cyber requirements - afcea unclass unclass fort gordon georgia maj hurcules murray tcm- cyber dco...

1

UNCLASS

UNCLASS

FORT GORDON ▪ GEORGIA

MAJ Hurcules Murray TCM- CYBER DCO Chief

CYBER REQUIREMENTS

2

UNCLASS

UNCLASS


• Purpose: A broad overview of the current and emergent Army

cyberspace requirements identified through capability based

assessments, with a synopsis of all the work coming from the

cyber capabilities based analysis.

Purpose

3

UNCLASS

UNCLASS


TOPICS:

Army Required & Current Capabilities

IS CDD: DCO / OCO / Cyber Situational Awareness

Prioritized Gaps

Cyber CBA Conclusions

Recommended Solution Sets

Agenda

4

UNCLASS

UNCLASS


Required Capabilities: 2018-2030 • Each echelon requires the ability to access capabilities

resident at other echelons

• Task + Condition + Standard (metrics)

Corps

Bde/BCT

Battalion

ASCC

ARCYBER

Build, Operate and Defend a network that ensures Mission Command

Commanders SA, includes social media/layer (Cyber CBA #1 Capability Gap)

Defend in Depth; Ability to protect individuals and platforms.

Conduct CEMA; Perform DODIN operations, EW and EMSO; Deliver EA.

Conduct CEMA; Perform DODIN operations, DCO, EW & SMO; Deliver EA; Integrate

OCO.

Company

includes:

Platoon, Squad,

Fire team, Soldier

Company

Conduct: to direct or take part in the operation or management

of (administer, control, direct, lead, operate, order, organize).

Perform: to carry out an action or pattern of behavior

complete, move, observe, operate, react

Deliver: to send to an intended target

or destination

Conduct CEMA; Perform/Deliver DODIN operations, DCO, OCO, EW &

EMSO. Support to tactical forces.

Conduct CEMA. Perform/Deliver

DODIN operations, DCO,OCO, Hunt,

Support to tactical forces.

Division Conduct CEMA; Perform/Deliver DODIN operations,

DCO, OCO, EW & EMSO. Support to tactical forces.

CEM

CEM

CEM

CCMD USCC

CEM

CSE

CEM

Army Cyber Required Capabilities

Extend cyber

to Operational

and Tactical

Commanders

TEAM

S

JFHQ ACOIC

5

UNCLASS

UNCLASS


Joint & National

• Limited cyber doctrine, training and leader development

• Policy and authorities do not support tactical commanders.

• GENFOR limited ability to provide cyber & EW capabilities to

operational forces – “limited velocity & capacity”

• Legacy, non-standard networks, undefendable, expensive.

• Limited self-protection, understanding of…

• Limited offensive capabilities

• CEM Staff element limited capacity

and training

• Partial tactical expertise

Division/Corps

Bde/BCT

CoIST

Battalion and Below

TROJAN

TROJAN

Self protect jammers (CREW,

CVRJ, MMBJ)

MI CO

S2

G2 / ACE

Prophet

MI BN BFSB

Prophet

SBCT

SURV TRP

ASCC

G2 / ACE

MI BDE

Army Cyber

Command

Space

Systems

NTM Multi-Intel

Sensors/

Platforms

DCGS-A

JSTARS

TROJAN

DCGS-A (FIXED)

DCGS-A

DCGS-A

Army Current Capabilities

MC/NetOps (CPOF, FBCB2,

NIPR, SIPR)

Aircraft Survivability Equipment

MC/NetOps (CPOF, FBCB2,

NIPR, SIPR, JWICS)

Self protect jammers (CREW,

CVRJ, MMBJ)

MC/NetOps (GNEC)

MC/NetOps (GNEC)

