UNCLASSIFIED
ARCYBER
The Next Battlefield
UNCLASSIFIED
OVERALL CLASSIFICATION
10 December 2013
Cyberspace as a Domain
UNCLASSIFIED
CYBERSPACE: A global domain within
the information environment consisting of
the interdependent network of information
technology infrastructures, including the
Internet, telecommunications networks,
computer systems, and embedded
processors and controllers. (JP 1-02)
• Man-made domain – ever changing
• Interdependent w/ traditional war-fighting domains.
• Not special or separate – part of every unit’s Operating Environment
• Physical, logical (virtual), and social characteristics
•Instantaneous operational reach – global battlefield.
Constant presence – evolves at the speed of code!
2
UNCLASSIFIED
UNCLASSIFIED
Evolution of the Operational Environment
(Emergence of Cyberspace)
Past
Today
Future
Classical – AirLand Battle Classical–Network Enabled
Land Cyber
CYBER
CYBER
OPTEMPO Increasing
Convergence has taken place between land-human-cyber;
so successful Unified Land Operations will require
integrated and successful cyberspace operations
UNCLASSIFIED
3
UNCLASSIFIED
Threat…Contested Environment
• Sophisticated, Growing and Evolving
• Exploiting daily, Increasing disruption, Developing destruction
capabilities
• Current approach is not defendable or affordable
– Limited Situation Awareness
– Disparate Networks
– Reactive Defense (Signature-based)
– Compliance is our first line of defense
Threats Developing Faster Than We Can Protect Against Them
UNCLASSIFIED
4
United States Cyber Strategy
UNCLASSIFIED
U.S. International Strategy for Cyberspace:
“…combine Diplomacy, Defense & Development to enhance
prosperity, security & openness…”
• Dissuading and Deterring
• Strengthening Partnerships
• Building Prosperity and Security
Our strategic approach is always grounded by our
unshakable commitments to fundamental freedoms of
expression, privacy, and the free flow of information
Department of Defense Strategy for Cyberspace
•
•
•
•
•
Treat cyberspace as an operational domain
Employ new defense operating concepts
Enable a whole of government cybersecurity strategy
Build relationships with U.S. allies and International partners
Leverage the Nation’s ingenuity
U.S. Joint Cyberspace Doctrine is Emerging and Evolving5
UNCLASSIFIED
U.S. Cyber Command
UNCLASSIFIED
On June 23, 2009, the Secretary of Defense directed the
Commander of U.S. Strategic Command
(USSTRATCOM) to establish a sub-unified command,
United States Cyber Command (USCYBERCOM). Full
Operational Capability (FOC) was achieved October 31,
2010. The command is located at Fort Meade, MD.
Service elements include: Army
Cyber Command (ARCYBER); Air
Forces Cyber (AFCYBER); Fleet
Cyber Command (FLTCYBERCOM);
and Marine Forces Cyber Command
(MARFORCYBER). The Command is
also standing up dedicated Cyber
Mission Teams to accomplish the
three elements of our mission.
UNCLASSIFIED
6
U.S. Cyber Command
UNCLASSIFIED
USCYBERCOM Mission: plan, coordinate, integrate,
synchronize and conduct activities to: direct the operations and
defense of specified Department of Defense information
networks and; prepare to, and when directed, conduct full
spectrum military cyberspace operations in order to enable
actions in all domains, ensure US/Allied freedom of action in
cyberspace and deny the same to our adversaries.
DoD Information
Combatant
Defend the
Mission
Networks
Command
Nation
Areas
(DODIN)
Support
Cyber
Forces
Lines of
Operation
UNCLASSIFIED
Cyber National
Mission Forces
DISA/Services
Cyber Protection
Forces
Cyber Combat
Mission Forces
(CCMD Aligned)
3 Lines of Operations - Running Throughout the Mission Areas
1. DODIN Operations
2. Defensive Cyber Operations (DCO)
3. Offensive Cyber Operations (OCO)
7
Army Cyber Command
UNCLASSIFIED
Our Mission
Army Cyber Command/2nd Army plans,
coordinates, integrates, synchronizes,
directs, and conducts network
operations and defense of all Army
networks; when directed, conducts
cyberspace operations in support of full
spectrum operations to ensure U.S./Allied
freedom of action in cyberspace, and
to deny the same to our adversaries.
