Internal Org - Hampton Roads ( AFCEA )
advertisement
UNCLASSIFIED Navy NetOps – Aligning for the Future CAPT Doug Swanson 3 Mar 2011 UNCLASSIFIED 1 UNCLASSIFIED Roadmap • • • • • What’s driving us? Where we’ve been Where we are Where we’re going How we’re getting there – NGEN – NETOPS Alignment • RNOSCs • GNOC Merger – ITIL – Inspections – Shared SA • Challenges Ahead UNCLASSIFIED 2 UNCLASSIFIED Information as a Weapon “We must maintain our preeminence in networks, intelligence, and information. There is no other Service or nation that is as good as we are.” “Aligning intelligence and operations and optimizing the network in many ways takes priority over the platform. If we don’t get the intelligence and information right, then the platform is sub-optimized. Therefore we need to elevate the priority of information. Since we already think and operate this way, it’s time aligned organizationally to sustain it … to achieve prominence and dominance” UNCLASSIFIED Admiral Gary Roughead Chief of Naval Operations 17 July and 23 October 2009 3 UNCLASSIFIED A Nation at Risk Mike McConnell Former Director of National Intelligence UNCLASSIFIED “The cyber threat to our country is real and growing. We are surrounded by foreign adversaries, terrorists, and criminal elements that are able to steal, alter or destroy vast amounts of sensitive government and private sector information --- perhaps most of it --- and to do so at will. In addition, many of our adversaries have or are seeking the knowledge, skills, technology and resources to infiltrate the networks used throughout our country.” 4 UNCLASSIFIED Evolution and Organization 2010 CYBERFOR NNWC Split 2009 USCYBERCOM FLTCYBERCOM 2008 FLT EW Center FLT Readiness Division FLT Readiness Division FLT Readiness Division 2006 FLT Intel TYCOM FLT Intel TYCOM FLT Intel TYCOM 2005 NCDOC NAVCIRT + Navy Task Force CNO NCDOC NAVCIRT + Navy Task Force CNO NCDOC NAVCIRT + Navy Task Force CNO NCDOC NAVCIRT + Navy Task Force CNO Cryptology/ Signals Intel Cryptology/ Signals Intel Cryptology/ Signals Intel Cryptology/ Signals Intel Cryptology/ Signals Intel FLEET C5I Modernization FLEET C5I Modernization FLEET C5I Modernization FLEET C5I Modernization FLEET C5I Modernization USFF N6/CIO USFF N6/CIO USFF N6/CIO USFF N6/CIO USFF N6/CIO USFF N6/CIO NCMS NCMS NCMS NCMS NCMS NCMS NCMS NMSC NMSC NMSC NMSC NMSC NMSC NMSC FIWC FIWC FIWC FIWC FIWC FIWC FIWC COMNAVCOM TELCOM COMNAVCOM TELCOM COMNAVCOM TELCOM COMNAVCOM TELCOM COMNAVCOM TELCOM COMNAVCOM TELCOM Naval Space UNCLASSIFIED Naval Space Command Naval Space Command Naval Space Command Naval Space Command Naval Space Command 2002 NETWARCOM Networks, IA, Space, COMMS, INFO OPS, CNO, COMSEC, IO Command 2004 FLEET C5I Modernization FLT EW Center COMNAVCOM TELCOM Naval Space Command 5 UNCLASSIFIED Common Model Administrative Operational CNO STRATCOM USCYBERCOM COMPACFLT USFF FLTCYBERCOM COM 10th FLT CYBERFOR N6 NNWC NCDOC NCDOC NCTAMS LANT / PAC NIOCs NAVSOC NCMS NCTAMS LANT NNWC NCTAMS PAC NIOCs NAVSOC NMSC UNCLASSIFIED 6 UNCLASSIFIED NETWARCOM Mission & Goals Mission Statement Naval Network Warfare Command/ Task Force 1010 commands and controls Navy Networks and leverages Joint Space capabilities to deliver Information Dominance for Navy and Joint operations. Goal 1 - Achieve C2 Achieve effective Navy Network command and control (C2) through optimal organizational alignment, common architecture, mature processes and functions, and standard terminology. Goal 2 - Enhance Security Posture Enhance security posture, improve