S6

S3

UAS Plt

25 Series

29 Series

35Series

G3

G6

Fires

Expeditionary

Signal BN

G3

G6

Fires

Theater

Tactical Sig

Bde

Theater Signal

Command Aircraft

Survivability Equipment

NOSC

TNOSC

25 Series

35Series

NETCOM

INSCOM

1st IO (Cyber

Elements)

Cyber Bde

25 Series

29 Series

35Series

CAB

S2

S6

S3 25 Series

29 Series

35Series

25 Series

29 Series

35Series

DCGS-A

Battalion

and Below

includes:

Company

Platoon

Squad

Fire team

Soldier

5

Army Current Capabilities

http://www.intelink.sgov.gov/search/LinkThrough.aspx?id=d12bd90d-84e1-4b87-ba64-847d0e204be9&qsrc=auimage&seqNum=5&linkURL=http://www.intelink.sgov.gov/Reference/janes/imageDisplay.html?type=I&edition=jc4i2006&imageid=581ca6b12a0228a67accdd480def1f01


http://images.google.com/imgres?imgurl=http://www.tseed.com/content/services/it_support/img_computer.gif&imgrefurl=http://www.tseed.com/computer-repair.htm&h=348&w=380&sz=52&hl=en&start=3&tbnid=UaBA-sptKz7xCM:&tbnh=113&tbnw=123&prev=/images?q=Computer&gbv=2&hl=en
















6

UNCLASS

UNCLASS


Cyber CBA FNA Gap Overall

Priority Cyber Gap 17: Commanders’ SA (Includes social media/layer) 01

Cyber Gap 07: Defend in Depth 02

Cyber Gap 13: DCyD, Hunt and DCO-RA 03

Cyber Gap 05: Operate Networks 04

Cyber Gap 15: Collect, Process and Analyze Adversary Information 05

Cyber Gap 24: RDT&E, RDA and Technical Architecture 06

Cyber Gap 11: Offensive Architecture and Infrastructure 07

Cyber Gap 16: Cyber Attack/OCO 08

Cyber Gap 12: Access to Adversaries 09

Cyber Gap 03: Establish the Enterprise 10

Cyber Gap 14: Exploit Cyber and EW Capabilities 11

Cyber Gap 31: Electronic Protection 12

Cyber Gap 26: Security and Vul Assessments 13

Cyber Gap 32: Electronic Warfare Support 14

Cyber Gap 01 Cyber (Cyber/Electromagnetic) Integration 15

Cyber Gap 30: Conduct Electronic Attack 16

Cyber Gap 27: SE and Forensics 17

Cyber Gap 22: Integrate WfFs and Assess (BDA) 18

Cyber Gap 25: Legal and Policy Oversight 19

Cyber Gap 08: Information, Services and Applications 20

Cyber Gap 04: Access and Authentication 21

Cyber Gap 06: Integrate Mission Partners 22

Cyber Gap 29: Homeland Defense/DSCA 23

Cyber Gap 09: Unity of Command/Governance 24

Cell Color Indicates Level of Risk:

Extremely High Risk

High Risk

Moderate Risk

Low Risk

• Commanders’ SA

and understanding

the social dimension

of cyberspace are

critical to Joint and

Unified Land

Operations

•Many of the gaps cross

multiple required

capabilities

• DOTmLPF actions

such as Doctrine and

LDE&T can mitigate

large portions of these

gaps.

• Materiel development

is REQUIRED. An Army

Cyber Roadmap could

provide synergy of

these areas (RDT&E,

RDA , S&T)

Mission

critical,

we must

do!

6

Mission

essential

to take the

initiative!

Sustain the

operational

initiative!

