Brian Connett, LCDR, USN US NAVAL ACADEMY “A failure by the Department to secure its systems in cyberspace would pose a fundamental risk to our ability to accomplish defense missions today and in the future.” - 2010 Quadrennial Defense Review “… four key characteristics of cyber space: open to innovation, secure enough to earn people’s trust, globally interoperable, and reliable.” -2011 International Strategy for Cyberspace US Strategic Command US Cyber Command US Fleet Cyber Command US 10th Fleet … Ubiquitous, overlapping domains “A global domain within the information environment consisting of the interdependent network of information technology infrastructures, including the internet, telecommunications networks, computer systems, and embedded processors and controllers …” “… common usage of the term also refers to the virtual environment of information and interactions between people.” National Security Presidential Directive 54/Homeland Security Presidential Directive 23 (NSPD-54/HSPD-23) Collection of foreign intelligence from communications and information systems Use the information to help protect our troops, support our allies, fight terrorism, combat international crime and narcotics, support diplomatic negotiations, and advance many other important national objectives SIGINT comes from various sources, including foreign communications, radar and other electronic systems This information is frequently in foreign languages and dialects, is protected by codes and other security measures, and involves complex technical characteristics The goal is to collect and understand the information, interpret it, and get it to our customers in time for them to take action. The U.S. Constitution, federal law, executive order, and regulations of the Executive Branch govern our activities WE operate under the authority of the Department of Defense (US Code 10) Our activities are subject to strict scrutiny and oversight both from the outside the DoD and from within. External bodies provide oversight to ensure adherence to U.S. laws and regulations • House Permanent Select Committee on Intelligence (HPSCI) • Senate Select Committee on Intelligence (SSCI) • President's Intelligence Oversight Board • Foreign Intelligence Surveillance Court • Department of Justice The Office of the Inspector General conducts inspections, audits, and investigations to make certain that we operate with integrity, efficiency, and effectiveness, while the Office of the General Counsel provides legal advice You will be given powerful tools which require that you know, understand, and obey to the fullest, the laws of the nation. Executive Order 12333 (EO 12333) authorizes agencies of the Intelligence Community to obtain reliable intelligence information, consistent with applicable Federal law and EO 12333, with full consideration of the rights of U.S. persons Pursuant to EO 12333, NSA is authorized to collect, process, analyze, produce, and disseminate signals intelligence information and data for foreign intelligence and counterintelligence purposes to support national and departmental missions, and to provide signals intelligence support for the conduct of military operations Most importantly this EO prohibits the collection, retention, or dissemination of information about U.S. persons except pursuant to procedures specifically established by branch leadership and approved by the Attorney General. Command & Control Communication Combat Systems • Digital Control Systems • Optimal Control and Estimation • Autonomous Vehicles • Robotics • Computer Vision Computers • Embedded Microcontroller Systems Integration • Embedded Microcontroller System Applications • Cyber Physical Systems • Computer Vision Robotics Mobile Robot Design Cyber Physical Systems Weapons Intelligence Engineering Economics Emerging Technologies Failing to use these effectively will be the difference between victory and defeat Environments are merging Commanding the new environment • • • • • Monitor and be aware of the environment Manage our emissions Discretely communicate Find, track and defeat threats Conduct attacks Surface and Subsurface, Air and Space Dominance J.W. Greenert, ADM, USN Sun Tzu and Plato • Philosophical imperative • Self knowledge • Cyber Warfare Not about how the cyber system works, its more about how it fails Productive failure will only provide strategic success Oil and Energy sector • Exploits shared hard drives Supervisory Control and • Man-in-the-middle attack Data Acquisition STUXNET • 1st publicly known malicious cyber weapon from bytes to physical sabotage • Cyber Conflict Era begins • Fire and Forget • Children of Stuxnet – tailored DNA swarm