UNCLASSIFIED Mission Partner Environment (U.S. contribution to FMN) Multi-National Maritime Information Services Interoperability (M2I2) Board 15-2 7 September 2015 Joint Staff JS J6 DDC5I IID Deputy Director Cyber and C4 Integration Interoperability and Integration Division UNCLASSIFIED UNCLASSIFIED What does the Commander need? Communicate Commander’s Intent Build trust Create unity of effort Possess speed of command Operate in the information environment …not just share information UNCLASSIFIED UNCLASSIFIED MPE Range of Military Operations What is the Commander’s intent? What information needs to be shared? What is the mission? Who are the partners? What classification / releasability level(s) do you need to operate in? UNCLASS NETWORKS Classified Releasable FEDERATION OF MISSION NETWORKS MAX OMB MN BICES US BICES-X HA/DR LOW to HIGH CENTRIXS MCO UNCLASSIFIED 3 UNCLASSIFIED Evolving to a Mission Partner Environment [ISAF] AMN - Theater Specific National Connections Webbrowsing Mission Threads Email with Attachment Policy & Governance Chat Training CX-I VTCoIP GAL Sharing Standards VoIP Pre-AMN Doctrine & TTP CIAV National Connections MPE- Theater Agnostic Policy & Governance Training Email with CIAV-like Attachment Mission WebGAL Sharing Threads browsing Doctrine & National VTCoIP VoIP TTP Connections Chat GAL Sharing Standards CX-”X” some assembly required MPE: Provides an overarching capability framework for CCMDs based on CONOPS, Doctrine, TTP, Policy, Governance, Common Standards, Training, Interoperability UNCLASSIFIED UNCLASSIFIED Validated Requirements [USA] Strengthening Security Relationships: Our relationships with mission partners are a critical component of our global engagement and support our collective security Central to these efforts is strengthening global network of allies and partners. Combine capabilities with mission partners: form, evolve, dissolve, and re-form in different arrangements in time and space Scalable: ranging from an individual unit enrolling the expertise of a nongovernmental partner to multi-nation coalition operations. MPE Definition: An operating environment enabling C2 for operational support planning and execution on a network infrastructure at a single security level with a common language. (DoDI 8110.01) MPE Pedigree Terms of Reference ICD/ CONOPS JROCM 081-12 90-Day Study JROCM 026-13 MPE Enduring (Tier 1) CDP Joining Instructions CJCSI 5128.01 DoDI 8110.01 Episodic MPE CDP Both US MPE and NATO FMN efforts originated from the same requirement(s) document generated by COMIJC, endorsed by COMISAF and forwarded up the respective US and NATO chains of command to CJCS and SACEUR for endorsement. Both sets of leadership endorsed the requirement. UNCLASSIFIED UNCLASSIFIED MPE Enduring and Episodic Definitions Application of MPE Tenets and Network Relationships and Characteristics differ (known steady state relationships vs. unknown situation shaped coalition membership) • MPE Enduring: Strategic Level (information sharing & planning) – Asynchronous and non-real time information sharing – Persistent – time not a factor – Specified Mission Partners (bilateral or multi-lateral “Communities of Interest) – Combatant Command (CCMD) HQ capabilities for Mission Partner engagement/planning – Technologically dependent – Integrated with and enabled by Joint Information Environment (JIE) • MPE Episodic: Operational to Tactical Level (Conduct Operations) – Synchronous and near-real-time, or real-time, conduct of operational mission tasks – Episodic – time to establish always a factor – Mission Focused (exercise or contingency operation) – Unknown mission partners, emergent mission; unknown duration – JTF and component capabilities for peer to peer Mission Partner operations – US may not be lead; but must leverage JIE to contribute DOTMLPF, P & TTP to coalition “US and Mission Partners collaborate in Mission Partner Environment (MPE) Enduring environments day to day with the capability to transition to conducting operations within a MPE Episodic for any operation” 6 UNCLASSIFIED Joint Information Environment (JIE) – Enduring & Episodic MPE UNCLASSIFIED CCMD Persistent CCDR level US-Centric Bi-lateral /Multi-lateral Specified Mission Partners e.g. Existing bi-lateral and multi-lateral network relationships: MN BICES and other named network relationships, etc. Enduring MPE “C” Enduring MPE “A” Enduring MPE “B” CCMD MPG SIPRNet and NIPRNet Connect Access Share Discussion: Do CENTRIXS-Maritime relationships and IT infrastructure investments reflect an MPE Enduring or MPE Episodic / NATO FMN use case? Or perhaps elements of both? CCMD Rel to Mission or Exercise MPG JIE CCMD Episodic MPE CJTF MP A MP Q MP B MP X CFSOCC MP Y LEGEND National Contribution (3rd Stack); National DOTMLPF-P, IA, Security National Classified Network (e.g. SIPRNet) National Unclassified Network (e.g. NIPRNet) Episodic MPE Federated Network; Commander accepts risk, sets rules Enduring MPE Connection 7 Cross Security Level Exchange “Guard” MPG = Mission Partner Gateway CFLCC CFMCC CFACC MP C MP P MP Z MP D Temporal CJTF level Commander centric Unknown Coalition of the Willing UNCLASSIFIED UNCLASSIFIED Today’s MPE Enduring Environments Collaborate and Share Information Enduring MPE “A” MN BICES CCMD Enduring MPE Enduring “B” MPG SIPRNet and NIPRNet CCMD JIE MPE MPG Plus other existing bi-lateral and