Army Prioritized Cyber Gaps

7

UNCLASS

UNCLASS


Commanders’ SA and the COP

• See Yourself, the Threat & the Cyberspace Terrain

• Understand Operational Impact, Risk and Mitigation

• Cyber and the EMS in Unified Land Operations

Network as an Operational Platform

• Single, Secure Network, Must defend to operate

• Full spectrum Cyberspace and EW Operations

• Ensure Mission Command

Commanders require freedom to maneuver

• Must have tactical offensive cyber & EW capabilities

• If not, Army cedes the initiative to the adversary

Integrated Cyber Planning and Execution

• Cyber/EW Effects tied to Commander’s Objectives

• Synchronize Lethal & Non-Lethal

• Robust CEMA element tied to CNMTs (Joint teams)

Transform the Army, Trained and Ready Forces

• Doctrine, Education, Training, and Leader Development is Key 7

Fundamental Principles

8

UNCLASS

UNCLASS


• Commanders must understand:

• How the cyber domain and EMS influences and impacts

their operational environment

• How to fully leverage cyber and EW capabilities holistically

in Unified Land Operations

• Staffs:

• Integrate Cyber and EW in maneuver

• How to call for support, reach-back capabilities

• Cyber/EW Units:

• Ability to create the operational cyber conditions throughout

their area of operations

• Capacity to adeptly apply multiple capabilities, responsively,

simultaneously

• Synchronization and collaboration among all mission

elements, joint and Army

• Timely, responsive, continuous support for offensive cyber

and EW.

• Can be done within today's authorities, extends the joint

Title-X platform (USCC/ARCC) to the tactical level.

Units simultaneously act across the physical domains,

cyberspace, and the electromagnetic spectrum

x

8

Commanders and Units

9

UNCLASS

UNCLASS


• Description: The Defensive Cyberspace Operations capability is an integrated solution that provides protection against,

monitoring/detection/analysis of, and response to known/unknown network and information system threats and vulnerabilities to

achieve freedom of action in the cyberspace domain in support of unified land operations. The approval of the DCO IS CDD is a

critical step towards establishing a true defense-in-depth across a friendly, neutral, and adversary portions of the Cyberspace

domain.

• Gaps:

– 07 Defend in Depth

– 11 Offensive Architecture and Infrastructure

– 12 Access to Adversaries

– 13 DCyD, Hunt, and DCO-RA

– 16 Cyber Attack/OCO

– 22 Integrate WfFs and Assess Battle Damage

– 26 Security and Vulnerability Assessments

– 27 SE and Forensics

– 29 Homeland Defense/DCSA

• Capabilities:

– Gaining/Maintaining SA

– Discovery, Detecting, Analyzing, Mitigating

– Responding

– Outmaneuvering

– Actively Hunting

– Dynamically Re-establishing, Re-securing, Re-routing, Reconstituting, and Isolating

– DCO-RA

– Protecting Networks, Platforms, and Data

– Transferring Data Securely

– Managing User Identities

– Protecting Key/Critical Cyber Terrain/Infrastructure

– In-depth Assessments

– Site Exploitation/Forensics

DCO IS CDD

JIE GIG

IA

LWN

DCO

Protect

RDP

Detect

RDP

Response

RDP

Assess

RDP

CDP CD

CDP CDP

CD

CDP CD

CD

NEMC

ICD

10

UNCLASS

UNCLASS


OCO IS ICD

OCO Infrastructure

RDP

CD

OCO Firing Platform

RDP

CD

Situation Awareness RDP

CD

Tactical Military Communications

RDP

CD

Critical Ground Force Support Infrastructure

RDP

CD

Ground Force Systems RDP

CD

• Description: The Offensive Cyberspace Operations (OCO) Information System Initial Capability Document (IS ICD) will establish the

framework for the rapid identification, validation, development and fielding of capabilities required to execute OCO by ARCYBER

operational forces in support of Service and Joint operations and requirements. The OCO IS ICD will align existing programs, emergent

technologies, and resources to form an all-inclusive offensive cyber capabilities portfolio. This will enable the transition or acquisition of

people, processes and technologies into a development methodology consistent with the Joint Capability Integration and Development

System (JCIDS) and the Defense Acquisition System, promoting unity of effort throughout the community.

