MPE M2I2 Board 15-2 JS J6 DDC5I IID 7 September 2015 update 5

advertisement
UNCLASSIFIED
Mission Partner Environment
(U.S. contribution to FMN)
Multi-National Maritime Information Services
Interoperability (M2I2) Board 15-2
7 September 2015
Joint Staff JS J6 DDC5I IID
Deputy Director Cyber and C4 Integration
Interoperability and Integration Division
UNCLASSIFIED
UNCLASSIFIED
What does the Commander need?
Communicate Commander’s Intent
Build trust
Create unity of effort
Possess speed of command
Operate in the information environment
…not just share information
UNCLASSIFIED
UNCLASSIFIED
MPE Range of Military Operations
What is the Commander’s intent?
What information needs to be shared?
What is the mission?
Who are the partners?
What classification / releasability level(s) do you need to operate in?
UNCLASS
NETWORKS
Classified Releasable
FEDERATION OF MISSION NETWORKS
MAX OMB
MN BICES
US BICES-X
HA/DR
LOW
to
HIGH
CENTRIXS
MCO
UNCLASSIFIED 3
UNCLASSIFIED
Evolving to a Mission Partner Environment
[ISAF] AMN - Theater Specific
National
Connections
Webbrowsing
Mission
Threads
Email with
Attachment
Policy &
Governance
Chat
Training
CX-I
VTCoIP
GAL Sharing
Standards
VoIP
Pre-AMN
Doctrine &
TTP
CIAV
National
Connections
MPE- Theater Agnostic
Policy &
Governance
Training
Email with
CIAV-like
Attachment
Mission
WebGAL Sharing
Threads
browsing
Doctrine &
National
VTCoIP
VoIP
TTP
Connections
Chat
GAL Sharing
Standards
CX-”X”
some assembly required
MPE: Provides an overarching capability framework for CCMDs based on CONOPS, Doctrine,
TTP, Policy, Governance, Common Standards, Training, Interoperability UNCLASSIFIED
UNCLASSIFIED
Validated Requirements [USA]
 Strengthening Security Relationships: Our relationships with mission partners are a
critical component of our global engagement and support our collective security
 Central to these efforts is strengthening global network of allies and partners.
 Combine capabilities with mission partners: form, evolve, dissolve, and re-form in
different arrangements in time and space
 Scalable: ranging from an individual unit enrolling the expertise of a
nongovernmental partner to multi-nation coalition operations.
MPE Definition: An operating environment enabling C2 for operational support planning and
execution on a network infrastructure at a single security level with a common language.
(DoDI 8110.01)
MPE Pedigree
Terms of
Reference
ICD/
CONOPS
JROCM
081-12
90-Day
Study
JROCM
026-13
MPE Enduring
(Tier 1) CDP
Joining
Instructions
CJCSI
5128.01
DoDI
8110.01
Episodic
MPE CDP
Both US MPE and NATO FMN efforts originated from the same requirement(s) document generated
by COMIJC, endorsed by COMISAF and forwarded up the respective US and NATO chains of
command to CJCS and SACEUR for endorsement. Both sets of leadership endorsed the requirement.
UNCLASSIFIED
UNCLASSIFIED
MPE Enduring and Episodic Definitions
Application of MPE Tenets and Network Relationships and Characteristics differ
(known steady state relationships vs. unknown situation shaped coalition membership)
•
MPE Enduring: Strategic Level (information sharing & planning)
– Asynchronous and non-real time information sharing
– Persistent – time not a factor
– Specified Mission Partners (bilateral or multi-lateral “Communities of Interest)
– Combatant Command (CCMD) HQ capabilities for Mission Partner engagement/planning
– Technologically dependent
– Integrated with and enabled by Joint Information Environment (JIE)
•
MPE Episodic: Operational to Tactical Level (Conduct Operations)
– Synchronous and near-real-time, or real-time, conduct of operational mission tasks
– Episodic – time to establish always a factor
– Mission Focused (exercise or contingency operation)
– Unknown mission partners, emergent mission; unknown duration
– JTF and component capabilities for peer to peer Mission Partner operations
– US may not be lead; but must leverage JIE to contribute DOTMLPF, P & TTP to coalition
“US and Mission Partners collaborate in Mission Partner Environment (MPE) Enduring environments day
to day with the capability to transition to conducting operations within a MPE Episodic for any operation”
6
UNCLASSIFIED
Joint Information Environment (JIE)
– Enduring & Episodic MPE
UNCLASSIFIED
CCMD
Persistent  CCDR level  US-Centric 
Bi-lateral /Multi-lateral  Specified Mission Partners
e.g. Existing bi-lateral and
multi-lateral network
relationships: MN BICES and
other named network
relationships, etc.
Enduring
MPE
“C”
Enduring
MPE
“A”
Enduring
MPE
“B”
CCMD
MPG
SIPRNet and NIPRNet
Connect
Access
Share
Discussion: Do CENTRIXS-Maritime
relationships and IT infrastructure
investments reflect an MPE Enduring
or MPE Episodic / NATO FMN use
case? Or perhaps elements of both?
