MPE - FMN Overview 25 June 2015
advertisement
UNCLASSIFIED Mission Partner Environment (MPE) and NATO Federated Mission Networking (FMN) Overview BOLD ALLIGATOR CAOPT 25 June 2015 Joint Staff JS J6 DDC5I IID UNCLASSIFIED UNCLASSIFIED Agenda • MPE Overview • Joint Information Environment (JIE) • JMEI • US MPE and NATO FMN • Parallel in synch efforts by other nations • Coalition mission partner options UNCLASSIFIED UNCLASSIFIED MPE Use Case Range of Military Operations What is the CDRs intent? What information needs to be shared? What is the mission? Who are the partners? What classification and releasability level(s) do you need to operate in? Classified Releasable FEDERATIONS of MISSION NETWORKS UNCLASS NETWORKS MN BICES US BICES-X HA/DR LOW TO HIGH MCO 3 UNCLASSIFIED Draft Operation XX XX (XXX) Mission Network Relationships UNCLASSIFIED • ⁻ • USA flag represents one or more mission network node contributions (Episodic MPE instance(s)) MP A CJTF “REL XXX” DOTMLPF provided by each Mission Network contributor Network, capabilities, TTP employed therein to conduct XXX Ops MP B CFSOCC Leadership direction, Culture change, and Practice Governance ⁻ MP Q MP X MP Y CFLCC CFMCC CFACC MP C MP P Mission CDR specific as shaped by partner(s) MP Z • SECRET REL XXX Foundation of Trust - Collective agreement by originating XXX partners Training & Education ⁻ • Create XXX CoI? “Third Stack” ⁻ ⁻ • Specific to XXX XXX Policy ⁻ • MN BICES Joining Membership and Exiting Instructions (JMEI) MP D CIAV (XXX specific activities per CDR’s Guidance) ⁻ ⁻ Compare XXX partner operational processes Deliberate “Do No Harm” coordinated change of DOTMLPF and TTP Self provided National Secret Self provided National Unclassified Self provided Cross Security Level Information Exchange Guard Specific C2 relationships for OAR related exercises and/or operations is NOT depicted 4 UNCLASSIFIED UNCLASSIFIED MPE and FMN • US MPE and NATO FMN born of the same requirement document from COMIJC • MPE and FMN concepts and implementation plan documents developed in parallel with close coordination and collaboration – Both leverage best practices & lessons from ISAF AMN federation, other missions & exercises – Primary tenet of both: Apply current capabilities, equipment, skills, talent, and TTPs to a mission network • #1 challenge: Coordinating national/organizational implementation policies in a “do no harm” manner to achieve “unity of effort” within a mission network in pursuit of coalition mission objectives (Goal of CE14 FPC, documented in CE14MN JMEI) • MPE JMEI Joining Instructions and NFIP Volume 2 Instructions contain the same protocol standards, IA & Security criteria to create a trusted, protected and secure federation of mission networks and standards for connecting six partner “human to human collaboration” core services with each other – US MPE and NFIP basic protocols, standards and trust criteria cross referenced and match those referenced and used in ISAF AMN, CE13, CE14 and AC15 JMEI documents. – ATO* for CE13MN & CE14MN network contributions demonstrated ability to meet foundational MPE JMEI Joining Instruction and NFIP Instruction protocols, standards and trust criteria 5 *ATO = Authority To Operate UNCLASSIFIED UNCLASSIFIED US MPE – NATO FMN Relationship MN BICES NS WAN CJTF CFSOCC CFLCC CJTF CFMCC CFSOCC CFACC CFLCC CFMCC CFACC • US MPE and NATO FMN conceptually alike • MPE (US led mission) – FMN (NATO led mission) • Federation of “REL TO Mission” mission networks model • Episodic in nature (temporary, built for mission) • Nations agree to trust and security criteria to “connect” mission networks • Trusted and protected connections made through Joining, Membership, and Exiting Instructions (JMEI) • Nations provide their own equipment and TTP “federate” capabilities and TTPs • Partners replicate releasable, operational capabilities and TTPs within respective mission networks **All flags representative only – notional laydown UNCLASSIFIED UNCLASSIFIED NATO Federated Mission Networking (FMN) and US Mission Partner Environment (MPE) Discussion Points --Overall message: NATO FMN efforts and US MPE efforts are cut from the same cloth and look to achieve similar objectives with similar materiel and non-materiel tool sets --Two key challenges within any partner entity: • Culture change and implementation of organizational versions of MPE or FMN concept to facilitate use of organizational DOTMLPF and Policy in a trusted peer to peer coalition mission network environment • Respective Program Office accreditation and governmental* approval for release of organizational capabilities and technologies for use in a mission partner environment with a specific set of mission partners • Leverage reciprocity or streamline process to obtain or to reuse accreditations and release* of organizational capabilities and technologies for subsequent mission network environments with the same or different sets of mission partners *e.g. US ITAR = International Trade and Arms Regulation Key = Managed Deliberate Coordinated Change Among Willing Partners UNCLASSIFIED UNCLASSIFIED UNCLASSIFIED US - NATO Strategic C2 Relationships & Partnerships Represents Any Nation or Organization Nation / Mission Partner Funded Mobile Communications XML Exchanges Global Integrated Operations Enterprise & Mission Services Mission Threads CIAV Joint Information Environment Mission Partner Environment XML Exchanges Federated Mission Networking Operational Processes Mobile Computing Strategy Enterprise & Mission Services NATO Common Funded Connected Forces Initiative Tactical Operational Strategic NATO IT Infrastructure Jolted Tactics Similar Tools and Processes Support Both Global Integrated Operations and NATO Level of Ambition UNCLASSIFIED UNCLASSIFIED Roles, Responsibilities and Relationship options within ANY coalition • Eight options for mission partner participation within a coalition event. Only one involves “joining” by contributing and federating a mission network with a “core” mission network provided by a lead HQ or any other mission partner HQ 1) Contribute own network, resourced and governed by mission partner operating with “Federation of sovereign a "Releasable to Coalition Event Name" caveat. mission networks” key tenet of MPE / FMN Frameworks – Required: Receipt and full compliance with coalition event lead HQ JMEI documents 2) Request purchase, lease or loan extension of coalition event lead HQ network to own forces/C2 nodes. – Compliance with network provider criteria is required, assumes network provider has already fully complied with coalition event lead HQ JMEI document criteria. – No direct compliance with lead coalition event HQ JMEI template documents required. 