it security vs. defensive cyber operations...•several industry certifications –cissp, sans gcia...
TRANSCRIPT
![Page 1: IT Security vs. Defensive Cyber Operations...•Several Industry Certifications –CISSP, SANS GCIA and GCIH, EC-Council ECIH 3. Canadian Centre for Cyber Security (aka “The Centre”)](https://reader034.vdocuments.mx/reader034/viewer/2022042413/5f2ce30cfbe8ef05c750ba64/html5/thumbnails/1.jpg)
IT Security vs. Defensive
Cyber Operations:The evolution of CAF Cyber
Master Warrant Officer Alex Arndt
Canadian Forces Network Operations Centre
1 November 2018
DIRECTOR GENERAL INFORMATION MANAGEMENT OPERATIONS
JOINT FORCE CYBER COMPONENT COMMANDER
ASSISTANT DEPUTY MINISTER (INFORMATION MANAGEMENT)
![Page 2: IT Security vs. Defensive Cyber Operations...•Several Industry Certifications –CISSP, SANS GCIA and GCIH, EC-Council ECIH 3. Canadian Centre for Cyber Security (aka “The Centre”)](https://reader034.vdocuments.mx/reader034/viewer/2022042413/5f2ce30cfbe8ef05c750ba64/html5/thumbnails/2.jpg)
Outline
• “The Centre”
• How does CAF Cyber fit in?
• CFNOC evolution
• ITS vs. DCO
• SSE – Where are we now?
2
![Page 3: IT Security vs. Defensive Cyber Operations...•Several Industry Certifications –CISSP, SANS GCIA and GCIH, EC-Council ECIH 3. Canadian Centre for Cyber Security (aka “The Centre”)](https://reader034.vdocuments.mx/reader034/viewer/2022042413/5f2ce30cfbe8ef05c750ba64/html5/thumbnails/3.jpg)
MWO Alex Arndt
• MOSID 00378 – Cyber Operator
• 28 years in the CAF
• Experience includes Infantry, SIGINT, EW and
Cyber
• Graduate of the Army Technical Warrant Officer
Programme
• Over 15 years of Cyber Operations experience
• Several Industry Certifications
– CISSP, SANS GCIA and GCIH, EC-Council ECIH
3
![Page 4: IT Security vs. Defensive Cyber Operations...•Several Industry Certifications –CISSP, SANS GCIA and GCIH, EC-Council ECIH 3. Canadian Centre for Cyber Security (aka “The Centre”)](https://reader034.vdocuments.mx/reader034/viewer/2022042413/5f2ce30cfbe8ef05c750ba64/html5/thumbnails/4.jpg)
Canadian Centre for Cyber Security
(aka “The Centre”)
• The CCCS is announced in January 2018
• Government of Canada released National Cyber
Security Strategy in June 2018
– Three areas of focus: Security and Resilience, Cyber Innovation,
Leadership and Collaboration
• The CCCS brings three organizations together to provide
Leadership
– CSE (ITS Branch)
– SSC (SOC)
– PS (CCIRC and GetCyberSafe)
4
![Page 5: IT Security vs. Defensive Cyber Operations...•Several Industry Certifications –CISSP, SANS GCIA and GCIH, EC-Council ECIH 3. Canadian Centre for Cyber Security (aka “The Centre”)](https://reader034.vdocuments.mx/reader034/viewer/2022042413/5f2ce30cfbe8ef05c750ba64/html5/thumbnails/5.jpg)
Canadian Centre for Cyber Security
(aka “The Centre”)
• CCCS consolidates ITS functions into one integrated
team:
– Defence of Government of Canada systems
– Expert advice and guidance
– Threat assessments and reporting
– Coordinated incident response
– Secure solutions and services
– Cyber security training and education
• PS remains responsible for ITS policy
5
![Page 6: IT Security vs. Defensive Cyber Operations...•Several Industry Certifications –CISSP, SANS GCIA and GCIH, EC-Council ECIH 3. Canadian Centre for Cyber Security (aka “The Centre”)](https://reader034.vdocuments.mx/reader034/viewer/2022042413/5f2ce30cfbe8ef05c750ba64/html5/thumbnails/6.jpg)
CAF integration into CCCS
• CAF has only one Cyber Unit (CFNOC)
• Historically CFNOC has performed similar functions to
CCCS, in partnership with other CAF/DND partners
– DIMEI (ITS engineering)
– Dir IM Secur (ITS policy and SA&A)
– ISSOs (IR actions and reporting)
• CFNOC will continue to collaborate with CCCS to ensure
ITS delivery is responsive, efficient and effective for
DND/CAF networks
• Establishment of CCCS allows for evolution towards
DCO6
![Page 7: IT Security vs. Defensive Cyber Operations...•Several Industry Certifications –CISSP, SANS GCIA and GCIH, EC-Council ECIH 3. Canadian Centre for Cyber Security (aka “The Centre”)](https://reader034.vdocuments.mx/reader034/viewer/2022042413/5f2ce30cfbe8ef05c750ba64/html5/thumbnails/7.jpg)
Canadian Forces
Network Operations Centre (CFNOC)
Mission: CFNOC will gain and maintain
cyber superiority within the DND/CAF’s
cyber AOR in order to assure friendly forces
freedom of action.
7
![Page 8: IT Security vs. Defensive Cyber Operations...•Several Industry Certifications –CISSP, SANS GCIA and GCIH, EC-Council ECIH 3. Canadian Centre for Cyber Security (aka “The Centre”)](https://reader034.vdocuments.mx/reader034/viewer/2022042413/5f2ce30cfbe8ef05c750ba64/html5/thumbnails/8.jpg)
What does CFNOC do?