CCMD
Rel to Mission or Exercise
MPG
JIE
CCMD
Episodic
MPE
CJTF
MP A
MP Q
MP B
MP X
CFSOCC
MP Y
LEGEND
National Contribution (3rd Stack); National DOTMLPF-P, IA, Security
National Classified Network (e.g. SIPRNet)
National Unclassified Network (e.g. NIPRNet)
Episodic MPE Federated Network; Commander accepts risk, sets rules
Enduring MPE Connection
7
Cross Security Level Exchange “Guard” MPG = Mission Partner Gateway
CFLCC
CFMCC
CFACC
MP C
MP P
MP Z
MP D
Temporal  CJTF level  Commander centric 
Unknown Coalition of the Willing
UNCLASSIFIED
UNCLASSIFIED
Today’s MPE Enduring Environments
Collaborate and Share Information
Enduring
MPE
“A”
MN
BICES
CCMD
Enduring
MPE
Enduring
“B”
MPG
SIPRNet and NIPRNet
CCMD
JIE
MPE
MPG
Plus other existing bi-lateral and multilateral network relationships some of
which may not be directly connected to
current DoD Networks or future JIE
Connect
Access
Share
Tier 1 SIPR connection
currently
provides only CENTCOM
users access to the
US BICES-X FTI
Mission Partner L
Interim
TNE
PACOM
TNE
US BICES-X
FTI
Mission Partner M
CENTCOM
Mission Partner N
TNE
EUCOM
Mission Partner O
Mission Partners collaborate via a JIE Tier I environment but must be able to rapidly shift to operating
within an Episodic Mission Partner Environment (MPE) framework as situation(s) dictate
UNCLASSIFIED
8
UNCLASSIFIED
UNCLASSIFIED
•
Conduct coalition operations, tasks, and activities in a
“REL to mission” primary C2 network environment
Joining, Membership and Exit Instructions (JMEI)
–
•
MP A
Pre-mission “coalition of willing” identification of,
and training and equipping to agnostic standards
CJTF
MP Q
MP B
MP X
Provided by each Mission Network contributor
Training & Education
MP Y
Leadership direction, Culture change, and Practice
CFLCC
CFMCC
CFACC
MP C
MP P
Governance
–
•
Episodic
MPE
CFSOCC
–
•
Foundation of Trust-- Collective agreement by originating partners
“Third Stack”
⁻
•
[Up to] SECRET REL Mission
Management
⁻
•
Specific C2 relationships for exercises
and/or operations is NOT depicted
Specific to mission or exercise, include all documents pertaining to event
Policy
⁻
•
Near Term - Episodic Capability
Mission Commander-specific as shaped by partner(s)
MP Z
MP D
CIAV (mission specific activities per Cdr’s Guidance)
⁻
⁻
Compare mission partner operational processes
Deliberate “Do No Harm” coordinated change of DOTMLPF and TTP
Specific C2 relationships for exercises and/or operations is NOT depicted
Self provided National Secret
Self provided National Unclassified
Self provided Cross Security Level
Information Exchange Guard
MPE: Provides a consistent overarching capability framework for CCMDs based on CONOPS, Doctrine,
TTP, Policy, Governance, Common Standards, Training, and Interoperability
9
UNCLASSIFIED
UNCLASSIFIED
MPE and the Maritime Community
• No major changes for the maritime community – MPE tenets have long been
standard practice
•
•
•
Ability to reconfigure IT Infrastructure to connect to different mission networks while
deployed
Any changes dependent on role and function of embarked staffs, assigned forces and/or
land-based maritime HQ
CENTRIXS-Maritime not different from MPE, it is an MPE use case…..
• Culture already accepts concept of CENTRIXS – “X” infrastructure / hardware
“repurposed” to fit the mission(s) at hand
• Biggest change – move fight (operational activities) off National-Only
networks (e.g., US SIPRNet) when applicable
•
•
Employ releasable versions of existing C4ISR tools within “Rel to mission” mission network(s)
Data and information exist at any desired classification level and releasability caveat
• MPE and NATO FMN use case implementation and employment are scenario,
partner and warfighting domain agnostic
“U.S. forces must learn to function routinely on CENTRIXS networks in the coalition
environment and by exception on U.S. only networks. U.S. reliance on SIPR chat, SIPR
email……limited coalition integration.” Excerpt BOLD ALLIGATOR 2012, Final Report
10
UNCLASSIFIED
UNCLASSIFIED
Back Up
UNCLASSIFIED
UNCLASSIFIED
Mission Partner Environment (MPE) JKO Courses
J3OP-US1277; Introduction to MPE
J3OP-US1278; Planning an MPE
Both MPE courses are available for US DoD, Multinational and interagency partners on JKO Direct via following
link: https://jkodirect.jten.mil/Atlas2/faces/page/login/Login.seam?cid=21417
Note: US MPE documents, US MPE JMEI Joining Instructions, Operation DIRTY WIND video, links to JKO MPE
courses are posted on Tidepedia in the FMN section: http://tide.act.nato.int/tidepedia/index.php?title=Main_Page
12
UNCLASSIFIED
UNCLASSIFIED
Mission Partner Environment (MPE)
Operational Context: As a standard practice, US Forces conduct many Warfighting
operations via SIPRNET. In Afghanistan, this constrained the ability of US commanders to
speak with immediacy to all operational commanders (mission partners).
• The need to mitigate risk and provide the commanders with strategic, operational and
tactical flexibility spurred the development of the Afghanistan Mission Network (AMN)
for coalition information sharing & get the “fight” off the SIPRNET
Lessons Learned & Guiding Principles:
• Operational imperative – unity of effort, enable communications with all mission
partners to execute the Commander’s intent in a single security environment
• MPE is not a single network – it is a federation of networks & national systems
• There is no intent establish a new program of record; focus is on re-purposing existing
materiel and non-materiel enablers and capabilities
• Alignment with NATO’s Federated Mission Networking (FMN)
“We’re one year away from forgetting everything we learned in Afghanistan.”