3) Request purchase, lease or loan extension of a network provided by another coalition event mission partner to own forces/C2 nodes. – Compliance with network provider criteria is required, assumes network provider has already fully complied with coalition event lead HQ JMEI document criteria. – No direct compliance with lead coalition event HQ JMEI template documents required. 9 UNCLASSIFIED UNCLASSIFIED • Roles, Responsibilities and Relationship options within ANY coalition Note: Mission partners may utilize a coalition event federation of networks established to support a specific coalition event without selecting options 1-3: – No direct or indirect compliance with lead coalition event HQ JMEI template documents required for any option below. – Data and information may flow to and from option 4-6 mission partner representatives in a variety of different ways. 4) Embed a small or large force within another mission partner's force. 5) Send augmentees to coalition event HQ or lower echelon HQ or mission partner HQ as augmentees. 6) Send personnel to coalition event as observers. 7) Advocate and support coalition mission in world forums via a variety of communications media 8) Some combination of options 4-7. "Releasable to Event" caveat means information is releasable to all coalition event mission partners, not just those who contribute networks to a specific coalition federation of networks!! 10 UNCLASSIFIED UNCLASSIFIED NATO Federated Mission Networking (FMN) and US Mission Partner Environment (MPE) Summary • Unity of Effort and Speed of Command within a coalition force requires movement of coalition C5ISR operations and activities off of national or NATO specific security domains • Federated Mission Networking and Mission Partner Environment frameworks offer option of establishing a primary C2 mission network environment specific to a mission/exercise/training event • – Use is complementary to, not in place of, existing national, NATO, or other multi-national network domains – Each coalition is different-- leverage common agnostic protocols, standards to establish trusted and protected connections and compatibility criteria for six collaboration services as a consistent foundation for each different coalition mission network No new* equipment, no new skill sets, no new software, no new services, no new people required to implement FMN and MPE Framework—just a desire to participate and adjust to mission priorities – Partners bring own DOTMLPF capabilities -- whatever they are – All are treated the same—as peers-- capacity and size or organizational role does not matter to security, infrastructure and information assurance accreditation teams. – *May require additional sets of current equipment/licenses if re-purposing of existing equipment/licenses is not practical or available Cannot “Surge” or “Pre-determine” Trust UNCLASSIFIED UNCLASSIFIED • • NATO Federated Mission Networking (FMN) and US Mission Partner Environment (MPE) Summary Most difficult challenge to coalition mission planning is coordination and adjustment of national and NATO policy implementations to establish mission/exercise specific policies – Lessons from ISAF, CE2013, CE2014, IMMEDIATE RESPONSE 14 , CLEVER FERRET 14, AUSTERE CHALLENGE 2015, any other coalition event planning process – Culture and policy adjustments---perform coalition mission tasks on mission network, national business on national network, business with NGOs and others on Unclassified networks Practice and more practice is only tried and true method of increasing trust among mission partners and reducing time to implement trusted networkenabled information sharing arrangements. – Trust can be gained by practice and familiarity with partner DOTMLPF and Policies—practice must include training audience “6s”! – COMBINED ENDEAVOR 2013/2014 & AUSTERE CHALLENGE 15 achieved FMN/MPE objectives with current DOTMLPF and Policies – BOLD QUEST 15.2 Cannot “Surge” or “Pre-determine” Trust UNCLASSIFIED UNCLASSIFIED You Can’t Surge Trust; Mission Partners Get A Vote UNCLASSIFIED UNCLASSIFIED Back Up UNCLASSIFIED UNCLASSIFIED ACME - Episodic Capability ACME = Austere Challenge [15] Mission Environment • AC15 Joining Membership and Exiting Instructions (JMEI) • Policy: Collective agreement for AC15 • Management: AC15 NETOPS Self provided National Secret Self provided National Unclassified USA provided Multi-National (MN) BICES Self provided Cross Security Level Information Exchange Guard ACME • “Third Stack”: Provided by each ACME network Contribution (USA, LTU) REL AC15 – Piggyback arrangements follow provider governance and protection requirements (must be a coalition member) CJTF • Training: Per AC15 training audience and scenario requirements CFSOCC • Governance: AC15 CJTF CJ6 overall, Each ACME network contribution governed, resourced and protected by owner CFLCC • CIAV: Embedded in AC15 planning and execution process to include “Do no harm” change management CFMCC CFACC Other USA Locations ACME: Represents an overarching framework for AC15 to enable network contributing partners to operate at a Secret REL to AC15 level based on CDR’s guidance and agreed upon CONOPS, TTP, Policy, Governance, and Common Standards 15 UNCLASSIFIED UNCLASSIFIED Mission Partner Environment (MPE) Operational Context: As a standard practice, US Forces use SIPRNet as the primary warfighting network for operations. In Afghanistan, this constrained the ability of US commanders to speak with immediacy to all operational commanders (mission partners) • The need to mitigate risk and provide the commanders with strategic, operational and tactical flexibility spurred the development of the Afghanistan Mission Network (AMN) for coalition information sharing & mission tasks -- get the “fight” off the SIPRNet Lessons Learned & Guiding Principles: • Operational imperative – unity of effort, enable communications with all mission partners to execute the Commander’s intent in a single security and releasability environment. • MPE is not a single network – it is a framework describing USA contribution(s) to a federation of partner provided mission specific networks, systems, and TTPs • No intent establish a new “program of record” as MPE is not a “thing” to purchase; focus is on re-purposing existing materiel and non-materiel enablers and capabilities. • Alignment with NATO’s Federated Mission Networking (FMN) “We’re one year away from forgetting everything we learned in Afghanistan.” 