multilateral network relationships some of which may not be directly connected to current DoD Networks or future JIE Connect Access Share Tier 1 SIPR connection currently provides only CENTCOM users access to the US BICES-X FTI Mission Partner L Interim TNE PACOM TNE US BICES-X FTI Mission Partner M CENTCOM Mission Partner N TNE EUCOM Mission Partner O Mission Partners collaborate via a JIE Tier I environment but must be able to rapidly shift to operating within an Episodic Mission Partner Environment (MPE) framework as situation(s) dictate UNCLASSIFIED 8 UNCLASSIFIED UNCLASSIFIED • Conduct coalition operations, tasks, and activities in a “REL to mission” primary C2 network environment Joining, Membership and Exit Instructions (JMEI) – • MP A Pre-mission “coalition of willing” identification of, and training and equipping to agnostic standards CJTF MP Q MP B MP X Provided by each Mission Network contributor Training & Education MP Y Leadership direction, Culture change, and Practice CFLCC CFMCC CFACC MP C MP P Governance – • Episodic MPE CFSOCC – • Foundation of Trust-- Collective agreement by originating partners “Third Stack” ⁻ • [Up to] SECRET REL Mission Management ⁻ • Specific C2 relationships for exercises and/or operations is NOT depicted Specific to mission or exercise, include all documents pertaining to event Policy ⁻ • Near Term - Episodic Capability Mission Commander-specific as shaped by partner(s) MP Z MP D CIAV (mission specific activities per Cdr’s Guidance) ⁻ ⁻ Compare mission partner operational processes Deliberate “Do No Harm” coordinated change of DOTMLPF and TTP Specific C2 relationships for exercises and/or operations is NOT depicted Self provided National Secret Self provided National Unclassified Self provided Cross Security Level Information Exchange Guard MPE: Provides a consistent overarching capability framework for CCMDs based on CONOPS, Doctrine, TTP, Policy, Governance, Common Standards, Training, and Interoperability 9 UNCLASSIFIED UNCLASSIFIED MPE and the Maritime Community • No major changes for the maritime community – MPE tenets have long been standard practice • • • Ability to reconfigure IT Infrastructure to connect to different mission networks while deployed Any changes dependent on role and function of embarked staffs, assigned forces and/or land-based maritime HQ CENTRIXS-Maritime not different from MPE, it is an MPE use case….. • Culture already accepts concept of CENTRIXS – “X” infrastructure / hardware “repurposed” to fit the mission(s) at hand • Biggest change – move fight (operational activities) off National-Only networks (e.g., US SIPRNet) when applicable • • Employ releasable versions of existing C4ISR tools within “Rel to mission” mission network(s) Data and information exist at any desired classification level and releasability caveat • MPE and NATO FMN use case implementation and employment are scenario, partner and warfighting domain agnostic “U.S. forces must learn to function routinely on CENTRIXS networks in the coalition environment and by exception on U.S. only networks. U.S. reliance on SIPR chat, SIPR email……limited coalition integration.” Excerpt BOLD ALLIGATOR 2012, Final Report 10 UNCLASSIFIED UNCLASSIFIED Back Up UNCLASSIFIED UNCLASSIFIED Mission Partner Environment (MPE) JKO Courses J3OP-US1277; Introduction to MPE J3OP-US1278; Planning an MPE Both MPE courses are available for US DoD, Multinational and interagency partners on JKO Direct via following link: https://jkodirect.jten.mil/Atlas2/faces/page/login/Login.seam?cid=21417 Note: US MPE documents, US MPE JMEI Joining Instructions, Operation DIRTY WIND video, links to JKO MPE courses are posted on Tidepedia in the FMN section: http://tide.act.nato.int/tidepedia/index.php?title=Main_Page 12 UNCLASSIFIED UNCLASSIFIED Mission Partner Environment (MPE) Operational Context: As a standard practice, US Forces conduct many Warfighting operations via SIPRNET. In Afghanistan, this constrained the ability of US commanders to speak with immediacy to all operational commanders (mission partners). • The need to mitigate risk and provide the commanders with strategic, operational and tactical flexibility spurred the development of the Afghanistan Mission Network (AMN) for coalition information sharing & get the “fight” off the SIPRNET Lessons Learned & Guiding Principles: • Operational imperative – unity of effort, enable communications with all mission partners to execute the Commander’s intent in a single security environment • MPE is not a single network – it is a federation of networks & national systems • There is no intent establish a new program of record; focus is on re-purposing existing materiel and non-materiel enablers and capabilities • Alignment with NATO’s Federated Mission Networking (FMN) “We’re one year away from forgetting everything we learned in Afghanistan.” Iron Major, USMC - Communications Officer 13 UNCLASSIFIED UNCLASSIFIED MPE Operational Context • Lesson Learned: USA use of SIPRNet as primary C2 network during mission partner operations generates strategic, operational and tactical limitations: – Forces on different networks with inadequate cross-domain solutions resulted in poor ops, planning and intelligence information exchange between NATO, U.S. and other partner forces in ISAF – Non-materiel DOTMLPF, TTP and Policy solutions as or MORE important than materiel