Iron Major, USMC - Communications Officer 13
UNCLASSIFIED
UNCLASSIFIED
MPE Operational Context
•
Lesson Learned: USA use of SIPRNet as primary C2 network during mission partner operations
generates strategic, operational and tactical limitations:
– Forces on different networks with inadequate cross-domain solutions resulted in poor
ops, planning and intelligence information exchange between NATO, U.S. and other
partner forces in ISAF
– Non-materiel DOTMLPF, TTP and Policy solutions as or MORE important than materiel
solutions
•
Need for strategic to tactical human-to-human information exchange in a common language
on same security and releasability level in real time – share by default; classify by exception
•
Consistent DoD ability to employ in-place information sharing, TTP, and operational C4ISR to
support both persistent and episodic (mission specific) operations with mission partners
•
MPE leverages a “federation of sovereign C2 networks” created by the contribution of two or
more nation “mission networks” to establish a mission specific enterprise in which all mission
partners may operate as peers within a single classification and releasability policy
Solution: Move coalition fight off of national networks [SIPRNet]
14
UNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
MPE Operational Metrics
MPE “What”
•
MPE is a framework, a concept of operations. A use case. MPE implementation is
represented by two or more mission partners agreeing to achieve unity of effort by joining
trusted mission networks together to form a federation of networks composed of collective
partner provided policy, transport, systems, applications, security, services and operational
processes
MPE “So What”
•
Clearly communicate commander’s intent for desired operational effects with all mission
partners
•
Moves the fight off SIPR; allowing US and non-US formations, information, and data to
operate in the same battlespace
•
Greater flexibility in mission and task organizing to fight more effectively
•
US and partners fight with the equipment and TTPs they ALREADY own and train with
•
Addresses CCMD persistent info sharing requirements and JTF episodic events
•
Elevates mission partners to peers and recognizes their sovereignty
•
Defines the level of trust & addresses cyber vulnerabilities upfront
Mission Partner Advance Planning, Training, and Practice versus Crisis Reaction
UNCLASSIFIED
UNCLASSIFIED
MPE Implementation and Policy Within US DoD
The US MPE JMEI Joining Instructions were signed by LTG Mark Bowman,
US Joint Staff J6 on 21 August 2014
• Distribution is to any and all partners
• Content derived from ISAF AMN JMEI and draft NATO FMN Implementation
Plan (NFIP) Volume 2 and informed by lessons from COMBINED ENDEAVOR
(CE) 2013 and planning for CE2014
• Governance and implementation within US DoD to be accomplished via:
• DoD 8110.1 Instruction (Mission Partner Environment (MPE) Information
Sharing Capability Implementation for the DoD) signed 25 Nov 2014 by
DoD CIO
• CJCSI* 5128.1 Mission Partner Environment Executive Steering Committee
(MPE ESC) Governance and Management signed 1 October 2014
• Policy. It is US DoD policy that: MPE will serve as the framework for
information sharing and conduct of coalition operational activities
between DoD Components and Mission Partners
*CJCSI = Chairman of Joint Chiefs of Staff Instruction
UNCLASSIFIED
UNCLASSIFIED
NATO
/ ISAF UNCLASSIFIED
NATO / ISAF UNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
Roles, Responsibilities and Relationship
options within ANY coalition
• Eight options for mission partner participation within a coalition event. Only
one involves “joining” by contributing and federating a mission network with a
“core” mission network provided by a lead HQ or any other mission partner HQ
1) Contribute own network, resourced and governed by mission partner operating with
“Federation of sovereign
a "Releasable to Coalition Event Name" caveat.
– Required: Receipt and full compliance with coalition event lead HQ JMEI documents
mission networks” key tenet
of MPE / FMN Concepts
2) Request purchase, lease or loan extension of coalition event lead HQ network to own
forces/C2 nodes.
– Compliance with network provider criteria is required, assumes network provider has already fully
complied with coalition event lead HQ JMEI document criteria.
– No direct compliance with lead coalition event HQ JMEI template documents required.
3) Request purchase, lease or loan extension of a network provided by another
coalition event mission partner to own forces/C2 nodes.
– Compliance with network provider criteria is required, assumes network provider has already fully
complied with coalition event lead HQ JMEI document criteria.
– No direct compliance with lead coalition event HQ JMEI template documents required.
18
UNCLASSIFIED
UNCLASSIFIED
•
Roles, Responsibilities and Relationship
options within ANY coalition
Note: Mission partners may utilize a coalition event federation of networks
established to support a specific coalition event without selecting options 1-3:
– No direct or indirect compliance with lead coalition event HQ JMEI template
documents required for any option below.
– Data and information may flow to and from option 4-6 mission partner
representatives in a variety of different ways.
4) Embed a small or large force within another mission partner's force.
5) Send augmentees to coalition event HQ or lower echelon HQ or mission
partner HQ as augmentees.
6) Send personnel to coalition event as observers.
7) Advocate and support coalition mission in world forums via a variety of
communications media.
8) Some combination of options 4-7.
"Releasable to Event" caveat means information is releasable to all coalition event mission
partners, not just those who contribute networks to a specific coalition federation of networks!!
