Program Executive Office Command, Control, Communications, Computers and Intelligence (PEO C4I) Navy Information Assurance and Cyber Security 15 September 2010 Kevin McNally Program Manager (PMW 130) (858) 537-0682 kevin.mcnally@navy.mil Statement A: Approved for public release; distribution is unlimited (9 SEPTEMBER 2010) Information Dominance Anytime, Anywhere… PEOC4I.NAVY.MIL Agenda • Changes in our Community • PEO C4I and PMW 130 • Why Cyber Matters • The Threat • The Acquisition Process Today • Way Ahead for Cyber Acquisition • Challenges • IA Concerns on the Horizon • Q&A 2 The Drive to Information Dominance The Economist 3 Changes in our Community “…we must embrace innovation, be willing to test and evaluate new concepts, and ultimately, resource and support game-changing technologies, processes, and information capabilities. Our goal: to achieve command and control overmatch against all adversaries. If we’re reaching for something less than that, we aren’t trying hard enough…” -VADM Dorsett, DCNO (N2/N6) 4 PEO C4I Organizational Structure ASN(RDA) CNO Assistant Secretary of the Navy (Research, Development & Acquisition) Chief of Naval Operations SPAWAR CURRENT READINESS RADM P. Brady VICE PEO C4I REPORTING DEPUTY RDML Jerry Burroughs APEO APEO APEO APEO SSC Atlantic SSC Pacific Contracts (2.0) – Trelli Davis Logistics (4.0) - Sean Zion Engineering (5.0) – Wendy Smidt S&T (7.0) - John McDonnell PRINCIPAL DEPUTY INTELLIGENCE PRINCIPAL MILITARY DEPUTY Mr. Terry Simpson CAPT John Pope SPAWAR Space Field Activity Special Assistant for MDA – Andy Farrar Chief of Staff – CAPT Gary Galloway DPEO Acquisition Management – John Metzger DPEO Manpower & Budget – Susie Drew DPEO Strategic Mgmt & Process Improvement – Aaron Whitaker DPEO Platform Integration & Modernization – Vacant DPEO Technical Direction & Program Integration – Charlie Suggs Battlespace Awareness & Information Operations PMW 120 CAPT Bob Parker Mark Reinig Information Assurance and Cyber Security PMW 130 Kevin McNally CAPT Don Harder Command and Control PMW 150 Tactical Networks PMW 160 Communications PMW 170 CAPT Steve McPhillips Jim Churchill CAPT DJ LeGoff CDR William “Ben” McNeal Vince Squitieri CAPT (Sel) Mark Glover NIDE NIDE NIDE NIDE NIDE International C4I Integration PMW 740 Steve Bullard Joe Orechovesky Carrier and Air Integration PMW 750 Ship Integration PMW 760 Submarine Integration PMW 770 Mark Evangelista (Acting) Cheryl Carlton (Acting) CAPT Ken Ritter Bill Farmer CAPT Dean Richter Maria Cuin NIPO NAE SWE USE Shore and Expeditionary Integration PMW 790 Ruth Youngs Lew CDR Allan Walters Allen Armstrong NECE Updated 10 September 2010 5 About PEO C4I Workforce • Civilian: 214 • Military: 71 Navy C4I Key Facts More than 5,200 radios fielded Programs - Total: 122 • ACAT I: 8* • ACAT II: 6 • ACAT III & Below: 106 • Rapid Deployment Capabilities (RDCs): 2 *Includes: IAC – 3 IC – 2 IAM – 2 (1-DISA/1-PEO C4I) Pre-MAIS/MDAP – 1 Platforms Supported – FY10 • Afloat: 228 • Shore: 349 • Expeditionary: 34 updated 23 August 2010 More than 2,500 annual installations More than 700 applications supported Average/fielded bandwidth capability Carrier: 4 mbps - 24mbps Destroyer: 512 kbps - 8mbps Submarine: 128 kbps Average technology refresh 18 months Average time to market Initial fielding: 36 months Full Fielding: 8-10 years 6 PMW 130130 PEO C4I PMW Priorities InformationStrategic Assurance and Cyber Security Strategic Priorities PMW 130 Vision: Securing the Cyber Domain PMW 130 Mission: Provide capabilities to secure the cyber domain, assure end-to-end information and enable decision superiority GOALS Minimize total ownership cost of a secure Cyber Domain COST Rapidly and proactively field innovative capabilities to stay ahead of the Cyber threat SPEED Maintain a world-class Information Assurance workforce equipped to achieve acquisition excellence in a