Meet Demand

Existing NCRC Sites

5

NCRC Key Capabilities• Rapid emulation of complex & operationally representative network

environments Red/Blue/Gray networked environments Operational systems (e.g., weapon, C2, business, etc.) Realistic traffic types, flows, & scale Customized instrumentation

• Automation provides significant efficiencies that enables high OPTEMPO Time to deploy environments on the order of hours Minimizes potential for human error and ensures capability to replicate scenarios &

phenomena

• Sanitization to restore all exposed systems to a known, clean state Allows assets to be reused even when they are exposed to the most malicious and

sophisticated uncharacterized code (i.e., “non-destructive” cyber testing)

• Support multiple concurrent tests at varying classification levels Events, users & data are isolated

• Secure connectivity Integration of distributed capabilities (e.g., HWIL, SILs, etc.) Remote user access

Provides customers with a unique set of cybersecurity test, evaluation, and training capabilities

6

NCRC Expansion Program

The Right Team Enabled by the

Right Technology

New NCRC Sites Currently in Development:• Patuxent River, MD (NAWCAD)• Charleston, SC (NIWC)• Eglin AFB, FL (96th Cyberspace Test Group) • Orlando, FL (TRMC New Site) Group)

NCRC Site Buildout Phases• Facility Preparation• NCRC Core Infrastructure Installation• Workforce Acquisition and Training• Initial Operational Capability• Full Operational Capability

VISION: At maturity, the NCRC will consist of an integrated and interoperable constellation of facilities designed to enable the planning and execution of very large-scale, complex, distributed cybersecurity events to satisfy customer requirements in the domains of R&D, S&T, DT&E, OT&E, training, exercises, and mission rehearsal.

7

NCRC Expansion Sites

NCRC

Charleston

PAX River

Orlando

Eglin

8

Cyber Range Facilities

• Accredited SCIF• Classified Data Center

Compute, storage, memory, licensing, etc. Management tools suite Environment Tool suite Security architecture to segregate events

• Integrated Development Environment Small-scale replica of the classified data center Development and refinement of the management tool suite Assessment and integration of new tools and technologies Event staging

• Dedicated Event Rooms Reconfigurable with access to the event environment Onsite user planning, execution and analysis of events

9

Typical National Cyber Range Complex Use Cases

• Vulnerability Assessment How resilient is a System or a System-of-Systems (SoS) to a given set of threats?

What are the external system dependencies that can impact overall cybersecurity posture?

What is the impact to mission effectiveness?

• Cyber Mission Force (CMF) Training Create realistic mission-tailored, unconstrained environments (at scale) to support

training, certification, and exercises

Provide the most realistic training possible from classroom to force-on-force

Enable cyber operators to train from home station

• Product / Solution Evaluations Does adding a new product increase or decrease your security posture?

How well does the product perform in different scenarios?

• Architecture Evaluations Remove lab constraints and evaluate system architectures at scale

10

NCRC Event Planning, Operations & Support(EPOS)

• At each new NCRC site, the key workforce positions will only be partially filled by government personnel from the gaining Service organizations

• Additional contractor personnel will need to be acquired in order for each site to become operational

• The NCRC EPOS contracting strategy will enable the government to satisfy growing requirements in the cyber T&E, training, and mission rehearsal domains.

• EPOS will serve as the government’s mechanism to leverage the industry’s highly skilled workforce to conduct:

– Event planning– Event design & engineering– Event execution– Event analysis & reporting– Range maintenance & supporting activities– Innovation Council

• Promote Competition• Expand the Pool of Qualified

Performers

11

Summary

• The demand for cyber range resources continues to increase The DoD is placing increased emphasis on the need to consistently incorporate realistic

cybersecurity Test and Training at all levels and phases Early identification of system vulnerabilities can make them easier and cheaper to fix TRMC in partnership with the Services is increasing capacity to meet the growing

requirements

• NCRC provides customers with a unique set of cybersecurity Test and Training skills and capabilities Enable the acquisition community to conduct system or System-of-Systems (SoS)

cybersecurity test and evaluation events that are tailored to meet program requirements throughout its acquisition lifecycle

Enable the training community to conduct realistic cybersecurity training in environments that closely replicate the real world