19
UNCLASSIFIED
UNCLASSIFIED
MPE JMEI Task Execution Overview
• Eligibility: Who is eligible to contribute a mission network? Anyone, provided
the ALL other [pre-]existing or original network contributing mission partners
agree
– A mission partner wishing to contribute a network to a coalition federation
of networks MUST be a formal member of a specific coalition event*
– Obvious, but……. Coalition event membership is a political decision with
the only requirement being a statement of support for the coalition X
event task/objective in a world forum.
– Coalition event membership carries no automatic requirement to
contribute either personnel or equipment.
Coalition member ≠ Network Contributor
*Event = Exercise, experiment, test, training event, operational mission
20
UNCLASSIFIED
UNCLASSIFIED
JWICS, etc.
Generic “Third Stack” at any US location
SIPRNet Secret
Rel USA Only
Crypto
Wide variety of applications, services,
portals, etc., to include six
collaboration services and most
“Warfighting tools”
Third Stack CENTRIXS-”X”
Infrastructure
Crypto
Today only six collaboration
services with a few exceptions
NIPRNet UNCLASSIFIED
[Access] Rel USA Only
Crypto
Wide variety of applications, services,
portals, etc., to include six
collaboration services BUT very few
“Warfighting tools”
Different Crypto
but may be same
switch to connect
to transport.
MPE Tier 1 AND
MPE Tier 2
Software location for
Operating Systems,
services
May be replaced with releasable database per mission needs
Repurpose workstations distribution per mission needs
Crypto could be in one
“box” or multiple boxes
Crypto
Crypto
Crypto
Crypto
Crypto
Crypto
Data Storage.
Separate location
from Operating
System!
Work Stations: Virtual
(VDI), Laptop, Desk
Top.
May be repurposed to
any environment at
low cost and effort.
Possible transport solution
for long or short haul
communication links as well
as within an organization
facility, base or platform
To a user, six different
“networks”, to a “6”
provider “one network”
UNCLASSIFIED
UNCLASSIFIED
MPE Use Case Concept: Two Levels
• Enduring = Strategic Level
o
CCMD Phase 0 operations (can be utilized
during all operational phases)
o
Persistent – time not a factor
o
Specified mission partners
o
CCMD HQ capability for mission partner
planning/engagement/operations
• Episodic = Operational/Tactical Level
o
CCMD-CJTF HQ Phases I-V operations
o
Temporary – time always a factor/mission
focused (exercise/contingency)
o
Known and/or unknown mission partners
o
CJTF HQ capability for mission partner
operations
MPE Definition: An operating environment enabling C2 for operational support planning and execution
on a network infrastructure at a single security level with a common language. (DoDI 8110.01)
UNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
Capabilities in Support of MPE Today
EPISODIC
ENDURING
Interim Enduring MPE
US BICES-X
Afghan
Mission
Network
CENTCOM
Partner
Network
Austere Challenge
Mission Environment
Existing bi / multi - lateral network relationships
CMFC  CMFP  CENTRIXS-J  CENTRIXS-K  etc.
Bold Quest Mission
Network
23
UNCLASSIFIED
UNCLASSIFIED
MPE Use Case Formula: US & Mission Partner Contributions
Mission Partner Environment
[MPE]
Joint Information Environment
[JIE]
Internet Access
Point
US Contribution to MPE
Core Services
- email w/attachments
- Chat
- Web browsing
- VTCoIP
- VOiP
- Active Directory
MPGW-U
(Unclassified)
MPGW-S
(Secret)
MP Contribution(s) to MPE
Core Services
- email w/attachments
- Chat
- Web browsing
- VTCoIP
- VOiP
- Active Directory
MP
Information Environment(s)
Federal Unclassified
Partner users
MPE is a federation of mission networks where mission partners “contribute”
JRSS
MPGW-X
(Bi / Multi – Lat)
MP Security
MP Unclass
DoD .gov/.org/
Network(s)
and use their own IT infrastructure, services, doctrine, and TTPs
basedNon
upon
Multi-Enclave
.com/.net Partner
Client
NIPRnet
Dedicated Client
SIPRnet
Virtual Desktop
Infrastructure
services
Other Services
- Access control
- File share
- Office automation
- Print
- Org messaging
- Geo SA “COP”
- Language translation
US BICES-X Cross Domain
Enterprise Services
Other Services
- Access control
- File share
- Office automation
- Print
- Org messaging
- Geo SA “COP”
- Language translation
MP Cross Domain
Services
agreed to standards and protocols.