solutions • Need for strategic to tactical human-to-human information exchange in a common language on same security and releasability level in real time – share by default; classify by exception • Consistent DoD ability to employ in-place information sharing, TTP, and operational C4ISR to support both persistent and episodic (mission specific) operations with mission partners • MPE leverages a “federation of sovereign C2 networks” created by the contribution of two or more nation “mission networks” to establish a mission specific enterprise in which all mission partners may operate as peers within a single classification and releasability policy Solution: Move coalition fight off of national networks [SIPRNet] 14 UNCLASSIFIED UNCLASSIFIED UNCLASSIFIED UNCLASSIFIED MPE Operational Metrics MPE “What” • MPE is a framework, a concept of operations. A use case. MPE implementation is represented by two or more mission partners agreeing to achieve unity of effort by joining trusted mission networks together to form a federation of networks composed of collective partner provided policy, transport, systems, applications, security, services and operational processes MPE “So What” • Clearly communicate commander’s intent for desired operational effects with all mission partners • Moves the fight off SIPR; allowing US and non-US formations, information, and data to operate in the same battlespace • Greater flexibility in mission and task organizing to fight more effectively • US and partners fight with the equipment and TTPs they ALREADY own and train with • Addresses CCMD persistent info sharing requirements and JTF episodic events • Elevates mission partners to peers and recognizes their sovereignty • Defines the level of trust & addresses cyber vulnerabilities upfront Mission Partner Advance Planning, Training, and Practice versus Crisis Reaction UNCLASSIFIED UNCLASSIFIED MPE Implementation and Policy Within US DoD The US MPE JMEI Joining Instructions were signed by LTG Mark Bowman, US Joint Staff J6 on 21 August 2014 • Distribution is to any and all partners • Content derived from ISAF AMN JMEI and draft NATO FMN Implementation Plan (NFIP) Volume 2 and informed by lessons from COMBINED ENDEAVOR (CE) 2013 and planning for CE2014 • Governance and implementation within US DoD to be accomplished via: • DoD 8110.1 Instruction (Mission Partner Environment (MPE) Information Sharing Capability Implementation for the DoD) signed 25 Nov 2014 by DoD CIO • CJCSI* 5128.1 Mission Partner Environment Executive Steering Committee (MPE ESC) Governance and Management signed 1 October 2014 • Policy. It is US DoD policy that: MPE will serve as the framework for information sharing and conduct of coalition operational activities between DoD Components and Mission Partners *CJCSI = Chairman of Joint Chiefs of Staff Instruction UNCLASSIFIED UNCLASSIFIED NATO / ISAF UNCLASSIFIED NATO / ISAF UNCLASSIFIED UNCLASSIFIED UNCLASSIFIED Roles, Responsibilities and Relationship options within ANY coalition • Eight options for mission partner participation within a coalition event. Only one involves “joining” by contributing and federating a mission network with a “core” mission network provided by a lead HQ or any other mission partner HQ 1) Contribute own network, resourced and governed by mission partner operating with “Federation of sovereign a "Releasable to Coalition Event Name" caveat. – Required: Receipt and full compliance with coalition event lead HQ JMEI documents mission networks” key tenet of MPE / FMN Concepts 2) Request purchase, lease or loan extension of coalition event lead HQ network to own forces/C2 nodes. – Compliance with network provider criteria is required, assumes network provider has already fully complied with coalition event lead HQ JMEI document criteria. – No direct compliance with lead coalition event HQ JMEI template documents required. 3) Request purchase, lease or loan extension of a network provided by another coalition event mission partner to own forces/C2 nodes. – Compliance with network provider criteria is required, assumes network provider has already fully complied with coalition event lead HQ JMEI document criteria. – No direct compliance with lead coalition event HQ JMEI template documents required. 18 UNCLASSIFIED UNCLASSIFIED • Roles, Responsibilities and Relationship options within ANY coalition Note: Mission partners may utilize a coalition event federation of networks established to support a specific coalition event without selecting options 1-3: – No direct or indirect compliance with lead coalition event HQ JMEI template documents required for any option below. – Data and information may flow to and from option 4-6 mission partner representatives in a variety of different ways. 4) Embed a small or large force within another mission partner's force. 5) Send augmentees to coalition event HQ or lower echelon HQ or mission partner HQ as augmentees. 6) Send personnel to coalition event as observers. 7) Advocate and support coalition mission in world forums via a variety of communications media. 8) Some combination of options 4-7. "Releasable to Event" caveat means information is releasable to all coalition event mission partners, not just those who contribute networks to a specific coalition federation of networks!! 