16 Iron Major, USMC - Communications Officer UNCLASSIFIED UNCLASSIFIED MPE Operational Context • Lesson Learned: USA use of SIPRNet as primary C2 network during mission partner operations generates strategic, operational and tactical limitations: – Forces on different networks with inadequate cross-domain solutions resulted in poor ops, planning and intelligence information exchange between NATO, U.S. and other partner forces in ISAF – Non-materiel DOTMLPF, TTP and Policy solutions as or MORE important than materiel solutions • Need for strategic to tactical human-to-human information exchange in a common language on same security and releasability level in real time – share by default; classify by exception • Consistent DoD ability to employ in-place information sharing, TTP, and operational C4ISR to support both persistent and episodic (mission specific) operations with mission partners • MPE leverages a “federation of sovereign C2 networks” created by the contribution of two or more nation “mission networks” to establish a mission specific enterprise in which all mission partners may operate as peers within a single classification and releasability policy Solution: Move coalition fight off of national networks [SIPRNet] 17 UNCLASSIFIED UNCLASSIFIED UNCLASSIFIED NATO / ISAF UNCLASSIFIED NATO / ISAF UNCLASSIFIED UNCLASSIFIED UNCLASSIFIED MPE Enduring and Episodic Definitions Application of MPE Principles and Network Relationships and Characteristics differ (known steady state relationships vs. unknown situation shaped coalition membership) • MPE Enduring: Strategic Level (information sharing & planning) – Asynchronous and non-real time information sharing – Persistent – time not a factor – Specified Mission Partners (bilateral or multi-lateral “Communities of Interest) – Combatant Command (CCMD) HQ capabilities for Mission Partner engagement/planning – Technologically dependent – Integrated with and enabled by Joint Information Environment (JIE) • MPE Episodic: Operational to Tactical Level (Conduct Operations) – Synchronous and near-real-time or real-time conduct of operational mission tasks – Episodic – time to establish always a factor – Mission Focused (exercise or contingency operation) – Unknown mission partners, emergent mission; unknown duration – JTF and component capabilities for peer to peer Mission Partner operations – US may not be lead; but must leverage JIE to contribute DOTMLPF, P & TTP to coalition “US and Mission Partners collaborate in Mission Partner Environment (MPE) Enduring environments day to day with the capability to transition to conducting operations within a MPE Episodic for any operation” 19 UNCLASSIFIED Joint Information Environment (JIE) – Enduring & Episodic MPE CCMD Persistent CCDR level US Centric Bi-lateral /Multi-lateral Specified Mission Partners e.g. Existing bi-lateral and multi-lateral network relationships: MN BICES and other named network relationships, etc. Enduring MPE “C” Enduring MPE “A” Enduring MPE “B” CCMD MPG SIPRNet and NIPRNet Connect Access Share CCMD Rel to Mission or Exercise MPG Episodic MPE JIE CJTF MP A MP Q MP B MP X CFSOCC MP Y LEGEND National Contribution (3rd Stack); National DOTMLPF-P, IA, Security National Classified Network (e.g. SIPRnet) National Unclassified Network (e.g. NIPRnet) Episodic MPE Federated Network; Commander accepts risk, sets rules Enduring MPE Connection 20 Cross Security Level Exchange “Guard” MPG = Mission Partner Gateway CFLCC CFMCC CFACC MP C MP P MP Z MP D Temporal CJTF level Commander centric Unknown Coalition of the Willing UNCLASSIFIED Today’s MPE Enduring Environments Collaborate and Share Information Enduring MPE “A” MN BICES CCMD Enduring MPE Enduring “B” MPG SIPRNet and NIPRNet CCMD JIE MPE MPG Plus other existing bi-lateral and multilateral network relationships some of which may not be directly connected to current DoD Networks or future JIE Connect Access Share Tier 1 SIPR connection currently provides only CENTCOM users access to the US BICES-X FTI Mission Partner L Interim TNE PACOM TNE US BICES-X FTI Mission Partner M CENTCOM Mission Partner N TNE EUCOM Mission Partner O Mission Partners collaborate via a JIE Tier I environment but must be able to rapidly shift to operating within a Episodic Mission Partner Environment (MPE) framework as situation(s) dictate UNCLASSIFIED 21 UNCLASSIFIED Mission Partner Environment (MPE) Operational Context: As a standard practice, US Forces use SIPRNet as the primary warfighting network for operations. In Afghanistan, this constrained the ability of US commanders to speak with immediacy to all operational commanders (mission partners) • The need to mitigate risk and provide the commanders with strategic, operational and tactical flexibility spurred the development of the Afghanistan Mission Network (AMN) for coalition information sharing & mission tasks -- get the “fight” off the SIPRNet Lessons Learned & Guiding Principles: • Operational imperative – unity of effort, enable communications with all mission partners to execute the Commander’s intent in a single security and releasability environment. • MPE is not a single network – it is a framework describing USA contribution(s) to a federation of partner provided mission specific networks, systems, and TTPs • No intent establish a new “program of record” as MPE is not a “thing” to purchase; focus is on re-purposing existing materiel and non-materiel enablers and capabilities. • Alignment with NATO’s Federated Mission Networking (FMN) “We’re one year away from forgetting everything we learned in Afghanistan.” 