DISA Cross Domain
Enterprise Services
Federal classified
Partner users
MPE ≥ US contribution + MP1 contribution + MP2 contribution + … + MPn contribution
Mission
JRSS
Mission Specific Cross
Domain Enterprise
Services
Virtual Enclaves
users
MP Classified
Network(s)
Partner
Transport
MP Desktop
Infrastructure
Services
MP Clients
Enduring COIs
US Led
Mission Thread
Based Apps and
Services
Episodic Federation of
Networks
US Led
Enduring COIs
Partner Led
Partner(s) voluntarily requesting
classified mission network support
provided infrastructure and services
by another willing partner
Episodic Federation of
Networks
Partner Led
Mission Thread
Based Apps and
Services
Operating With Mission Partners: Diplomacy, Policy, JMEI, Governing, Security, Doctrine, TTP
UNCLASSIFIED
UNCLASSIFIED
JIE Capabilities Enable MPE Use Case
MN BICES
CENTRIXS-Maritime
UNCLASSIFIED
UNCLASSIFIED
MPE and FMN
• US MPE and NATO FMN born of the same requirement document from COMIJC
• MPE and FMN concepts and implementation plan documents developed in
parallel with close coordination and collaboration
– Both leverage best practices & lessons from ISAF AMN federation, other missions & exercises
– Primary tenet of both: Apply current capabilities, equipment, skills, talent, and TTPs to a mission
network
• #1 challenge: Coordinating national/organizational implementation policies in a
“do no harm” manner to achieve “unity of effort” within a mission network in
pursuit of coalition mission objectives (Goal of CE14 FPC, documented in CE14MN JMEI)
• MPE JMEI Joining Instructions and NFIP Volume 2 Instructions contain the same
protocol standards, IA & Security criteria to create a trusted, protected and
secure federation of mission networks and standards for connecting six partner
“human to human collaboration” core services with each other
– US MPE and NFIP basic protocols, standards and trust criteria cross referenced and match those
referenced and used in ISAF AMN, CE13, CE14, AC15, and BOLD QUEST 15.2 JMEI documents.
– ATO* for mission network contributions listed above demonstrated ability to meet foundational
MPE JMEI Joining Instruction and NFIP Instruction protocols, standards and trust criteria 26
*ATO = Authority To Operate
UNCLASSIFIED
UNCLASSIFIED
MPE and FMN Parallel Efforts
NATO FMN Implementation Plan (NFIP)
Volume 1 NAC Approved 29 January 2015
US MPE JMEI Joining Instructions signed by,
US Joint Staff Director J6 on 21 August 2104
“US MPE AND NATO FMN efforts are in parallel and are deliberately aligned
UNCLASSIFIED
UNCLASSIFIED
US - NATO Strategic C2 Relationships & Partnerships
Represents Any Nation or Organization
Nation / Mission Partner Funded
Mobile
Communications
XML
Exchanges
Global Integrated Operations
Enterprise & Mission Services
Mission Threads
CIAV
Joint Information Environment
Mission Partner
Environment
XML
Exchanges
Federated Mission
Networking
Operational Processes
Mobile
Computing
Strategy
Enterprise & Mission Services
NATO Common Funded
Connected Forces Initiative
Tactical
Operational
Strategic
NATO IT Infrastructure
Jolted
Tactics
Similar Tools and Processes Support Both
Global Integrated Operations and NATO Level of Ambition
UNCLASSIFIED
UNCLASSIFIED
US MPE – NATO FMN Relationship
Nations
US MPE Instance
Mission Y
MN
BICES
NS
WAN
NATO FMN Instance
Mission X
CJTF
CFSOCC
CFLCC
CJTF
CFMCC
CFSOCC
CFACC
[Up to] SECRET REL Mission
CFLCC
CFMCC
CFACC
[Up to] SECRET REL Mission
•
US MPE (Episodic) and NATO FMN use cases conceptually alike
•
MPE (US led mission) – FMN (NATO led mission)
•
Federation of “REL TO Mission” mission networks model also valid for a mission led by some other
entity
•
Episodic in nature (temporary, built for mission)
•
Nations agree to trust and security criteria to “connect” mission networks
•
Trusted and protected connections made through Joining, Membership, and Exiting Instructions
(JMEI)
•
Nations provide their own equipment and TTP “federate” capabilities and TTPs
•
Partners replicate releasable, operational capabilities and TTPs within respective mission networks
**All flags representative only – notional laydown
UNCLASSIFIED
UNCLASSIFIED
NATO Federated Mission Networking (FMN) and
US Mission Partner Environment (MPE) Discussion Points
--Overall message: NATO FMN efforts and US MPE efforts are cut from the
same cloth and look to achieve similar objectives with similar materiel and
non-materiel tool sets
--Two key challenges within any partner entity:
• Culture change and implementation of organizational versions of MPE or
FMN concept to facilitate use of organizational DOTMLPF and Policy in a
trusted peer to peer coalition mission network environment
• Respective Program Office accreditation and governmental* approval for
release of organizational capabilities and technologies for use in a
mission partner environment with a specific set of mission partners
• Leverage reciprocity or streamline process to obtain or to reuse
accreditations and release* of organizational capabilities and technologies
for subsequent mission network environments with the same or different
sets of mission partners
*e.g. US ITAR = International Trade and Arms Regulation
Key = Managed Deliberate Coordinated Change Among Willing Partners
UNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
NATO Federated Mission Networking (FMN) and
US Mission Partner Environment (MPE) Discussion Points
•
Unity of Effort and Speed of Command within a coalition force requires movement of coalition C5ISR
operations and activities off of national or NATO specific security domains
•
Federated Mission Networking and Mission Partner Environment frameworks offer option of an additional
network environment specific to a mission/exercise/training event
•
•
•
–
Use is complementary to, not in place of, existing national, NATO, or other multi-national network domains
–
Each coalition is different-- leverage common agnostic protocols, standards to establish trusted and protected connections and compatibility
criteria for six collaboration services as a consistent foundation for each different coalition mission network
No new* equipment, no new skill sets, no new software, no new services, no new people required to
implement FMN and MPE Framework—just a desire to participate and adjust to mission priorities
–
Partners bring own DOTMLPF capabilities -- whatever they are
–
COMBINED ENDEAVOR 2013 and 2014 achieved FMN and MPE objectives with current DOTMLPF and Policies
–
All are treated the same—as peers-- capacity and size or organizational role does not matter to security, infrastructure and information
assurance accreditation teams.