CFNOC conducts defensive operations
within DND/CAF’s cyberspace to detect,
defeat, and/or mitigate offensive and
exploitive actions to maintain freedom of
action.
8
Defensive Cyber Operations - Internal
Defensive Measures (DCO-IDM)
![Page 9: IT Security vs. Defensive Cyber Operations...•Several Industry Certifications –CISSP, SANS GCIA and GCIH, EC-Council ECIH 3. Canadian Centre for Cyber Security (aka “The Centre”)](https://reader034.vdocuments.mx/reader034/viewer/2022042413/5f2ce30cfbe8ef05c750ba64/html5/thumbnails/9.jpg)
Defensive Cyber Operations (DCO)
A defensive operation conducted in or through cyberspace
to detect, defeat and/or mitigate offensive and exploitive
actions to maintain freedom of action. A DCO may include
internal defensive measures and response actions
9
Defensive cyber operation - Internal defensive
measures (DCO-IDM)
Measures and activities conducted within one’s own
cyberspace to ensure freedom of action
![Page 10: IT Security vs. Defensive Cyber Operations...•Several Industry Certifications –CISSP, SANS GCIA and GCIH, EC-Council ECIH 3. Canadian Centre for Cyber Security (aka “The Centre”)](https://reader034.vdocuments.mx/reader034/viewer/2022042413/5f2ce30cfbe8ef05c750ba64/html5/thumbnails/10.jpg)
A quote from the Commander of CFIOG…
“CFNOC’s role is not to be another layer of IT Security but
to defend against and defeat our adversaries in this
battlespace…” – Colonel Dave Yarker
10
![Page 11: IT Security vs. Defensive Cyber Operations...•Several Industry Certifications –CISSP, SANS GCIA and GCIH, EC-Council ECIH 3. Canadian Centre for Cyber Security (aka “The Centre”)](https://reader034.vdocuments.mx/reader034/viewer/2022042413/5f2ce30cfbe8ef05c750ba64/html5/thumbnails/11.jpg)
11
Cybersecurity
Information assurance
Threat agnostic
Vulnerability-focused
Compliance
Best practices
Industry standards
Cyber Defence
Assure the mission
Adversary focused
Command and Control
Intelligence
Movement and manoeuver
ITS vs. DCO
![Page 12: IT Security vs. Defensive Cyber Operations...•Several Industry Certifications –CISSP, SANS GCIA and GCIH, EC-Council ECIH 3. Canadian Centre for Cyber Security (aka “The Centre”)](https://reader034.vdocuments.mx/reader034/viewer/2022042413/5f2ce30cfbe8ef05c750ba64/html5/thumbnails/12.jpg)
How has CFNOC changed?
Defensive Cyber
Operations
Network
Operations
National
Centralized
Attendant Service
TSCMIncident Handling
Integral IT
Support
7 C
om
mG
rou
p
![Page 13: IT Security vs. Defensive Cyber Operations...•Several Industry Certifications –CISSP, SANS GCIA and GCIH, EC-Council ECIH 3. Canadian Centre for Cyber Security (aka “The Centre”)](https://reader034.vdocuments.mx/reader034/viewer/2022042413/5f2ce30cfbe8ef05c750ba64/html5/thumbnails/13.jpg)
CFNOC Evolution
13
Cybersecurity Cyber Defence
![Page 14: IT Security vs. Defensive Cyber Operations...•Several Industry Certifications –CISSP, SANS GCIA and GCIH, EC-Council ECIH 3. Canadian Centre for Cyber Security (aka “The Centre”)](https://reader034.vdocuments.mx/reader034/viewer/2022042413/5f2ce30cfbe8ef05c750ba64/html5/thumbnails/14.jpg)
SSE – Where are we now?
• Ongoing DCO-IDM evolution ensures that CAF
Cyber is focused on supporting Commanders
• CAF DCO will not duplicate CCCS
responsibilities writ large
• Initiatives 65 and 89 are being met
• Initiatives 75 and 88 continue to be worked on
14
![Page 15: IT Security vs. Defensive Cyber Operations...•Several Industry Certifications –CISSP, SANS GCIA and GCIH, EC-Council ECIH 3. Canadian Centre for Cyber Security (aka “The Centre”)](https://reader034.vdocuments.mx/reader034/viewer/2022042413/5f2ce30cfbe8ef05c750ba64/html5/thumbnails/15.jpg)
SSE Initiatives
• Initiative 65 – Improve cryptographic capabilities, information operations
capabilities, and cyber capabilities to include: cyber security and situational
awareness projects, cyber threat identification and response, and the
development of military-specific information operations and offensive cyber
operations capabilities able to target, exploit, influence, and attack in
support of military operations
• Initiative 75 – Assign Reserve Force units and formations new roles that
provide full-time capability to the Canadian Armed Forces through part-time
service
• Initiative 88 – Develop active cyber capabilities and employ them against
potential adversaries in support of government-authorized military missions
• Initiative 89 – Grow and enhance the cyber force by creating a new
Canadian Armed Forces Cyber Operator occupation to attract Canada’s
best and brightest talent and significantly increasing the number of military
personnel dedicated to cyber functions.15
![Page 16: IT Security vs. Defensive Cyber Operations...•Several Industry Certifications –CISSP, SANS GCIA and GCIH, EC-Council ECIH 3. Canadian Centre for Cyber Security (aka “The Centre”)](https://reader034.vdocuments.mx/reader034/viewer/2022042413/5f2ce30cfbe8ef05c750ba64/html5/thumbnails/16.jpg)
Canadian Forces
Network Operations Centre
“Fight the Networks”
DIRECTOR GENERAL INFORMATION MANAGEMENT OPERATIONS
JOINT FORCE CYBER COMPONENT COMMANDER
ASSISTANT DEPUTY MINISTER (INFORMATION MANAGEMENT)