2nd Army /
Army Cyber Command
• Serve as Cyber Proponent
• Conduct Information Operations
Cyberspace Operations = Build + Operate + Defend + Exploit + Attack
UNCLASSIFIED
8
Command & Control…Evolving
STRATCOM
CYBERCOM
UNCLASSIFIED
Army
• Organize to Support
Combatant Commands
ARCYBER/
2nd Army
Army Cyber
Center (USMA)
Cyber Center
of Excellence
(TRADOC)
ARNG
Cyber
Units
PROPONENT
USAR
Cyber
Units
• Train, Organize, Equip
to Meet Requirements
Army Cyber Operations
and Integration Center
(ACOIC)
NETCOM/
9th SC
1ST IO
CMD (L)
CYBER
BDE
(780th MI)
INSCOM
Unity of Effort for Cyberspace Operations
UNCLASSIFIED
9
Army Cyber Command Roles
UNCLASSIFIED
 Defense of All Army Networks
 Serves as Service Component to U.S. Cyber Command
 Train, Organize and Equip
 Provide Trained & Ready Forces
 Build Joint Force Headquarters-Cyber capability
 Integrate Cyberspace into Planning and Exercises
 Cyber Education, Training and Leader Development
 Build Partner Capacity
 Conduct Information Ops for the Army
 Support to Institutional Cyber Force Development
UNCLASSIFIED
10
Defending All Army Networks
• Collapse to a defendable enterprise network
• Provide all-source indications and warnings
• Maintain cyber situational awareness
• Ensure Intel-Ops-Signal (“2-3-6”) integration
• Train and equip all Army HQs, units, and users to
defend their networks
UNCLASSIFIED
Army Networks
• 400+ Network Connections
• 700+ Circuits
• Over 800,000 Workstations
• Over 35,000 Servers
• Over 90,000 Mobile Devices
• Over 1,200,000 Users
• A Global footprint
• Recognize and understand the importance of
trusted and disciplined system and network
administrators
• Monitor and enforce compliance
• Conduct forensics of all attacks
• Obtain required tools and capabilities
• Identify and defend cyber key terrain
• Ensure future integration into the Joint
Information Environment framework
Must Defend to Maintain the Freedom to Operate
UNCLASSIFIED
11
Cyber “In Stride” Initiatives
UNCLASSIFIED
Strategic
Landpower
LandCyber
White Paper
Cybersecurity
Awareness Week
Cyber Home Station
Training Pilot
FORSCOM
Cyber Summit
Cyber Security
Assessment Teams
Commanders Program
on Cyberspace Risk
FY14 FORSCOM
Training Guidance
TRADOC Plan
for Cyber Center
of Excellence
Mission Command
Assessment Teams
World Class Cyber
Opposing Force
Cyber-Electromagnetic
Activities (CEMA)
Elements
Do What We Can Now While More Develops
UNCLASSIFIED
12
Evolving Doctrine
UNCLASSIFIED
• JP 3-12 (Cyberspace Operations):
Cyberspace Operations are the employment of
cyberspace capabilities where the primary purpose is
to achieve objectives in or through cyberspace
Most aspects of Joint Operations rely in part on
cyberspace
Commanders conduct cyberspace ops to retain
freedom of maneuver in cyberspace and deny
freedom of action to adversaries
• FM 3-38 (Cyber-Electromagnetic Activities):
Activities leveraged to seize, retain, and exploit an
advantage over adversaries and enemies in both
cyberspace and the electromagnetic spectrum, while
simultaneously denying and degrading adversary and
enemy use of the same and protecting mission
command systems
13
UNCLASSIFIED
UNCLASSIFIED
Army Cyber Training
Vision: A team of elite, trusted and disciplined cyber warriors trained
to operate and defend Army networks
Individual Level
•
•
•
Increase individual cyber awareness (passwords, software updates,
suspicious attachments); Begin with Initial Military Training
Certification is a first step…Every user has training requirements
Ensure leaders understand and are capable of planning Cyber ops
Unit Level
•
•
•
•
Train units for a degraded cyber environment
Seek opportunities to integrate and evaluate Cyber ops into planning,
training, and exercises at all levels
Synchronization of Cyber ops with all other operations
is imperative
Establish cyber OPFOR capability
Service/Joint