–
*May require additional sets of current equipment/licenses if re-purposing of existing equipment/licenses is not available
Most difficult challenge to coalition mission planning is coordination and adjustment of national and NATO
policy implementations to establish mission/exercise specific policies
–
Lessons from ISAF, CE2013, CE2014, IMMEDIATE RESPONSE 14 , CLEVER FERRET 14, any other coalition event planning process
–
Culture and policy adjustments---perform coalition mission tasks on mission network, national business on national network, business with
NGOs and others on Unclassified networks
Practice and more practice is only tried and true method of increasing trust among mission partners and
reducing time to implement trusted network-enabled information sharing arrangements.
–
Trust can be gained by practice and familiarity with partner DOTMLPF and Policies—practice must include training audience J (A/G/N) 6’s!
Cannot “Surge” or “Pre-determine” Trust
UNCLASSIFIED
UNCLASSIFIED
•
Create OAR CoI?
SECRET REL OAR
Foundation of Trust - Collective agreement by originating OAR partners
MP A
“Third Stack”
⁻
⁻
•
Specific to OAR
OAR Policy
⁻
•
CJTF
“REL OAR” DOTMLPF provided by each Mission Network contributor
Network, capabilities, TTP employed therein to conduct OAR Ops
Governance
CFLCC
CFMCC
CFACC
MP C
MP P
Mission CDR specific as shaped by partner(s)
MP Z
•
MP B
CFSOCC
Leadership direction, Culture change, and Practice
MP Y
⁻
MP Q
MP X
Training & Education
⁻
•
MN
BICES
Joining Membership and Exiting Instructions (JMEI)
⁻
•
Draft Operation ATLANTIC RESOLVE (OAR)
Mission Network Relationships
MP D
CIAV (OAR specific activities per CDR’s Guidance)
⁻
⁻
Compare OAR partner operational processes
Deliberate “Do No Harm” coordinated change of DOTMLPF and TTP
Self provided National Secret
Self provided National Unclassified
Self provided Cross Security Level
Information Exchange Guard
Specific C2 relationships for OAR related exercises and/or operations is NOT depicted
32
UNCLASSIFIED
UNCLASSIFIED
Joining Membership and Exit Instruction (JMEI)
Role in
Mission Partner Environment (MPE)
and
Federated Mission Networking (FMN)
Train and Equip and Implementation Processes
Joint Staff JS J6 DDC5I IID
Deputy Director Cyber and C4 Integration
Interoperability and Integration Division
UNCLASSIFIED
UNCLASSIFIED
Why JMEI?
The term “JMEI” came about as HQ ISAF and HQ ISAF Joint Command (IJC) needed to be able
to provide nations [partners] wishing to contribute a national extension to ISAF AMN a
consistent and repeatable package of holistic guidance and procedures
• COMISAF could not “mandate” systems interoperability for the various national C4ISR
systems already in use, so the focus was on generating UNITY OF EFFORT by mandating
human to human collaboration leveraging the most basic standards and technical protocols
•In addition to being able to protect and secure a network to ISAF mission policies the only
other mandated criteria was to be able to communicate with other partners via six “core
services”
• Web browsing, Chat (NATO Standard XMPP technical format mandated), Voice Over IP Telephone
(VOIP), Video Tele-Conferencing over IP (VTCoIP), E-mail (with attachments), and Global Address List
sharing
• The result was an evolution of mission technical and procedural documents from “a
collection of workarounds” to a description of how to “federate” national mission network
contributions into a trusted and protected federation of partner DOTMLPF capabilities and
policies called “Afghan Mission Network”
• Operational and Functional ISAF documents also evolved to reflect operations as a unified coalition
force vice a partnership of multiple independent forces
Non-Materiel (DOT_MLPF) and Policy contributions by NATO and Nations to the ISAF coalition are
the most important contributing factors to ISAF mission success
34
UNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
JMEI Defined
Joining Membership and Exit Instructions
• Not a new idea but a new term generated by ISAF coalition forces
• Old terms: TTPs, SOPS, other named products resulting from exercise
planning process or Crisis Action Planning (CAP) process
• In short, JMEI are a set of documents specific to a mission/exercise that
range from technical implementation guidance to establishment of secure
and trusted peer to peer communications to Mission[Exercise] CONOPS to
OPORDERs and FRAGOs to political guidance to agreements between
partners to Commander's Intent
• Operation [or Exercise] Orders, all OPORDER Annexes and any other
document pertinent to a specific mission or exercise are a part of the
collective set of documents referred to as “JMEI”
35
UNCLASSIFIED
UNCLASSIFIED
Repeatable JMEI for MPE / FMN
NATO and a significant number of nations came to same conclusion that operating as a part of a
coalition was most effective and efficient when coalition partners were equal peers within a
“mission network”
•
NATO consideration included coalition partnerships with non-NATO member nations
In order to leverage the “best practices” of ISAF AMN to inform establishment of a future “mission
network” while retaining the flexibility to adapt and adjust to any mission or mission partner set,
basic technical elements of JMEI were separated from mission specific and temporal policy driven
elements
Two categories of JMEI were born
•
JMEI Joining Instructions – A set of mission agnostic documents that describe a nations’ view of
the basic standards and compliancy criteria necessary to establish a trusted and secure network
relationship as well as compatibility of six core collaboration services between network
contributing mission partners (Repeatable and consistent across MPE and FMN documentation)
•
Event specific JMEI – A set of documents are generated by mission/exercise lead HQ staff and
mission partner reps to address all aspects of a specific coalition mission or exercise to include
partner agreements regarding compatible implementation of national security, identify and
access management and cyber defense policies within a federation of “mission networks”
Exchange and Access made “Practical, Efficient, and Effective” When all Participants are Conducting