22 Iron Major, USMC - Communications Officer UNCLASSIFIED UNCLASSIFIED MPE Operational Context • Lesson Learned: USA use of SIPRNet as primary C2 network during mission partner operations generates strategic, operational and tactical limitations: – Forces on different networks with inadequate cross-domain solutions resulted in poor ops, planning and intelligence information exchange between NATO, U.S. and other partner forces in ISAF – Non-materiel DOTMLPF, TTP and Policy solutions as or MORE important than materiel solutions • Need for strategic to tactical human-to-human information exchange in a common language on same security and releasability level in real time – share by default; classify by exception • Consistent DoD ability to employ in-place information sharing, TTP, and operational C4ISR to support both persistent and episodic (mission specific) operations with mission partners • MPE leverages a “federation of sovereign C2 networks” created by the contribution of two or more nation “mission networks” to establish a mission specific enterprise in which all mission partners may operate as peers within a single classification and releasability policy Solution: Move coalition fight off of national networks [SIPRNet] 23 UNCLASSIFIED UNCLASSIFIED UNCLASSIFIED MPE Enduring and Episodic Definitions Application of MPE Principles and Network Relationships and Characteristics differ (known steady state relationships vs. unknown situation shaped coalition membership) • MPE Enduring: Strategic Level (information sharing & planning) – Asynchronous and non-real time information sharing – Persistent – time not a factor – Specified Mission Partners (bilateral or multi-lateral “Communities of Interest) – Combatant Command (CCMD) HQ capabilities for Mission Partner engagement/planning – Technologically dependent – Integrated with and enabled by Joint Information Environment (JIE) • MPE Episodic: Operational to Tactical Level (Conduct Operations) – Synchronous and near-real-time or real-time conduct of operational mission tasks – Episodic – time to establish always a factor – Mission Focused (exercise or contingency operation) – Unknown mission partners, emergent mission; unknown duration – JTF and component capabilities for peer to peer Mission Partner operations – US may not be lead; but must leverage JIE to contribute DOTMLPF, P & TTP to coalition “US and Mission Partners collaborate in Mission Partner Environment (MPE) Enduring environments day to day with the capability to transition to conducting operations within a MPE Episodic for any operation” 24 UNCLASSIFIED Joint Information Environment (JIE) – Enduring & Episodic MPE CCMD Persistent CCDR level US Centric Bi-lateral /Multi-lateral Specified Mission Partners e.g. Existing bi-lateral and multi-lateral network relationships: MN BICES and other named network relationships, etc. Enduring MPE “C” Enduring MPE “A” Enduring MPE “B” CCMD MPG SIPRNet and NIPRNet Connect Access Share CCMD Rel to Mission or Exercise MPG Episodic MPE JIE CJTF MP A MP Q MP B MP X CFSOCC MP Y LEGEND National Contribution (3rd Stack); National DOTMLPF-P, IA, Security National Classified Network (e.g. SIPRnet) National Unclassified Network (e.g. NIPRnet) Episodic MPE Federated Network; Commander accepts risk, sets rules Enduring MPE Connection 25 Cross Security Level Exchange “Guard” MPG = Mission Partner Gateway CFLCC CFMCC CFACC MP C MP P MP Z MP D Temporal CJTF level Commander centric Unknown Coalition of the Willing UNCLASSIFIED Today’s MPE Enduring Environments Collaborate and Share Information Enduring MPE “A” MN BICES CCMD Enduring MPE Enduring “B” MPG SIPRNet and NIPRNet CCMD JIE MPE MPG Plus other existing bi-lateral and multilateral network relationships some of which may not be directly connected to current DoD Networks or future JIE Connect Access Share Tier 1 SIPR connection currently provides only CENTCOM users access to the US BICES-X FTI Mission Partner L Interim TNE PACOM TNE US BICES-X FTI Mission Partner M CENTCOM Mission Partner N TNE EUCOM Mission Partner O Mission Partners collaborate via a JIE Tier I environment but must be able to rapidly shift to operating within a Episodic Mission Partner Environment (MPE) framework as situation(s) dictate UNCLASSIFIED 26 UNCLASSIFIED JMEI Defined Joining Membership and Exit Instructions • Not a new idea but a new term generated by ISAF coalition forces • Old terms: TTPs, SOPS, other named products resulting from exercise planning process or Crisis Action Planning (CAP) process • In short, JMEI are a set of documents specific to a mission/exercise that range from technical implementation guidance to establishment of secure and trusted peer to peer communications to Mission[Exercise] CONOPS to OPORDERs and FRAGOs to political guidance to agreements between partners to Commander's Intent • Operation [or Exercise] Orders, all OPORDER Annexes and any other document pertinent to a specific mission or exercise are a part of the collective set of documents referred to as “JMEI” 27 UNCLASSIFIED UNCLASSIFIED MPE JMEI Joining Instructions Definition MPE JMEI Joining Instructions – A set of mission and partner agnostic documents that describe basic standards and compliancy criteria to establish a trusted and secure network relationship / connectivity between US and “coalition of the willing” partners as well as compatibility of six core collaboration services between network contributing mission partners US objective: A consistent and repeatable set of MPE JMEI Joining Guidance across Combatant Commands (CCMD) and Services to describe minimum criteria for technical connections, IA, security, and six core collaboration services • Benefit: Services and mission partner ability to train and equip to a standard that is useful regardless of which US CCMD or contributing mission partner is the lead or what mission is being executed • Choice to train and equip forces to JMEI Joining Guidance is a sovereign decision—change(s) in MPE JMEI Joining Guidance managed and coordinated, not governed, among a “coalition of the willing” • US DoD governs US train and equip processes • • • Content of US MPE JMEI Joining Instructions evolve in a consistent and complementary manner with NATO Federated Mission Networking Implementation Plan Volume II Instructions Partner MoDs govern respective train and equip processes HQ NATO / Existing NATO processes govern train and equip processes to support NATO Command Structure HQs “MPE JMEI Joining Instructions contain the common “Lego Blocks” to enable more rapid establishment of trusted network relationships between any unique set of willing mission partners” 28 UNCLASSIFIED UNCLASSIFIED UNCLASSIFIED Event Specific JMEI Definition Event Specific JMEI – A set of documents specific to a mission/exercise • Content ranges from technical implementation guidance to Mission/Exercise CONOPS to OPORDERs/FRAGOs to political guidance to