•Capabilities:

An Army offensive infrastructure

A common offensive firing platform

Gaining and maintaining situational awareness

Offensive Capabilities against tactical military

communications

Offensive Capabilities against critical ground force

support infrastructure

Offensive Capabilities against ground force systems

•Gaps:

Offensive Architecture and Infrastructure

Collect , Process and Analyze adversary

information

Cyber Attack/OCO

Access to adversaries

Exploit Cyber and EW capabilities

DCyD, Hunt and DCO-RA

Offensive Cyber Operations IS ICD

11

UNCLASS

UNCLASS


• Description: Situational Awareness (SA) ranges from understanding how tactical level actions within the cyber domain can have strategic

implications within DoD, public, and private sector cyberspace to shared scalable awareness of joint, coalition, and interagency,

operational status and intent. Cyber SA provides the Army and Joint Forces commanders an understanding of cyberspace infrastructure,

its use by adversaries and neutral users, and impact on decisive operations.

• Gaps:

– 17 Commander’s SA

– 05 Operate Networks

– 15 Collect Process and Analyze adversary Information

– 11 Offensive Architecture and Infrastructure

– 14 Exploit Cyber and EW Capabilities

– 31 Electronic Protection

– 26 Security and Vulnerability Assessments

– 32 Electronic warfare Support

– 01 Cyber (Cyber Electromagnetic SA is required) Integration

– 22 Integrate Warfighting Functions (WfF) and Assess BDA

– 23 Integrate Mission Partners

• Capabilities:

Corps

– SA of the cyberspace domain and EMS; blue, white, grey, and red

• Internet Topography

– Targeting in cyber (includes EMS) and as part of land operations

– Connection to National Capacities (IC, National and Service Labs, AMC)

Division

– SA/Identification Friend or Foe capability; blue, white, grey and red; internet topography

– Targeting in cyber (includes EMS) and as part of land operations

– CEM deconfliction with Organic and non-Organic Elements and BCT and BCT and Below (ATO, Cyber, IC)

– May be restricted to TS level (limited STO)

– Visualization of task/org elements from BDE and Below to echelons above ASCC

Brigade

– SA/Identification Friend or Foe capability; blue, white, grey and red; graphic representation (dash board)

– Highly Defined Targeting-e.g. route clearance support, mapped key terrain (cyber to geo and/or mission impact)

– Provide Real-Time/Near Real Time data; BW limits, EMS Considerations; MC System Capable; Tied to Physical

Topography

Cyber SA CDD

12

UNCLASS

UNCLASS


• FSA identified 45 solutions to mitigate 24 FNA gaps

• Solutions were aligned to the gaps in the RSA worksheet focusing on the Technical Risk, Supportability, Feasibility, Affordability, and DOTMLPF-P implications

• Solutions were then prioritized by the overall gap priority and by the number of gaps the solution addressed

• Interdependent solutions were grouped together

• Based on the above, solutions were grouped into first, second and third priority groups.

• Within each priority are interdependent solutions that support each other and need to be implemented on a similar timeline (supporting and related solutions).

12

Solution Sets

13

UNCLASS

UNCLASS


Organization

O01 - Army Construct for USCC C2

CONOPS

O02 - Develop Robust CEM Element

O06 - Army Cyber CoE

Training

T01 - Develop Army Cyber LDE&T Strategy

Materiel

M02 - Produce Cyber JCIDS Documents

M04 - Transition Cyber Ops

Arch/Infrastructure

M06 - Implement IEWS

M07 - Army Cyberspace Ops Arch/Infra

Leader Development

L01 - Specialized CMF Cyber LDE&T

L02 - Incorporate basic cyberspace

objectives

L03 – Develop cyber specific LD&E

objectives in non-cyber LDE&T training

Personnel

P03 - Cyberspace Planners BCT to ASCC

P05 - Manpower study (USCC & CEM

Element)