Operations or Training at the “same Security Classification and Releasability Level”UNCLASSIFIED
36
UNCLASSIFIED
UNCLASSIFIED
MPE JMEI Joining Instructions Definition
MPE JMEI Joining Instructions – A set of mission and partner agnostic documents that describe
basic standards and compliancy criteria to establish a trusted and secure network relationship /
connectivity between US and “coalition of the willing” partners as well as compatibility of six core
collaboration services between network contributing mission partners
US objective: A consistent and repeatable set of MPE JMEI Joining Guidance across Combatant
Commands (CCMD) and Services to describe minimum criteria for technical connections, IA, security,
and six core collaboration services
• Benefit: Services and mission partner ability to train and equip to a standard that is useful
regardless of which US CCMD or contributing mission partner is the lead or what mission is being
executed
• Choice to train and equip forces to JMEI Joining Guidance is a sovereign decision—change(s) in
MPE JMEI Joining Guidance managed and coordinated, not governed, among a “coalition of the
willing”
• US DoD governs US train and equip processes
•
•
•
Content of US MPE JMEI Joining Instructions evolve in a consistent and complementary manner
with NATO Federated Mission Networking Implementation Plan Volume II Instructions
Partner MoDs govern respective train and equip processes
HQ NATO / Existing NATO processes govern train and equip processes to support NATO
Command Structure HQs
“MPE JMEI Joining Instructions contain the common “Lego Blocks” to enable more rapid establishment of trusted
network relationships between any unique set of willing mission partners”
37
UNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
Event Specific JMEI Definition
Event Specific JMEI – A set of documents specific to a mission/exercise
•
Content ranges from technical implementation guidance to Mission/Exercise CONOPS to
OPORDERs/FRAGOs to political guidance to agreements between partners to Commander’s Intent
Starting point: Leverage and reference basic standards and compliancy criteria set in MPE JMEI
Joining Instructions [stated US goal is US MPE consistency with NATO FMN Volume II Instructions]
•
• Generated by mission/exercise lead HQ staff and mission partner reps to address all aspects of a
specific coalition mission or exercise with mission partners under a JTF Commander lead, lead Nation,
or exercise sponsor
•
Event specific JMEI are the products of Crisis Action Planning or a the planning process associated with any
exercise, test, experiment planning process
Benefit: Shape and drive collective DOTMLPF and Policy contributions to achieve mission objectives
via generation of event specific policies, operational procedures, and technical configuration and
security agreements tailored to address unique criteria and circumstances applicable to each mission
and partner set
• Commanders retain flexibility to shape and employ coalition force HQ and DOTMLPF of supporting
forces as they see fit to conduct operations in order to meet assigned objectives
• Mission partners respond to acknowledged leadership role of whomever is mission or exercise
Commander without giving up sovereign rights and responsibilities
Risk to nation by joining XX Mission Network Federation is less than NOT joining in terms of
resources, force protection, mission accomplishment
38
UNCLASSIFIED
UNCLASSIFIED
“Mission X” JMEI Development & Validation Flow Chart
US FMN 90 Day Study Figure 7
Coalition Nations that provide
“Mission X”
TASKORD, OPORD,
EXORD, CONOPS,
SOP, CDR Guidance
and Intent, etc.
Combat Power, Logistics, BOG*, etc.
JMEI**
US MPE Episodic/NATO FMN Use case
FMN Community
Standardization
MPE Joining Instructions
U.S. HQ &
Components
Systems,
Applications,
Services,
Mission Threads
“Mission X”Net
CIAV***
“Mission X”
Partners
US MPE JMEI Joining
Instructions signed by
JS J6 21 August 2014
Systems,
Applications,
Services,
Operational
Processes
“Mission X” specific
tasks and objectives
Exercise / OPLAN Validation
“Mission X” Exercise Planning or
Crisis Action Planning Process
Feedback
Secret REL to “Mission X”
“Mission X” JMEI
“Execution”
J3s
* Boots on the Ground
**Joining, Membership & Exit Instructions
***Coalition Interoperability, Assurance & Validation
Mission Partner Advance Planning versus Crisis Reaction
39
UNCLASSIFIED
UNCLASSIFIED
MPE Implementation / JMEI Change Management
The US MPE JMEI Joining Instructions were signed by LTG Mark Bowman, US Joint Staff J6 on 21
August 2104
• Distribution is to any and all partners
• Governance and implementation within US DoD to be accomplished via DoD 8110.1
Instruction (Mission Partner Environment (MPE) Information Sharing Capability
Implementation for the DoD) signed 25 Nov 2014 by DoD CIO and CJCSI* 5128.1 Mission
Partner Environment Executive Steering Committee (MPE ESC) Governance and
Management signed 1 October 2014
•
Policy. It is DoD policy that: MPE will serve as the framework for operational information sharing
between DoD Components and Mission Partners
Governance:
• Internal national [US] business pertaining to training and equipping forces per MPE JMEI
Joining Instruction standards
• Governance also reflects relationships and influence within a mission or an exercise
Management:
• US MPE JMEI Joining Instructions are living documents with updates derived from feedback
received from implementation in coalition events
• Change is via agreement, not consensus, among "coalition of the willing" to ensure coherent,
cooperative and deliberate change management process for minimum criteria for technical
connections, IA, security, and six core services with as many partners as possible given
sovereign decisions and political desires
• All changes deliberately made in close coordination with “coalition of the willing”
contributors (Management vice Governance)
•
Unilateral changes are/would be counter-productive
*CJCSI = Chairman of Joint Chiefs of Staff Instruction
UNCLASSIFIED
UNCLASSIFIED
CE14MN JMEIs
• Joining the CE Mission Network (15)
•
Policies for CEMN: PKI, Accreditation, IA, etc.