agreements between partners to Commander’s Intent Starting point: Leverage and reference basic standards and compliancy criteria set in MPE JMEI Joining Instructions [stated US goal is US MPE consistency with NATO FMN Volume II Instructions] • • Generated by mission/exercise lead HQ staff and mission partner reps to address all aspects of a specific coalition mission or exercise with mission partners under a JTF Commander lead, lead Nation, or exercise sponsor • Event specific JMEI are the products of Crisis Action Planning or a the planning process associated with any exercise, test, experiment planning process Benefit: Shape and drive collective DOTMLPF and Policy contributions to achieve mission objectives via generation of event specific policies, operational procedures, and technical configuration and security agreements tailored to address unique criteria and circumstances applicable to each mission and partner set • Commanders retain flexibility to shape and employ coalition force HQ and DOTMLPF of supporting forces as they see fit to conduct operations in order to meet assigned objectives • Mission partners respond to acknowledged leadership role of whomever is mission or exercise Commander without giving up sovereign rights and responsibilities Risk to nation by joining XX Mission Network Federation is less than NOT joining in terms of resources, force protection, mission accomplishment 29 UNCLASSIFIED UNCLASSIFIED Mission XX JMEI Development & Validation Flow Chart Coalition Nations Prioritized by those that provide US FMN 90 Day Study Figure 7 Mission, Exercise, Test, Experiment, Training Event Combat Power, Logistics, BOG*, etc. JMEI** CCMD Standardization US MPE JMEI Joining Instructions signed by JS J6 21 August 2014 MPE Joining Instructions U.S. Components Systems, Applications, Services, Mission Threads MPE Bi-lats/Multi-lats Allies, Partners CIAV*** Systems, Applications, Services, Operational Processes Regional Accommodation Exercise / OPLAN Validation Mission CAP/ Exercise / Test Planning Process Feedback Event JMEI “Execution” J3 * Boots on the Ground **Joining, Membership & Exit Instructions ***Coalition Interoperability, Assurance & Validation Mission Partner Advance Planning versus Crisis Reaction 30 UNCLASSIFIED UNCLASSIFIED XXX Mission JMEI Development & Validation Flow Chart US FMN 90 Day Study Figure 7 Coalition Nations that provide XXX TASKORD, OPORD, EXORD, CONOPS, SOP, CDR Guidance and Intent, etc. Combat Power, Logistics, BOG*, etc. JMEI** FMN Community Standardization MPE Joining Instructions U.S. HQ & Components Systems, Applications, Services, Mission Threads XXXNet XXX Partners CIAV*** Systems, Applications, Services, Operational Processes XXX specific tasks and objectives Exercise / OPLAN Validation XXX Exercise Planning or Crisis Action Planning Process Feedback Secret REL to XXX XXX JMEI “Execution” J3s * Boots on the Ground **Joining, Membership & Exit Instructions ***Coalition Interoperability, Assurance & Validation Mission Partner Advance Planning versus Crisis Reaction 31 UNCLASSIFIED UNCLASSIFIED Why JMEI? The term “JMEI” came about as HQ ISAF and HQ ISAF Joint Command (IJC) needed to be able to provide nations [partners] wishing to contribute a national extension to ISAF AMN a consistent and repeatable package of holistic guidance and procedures • COMISAF could not “mandate” systems interoperability for the various national C4ISR systems already in use, so the focus was on generating UNITY OF EFFORT by mandating human to human collaboration leveraging the most basic standards and technical protocols •In addition to being able to protect and secure a network to ISAF mission policies the only other mandated criteria was to be able to communicate with other partners via six “core services” • Web browsing, Chat (NATO Standard XMPP technical format mandated), Voice Over IP Telephone (VOIP), Video Tele-Conferencing over IP (VTCoIP), E-mail (with attachments), and Global Address List sharing • The result was an evolution of mission technical and procedural documents from “a collection of workarounds” to a description of how to “federate” national mission network contributions into a trusted and protected federation of partner DOTMLPF capabilities and policies called “Afghan Mission Network” • Operational and Functional ISAF documents also evolved to reflect operations as a unified coalition force vice a partnership of multiple independent forces Non-Materiel (DOT_MLPF) and Policy contributions by NATO and Nations to the ISAF coalition are the most important contributing factors to ISAF mission success 32 UNCLASSIFIED UNCLASSIFIED Repeatable JMEI for MPE / FMN NATO and a significant number of nations came to same conclusion that operating as a part of a coalition was most effective and efficient when coalition partners were equal peers within a “mission network” • NATO consideration included coalition partnerships with non-NATO member nations In order to leverage the “best practices” of ISAF AMN to inform establishment of a future “mission network” while retaining the flexibility to adapt and adjust to any mission or mission partner set, basic technical elements of JMEI were separated from mission specific and temporal policy driven elements Two categories of JMEI were born • JMEI Joining Instructions – A set of mission agnostic documents that describe a nations’ view of the basic standards and compliancy criteria necessary to establish a trusted and secure network relationship as well as compatibility of six core collaboration services between network contributing mission partners (Repeatable and consistent across MPE and FMN documentation) • Event specific JMEI – A set of documents are generated by mission/exercise lead HQ staff and mission partner reps to address all aspects of a specific coalition mission or exercise to include partner agreements regarding compatible implementation of national security, identify and access management and cyber defense policies within a federation of “mission networks” Exchange and Access made “Practical, Efficient, and Effective” When all Participants are Conducting Operations or Training at the “same Security Classification and Releasability Level”UNCLASSIFIED 33 UNCLASSIFIED UNCLASSIFIED First Cut BOLD QUEST MN 15.2 JMEIs Policy (J6) Infrastructure (C4AD/JDAT) Accreditation Process Exercise Statement of Security Compliance (ESSC) and Accreditation