19 UNCLASSIFIED UNCLASSIFIED MPE JMEI Task Execution Overview • Eligibility: Who is eligible to contribute a mission network? Anyone, provided the ALL other [pre-]existing or original network contributing mission partners agree – A mission partner wishing to contribute a network to a coalition federation of networks MUST be a formal member of a specific coalition event* – Obvious, but……. Coalition event membership is a political decision with the only requirement being a statement of support for the coalition X event task/objective in a world forum. – Coalition event membership carries no automatic requirement to contribute either personnel or equipment. Coalition member ≠ Network Contributor *Event = Exercise, experiment, test, training event, operational mission 20 UNCLASSIFIED UNCLASSIFIED JWICS, etc. Generic “Third Stack” at any US location SIPRNet Secret Rel USA Only Crypto Wide variety of applications, services, portals, etc., to include six collaboration services and most “Warfighting tools” Third Stack CENTRIXS-”X” Infrastructure Crypto Today only six collaboration services with a few exceptions NIPRNet UNCLASSIFIED [Access] Rel USA Only Crypto Wide variety of applications, services, portals, etc., to include six collaboration services BUT very few “Warfighting tools” Different Crypto but may be same switch to connect to transport. MPE Tier 1 AND MPE Tier 2 Software location for Operating Systems, services May be replaced with releasable database per mission needs Repurpose workstations distribution per mission needs Crypto could be in one “box” or multiple boxes Crypto Crypto Crypto Crypto Crypto Crypto Data Storage. Separate location from Operating System! Work Stations: Virtual (VDI), Laptop, Desk Top. May be repurposed to any environment at low cost and effort. Possible transport solution for long or short haul communication links as well as within an organization facility, base or platform To a user, six different “networks”, to a “6” provider “one network” UNCLASSIFIED UNCLASSIFIED MPE Use Case Concept: Two Levels • Enduring = Strategic Level o CCMD Phase 0 operations (can be utilized during all operational phases) o Persistent – time not a factor o Specified mission partners o CCMD HQ capability for mission partner planning/engagement/operations • Episodic = Operational/Tactical Level o CCMD-CJTF HQ Phases I-V operations o Temporary – time always a factor/mission focused (exercise/contingency) o Known and/or unknown mission partners o CJTF HQ capability for mission partner operations MPE Definition: An operating environment enabling C2 for operational support planning and execution on a network infrastructure at a single security level with a common language. (DoDI 8110.01) UNCLASSIFIED UNCLASSIFIED UNCLASSIFIED Capabilities in Support of MPE Today EPISODIC ENDURING Interim Enduring MPE US BICES-X Afghan Mission Network CENTCOM Partner Network Austere Challenge Mission Environment Existing bi / multi - lateral network relationships CMFC CMFP CENTRIXS-J CENTRIXS-K etc. Bold Quest Mission Network 23 UNCLASSIFIED UNCLASSIFIED MPE Use Case Formula: US & Mission Partner Contributions Mission Partner Environment [MPE] Joint Information Environment [JIE] Internet Access Point US Contribution to MPE Core Services - email w/attachments - Chat - Web browsing - VTCoIP - VOiP - Active Directory MPGW-U (Unclassified) MPGW-S (Secret) MP Contribution(s) to MPE Core Services - email w/attachments - Chat - Web browsing - VTCoIP - VOiP - Active Directory MP Information Environment(s) Federal Unclassified Partner users MPE is a federation of mission networks where mission partners “contribute” JRSS MPGW-X (Bi / Multi – Lat) MP Security MP Unclass DoD .gov/.org/ Network(s) and use their own IT infrastructure, services, doctrine, and TTPs basedNon upon Multi-Enclave .com/.net Partner Client NIPRnet Dedicated Client SIPRnet Virtual Desktop Infrastructure services Other Services - Access control - File share - Office automation - Print - Org messaging - Geo SA “COP” - Language translation US BICES-X Cross Domain Enterprise Services Other Services - Access control - File share - Office automation - Print - Org messaging - Geo SA “COP” - Language translation MP Cross Domain Services agreed to standards and protocols. DISA Cross Domain Enterprise Services Federal classified Partner users MPE ≥ US contribution + MP1 contribution + MP2 contribution + … + MPn contribution Mission JRSS Mission Specific Cross Domain Enterprise Services Virtual Enclaves users MP Classified Network(s) Partner Transport MP Desktop Infrastructure Services MP Clients Enduring COIs US Led Mission Thread Based Apps and Services Episodic Federation of Networks US Led Enduring COIs Partner Led Partner(s) voluntarily requesting classified mission network support provided infrastructure and services by another willing partner Episodic Federation of Networks Partner Led Mission Thread Based Apps and Services Operating With Mission Partners: Diplomacy, Policy, JMEI, Governing, Security, Doctrine, TTP UNCLASSIFIED UNCLASSIFIED JIE Capabilities Enable MPE Use Case MN BICES CENTRIXS-Maritime UNCLASSIFIED UNCLASSIFIED MPE and FMN • US MPE and NATO FMN born of the same requirement document from COMIJC • MPE and FMN concepts and implementation plan documents developed in parallel with close coordination and collaboration – Both leverage best practices & lessons from ISAF AMN federation, other missions & exercises – Primary tenet of both: Apply current capabilities, equipment, skills, talent, and TTPs to a mission network • #1 challenge: Coordinating national/organizational implementation policies in a “do no harm” manner to achieve “unity of effort” within a mission network in pursuit of coalition mission objectives (Goal of CE14 FPC, documented in CE14MN JMEI) • MPE JMEI Joining Instructions and NFIP Volume 2 Instructions contain the same protocol standards, IA & Security criteria to create a trusted, protected and secure federation of mission networks and standards for connecting six partner “human to human collaboration” core services with each other – US MPE and NFIP basic protocols, standards and trust criteria cross referenced and match those referenced and used in ISAF AMN, CE13, CE14, AC15, and BOLD QUEST 15.2 JMEI documents. – ATO* for mission network contributions listed above demonstrated ability to meet foundational MPE JMEI Joining Instruction and NFIP Instruction protocols, standards and trust criteria 26 *ATO = Authority To Operate UNCLASSIFIED UNCLASSIFIED MPE and FMN Parallel Efforts NATO FMN Implementation Plan (NFIP) Volume 1 NAC Approved 29 January 2015 US MPE JMEI Joining Instructions signed by, US Joint Staff Director J6 on 21 August 2104 “US MPE AND NATO FMN efforts are in parallel and are deliberately aligned UNCLASSIFIED UNCLASSIFIED US - NATO Strategic C2 Relationships & Partnerships Represents Any Nation or Organization Nation / Mission Partner Funded Mobile Communications XML Exchanges Global Integrated Operations Enterprise & Mission Services Mission Threads CIAV Joint Information Environment Mission Partner Environment XML Exchanges Federated Mission Networking Operational Processes Mobile Computing Strategy Enterprise & Mission Services NATO Common Funded Connected Forces Initiative Tactical Operational Strategic NATO IT Infrastructure Jolted Tactics Similar Tools and Processes Support Both Global Integrated Operations and NATO Level of Ambition UNCLASSIFIED UNCLASSIFIED US MPE – NATO FMN Relationship Nations US MPE Instance Mission Y MN BICES NS WAN NATO FMN Instance Mission X CJTF CFSOCC CFLCC CJTF CFMCC CFSOCC CFACC [Up to] SECRET REL Mission CFLCC CFMCC CFACC [Up to] SECRET REL Mission • US MPE (Episodic) and NATO FMN use cases conceptually alike • MPE (US led mission) – FMN (NATO led mission) • Federation of “REL TO Mission” mission networks model also valid for a mission led by some other entity • Episodic in nature (temporary, built for mission) • Nations agree to trust and security criteria to “connect” mission networks • Trusted and protected connections made through Joining, Membership, and Exiting Instructions (JMEI) • Nations provide their own equipment and TTP “federate” capabilities and TTPs • Partners replicate releasable, operational capabilities and TTPs within respective mission networks **All flags representative only – notional laydown UNCLASSIFIED UNCLASSIFIED NATO Federated Mission Networking (FMN) and US Mission Partner Environment (MPE) Discussion Points --Overall message: NATO FMN efforts and US MPE efforts are cut from the same cloth and look to achieve similar objectives with similar materiel and non-materiel tool sets --Two key challenges within any partner entity: • Culture change and implementation of organizational versions of MPE or FMN concept to facilitate use of organizational DOTMLPF and Policy in a trusted peer to peer coalition mission network environment • Respective Program Office accreditation and governmental* approval for release of organizational capabilities and technologies for use in a mission partner environment with a specific set of mission partners • Leverage reciprocity or streamline process to obtain or to reuse accreditations and release* of organizational capabilities and technologies for subsequent mission network environments with the same or different sets of mission partners *e.g. US ITAR = International Trade and Arms Regulation Key = Managed Deliberate Coordinated Change Among Willing Partners UNCLASSIFIED UNCLASSIFIED UNCLASSIFIED NATO Federated Mission Networking (FMN) and US Mission Partner Environment (MPE) Discussion Points • Unity of Effort and Speed of Command within a coalition force requires movement of coalition C5ISR operations and activities off of national or NATO specific security domains • Federated Mission Networking and Mission Partner Environment frameworks offer option of an additional network environment specific to a mission/exercise/training event • • • – Use is complementary to, not in place of, existing national, NATO, or other multi-national network domains – Each coalition is different-- leverage common agnostic protocols, standards to establish trusted and protected connections and compatibility criteria for six collaboration services as a consistent foundation for each different coalition mission network No new* equipment, no new skill sets, no new software, no new services, no new people required to implement FMN and MPE Framework—just a desire to participate and adjust to mission priorities – Partners bring own DOTMLPF capabilities -- whatever they are – COMBINED ENDEAVOR 2013 and 2014 achieved FMN and MPE objectives with current DOTMLPF and Policies – All are treated the same—as peers-- capacity and size or organizational role does not matter to security, infrastructure and information