•
Establish and meet Joint cyber training standards
Making the US Army “Second to None” in Cyberspace…
Training and Leader Development is the Key
UNCLASSIFIED
14
Establish New
Systems Engineering FA26
Operations
LT/CPT
MAJ
LTC
COL
25D - Cyber Network Defender
HQDA Approved 25D MOS Nov 2013
Five CND Specialties
JAN 2014: Recruiting Target
MOS 25B predominate pool
Candidates for MOS, as follows:
• MOS Immaterial
• A SSG ALC graduate with at least 8 years TIS
• At least 4 years of experience in IA and IT. This
experience must be verified
• IA Certification: Must hold a current certification
under either IAT Level II or
IAM Level I IAW DoD 8570.01-M
811
•Qualifying Scores. A minimum score of 105 in aptitude areas GT
and ST on
Armed Services Vocational Aptitude Battery (ASVAB) tests
administered on
and after 1 July 2004
• Possess a security clearance of TOP SECRET (TS) sensitive
compartmented
information (SCI)
• U.S. citizen
• Meet service remaining requirement per AR 614-200 (36 months)
• A physical demands rating of medium
• A physical profile of 212221
• Normal color vision
Ongoing Initiatives
 Science, Technology, Engineer, Math  40 Seats USAF Cyber 200 Course and 45
(STEM) 50% SC Accession Targets
at 300 Course for FY 14 (CW4 instructor
 Additional Point on OML for STEM
assignment @ AFIT)
Cadets
 8 annual ACS seats for AFIT Cyber
 Voluntary Transfer Incentive
Program (VTIP) for FA and BR
related MS Degree Programs (PhD
instructor assignment @ AFIT)
 MOCS Action approved requiring
STEM and TS-SCI for FA53
 Implemented TS-SCI Cyber Threat
briefing for all Signal PCC
 Increased Throughput FA53 ISMC
 Piloting ECOPS for all Signal PCC
 Submitted request to document
Civilian Certifications on ORB
 Signal Regimental Officer Transformation
MOCS Action (AOC 25G and FA 26)
 Cyberspace Operations and Security  Increased SC WO accessions to meet
Training With Industry (TWI)
CMF build requirements
 Zero-based update of all ACS/TWI
Requirements
 HQDA approved 25D MOCS Action / 25D
Pilot course
 Documented CPT officer positions as  25D In-Service Screening Test (ISST)
Cyber related ACS utilization
 CIO/G6 provided DoDD 8570 annual
assignments
IA/Cybersecurity recertification vouchers
 CMF KD positions in DA Pam 600-3
for AOC 24A, 25A, 53A & Signal WO
Developing Initiatives
•
Incorporate SANS MS Degree into FA
26 education program
•
SIGCoE Course Emphasis on
Blended Education vice Training
•
Organic ACOPC instructor capability
in the Cyber Leader College
•
•
Cyberspace Technological
Enrichment Program (CTEP) (HIA)
Army Career Tracker Pilot for all
Signal Regiment Officers, WO,
Enlisted
•
Non-MEL4 Fellowship @ NCCIC and
FCC for field grade and warrant
officers
Select SC 2LT to USAF
Undergraduate Cyber Training @
Keesler AFB
•
Army Cyber Assessment (ACA)
transfer of responsibility from
ARCYBER
•
•
USCC/NSA CMF equivalency for SC
AOC/MOS qualification training
course
What We Must Do
UNCLASSIFIED
• Embrace cyberspace as a contested domain
• Know the threat….It is not random
• Treat the Network as a weapon system
• Enforce Compliance with Basic Standards and Discipline
• Cyber security is not a given and remediation is expensive
• This is leader’s business
• Conduct Training and Leader Development
• Make people the Centerpiece, not Technology
Strong partnerships are critical to success
UNCLASSIFIED
19
Cyber Warriors
UNCLASSIFIED
Vision: Professional team
 Elite, trusted, precise, disciplined warriors
 Culture of trust, respect, and dignity
Who
 Defend and operate all military networks
 Provide dominant effects in cyberspace
 Ensure Mission Command
 Enable Unified Land Operations
 Ensure a decisive advantage—Land and Cyber
The Key to Cyberspace Operations is People, not
Technology
20
UNCLASSIFIED
Questions
UNCLASSIFIED
“Transforming Cyberspace While at War…
Can’t Afford Not To!”
UNCLASSIFIED
21