Checklist Authorization Templates (eIATT, eIATO, eATO, eDA) Information Assurance Policy Authentication, Authorization, Accounting Removable Media Contingency Plan Cyber Defense Policy Public Key Infrastructure (PKI) Intermediate/Subordinate CA MOA Public Key Infrastructure (PKI) User Agreement Network Interface Point (NIP) Design NIP Router Configuration Internet Protocol (IP) Routing IP Plan Router Naming Router Domain Naming Multicast Border Gateway Protocol Routing Time Synchronization/Network Time Protocol (NTP) Data Transport Services (DTS) IP Security / Virtual Private Network (VPN) Comms (JDAT) NetOps (C4AD) Network Operations (NetOps) (TECHCON) Trouble Ticket Procedure (NOC) Information Management/Knowledge Management (IM/KM) Transition Annex BQ Mission Initiatives (JFD/C4AD/JDAT) BQ MN 15.2 JMEIs Radio Plan (Single Channel Radio) Call Signs and Routing Indicators Frequency Management Communications and Information Sys Security Tactical Satellite Communications Data Communications Network Plan LINK 16 Communications Communications and Information Systems Plng Command and Control (C2) Services (Systems) Force Tracking Systems (FTS) / Ground Forces Mgmt Svcs IAMD Core Services (C4AD/JDAT) JFS JMT DaCAS Mail Routing (Email) Voice over Internet Protocol (VoIP) Process Description (J6) Cyber Chat Global Address lIst (GAL) Synchronization Joining Process Charts Web Browsing Access Domain Name System (DNS) Summary Joining Process Checklist Template Joining Letter Exit (C4AD) Others? Data Handling and Protection Guidance Mission Network Exit Procédures 3 UNCLASSIFIED UNCLASSIFIED UNCLASSIFIED MPE Implementation / JMEI Change Management The US MPE JMEI Joining Instructions were signed by LTG Mark Bowman, US Joint Staff J6 on 21 August 2104 • Distribution is to any and all partners • Governance and implementation within US DoD to be accomplished via DoD 8110.1 Instruction (Mission Partner Environment (MPE) Information Sharing Capability Implementation for the DoD) signed 25 Nov 2014 by DoD CIO and CJCSI* 5128.1 Mission Partner Environment Executive Steering Committee (MPE ESC) Governance and Management signed 1 October 2014 • Policy. It is DoD policy that: MPE will serve as the framework for operational information sharing between DoD Components and Mission Partners Governance: • Internal national [US] business pertaining to training and equipping forces per MPE JMEI Joining Instruction standards • Governance also reflects relationships and influence within a mission or an exercise Management: • US MPE JMEI Joining Instructions are living documents with updates derived from feedback received from implementation in coalition events • Change is via agreement, not consensus, among "coalition of the willing" to ensure coherent, cooperative and deliberate change management process for minimum criteria for technical connections, IA, security, and six core services with as many partners as possible given sovereign decisions and political desires • All changes deliberately made in close coordination with “coalition of the willing” contributors (Management vice Governance) • Unilateral changes are/would be counter-productive *CJCSI = Chairman of Joint Chiefs of Staff Instruction UNCLASSIFIED UNCLASSIFIED UNCLASSIFIED CE14MN JMEIs • Joining the CE Mission Network (15) • Policies for CEMN: PKI, Accreditation, IA, etc. • Configuring the CE Mission Network (48) • Technical Guidance to provide trusted and protected environment needed to meet CE14 goals • Exiting the CE Mission Network (1) • • Guidance for protecting archived information post CE14 Procedures to gracefully exit CEMN federation • CE Mission Network Membership (8) • NETOPS CONOPS, Cyber Security, Incident Reporting, IM/KM, Vulnerability Management, etc. • Event Specific Instructions (38) • Daily Battle Rhythm, ORBAT, Reporting Procedures, Trouble ticket, numbering convention, SCR VHF, HF UHF, SHF Allocation, Network diagrams, Tactical Data-link verification, Friendly Force Tracking systems verification, SATCOM Systems Information, etc. • Admin (5) • Library of Terms, CE14 JMEI Structure, US MPE JMEI Joining Instructions APAN link to CE14 Event JMEI documents: https://wss.apan.org/s/CE/CE14/JMEI/Forms/JMEI%20Grouped%20View.aspx 3 UNCLASSIFIED UNCLASSIFIED CE13 JMEI Trends and Statistics 47% Not followed or not read CE13 JMEI Issues 30% *e.g. missing procedures, delayed equipment, weatherrelated problems, etc. 17% Not Read, 43 Not Followed, 77 Restricted, 60 36% 64% 8% Unclear, 21 24% 11% 8% Incomplete, 28 Does Not Exist, 6 Incorrect, 19 Participants not following, not reading or an outside restriction (technical or policy) with CE13 JMEI are the primary reasons for accreditation issues Compiled by CE13 C7 Assessment staff UNCLASSIFIED UNCLASSIFIED CE14 Assessment Trends and Statistics CE14 JMEI Issues Unclear 5% Optional Compliance Issues 8% Restricted 10% Not Followed 85% Mandatory Compliance Issues 92% Total JMEI Deficiencies Mandatory Compliance Deficiencies Optional Compliance Deficiencies Not Followed Unclear 317 290 Compiled by CE14 C7 Assessment staff 27 271 Restricted 31 15 Restricted = Conflicts with national policy or otherwise unable to comply UNCLASSIFIED UNCLASSIFIED Evolving to a Mission Partner Environment [ISAF] AMN - Theater Specific National Connections Webbrowsing Mission Threads Email Policy & Governance Chat Training CX-I VTCoIP GAL Sharing Standards VoIP Pre-AMN Doctrine & TTP CIAV National Connections MPE- Theater Agnostic Policy & Governance Chat GAL Standards CX-”X” Mission Threads Doctrine & TTP Training Email Webbrowsing GAL Sharing VTCoIP CIAV-like VoIP National Connections some assembly required MPE: Provides an overarching capability framework for CCMDs based on CONOPS, Doctrine, TTP, Policy, Governance, Common Standards, Training, Interoperability UNCLASSIFIED UNCLASSIFIED MPE Implementation and Policy Within US DoD The US MPE JMEI Joining Instructions were signed by LTG Mark Bowman, US Joint Staff J6 on 21 August 2014 • Distribution is to any and all partners • Content derived from ISAF AMN JMEI and draft NATO FMN Implementation Plan (NFIP) Volume 2 and informed by lessons from COMBINED ENDEAVOR (CE) 2013 and planning for CE2014 • Governance and implementation within US DoD to be accomplished via: • DoD 8110.1 Instruction (Mission Partner Environment (MPE) Information Sharing Capability Implementation for the DoD) signed 25 Nov 2014 by DoD CIO • CJCSI* 5128.1 Mission Partner Environment Executive Steering Committee (MPE ESC) Governance and Management signed 1 October 2014 • Policy. It is US DoD policy that: MPE will serve as the framework for information sharing and conduct of coalition operational activities between DoD Components and Mission Partners *CJCSI = Chairman of Joint Chiefs of Staff Instruction UNCLASSIFIED UNCLASSIFIED Mission Partner Environment (MPE)Traceability Strengthening Security Relationships: our relationships with mission partners are a critical component of multi-national engagement and support our collective security Combine capabilities with mission partners: form, evolve, dissolve, and re-form in different arrangements in time and space Scalable: ranging from an individual unit enrolling the expertise of a nongovernmental partner to multi-nation coalition operations MPE Pedigree Terms of Reference ICD/ CONOPS JROCM 081-12 90-Day Study JROCM 026-13 MPE Enduring (Tier 1) CDP Joining Instructions CJCSI 5128.01 DoDI 8110.01 MPE Episodic CDP Both US MPE and NATO FMN efforts originated from the same requirement(s) document generated by COMIJC, endorsed by COMISAF and forwarded up the respective US and NATO chains of command to CJCS and SACEUR for endorsement. Both sets of leadership endorsed the requirement. UNCLASSIFIED UNCLASSIFIED MPE and FMN Parallel Efforts NATO FMN Implementation Plan (NFIP) Volume 1 NAC approved 29 January 2015 US MPE JMEI Joining Instructions signed by, US Joint Staff Director J6 on 21 August 2104 “US MPE AND NATO FMN efforts are in parallel and are deliberately aligned UNCLASSIFIED UNCLASSIFIED MPE Operational Metrics MPE “What” • MPE is a framework, a concept of operations. A JIE use case. MPE implementation is represented by two or more mission partners agreeing to achieve unity of effort by joining trusted mission networks together to form a federation of networks composed of collective partner provided policy, transport, systems, applications, security, services and operational processes.. MPE “So What” • Clearly communicate commander’s intent for desired operational effects with all mission partners • Moves the fight off SIPR; allowing US and non-US formations, information, and data to operate in the same battlespace • Greater flexibility in mission and task organizing to fight more effectively • US and partners fight with the equipment and TTPs they ALREADY own and train with • Addresses CCMD persistent info sharing requirements and JTF episodic events • Elevates mission partners to peers and recognizes their sovereignty • Defines the level of trust & addresses cyber vulnerabilities upfront Mission Partner Advance Planning, Training, versus Crisis Reaction UNCLASSIFIED UNCLASSIFIED MPE Implementation / JMEI Change Management The US MPE JMEI Joining Instructions were signed by LTG Mark Bowman, US Joint Staff J6 on 21 August 2104 • Distribution is to any and all partners • Governance and implementation within US DoD to be accomplished via DoD 8110.1 Instruction (Mission Partner Environment (MPE) Information Sharing Capability Implementation for the DoD) signed 25 Nov 2014 by DoD CIO and CJCSI* 5128.1 Mission Partner Environment Executive Steering Committee (MPE ESC) Governance and Management signed 1 October 2014 • Policy. It is DoD policy that: MPE will serve as the framework for operational information sharing between DoD Components and Mission Partners Governance: • Internal national [US] business pertaining to training and equipping forces per MPE JMEI Joining Instruction standards • Governance also reflects relationships and influence within a mission or an exercise Management: • US MPE JMEI Joining Instructions are living documents with updates derived from feedback received from implementation in coalition events • Change is via agreement, not consensus, among "coalition of the willing" to ensure coherent, cooperative and deliberate change management process for minimum criteria for technical connections, IA, security, and six core services with as many partners as possible given sovereign decisions and political desires • All changes deliberately made in close coordination with “coalition of the willing” contributors (Management vice Governance) • Unilateral changes are/would be counter-productive *CJCSI = Chairman of Joint Chiefs of Staff Instruction UNCLASSIFIED UNCLASSIFIED Mission Partner Environment (MPE) “Third Stack” Discussion Joint Staff JS J6 DDC5I IID Deputy Director Cyber and C4 Integration Interoperability and Integration Division 20-22 January 2015 45 UNCLASSIFIED UNCLASSIFIED MPE Third Stack Food for Thought • What is a third stack? • Applicable to MPE Enduring? MPE Episodic? • “New” “Different” “Repurposed” Hardware? Software? • Strategic communications. J3 or J6 perspective? • Can do” versus “should do”- Priority: Cost savings or operational effectiveness of J3? • How does it all fit together? (Data storage -- operating system(s) -- work stations – Transport) • Who provides and sustains? • Operational Requirements? • Reuse of DOTMLPF? Policy impacts? • Product? UNCLASSIFIED UNCLASSIFIED “Third Stack” references MPE Tier 1 [Enduring] CDP (21 April 2014). Foot Note 16. Figure 2 Page 7 A “Third Stack” is the IT equipment (workstations, routers, security components, servers, applications, and peripherals, etc.) necessary to establish a mission network that facilitates information sharing with mission partners. U.S. forces typically deploy with two sets of IT equipment (NIPRNET and SIPRNET) for the conduct of operations. Additional investment may be required in the event that existing equipment cannot support a releasable environment for an assigned mission. FMN 90 Day Study 7.0 TECHNOLOGIES SYNDICATE FINDINGS AND RECOMMENDATIONS (Page 36) “….The study report recommends the pursuit of a hybrid Tier 1/Tier 2 architecture, adoption of specific configurations for the six core capabilities within the Tier 2 networks, adoption of a “third stack”19 of FMN-ready servers and end user equipment at appropriate echelons…..” Footnote 19: Same text as above. 