IT services and prepare for the future Naval Networking Environment by eliminating legacy networks. Goal 3 - Deliver Space Products Deliver enhanced Space products (Satellite Communications, Precision Navigation & Timing, Missile Warning, Intelligence Surveillance and Reconnaissance , and Meteorological Information) to Operating Forces by leveraging DOD, National, commercial, and international Space capabilities. Goal 4 - Optimize Navy Networks Optimize Navy Networks by articulating and prioritizing operational requirements and issuing direction and guidance that implements Navy IM/IT policy. Goal 5 - Achieve NetOps Mission Assurance UNCLASSIFIED Achieve NetOps mission assurance (Network availability and security) through accreditation, operational inspection and 7 certification, and uniform standards and metrics. Updated 24-Sep-10 UNCLASSIFIED Evolution of Navy Networks NNE ASHORE NMCI ONE-NET Commonality ONE-NET Excepted Legacy Excepted NGEN MCEITS MCEN CANES Combat Systems •Services •Gold Disk •Security Settings •Common Client Hardware •Enterprise Software Licensing •Common Application Approval AFLOAT ISNS / IT21 CENTRIX-M SCI Networks SubLAN UNCLASSIFIED Since Dec 2006, Navy has reduced the number of networks from 1300 to 350 with 120 additional scheduled for termination by Oct 2011 8 8 UNCLASSIFIED Operational Alignment As determined during Operation BUCKSHOT YANKEE, NETWARCOM and its subordinate commands are not optimally aligned to exercise C2 of NetOps across all dimensions of warfare and all network enclaves. Objectives: Implement NETWARCOM Direction • Establish C2: Standardized policies, procedures, processes and tools to operationalize NetOps. Facilitate NNE Implementation • Need a Consistent Framework: Provide a framework that aligns all NetOps programs under one strategic umbrella (Starting with NGEN). Meet Warfighter Demands • Provide Predictive Operational Support: Shared SA, codified relationships and authorities, and solid reporting requirements. Improved Resource Alignment • Justified Resourcing: Deliver consistent POM/PR submittals, SMRD reviews, and DRRS-N requirements, aligned to NetOps strategy. Desired Effect: A More Responsive, Agile, Secure, and Transparent NetOps Organization That Delivers Information Dominance to the Warfighter UNCLASSIFIED 9 UNCLASSIFIED Global Enterprise, Regionally Managed C10F (CTF 1010) CTF 1020 C3F/C7F PACFLT NIOCs, CND C2F/USFF C4F/NAVSO DCO C6F CNE/NAVAF DCO RNOSC PAC NIOCs, CND C5F NAVCENT DCO RNOSC LANT PR NOC NGEN NOCs NCTSs NIOCs, CND DCO RNOSC EUR UAR NOC NGEN NOC NCTSs NIOCs, CND RNOSC CENT ECR NOC ONENET-EU IOR NOC ONENET-ME NCTSs NCTSs ONENET-FE NetOps Control Center Service Lines Sample Catalog Command Control Coordinate Communications Services Svc Desk Support UNCLASSIFIED Change Mgmt Tactical Network Services Enterprise Network Services Field Services Data Center Ops Standard Operations Dept. Alignment – Services-Based Messaging Services Disaster Recovery Tech Supt. (T3) Voice & Video Services Asset Mgmt Config. Mgmt Security Mgmt 10 UNCLASSIFIED Aligning for C2 UNCLASSIFIED 30 APR 11 Global NetOps Alignment CTF 1010 / C10F 28 JAN 11 NGEN IT-21 Excepted Excepted ONE-Net Networks COSC Strengthen the Region RNOSC IOC GNOC Merger & NNWC Realignment 60% Enterprise View Integrate/ Aggregate 30 SEP 11 NGEN/ CANES Unified C2 2014+ 11 UNCLASSIFIED Standardizing NETOPS Service Delivery through ITIL V3 UNCLASSIFIED 12 UNCLASSIFIED Cyber Security Inspection and Certification Program Continual Service Improvement • Answers “Where are