assurance accreditation teams. – *May require additional sets of current equipment/licenses if re-purposing of existing equipment/licenses is not available Most difficult challenge to coalition mission planning is coordination and adjustment of national and NATO policy implementations to establish mission/exercise specific policies – Lessons from ISAF, CE2013, CE2014, IMMEDIATE RESPONSE 14 , CLEVER FERRET 14, any other coalition event planning process – Culture and policy adjustments---perform coalition mission tasks on mission network, national business on national network, business with NGOs and others on Unclassified networks Practice and more practice is only tried and true method of increasing trust among mission partners and reducing time to implement trusted network-enabled information sharing arrangements. – Trust can be gained by practice and familiarity with partner DOTMLPF and Policies—practice must include training audience J (A/G/N) 6’s! Cannot “Surge” or “Pre-determine” Trust UNCLASSIFIED UNCLASSIFIED • Create OAR CoI? SECRET REL OAR Foundation of Trust - Collective agreement by originating OAR partners MP A “Third Stack” ⁻ ⁻ • Specific to OAR OAR Policy ⁻ • CJTF “REL OAR” DOTMLPF provided by each Mission Network contributor Network, capabilities, TTP employed therein to conduct OAR Ops Governance CFLCC CFMCC CFACC MP C MP P Mission CDR specific as shaped by partner(s) MP Z • MP B CFSOCC Leadership direction, Culture change, and Practice MP Y ⁻ MP Q MP X Training & Education ⁻ • MN BICES Joining Membership and Exiting Instructions (JMEI) ⁻ • Draft Operation ATLANTIC RESOLVE (OAR) Mission Network Relationships MP D CIAV (OAR specific activities per CDR’s Guidance) ⁻ ⁻ Compare OAR partner operational processes Deliberate “Do No Harm” coordinated change of DOTMLPF and TTP Self provided National Secret Self provided National Unclassified Self provided Cross Security Level Information Exchange Guard Specific C2 relationships for OAR related exercises and/or operations is NOT depicted 32 UNCLASSIFIED UNCLASSIFIED Joining Membership and Exit Instruction (JMEI) Role in Mission Partner Environment (MPE) and Federated Mission Networking (FMN) Train and Equip and Implementation Processes Joint Staff JS J6 DDC5I IID Deputy Director Cyber and C4 Integration Interoperability and Integration Division UNCLASSIFIED UNCLASSIFIED Why JMEI? The term “JMEI” came about as HQ ISAF and HQ ISAF Joint Command (IJC) needed to be able to provide nations [partners] wishing to contribute a national extension to ISAF AMN a consistent and repeatable package of holistic guidance and procedures • COMISAF could not “mandate” systems interoperability for the various national C4ISR systems already in use, so the focus was on generating UNITY OF EFFORT by mandating human to human collaboration leveraging the most basic standards and technical protocols •In addition to being able to protect and secure a network to ISAF mission policies the only other mandated criteria was to be able to communicate with other partners via six “core services” • Web browsing, Chat (NATO Standard XMPP technical format mandated), Voice Over IP Telephone (VOIP), Video Tele-Conferencing over IP (VTCoIP), E-mail (with attachments), and Global Address List sharing • The result was an evolution of mission technical and procedural documents from “a collection of workarounds” to a description of how to “federate” national mission network contributions into a trusted and protected federation of partner DOTMLPF capabilities and policies called “Afghan Mission Network” • Operational and Functional ISAF documents also evolved to reflect operations as a unified coalition force vice a partnership of multiple independent forces Non-Materiel (DOT_MLPF) and Policy contributions by NATO and Nations to the ISAF coalition are the most important contributing factors to ISAF mission success 34 UNCLASSIFIED UNCLASSIFIED UNCLASSIFIED JMEI Defined Joining Membership and Exit Instructions • Not a new idea but a new term generated by ISAF coalition forces • Old terms: TTPs, SOPS, other named products resulting from exercise planning process or Crisis Action Planning (CAP) process • In short, JMEI are a set of documents specific to a mission/exercise that range from technical implementation guidance to establishment of secure and trusted peer to peer communications to Mission[Exercise] CONOPS to OPORDERs and FRAGOs to political guidance to agreements between partners to Commander's Intent • Operation [or Exercise] Orders, all OPORDER Annexes and any other document pertinent to a specific mission or exercise are a part of the collective set of documents referred to as “JMEI” 35 UNCLASSIFIED UNCLASSIFIED Repeatable JMEI for MPE / FMN NATO and a significant number of nations came to same conclusion that operating as a part of a coalition was most effective and efficient when coalition partners were equal peers within a “mission network” • NATO consideration included coalition partnerships with non-NATO member nations In order to leverage the “best practices” of ISAF AMN to inform establishment of a future “mission network” while retaining the flexibility to adapt and adjust to any mission or mission partner set, basic technical elements of JMEI were separated from mission specific and temporal policy driven elements Two categories of JMEI were born • JMEI Joining Instructions – A set of mission agnostic documents that describe a nations’ view of the basic standards and compliancy criteria necessary to establish a trusted and secure network relationship as well as compatibility of six core collaboration services between network contributing mission partners (Repeatable and consistent across MPE and FMN documentation) • Event specific JMEI – A set of documents are generated by mission/exercise lead HQ staff and mission partner reps to address all aspects of a specific coalition mission or exercise to include partner agreements regarding compatible implementation of national security, identify and access management and cyber defense policies within a federation of “mission networks” Exchange and Access made “Practical, Efficient, and Effective” When all Participants are Conducting Operations or Training at the “same Security Classification and Releasability Level”UNCLASSIFIED 36 UNCLASSIFIED UNCLASSIFIED MPE JMEI Joining Instructions Definition MPE JMEI Joining Instructions – A set of mission and partner agnostic documents that describe basic standards and compliancy criteria to establish a trusted and secure network relationship / connectivity between US and “coalition of the willing” partners as well as compatibility of six core collaboration services between network contributing mission partners US objective: A consistent and repeatable set of MPE JMEI Joining Guidance across Combatant Commands (CCMD) and Services to describe minimum criteria for technical connections, IA, security, and six core collaboration services • Benefit: Services and mission partner ability to train and equip to a standard that is useful regardless of which US CCMD or contributing mission partner is the lead or what mission is being executed • Choice to train and equip forces to JMEI Joining Guidance is a sovereign decision—change(s) in MPE JMEI Joining Guidance managed and coordinated, not governed, among a “coalition of the willing” • US DoD governs US train and equip processes • • • Content of US MPE JMEI Joining Instructions evolve in a consistent and complementary manner with NATO Federated Mission Networking Implementation Plan Volume II Instructions Partner MoDs govern respective train and equip processes HQ NATO / Existing NATO processes govern train and equip processes to support NATO Command Structure HQs “MPE JMEI Joining Instructions contain the common “Lego Blocks” to enable more rapid establishment of trusted network relationships between any unique set of willing mission partners” 37 UNCLASSIFIED UNCLASSIFIED UNCLASSIFIED Event Specific JMEI Definition Event Specific JMEI – A set of documents specific to a mission/exercise • Content ranges from technical implementation guidance to Mission/Exercise CONOPS to OPORDERs/FRAGOs to political guidance to agreements between partners to Commander’s Intent Starting point: Leverage and reference basic standards and compliancy criteria set in MPE JMEI Joining Instructions [stated US goal is US MPE consistency with NATO FMN Volume II Instructions] • • Generated by mission/exercise lead HQ staff and mission partner reps to address all aspects of a specific coalition mission or exercise with mission partners under a JTF Commander lead, lead Nation, or exercise sponsor • Event specific JMEI are the products of Crisis Action Planning or a the planning process associated with any exercise, test, experiment planning process Benefit: Shape and drive collective DOTMLPF and Policy contributions to achieve mission objectives via generation of event specific policies, operational procedures, and technical configuration and security agreements tailored to address unique criteria and circumstances applicable to each mission and partner set • Commanders retain flexibility to shape and employ coalition force HQ and DOTMLPF of supporting forces as they see fit to conduct operations in order to meet assigned objectives • Mission partners respond to acknowledged leadership role of whomever is mission or exercise Commander without giving up sovereign rights and responsibilities Risk to nation by joining XX Mission Network Federation is less than NOT joining in terms of resources, force protection, mission accomplishment 38 UNCLASSIFIED UNCLASSIFIED “Mission X” JMEI Development & Validation Flow Chart US FMN 90 Day Study Figure 7 Coalition Nations that provide “Mission X” TASKORD, OPORD, EXORD, CONOPS, SOP, CDR Guidance and Intent, etc. Combat Power, Logistics, BOG*, etc. JMEI** US MPE Episodic/NATO FMN Use case FMN Community Standardization MPE Joining Instructions U.S. HQ & Components Systems, Applications, Services, Mission Threads “Mission X”Net CIAV*** “Mission X” Partners US MPE JMEI Joining Instructions signed by JS J6 21 August 2014 Systems, Applications, Services, Operational Processes “Mission X” specific tasks and objectives Exercise / OPLAN Validation “Mission X” Exercise Planning or Crisis Action Planning Process Feedback Secret REL to “Mission X” “Mission X” JMEI “Execution” J3s * Boots on the Ground **Joining, Membership & Exit Instructions ***Coalition Interoperability, Assurance & Validation Mission Partner Advance Planning versus Crisis Reaction 39 UNCLASSIFIED UNCLASSIFIED MPE Implementation / JMEI Change Management The US MPE JMEI Joining Instructions were signed by LTG Mark Bowman, US Joint Staff J6 on 21 August 2104 • Distribution