7.1.2.1 Determine system requirements for a third stack capability based on mission thread requirements at appropriate echelons (including CCDRs, Service-provided CTF HQs, Component Commanders and joint forces), and integrate their requirements within the JMEI, ISAs and CISMOAs. Those units expected to fill the role of CTF commander will also include the necessary capabilities to establish an FMN core. – Environment infrastructure by and large already in place. Any unit with CENTRIXS-”X” capability. – What is missing from most “third stacks” are warfighting tools 7.1.2.2 Deploy FMN third stacks to applicable units. [The need to deploy FMN third stacks will be reviewed once the required number of FMN third stacks is determined.] – One “third stack” already in place for many units/organizations within DoD. – Supports in place MTs for that unit per ROC/POE. No more, may be less. UNCLASSIFIED UNCLASSIFIED • Any event will have as many “stacks” as participants wish to utilize in support of various relationships both internal and external to a specific event or mission. Network Design-Domain View BOLD QUEST / NIE 14.2 • “Third stack” is colloquial for “Mission Network” in which operations are to be conducted. There will be an physical or virtual “stack” of equipment for each network relationship/point of presence at a given location. • BQ/NIE 14 had four networks identified on this slide. EXCON SIPR ECC MCC C-S Demo NIPR ‘Demo UNCLASS 4 Notes: 1. There is no cross-domain solution between SIPR and BQ Coalition. Interface at HQs will be swivel chair and LNO. 2. Ground PLI will flow one way from NIE to BQ (both ways in JTE) 3. Air picture tracks may flow one way from BQ to NIE (20% probability) 4. No passage of traces / op overlays, coordination measures etc. between domains 5. Air picture integration is a significant risk 2 1 BQ NIPR NIE 3 NIPR ‘Coalition UNCLASS’ ‘ Coalition SECRET’ C-S SIPR JTFHQ / CJFLCC CJFACC 1AD USMC UK Air Picture Ground PLI UNCLASSIFIED UNCLASSIFIED Other networks, etc. Generic “Third Stack” at any US location SIPRNet Secret Rel USA Only Crypto Third Stack CENTRIXS-”X” Infrastructure Crypto Wide variety of applications, services, portals, etc., to include six collaboration services and most “Warfighting tools” Today only six collaboration services with a few exceptions NIPRNet UNCLASSIFIED [Access] Rel USA Only Crypto Wide variety of applications, services, portals, etc., to include six collaboration services BUT very few “Warfighting tools” May be replaced with releasable database(s) per mission needs Different Crypto but may be same switch to connect to transport. MPE Enduring and MPE Episodic Software location for Operating Systems, services Data Storage location. Separate from Operating system! Work Stations: Virtual (VDI), Laptop, Desk Top. May be repurposed to any environment at low cost and effort. Repurpose workstations distribution per mission needs Crypto could be in one “box” or multiple boxes Possible transport solution for long or short haul communication links as well as within an organization facility, base or platform Crypto Crypto Crypto Crypto Crypto Crypto Internet To a user, six different “networks”, to a “6” provider “one network” UNCLASSIFIED MEC User Terminal View – AVE 1.3 AVE 1.3 is based on NetTop 2.2 CENTRIXS Agile Virtual Enclave (AVE) • Includes a Second Wire for Unclassified Enclaves Classified Networks J K • Implemented at USPACOM HQ SIPR VSE CLASSIFIED K V S E NIPR J UNCLASSIFIED NIPR SI PR InterNet INTERNET Unclassified Networks Cross Domain Baseline V 3.8.0 - 1 April 2011 50 UNCLASSIFIED Roles, Responsibilities and Relationship options within ANY coalition UNCLASSIFIED • Eligibility: Who is eligible? – A mission partner wishing to contribute a network to a coalition federation of networks MUST be a formal member of a specific coalition event* – Obvious, but……. Coalition event membership is a political decision with the only requirement being a statement of support for the coalition X event task/objective in a world forum. – Coalition event membership carries no automatic requirement to contribute either personnel or equipment. Coalition member ≠ Network Contributor *Event = Exercise, experiment, test, training event, operational mission 51 UNCLASSIFIED UNCLASSIFIED Why form ISAF AMN? • Persistent certainties acted upon by COMISAF in January 2010 when designing ISAF Afghan Mission Network (AMN): • A coalition Commander only has limited influence over sovereign coalition forces and respective DOTMLPF-Policy after a coalition is formed • A coalition Commander has ZERO influence over how those multi-national forces were trained and equipped prior to mission/exercise execution • Share to Win” is more important than “Need to Know” among coalition partners which requires movement of coalition force mission activities from independent network environments to an environment in which all mission partners operate together as trusted peers • Key objectives of ISAF AMN • Removal of policy barriers enabling sharing of information and direct collaboration between NATO provided HQs and national forces supporting ISAF mission • Mandate only those elements necessary to foster trust and enable “Rel ISAF” human to human communications between and across all echelons • Any existing machine to machine or procedural interoperabilities would be leveraged • A short list of key functional areas necessary to achieve ISAF mission would form basis of “ISAF Mission Threads”, identified gaps expected to influence subsequent national train and equip efforts COMISAF concern: Information exchanged via automated multi-security level guards or manual processes was neither timely nor achieved with content and context intact --if transferred at all UNCLASSIFIED 52 JIE –DI2E – Enduring & Episodic MPE Mission Partner B Mission Partner C Mission Partner D Persistent CCDR level US Centric Bi-lateral /Multi-lateral Specified Mission Partners West DI2E East Enduring MPE e.g. Federated US BICES-X Mission Partner A Enduring MPE Enduring MPE Enduring US BICES-X is an Enduring MPE CCMD MPE South CCMD Mission Partner E e.g. Existing bi-lateral and multi-lateral network relationships: MN BICES, PEGASUS, CPN, other named network relationships, etc. Mission Partner F CCMD Rel to Mission or Exercise MPG Episodic MPE JIE Connect Access Share CJTF MP A MP Q MP B MP X CFSOCC MP Y LEGEND CFACC MP C MP P National Contribution (3rd Stack); National DOTMLPF-P, IA, Security National Classified Network (e.g. SIPRnet) National Unclassified Network (e.g. NIPRnet) Episodic MPE Federated Network; Commander accepts risk, sets rules Enduring MPE Connection Cross Security Level Exchange “Guard” CFLCC CFMCC 53 MP Z MP D Temporal CJTF level Commander centric Unknown Coalition of the Willing