we now?” • Feeds the “Check” stage of the Deming Cycle • Drives accountability, responsibility, and authority for cyber security • Uncovers gaps in our cyber doctrine, procedures, and processes • Finds best cyber operators in order to inspect and train the rest UNCLASSIFIED 13 UNCLASSIFIED Afloat Assessments Culture Conduct 45 40 35 T3 30 25 Findings Capability T2 • USB Devices • Patches • Malware • Unauthorized Software • Root Level Access • Weak / No Access Control Lists • Unnecessary Open Ports • Weak / Default Passwords 20 15 10 T4 5 T1 0 T1 T2 T3 T4 5 35 43 14 UNCLASSIFIED Same Problems Ashore 14 Significant Findings for Shore Installations UNCLASSIFIED Installation Location Enclave COMPACFLT Oahu, HI NMCI C3F HQ San Diego, CA NMCI, Legacy NCTAMS PAC Oahu, HI IT-21 NCTS San Diego, CA IT-21 NCTS Yokosuka, Japan ONE-Net NCTS Guam ONE-Net Note: Not all installations had all of the findings listed below •Extensive USB device usage •Malware present •Unauthorized software installed on workstations •Unnecessary services running on workstations •Unnecessary open ports on network hosts •Weak / Default passwords on system devices and privileged accounts •Improper configuration of file system permissions UNCLASSIFIED 1515 UNCLASSIFIED New Cyber Security Cycle Three year cycle tied to Network Authority to Operate (ATO) process with an annual drumbeat… • Admin Program Review (ADMAT) • Unit Level Training and Assessment Ready to Train Stage 1 Ready to Operate Stage 2 • External Inspection Certified to Operate Stage 3 EXPECT WHAT YOU INSPECT UNCLASSIFIED 16 UNCLASSIFIED The Cyber COP What’s happening in Cyberspace of concern? What is the scope of the attack? Intelligence Understanding networks UNCLASSIFIED What are we detecting? Who are the victims? National rules How are we postured? Window to get information Can we detect malicious activity? Cognizance Situational Awareness What do we need to do? Who needs to be informed? Roles and Responsibilities 17 UNCLASSIFIED Challenges • Converging strategy for C2 with emerging technology trends • Negotiating/codifying regional C2 relationships and authorities • Implementing an industry model in Navy • Workforce transition • Network instrumentation to support C2/SA/COP • Risk Assessment • Resources UNCLASSIFIED 18 UNCLASSIFIED Questions Naval Network Warfare Command 2465 Guadalcanal Road Virginia Beach VA 23459-3228 (757) 417-6700 www.netwarcom.navy.mil UNCLASSIFIED 19 UNCLASSIFIED Backups UNCLASSIFIED 20 UNCLASSIFIED 7 Step ITIL CSI Process Identify • Vision • Strategy • Tactical Goals • Operational Goals 1. Define what you should measure 2. Define what you can measure 7. Implement corrective action 6. Present and use the information to answer “Did we get there?” and to determine next steps UNCLASSIFIED 5. Analyze the data – are there relationships? Trends? Were targets met? Were plans followed? Is corrective action needed? Goals 4. Process the data – align and rationalize data from disparate sources 3. Compile available data – not only what is done, but when, how, and by whom 21 UNCLASSIFIED Questions “Our Sailors must be empowered to operate and fight in a vast array of environments that range from failing states and ungoverned spaces to the most technologically advanced nations, virtual worlds and cyberspace.” Statement of CNO to HASC, 1 March 2006 UNCLASSIFIED 22 UNCLASSIFIED C10F CTF 1010 C3F/C7F PACFLT C2F/USFF C4F/NAVSO C6F CNE/NAVAF NIOCs, CND RNOSC PAC NIOCs, CND RNOSC LANT RNOSC EUR NIOCs, CND RNOSC CENT ONENET-EU UAR NOC PR NOC C10F C2 (CTF 