Shaping Cyberspace through the
Joint Information Environment (JIE)
and
Mission Partner Environment (MPE)
Dr. Deb Harlor
August 2014
This brief is classified:
UNCLASSIFIED
U.S. National Security Strategy –
Creating a Future of Effective Partnerships
Strengthening Security Relationships
• Our relationships with mission partners are a critical component of our global
engagement and support our collective security
Modernizing our partnerships/alliances
• Worldly interconnectivity
Multi-lateral approaches
•
•
•
•
•
Humanitarian Relief
Disaster Relief
Peacekeeping
Nation Building
Range of Security Threats
Greatest asset is PEOPLE
• Champion mutual interests
2
Joint Information Environment (JIE)
Coalition Forces
Improved Mission Effectiveness
• Rapid, dynamic response to support changing mission
information needs
• Timely, secure access to data and apps needed to
accomplish assigned missions
• Agile information systems that enable all PACOM
missions and any set of partners
• Resilient in disconnected, intermittent and lowbandwidth - “DIL” network environments.
Deployed Environment
Mission Applications
Computing
Data
“Enterprise Information Environment”
APEX
Navy ERP
AT21
iEHR
Enterprise
Email
DCO
AFATDS
Data
Computing
Close
Combat TM
Airman
Defense
Travel Fundamentals
Applications
“Enterprise Information Environment”
Increased Cyber Security
• Operate, monitor and defend IT assets to attain and
maintain information dominance
• Robust and resilient providing the integrity, availability
and confidentiality needed to assure all PACOM
missions and any set of partners.
Home
Work
Mobile
(TDY/Deploy)
??
Future devices
IT Efficiencies and Joint Services
• Consistent IT architecture supports effective fielding of
capabilities
• Interoperable information systems developed and
implemented with maximum performance, reliability,
and at best value minimum waste.
3
Mission Partner Environment (MPE)
MPE Enduring:
Strategic level Characteristics
•
•
•
•
Persistent
Specified Mission Partners
NGO, NGA, industry
Integrated with JIE
MPE Episodic:
Operations/Tactical level Characteristics
•
•
•
•
Mission focused
Unknown partners
JTF/CJTF capabilities
Contingencies
MPE Enablers:
•
•
•
•
Joining-Membership-Exit-Instructions (JMEI)
Coalition Interoperability Assurance & Validation
Data Classification
Exercises with Coalition Partners
4
PACOM’s JIE Vision
Internet
NIPRNET
SIPRNET
Mission Partners
Joint Information Environment (JIE) &
Mission Partner Environment (MPE)
combine to create a “single pane of
glass” for operators.
Core Data
Center
SIPRNET
JIE/MPE
“Network Enclaves”
Unclassified
networks
NIPRNET
GCCS Common Operation Picture
Classified
networks
CENTRIX-JPN Common Operation Picture
Internet
Mission Network
Access multiple data sources
with a single display
5
Common Mission Network Transport (CMNT)
• Information content is exposed to less people because of inherent
compartmentalization (separate channels)
• All traffic is IPSec encrypted – any unencrypted traffic is suspect
• NIPRNET traffic is protected at the same level as SIPRNET
• Internet traffic is separated from NIPRNET
• Takes advantage security features of IPv6
Application
Service
Points (ASP)
in a data
center
CMNT – Black Core
Mission-XYZ
Mission-ABCD
Mission-1234
SIPRNET
NIPRNET
Internet
GUARD
The
Internet
6
Commercial Solutions for Classified (CSfC)
Benefits of CSfC
• Releasable to International Partners
• Improved Responsiveness and Flexibility
• Easier to obtain
• Greater engagement with industry
• Based on the latest technologies
NSA Guidance
• Product Selection
• Configuration Guidance
• System Testing
• Residual Risk Analysis
Inner
VPN
Device
Site A
Outer
VPN
Device
Outer
VPN
Device
Black
Network
Inner
VPN
Device
Site B
7
PACOM’s JIE/MPE Approach Summary
NNI
Situational Awareness and C2 of GIG
Common
Operational
Picture
IC
UTILITY
PRIORITY
CAPACITY
RISK
LEVEL
Dynamic Computer
Network Defense
MPE
Transport
(MPET)
Network
performance,
security and risk
management
Nation B (NB)
NNI
Nation C (NC)
NNI
Quality of Service
IPSec
SIPRNET
Thin clients that can
connect to multiple
security domains
“Black Core”
PNI
IPSec
IPSec
IPSec
IPSec
CSfC – Commercial Solutions for Classified
Mission-AB
(Bilat)
IPSec
“Gray Core”
AVE – Agile Virtual Enclaves
CMNT – Common Mission Network Transport
IPSec – Internet Protocol Security
NNI – National network Interface
PNI – Partner Network Interface
One layer IP-Sec “Grey Core”
Two layer IP-Sec “Black Core”
CMNT
IPSec
PNI
Mission-NBNC
(Multilat)
AVE
Cross
Domain
Controlled
Interface
New Unanticipated
Episodic Mission Partner
8
JIE and MPE Approach & Benefits
Improved Mission
Effectiveness /
Operational Flexibility
Responsive, Agile
• One network – dynamic enclaves
• Reuse of the network with common equipment
• Add new network enclaves rapidly
Improved information sharing
• More enclaves can be employed
• Accommodates trust management for discretionary
disclosure of sensitive information
Increased Cyber
Security
Defensible, Protected, Proactive
• Compartmentalized / Virtualized
• Monitored / Controlled / Concealed
IT Efficiencies /
Joint Information
Services
Economical, Interoperable
• One network – common equipment
• Served clients; not dedicated client-server
o Less to maintain / easier to monitor
9
Questions?
This brief is classified:
UNCLASSIFIED