Facilities

F02 - Ensure Adequacy of Facilities &

Ranges

Policy

Policy06 - Army Materiel Development

Strategy

Priority Solution Sets

Organization

O03 - 2-3-6 Integration

Training

T04 - Continue NETOPS Training Program

T05 - Cyberspace / EW Modeling &

Simulation

T06 - Develop Digital Literacy Fitness

Program

T07 - Enterprise IA Awareness Training

Materiel

M01 - Providing Timely Cyber / EA

Payloads

Personnel

P02 - MOS 25D / 35Q / 255S / FA 26

Facilities

F01 - Service Facilities Assessment

Policy

Policy01 - Update Regulations (Army / DoD

/ USC)

Policy02 - Update Title 10 for DCO-RA

Policy03 - LandWarNet / JIE & GNE

alignment

Policy04 - Securing CONUS Infrastructure

Policy05 - RC Alignment for ARFORGEN

Solution Set # 1

Organization

O04 - Army Service Theater Cyber

Organizations

O05 - Develop Army Cyber and EW Tactical

Units

Training

T02 - Legal/JAG Cyber Operations Training

T03 - Leverage Joint Cyber Training

Exercise

Materiel

M03 - Develop Mobile SCIFs

M05 - Army Cyberspace Innovation

Program

Personnel

P01 - Cyber S&T/RDT&E Personnel

P04 - Review roles of cyber workforce

Facilities

F03 - Identify agency for facilities / ranges

Policy

Policy07 - Army Service Cyber Roadmap

Policy08 - Cyber QRCs and Review Board

Policy09 - Support to Cyber Mobilization

Strategy

Policy10 - JCIDS Modification

Solution Set # 2 Solution Set # 3

14

UNCLASS

UNCLASS


Way Ahead

14

15

UNCLASS

UNCLASS


The DICR focuses on those Cyber CBA Solutions not currently being implemented.

• Doctrine

• FM 3-12 Cyberspace Operations (in progress)

• Organization Organization

• Develop a robust and capable Cyber Electromagnetic (CEM) Element, ASCC to BCT (Cyber CBA O02).

• Create Army Service Theater Cyber Organizations (Cyber CBA O04) COMPLETE

• Develop Army Cyber and EW tactical units (Cyber CBA O05).

• Training

• Assess and identify legal support to cyberspace operations for Judge Advocate General (JAG) Training (Cyber CBA T02).

• Leverage a Joint Cyber Training Enterprise (Cyber CBA T03).

• Incorporate cyberspace and EW modeling and simulation (M&S) capabilities into cyberspace and EW training and exercises

(Cyber CBA T05).

• Leadership & Education

• Incorporate additional specialized cyberspace training into specified Career Management Fields (CMF) and Functional

Areas (FA) (Cyber CBA L01).

• Incorporate basic cyberspace learning objectives into the Officer Education System, Warrant Officer Education System,

Noncommissioned Officer Education System, and Civilian Education System (Cyber CBA L02).

• Develop cyber specific LD&E objectives in non-cyber LDE&T training (educate and train the force) (Cyber CBA L03).

• Personnel

• Determine Personnel Requirements in the Research, Development, Test, and Evaluation (RDT&E)

• Research Development, Acquisition (RDA), and Science and Technology (S&T) Communities (Cyber CBA P01).

• Add Cyberspace Operations Planners to the CEM Element, at BCT to ASCC (Cyber CBA P03).

• Conduct a manpower study for USCC C2 CONOPS and CEM Element (Cyber CBA P05).

• Facilities

• Conduct Army Service Facilities Assessment and Strategy (Cyber CBA F01).

• Ensure adequate facilities and ranges are available (Cyber CBA F02).

• Identify a Service coordination agency for Army and joint cyber ranges (Cyber CBA F03).

15

DOMTMLPF Integrated Capabilities

Recommendation (DICR)

16

UNCLASS

UNCLASS


Questions