1010) C5F NAVCENT NIOCs, CND ONENET-ME ECR NOC NGEN NOCs NCTSs San Diego NGEN NOCs IOR NOC NCTSs NCTSs ONENET-FE Djibouti C10F (CTF 1010) CHAT/VOICE • Comply w/Global Orders • Impact limited to AOR • Report to CTF 1010 ASAP ** Ops Urgency Prevails Component & Numbered FLT CDRs DCO CONOPS CHAT/VOICE CTF 1020 CTF 10xx Regional NIOC UNCLASSIFIED SCI CHAT CONOPS RNOSC CND Command – lawful command authority over subordinates by assignment or rank Control – non-command authority exercised over activities of organizations Coordinate – delegated authority for coordinating specific functions or activities 23 UNCLASSIFIED Alignment Plan Timeline Objectives: Establish Command and Control (C2) Provide Predictive Operational Support Facilitate NNE Implementation Gain NNWC Leadership Approval for Way Ahead 3/10 Gain FLTCYBER/ C10F Leadership Approval for Way Ahead Form Overarching and Core IPTs 4/10 8/10 Execute Phase I: Mature and Consistent C2 8/10 Assume C2 of NMCI/ COSC 10/10* Complete Phase I. 7/12 Commence Transition to RNOSCs Achieve RNOSC Interim Operational Capability (IOC) Achieve RNOSC Full Operational Capability (FOC) 10/10 4/11 10/12 * Initiate Exercise C2 over Critical Services FOC expected 1 OCT 2011 UNCLASSIFIED 24 UNCLASSIFIED FOUO Defensive Cyberspace Operations • DCO WO • Coordinate and execute regional DCO missions • Incident Handling • Respond to network defense events and incidents • Vulnerability Management • Vulnerability assessment, tracking and reporting • Indications & Warning (I&W) • Identifies cyber threats • Correlates with AS&W reporting • Recommends countermeasures • Attack Sensing and Warning (AS&W) • Identifies malicious changes • Detects, correlates and characterizes • Executes and validates countermeasures • Forensics • Low priority incident triage analysis • Comprehensive malware and hard drive analysis UNCLASSIFIED FOUO 25 FY09/10 Significant CND EventsUNCLASSIFIED with NETOPS Implications 1. Culture 2. Conduct 3. Capability 2008 2009 2010 Afloat Roles/ Responsibilities UNCLASSIFIED N6/N39? 26 UNCLASSIFIED Solutions • Culture – – – – Accountability Commander’s “Daily View” Focus on 1000s of Threats Damage Control, Force Protection • Conduct – – – – – – – Enterprise C2 One Network, One Fight Inspection Mentality Proactive OPREP 3 Physical Security Compliance • Capability – – – – – – – Network Visibility Information Assurance TYCOM Dynamic Defense Automation Physical Security PORs UNCLASSIFIED 27 UNCLASSIFIED Building the NetOps Workforce • Transition to ITSM organizational and business model – – – – UNCLASSIFIED ITIL-based Reassessment of workforce skill sets Competition with industry INSERT ITIL TRAINING DATA HERE 28 UNCLASSIFIED Our Global Presence NETWARCOM Presence NETWARCOM UNCLASSIFIED 29 UNCLASSIFIED Evolution of Navy Networks Existing Networks De-centralized control with decentralized execution Naval Networking Environment (NNE) Government controlled standardized Architecture & managed (Engineered) Interfaces ASHORE NMCI ONE-Net Excepted One-Net Commonality Excepted NGEN MCEITS Legacy MCEN CANES Combat Systems •Services •Gold Disk •Security Settings •Common Client Hardware •Enterprise Software Licensing •Common Application Approval AFLOAT ISNS/IT-21 CENTRIX-M SCI Networks Navy has significantly reduced the number of networks SubLAN UNCLASSIFIED 30 UNCLASSIFIED NetOps Command and Control (Starting with NGEN) • Synergy between: – Visibility into health and status of the network – SA of threat environment – SA of operational environment – Focus on mission