dynamic environment WORKFORCE Achieve synergistic partnerships with requirements’ owners, resource sponsors and end-users CUSTOMER 7 PMW 130 Information Assurance and Cyber Security PROGRAM MANAGER Kevin McNally DEPUTY PM CAPT Donald Harder Technical Dir. PEO DDAA Crypto & Key Management Network Security § Acquisition Mgr CND Afloat BFM Lead Crypto Products CND Ashore Cyber Security Liaison Crypto Data Ports & Protocols Network Security Dir Ops Crypto Voice Security Mgt APM-C Key Management DIACAP APM-E PKI NMCI/NGEN IA APM- S&T Network Security Integration APM-L Radiant Mercury Install Resource Manager Crypto Mod BFM Support 8 PEO C4I PMW 130 Our Portfolio • OPNAVINST 5239.1C, Navy IA Program: Navy IA Technical Lead; Systems Security Engineering; IA Requirements; IA Products IA Technical Support System Security Computer Network NAVCYBERFOR Defense (CND) Engineering FLTCYBERCOM Crypto CND Public Key On-Line NETWARCOM Defense in Infrastructure Services Acquisition Depth Technical Lead CFFC Authority Electronic Key Role Mgt System Crypto Voice Radiant Mercury PEO-EIS OPNAV PEO-C4I SYSCOMs Role Crypto Mod Program Office IA Pubs INFOSEC Helpdesk 9 What Is Cyber? From the S.773 Bill, Cybersecurity Act of 2009: • Any process, program, or protocol relating to the use of the Internet or an intranet, automatic data processing or transmission, or telecommunication via the Internet or an intranet; and • Any matter relating to, or involving the use of, computers or computer networks "The office of the Chief of Naval Operations must be organized to achieve the integration and innovation necessary for warfighting dominance across the full spectrum of operations at sea, under sea, in the air, in the littorals, and in the cyberspace and information domains.“ -Adm. Gary Roughead, Chief of Naval Operations 10 Why Cyber Matters? "If the nation went to war today in a cyber war, we would lose. - Admiral Mike McConnell (retired), 23 Feb 2010 • 1 trillion URLs (Uniform Resource Locator, like www.) • Greater than 210 billion emails are sent every day • Over 2 billion Google searches are conducted each day • Over 1.7 billion Internet users • DoD users make 1 billion+ Internet connections each day, passing 40TB of data • Symantec: 458K new malware code signatures from APR-JUN 2010 • Adversaries are continuously improving their cyber attack capabilities using many commonly available tools Cyber security is vital to our warfighting capability 11 The Threat Anatomy of a Common Attack • • • • • • Scan/map network Find vulnerabilities (often using automated tools) Establish foothold on computer Escalate privileges on the network Pwnd Put measures in place to hide tracks (erase logs, etc.) • Expand on network (gather info, insert malware, zombies, use to spam, etc) 12 CONFICKER Example Speed of Adversary Weaponization CONFICKER.E Spam “Scareware” Sophistication CONFICKER.D 50K Domains + Improved HTTP Command & Control + Robust Peer-to-Peer Comms Kills Security Software Malware Analysis Countermeasures CONFICKER.C Direct Update Feature CONFICKER.B + Password Cracking + USB Infection Vector + Primitive Peer-to-Peer Comms Anti-Virus Countermeasures Software Update Countermeasures Code Cryptography 5 versions in 5 months – each more capable CONFICKER.A HTTP Command & Control No Software Armoring 21 Nov 08 30 Dec 08 20 Feb 09 6 Mar 09 We need to be agile and resilient 7 Apr 09 Time 13 CONFICKER vs Acquisition Speed of Fielding Sophistication Dramatization: Each red dot is a possible variant Day One FOC IOC Initiation 1 year 2 years 3 years 4 years 5 years 6 years 7 years 8 years Time • 30 variants could have been developed before IOC • 80 variants could have been developed before FOC 14 How We Do Acquisition Today • Current DoD 5000 model built for acquisition for ships, aircraft and weapons systems Requirements and oversight based upon risk reduction • This model does not work for IT or Cyber Defense COTS insertion model is low risk (cost-wise) IT lifecycle ~3 years, then EOL Cyber attack tools progress rapidly 15 DSB Task Force March 2009 Proposed Acquisition Model Rapid COTS Insertion New capabilities fielded incrementally Prototyping and Experimentation 16 New Acquisition Approach • Advantages Keep pace with technology Get ahead of EOL challenge Rapid introduction of new commercial products and S&T Closer pace to changing cyber threat • Challenges Requirements, Funding and POM Testing, Certification and Accreditation SHIPMAIN • Challenges unique to the Afloat Environment Availability schedules Configuration Management/Change Control and Patching Millennial sailors Training Shipboard is NOT a test environment 17 Current Acquisition Status • Crypto Mod for the Navy, USMC, USCG, and MSC. Aging equipment Consolidate families of cryptographic devices • Currently fielding CND Inc 1 HBSS, HIDS, NIDS, Firewalls, NIPS • Navy CND Increment 2 builds and adds upon the Increment 1 capabilities Defense-in-Depth (DiD) Situational awareness Anomalies and attacks assessment CND command and control (C2) Expect Milestone C decision in FY11 • CDS Navy continues to recognize the importance of RM's Cross Domain transfer capability in support of Navy, Joint, National and Coalition operations. 18 IA Concerns on the Horizon • Cloud security • Wireless/handheld devices • Social networking Facebook, Twitter, LinkedIn, Foursquare • Advanced spear phishing Targeted with some accurate information • Web enabled applications/application security Cross-site scripting 19 IA Concerns on the Horizon cont. • SOA Environment • More IA Integration into Applications • Identity Management Role Based Access • Sensor management Correlating the data of multiple sensors Analyzing the data • Move to a more proactive position 20 Cyber Defense and the Navy What Lies Ahead • Moving from reactive to predictive • Speed of incident handling • Cyber COP • Identifying network anomalies • Navigating the acquisition process Proactive and Predictive Cyber Defense 21 PMW 130 Government / Industry Exchange • An opportunity for industry to present products they feel may be of interest to PMW 130 • Attendees include PMW 130 senior leadership, SPAWAR and PEO C4I invitees, and other PMW 130 personnel (Assistant Program Managers, engineers, etc.) • Held once a month • 50 minutes, including Q&A • Please contact Carol Cooper at Cooper_carolyn@bah.com 22 Summary • • • • IA and Cyber are now getting serious attention Threat cycle vs. acquisition cycle New IT acquisition model has promise Must overcome cultural challenges in requirements, acquisition, contracting, testing, C&A, and fielding • Moving from reactive to proactive • PEO C4I and PMW 130 welcome collaboration across government, commercial, academia and other stakeholders PEOC4I.NAVY.MIL 23 We get it. We also integrate it, install it and support it. For today and tomorrow. 24 PEO C4I Mission Provide integrated communication and information technology systems that enable Information Dominance and the command and control of maritime forces 25 Information Dominance Challenge Exponential Data Growth Outpaces Infrastructure 1024 Max of 50 Mbps per channel 1021 Theater Data Stream (2006): ~270 TB of NTM data / year Current single mode fiber carries 960 Gpbs 1018 Time to transfer one terabyte of data = 8,796,093,022,208 or 8.8E+12 bits Max Transfer Seconds Minutes Hours Days (bits/sec) 50 megabit bps WGS 40,000,000 219,902 3,665 61 3 Channel 155 megabit bps service 62,000,000 141,872 2,365 39 2 10 gigabit bps service 4,000,000,000 2,199 37 1 Large Data JCTD 8,500,000,000 1,035 17 40 gigabit bps service 16,000,000,000 550 9 100 gigabit bps service 40,000,000,000 220 4 Capability Gap 1015 UUVs 1012 GIG Data Capacity (Services, Transport & Storage) 2000 2005 2010 2015 & Beyond 26