is to any and all partners • Governance and implementation within US DoD to be accomplished via DoD 8110.1 Instruction (Mission Partner Environment (MPE) Information Sharing Capability Implementation for the DoD) signed 25 Nov 2014 by DoD CIO and CJCSI* 5128.1 Mission Partner Environment Executive Steering Committee (MPE ESC) Governance and Management signed 1 October 2014 • Policy. It is DoD policy that: MPE will serve as the framework for operational information sharing between DoD Components and Mission Partners Governance: • Internal national [US] business pertaining to training and equipping forces per MPE JMEI Joining Instruction standards • Governance also reflects relationships and influence within a mission or an exercise Management: • US MPE JMEI Joining Instructions are living documents with updates derived from feedback received from implementation in coalition events • Change is via agreement, not consensus, among "coalition of the willing" to ensure coherent, cooperative and deliberate change management process for minimum criteria for technical connections, IA, security, and six core services with as many partners as possible given sovereign decisions and political desires • All changes deliberately made in close coordination with “coalition of the willing” contributors (Management vice Governance) • Unilateral changes are/would be counter-productive *CJCSI = Chairman of Joint Chiefs of Staff Instruction UNCLASSIFIED UNCLASSIFIED CE14MN JMEIs • Joining the CE Mission Network (15) • Policies for CEMN: PKI, Accreditation, IA, etc. • Configuring the CE Mission Network (48) • Technical Guidance to provide trusted and protected environment needed to meet CE14 goals • Exiting the CE Mission Network (1) • • Guidance for protecting archived information post CE14 Procedures to gracefully exit CEMN federation • CE Mission Network Membership (8) • NETOPS CONOPS, Cyber Security, Incident Reporting, IM/KM, Vulnerability Management, etc. • Event Specific Instructions (38) • Daily Battle Rhythm, ORBAT, Reporting Procedures, Trouble ticket, numbering convention, SCR VHF, HF UHF, SHF Allocation, Network diagrams, Tactical Data-link verification, Friendly Force Tracking systems verification, SATCOM Systems Information, etc. • Admin (5) • Library of Terms, CE14 JMEI Structure, US MPE JMEI Joining Instructions APAN link to CE14 Event JMEI documents: https://wss.apan.org/s/CE/CE14/JMEI/Forms/JMEI%20Grouped%20View.aspx 4 UNCLASSIFIED UNCLASSIFIED *e.g. missing procedures, delayed equipment, weatherrelated problems, etc. CE13 JMEI Trends and Statistics 17% 30% 36% 8% 24% 64% 11% 8% Participants not following, not reading or an outside restriction (technical or policy) with the JMEI are the primary reasons for accreditation issues Compiled by CE13 C7 Assessment staff UNCLASSIFIED UNCLASSIFIED CE14 Assessment Trends and Statistics JMEI Issues Unclear 5% Optional Compliance Issues 8% Restricted 10% Not Followed 85% Mandatory Compliance Issues 92% Total JMEI Deficiencies Mandatory Compliance Deficiencies Optional Compliance Deficiencies Not Followed Unclear 317 290 Compiled by CE14 C7 Assessment staff 27 271 Restricted 31 15 Restricted = Conflicts with national policy or otherwise unable to comply UNCLASSIFIED Master BQ MN 15.2 JMEIs Appendix 2 - Infrastructure Appendix 1 - Policy Annex A- Statement of Security Compliance (ESSC) and Compliance Questionnaire B- Interconnection Security Agreement (ISA) C- NCMP Authority to Connect Process D- HMP Authority to Connect Process E- Network Connection Approval Team (NCAT) F- Cyber and Physical Security Policy Joining G- Authentication, Authorization, Accounting Membership H- Removable Media I- Wireless Policy J- Incident Handling & Reporting K- Vulnerability Management L- Malicious Code Management Appendix 5 - NetOps Membership Annex A- MN Network Operations TTP B- Contingency Plan C - BQ 15-2 Helpdesk Incident Management SOP Appendix 6 -Operations (BQ Mission Initiatives) Annex A- NIP Design & Router Configuration B- Internet Protocol (IP) Plan & Routing Joining C- Multicast D- Border Gateway Protocol Routing E- Border Protection Systems F- Network Time Synchronization Services/Network Time Protocol (NTP) G- Data Transport Services (DTS) H- IP Security / Virtual Private Network (VPN) I- Domain Name Server (DNS) Summary Appendix 3 - Core Services BQ MN 15.2 JMEIs Annex A- NIE/BQ Execution Battle Rhythm B- Command and Control (C2) Services (Systems) C- Force Tracking Systems (FTS) Appendix 8 - Process Description D- IAMD Joining E- DaCAS Annex Membership F- JFS JMT A- Planning and Joining the BQMN G- LVC B- JMEI Development Process H- Tactical Infrastructure Enterprise C- Risk Reduction Plan Services (TIES) JCTD D- JMEI Change Process I- CISR (NOR/JDAT) E- Acronym and Glossary of Terms J- Cyber (MND) F- Assessment/Instrumentation Plan K – NIE/BQ Joint Exercise Directive (JED) 03 Sep 2015 Annex A- Email Routing (Email) Joining B- Voice over Internet Protocol (VoIP) Membership C- Chat D- Global Address List (GAL) Synchronization E- Web Services (Secure FTP) / Shared File Directory Appendix 4 - Comms Joining Joining Annex Membership Membership A- Radio Circuit Plan B- Communications and Information Sys Security C- Tactical Data Links (TDL) (LINK 16/SADL/VMF) Appendix 7 - Exit Annex A- Data Handling and Protection Guidance B- Mission Network Exit Procedures Exit Exiting