priorities and Commander’s intent • Authority, People, Processes, and Tools to direct appropriate actions on the network Shared SA + Authority + People + Processes + Tools = NetOps C2 UNCLASSIFIED 31 UNCLASSIFIED Realignment Objectives • Exercise command & control of Navy NETOPS • Provide shared situational awareness and security posture to meet warfighter demands • Deliver a consistent NETOPS framework for the future • Foster a culture of accountability in NETOPS • Improve resource alignment (people, tools, and finances) UNCLASSIFIED 32 UNCLASSIFIED Challenge: Dynamic Threat Attack Sophistication versus Intruder Knowledge Compression of the Discovery-Attack Life Cycle • Has the situation improved or worsened since these graphs were produced? • New exploits since 2003 – Code Red, Slammer/Blaster, BotNets, Phishing & Spear Phishing, Cybercrime “for hire” • What’s next? Can you help the Navy stay ahead? UNCLASSIFIED From Eschelbeck, G., Do you feel the force?, July 2003 http://www.scmagazine.com/scmagazine/2003_07/cover/ 33 UNCLASSIFIED Solutions • Culture – – – – Accountability – everybody has a role Commander’s “Daily View” Focus on 1000s of Threats Damage Control, Force Protection • Conduct – – – – – Enterprise C2 One Network, One Fight Inspection Mentality Proactive Operational rigor & reporting • Capability – Network Visibility – Information Assurance – Type Commander to focus on Man, Train & Equip functions – Dynamic Defense – Automation UNCLASSIFIED 34 UNCLASSIFIED Transformation Strategy Jul 10 NetOps Alignment Plan Oct 10 N-Code Standardization Jan 11 CSICP Jan 11 GNOC Det Merger Apr 11 RNOSC IOC Oct 11 RNOSC Build Out MOC – RNOSC Construct Synchronized Plan 1.RNOSC IOC → FOC 2.C10F C2/SA 3.CTF 1010 /C10F 4.COSC → NGEN → NNE Codified C2 Mutually Supportive Unity of Effort CTF 1010 /C10F C10F C2/SA NGEN C2 Implementation UNCLASSIFIED 35 UNCLASSIFIED Continual Service Improvement Notional CYBERFOR Fleet Reqs PMW Reqs •Plan •Requirements Design •Builds Capability •Gap Analysis NEIRP UNCLASSIFIED C10F / NNWC NetOps CSI Gaps •Control •Measure •Design •Prioritize •Coordinate •Improve •Test •Implement •Execute Measure 36 UNCLASSIFIED Standardizing NETOPS Service Delivery through ITIL V3 • Desired Results: – Standardized, repeatable processes and procedures for supporting and maintaining NETOPS services – Establish policy to guide process development and continual improvement – Common lexicon – Clearly defined roles and responsibilities – Establish tool standards that will enable “single source of information” for collaboration and coordination of daily activities • Operational Objectives – Navy Networks integrated within an effective NetOps C2 construct -centralized, global and authoritative C2, regionally managed – SOPs to capture standardized network operations tactics, techniques and procedures – Standardized NetOps capabilities that enable visibility and control processes, procedures, tools and core competencies – Accurate and timely information shared awareness enabling NetOps C2 UNCLASSIFIED 37 OWNER: NNWC CIO OWNER & MANAGER: NETOPS-1 MANAGER: NETOPS-2 Access Mgmt Info Security Mgmt Incident Mgmt OWNER: NCF N4/7 MANAGER: NETOPS-3 Event Mgmt Problem Mgmt NetOps Directorate ACOS/Deputy/Admin/LCPO NetOps-2 IA DiviDir&Deputy IA/Compliance/IA Watch/ DMZ/MOC/COI/Data Conf/CTO(s) NetOps-1 Network Ops DivDir&Deputy BWC-ABWC/NetOps C2 Service Operation Trans/EntOps/Change(ASI) Network Performance CSI CSI NetOps-3 Enterprise Mgmt DivDir & Deputies Transport GTSE/RF Mgmt Pier/Bdry/C2I