• Configuring the CE Mission Network (48)
•
Technical Guidance to provide trusted and protected environment needed to meet CE14
goals
• Exiting the CE Mission Network (1)
•
•
Guidance for protecting archived information post CE14
Procedures to gracefully exit CEMN federation
• CE Mission Network Membership (8)
•
NETOPS CONOPS, Cyber Security, Incident Reporting, IM/KM, Vulnerability Management,
etc.
• Event Specific Instructions (38)
•
Daily Battle Rhythm, ORBAT, Reporting Procedures, Trouble ticket, numbering convention,
SCR VHF, HF UHF, SHF Allocation, Network diagrams, Tactical Data-link verification, Friendly
Force Tracking systems verification, SATCOM Systems Information, etc.
• Admin (5)
•
Library of Terms, CE14 JMEI Structure, US MPE JMEI Joining Instructions
APAN link to CE14 Event JMEI documents:
https://wss.apan.org/s/CE/CE14/JMEI/Forms/JMEI%20Grouped%20View.aspx
4
UNCLASSIFIED
UNCLASSIFIED
*e.g.
missing
procedures,
delayed
equipment,
weatherrelated
problems,
etc.
CE13 JMEI Trends and Statistics
17%
30%
36%
8%
24%
64%
11% 8%
Participants not following, not reading or an outside restriction (technical or policy) with
the JMEI are the primary reasons for accreditation issues
Compiled by CE13 C7 Assessment staff
UNCLASSIFIED
UNCLASSIFIED
CE14 Assessment Trends and Statistics
JMEI Issues
Unclear
5%
Optional
Compliance
Issues
8%
Restricted
10%
Not Followed
85%
Mandatory
Compliance
Issues
92%
Total JMEI
Deficiencies
Mandatory
Compliance
Deficiencies
Optional
Compliance
Deficiencies
Not Followed
Unclear
317
290
Compiled by CE14 C7 Assessment staff
27
271
Restricted
31
15
Restricted = Conflicts with national
policy or otherwise unable to comply
UNCLASSIFIED
Master BQ MN 15.2 JMEIs
Appendix 2 - Infrastructure
Appendix 1 - Policy
Annex
A- Statement of Security Compliance (ESSC) and Compliance
Questionnaire
B- Interconnection Security Agreement (ISA)
C- NCMP Authority to Connect Process
D- HMP Authority to Connect Process
E- Network Connection Approval Team (NCAT)
F- Cyber and Physical Security Policy
Joining
G- Authentication, Authorization, Accounting
Membership
H- Removable Media
I- Wireless Policy
J- Incident Handling & Reporting
K- Vulnerability Management
L- Malicious Code Management
Appendix 5 - NetOps
Membership
Annex
A- MN Network Operations TTP
B- Contingency Plan
C - BQ 15-2 Helpdesk Incident Management SOP
Appendix 6 -Operations (BQ Mission Initiatives)
Annex
A- NIP Design & Router Configuration
B- Internet Protocol (IP) Plan & Routing
Joining
C- Multicast
D- Border Gateway Protocol Routing
E- Border Protection Systems
F- Network Time Synchronization Services/Network Time Protocol (NTP)
G- Data Transport Services (DTS)
H- IP Security / Virtual Private Network (VPN)
I- Domain Name Server (DNS) Summary
Appendix 3 - Core Services
BQ MN
15.2
JMEIs
Annex
A- NIE/BQ Execution Battle Rhythm
B- Command and Control (C2) Services (Systems)
C- Force Tracking Systems (FTS)
Appendix 8 - Process Description
D- IAMD
Joining
E- DaCAS
Annex
Membership
F- JFS JMT
A- Planning and Joining the BQMN
G- LVC
B- JMEI Development Process
H- Tactical Infrastructure Enterprise
C- Risk Reduction Plan
Services (TIES) JCTD
D- JMEI Change Process
I- CISR (NOR/JDAT)
E- Acronym and Glossary of Terms
J- Cyber (MND)
F- Assessment/Instrumentation Plan
K – NIE/BQ Joint Exercise Directive (JED)
03 Sep 2015
Annex
A- Email Routing (Email)
Joining
B- Voice over Internet Protocol (VoIP)
Membership
C- Chat
D- Global Address List (GAL) Synchronization
E- Web Services (Secure FTP) / Shared File Directory
Appendix 4 - Comms
Joining
Joining
Annex
Membership
Membership
A- Radio Circuit Plan
B- Communications and Information Sys Security
C- Tactical Data Links (TDL) (LINK 16/SADL/VMF)
Appendix 7 - Exit
Annex
A- Data Handling and Protection Guidance
B- Mission Network Exit Procedures
Exit
Exiting
Download