BAN-LAN/WAN Services Web/Messaging Apps/DB-ESD/OS CSI VOX-VID/File/COI NetOps-5 Plans/policy/Exercise Future Ops/Process & Analysis/CSI/Future Plans/Exercise-COOP Continual Service Improvement (CSI) UNCLASSIFIED NetOps - Command and Control Network Command and Control equates to shared Situational Awareness and Unified C2 UNCLASSIFIED 39 UNCLASSIFIED Information Dominance Warfare PQS • Officer PQS – Approved by N2/N6 and Community Leaders, the IDC PQS is in final stages of preparation for NETC publication as NAVEDTRA 43360 – Individual community PQSs are undergoing review/update • Information Warfare: Complete • Information Professional Basic PQS working group held in Jun • Intel PQS update conference planned tentatively for Aug/Sep • Space Cadre PQS working group planned for Aug • Enlisted PQS – Common Core assigned NAVEDTRA 43365 – 4 Command specific PQS completed: NCDOC, NIOC, NCTAMS, ONI – Common Core PQS currently being Beta tested and rolled out to all commands UNCLASSIFIED 40 UNCLASSIFIED C10F Standing Task Organization Headquarters CTF 1000 CTF 1030 CTF 1090 CO NIOC Norfolk CO NIOC Suitland C10F CTG 1000.9 C10F D/COM NIOD Yakima CTG 1000.1 CTG 1000.3 CTG 1000.5 CTG 1000.7 NIOC Menwith Hill Station NIOC Misawa NIOC Georgia NIOC Hawaii CTG 1000.2 CTG 1000.4 CTG 1000.6 CTG 1000.8 CTG 1000.10 CTG 1030.2 NIOC Sugar Grove NIOC Texas NIOC Maryland NIOC Colorado NIOD Alice Springs NIOC San Diego CTG 1030.1 R &D NIOC Norfolk CTG 1030.3 Service Cryptologic Component Operations NIOC Whidbey Island Information Operations CTF 1010 CTF 1020 CTF 1040 CTF 1050 CTF 1060 CTF 1070 CTG 1080.1 COMNNWC BWC CO NCDOC CO NIOC Texas CO NIOC Georgia CO NIOC Maryland CO NIOC Hawaii NIOC Colorado CTG 1010.1 CTG 1020.1 CTG 1040.1 CTG 1050.1 CTG 1060.1 CTG 1070.1 CTF 1080 NCTAMS LANT NCDOC NIOC Texas NIOC Georgia NIOC Maryland NIOC Hawaii CO NIOC Colorado CTG 1020.2 CTG 1050.2 CTG 1060.2 CTG 1070.2 NIOC Pensacola NIOC Bahrain FIOC UK NIOC Yokosuka CTG 1010.2 NCTAMS PAC CTG 1010.3 CTG 1070.3 NAVSOC NIOC Misawa NetOps/SpaceOps Computer Network Defense Network Operations & Defense Group UNCLASSIFIED Fleet and Theater Operations 41 UNCLASSIFIED NETWARCOM Organization Commander Deputy and Chief of Staff Cyber Asset Reduction & Security UNCLASSIFIED Network Operations Space Operations Navy Operational Designated Approving Authority Network Assurance & Command Information Office Office of Compliance and Assessment 42 UNCLASSIFIED Big 7 ITIL Process Owners & Managers NAVNETWARCOM NAVYCYBERFOR O M IT Request Fulfillment NCF N8 IT Service Continuity NCF N8 O M Problem Management Event Mgmt – NetOps-1 O M Man, Train, Equip UNCLASSIFIED OM Incident Mgmt – NetOps-1 O M Problem Mgmt – NetOps-3 M Access Management - CIO O Access Mgmt – NetOps-2 M Info Security Mgmt - CIO O Info Scty Mgmt – NetOps-2 M Operate 43 UNCLASSIFIED Cyber Security Inspection and Certification Program (CSICP) COMFLTCYBERCOM FT GEORGE G MEADE MD 282138Z JAN 11 “ THIS IS A COORDINATED COMPACTFLT, USFF, AND COMFLTCYERCOM MESSAGE TO IMPLEMENT A CNO DIRECTED THREE-STAGE ENTERPRISE CYBER SECURITY INSPECTION AND CERTIFICATION PROGRAM (CSICP). THIS PROGRAM WILL ENSURE THE HEALTH AND SECURITY OF NAVY NETWORKS AND CONNECTED COMBAT SYSTEMS, AND FORMALIZE A PROCESS THAT PROVIDES CONTINUING OVERSIGHT AND ACCOUNTABILITY……. NAVY NETWORKS ARE A COMBAT SYSTEM AND WILL ADHERE TO THE SAME INSPECTION AND CERTIFICATION RIGOR AS ALL OTHER COMBAT SYSTEMS.” UNCLASSIFIED 44 UNCLASSIFIED Our Global Presence NETWARCOM Presence NETWARCOM UNCLASSIFIED For Official Use Only 45 4
