mors 2011 cyber analysis terms of reference
TRANSCRIPT
Terms of Reference As of 15 February, 2011
Workshop Vision
Cyberspace has joined land, sea, air and space as a domain of warfare. The President has declared our countries cyber infrastructure to be a “strategic national asset”. United States Cyber Command (USCYBERCOM) has stood up under the command of General Keith B. Alexander, USA, and each of the services is wrestling with its Organize, Train and Equip and its warfighting responsibilities for the cyber mission. MORS has held the Cyber Analysis Workshop on 28-30 October 2008 in Reston, Virginia, focusing on improving cyber M&S, developing a common understanding of the threat. The results of that workshop were very well received, and provided OSD and service level insights for M&S and policy development.
Since that workshop, service and major command roles regarding cyber have been clarified, and analysts at the service and subordinate levels are being challenged to apply their craft to the cyberspace domain. DHS has received the cyber defense mission for our civil cyber infrastructure. But in contrast to the other domains of warfare, there are very few analysts who have experience in cyber operations upon which to draw as they attempt to apply analytical techniques. This MORS workshop will focus on maturing the relationship between the cyber operations and the analytic community. The intent is to provide a forum and structure for analysts and cyber operators to generate a shared understanding of cyber operations activities and how analysts can support those activities. Mission Assurance (MA) has been said to be an enveloping, overarching goal of our cyber forces. MA derives from these primary components of cyber capability: Situational Awareness (both friendly and other) Establish and Extend the Network Operate and Defend the Network Cyber Force Application These components of cyber capability provide the framework for our working group structure below. Different services and agencies will have different taxonomies, and it will be the role of the workshop planning staff to engage those services and agencies to translate their taxonomies to this one and demonstrate the applicability and value of their participation in the workshop.
Mission Assurance: Analysis for Cyber Operations 21 –24 March 2011 | Southwest Research Institute | San Antonio, TX
1703 N. Beauregard St, STE 450, Alexandria, VA 22311 | 703-933-9070 | [email protected]
Objectives Ensure attendees understand the nature of the current cyber threat Improve analytical approaches and techniques that support cyberspace operations. Facilitate discussions between cyber operators, consumers of cyber capabilities, and analysts
to create an understanding analysis opportunities to improve mission assurance Write an unclassified report with classified appendices summarizing the workshop.
The workshop report should articulate specific applications of analytical techniques to improve cyber operations and mission assurance
The report will also provide recommendations for developing new or improving existing analysis techniques to for cyber applications
Workshop Goals Attendance of at least 100 participants. The meeting achieve an average attendee overall rating of 4 on 1 to 5 scale. Determine the efficacy of a Community of Practice (COP) for cyber analysis.
Workshop Organization The workshop has both staff and line functions. The workshop will have several tracks addressing different aspects of cyber operations. Workshop participants will have matrix-style alternating attendance between tracks and discipline groups. These groups based on academic disciplines examine how the skills of their specialties may be applied to address the analytical issues across the tracks. The following shows the staff, track, and discipline group structure for the workshop. Workshop Chair: Dr. Lee Lehmkuhl, MITRE Workshop Co-Chair: Major Michael Artelli, 24th Air Force Working Group 1: Situational Awareness (SA) and Intelligence, Surveillance, and Reconnaissance (ISR) Chair: Patricia Hickman, USAF/A9 Co-Chair: Working Group 2: Establish and Expand the Network Chair: Lt Col Patrick Dunnells, Air Force Network Integration Center Co-Chair: Jeffrey Geroso, US Army Materiel Systems Analysis Activity Stryker POF Team
Mission Assurance: Analysis for Cyber Operations 21 –24 March 2011 | Southwest Research Institute | San Antonio, TX
1703 N. Beauregard St, STE 450, Alexandria, VA 22311 | 703-933-9070 | [email protected]
> More
Working Group 3: Operate and Defend the Network Chair: Co-Chair: Pat Thompson, ATEC Working Group 4: Cyber Force Applications Chair: Col Robert Morris, 24th Air Force Co-Chair: Jeff Cares, Alidade Incorporated Synthesis Group: Chair: Greg Keethler Co-Chair: Mark Reid Tutorials: Chair: Dr. Steve Baker, MITRE Workshop Operation This workshop will employ the traditional model of multiple working groups focused on different aspects of the cyber domain and a synthesis group looking across all working groups. The synthesis group will look for common themes, and recommend real-time modifications and improvements to the workshop. Each working group will be co-chaired. One chair will have a background in the cyber focus of the working group, and the other will be an analyst with broad professional and MORS workshop experience. The co-chairs will develop an abstract, agenda, and expected outcomes to shape the activities of the working group and maintain a balance between presentations and working group product creation.
Agenda Monday, 21 March 1100 ........ Registration Opens 1200 ........ Applying Social Network Analysis to the Cyber Domain*
Jim Morris, Air Force Institute of Technology 1300 ........ Risk-Based and Game Theoretic Approaches to Cyber Modeling with Attacker Defender and Defender-Attacker-Defender Case Studies* David Alderson, Naval Postgraduate School 1500 ........ A Live-Virtual-Constructive (LVC) Capability for Cyber Analysis Rajive Bagrodia, Scalable Technologies (Army Test and Evaluation Command) 1630 ........ Tutorials Wrap-up 1800 ........ Optional Networking Activity (Additional Registration Fee Required) TBD * indicates title is tentative
Mission Assurance: Analysis for Cyber Operations 21 –24 March 2011 | Southwest Research Institute | San Antonio, TX
1703 N. Beauregard St, STE 450, Alexandria, VA 22311 | 703-933-9070 | [email protected]
> More
Tuesday, 22 March 0700 ........ Workshop Registration and Continental Breakfast 0800 ........ MORS President’s Welcome Mr. Terry McKearney, MORS President 0810 ........ Facility Host Welcome 0820 ........ Sponsor’s Welcome Dr. Jacqueline Henningsen, USAF HQ / A9 0830 ........ Keynote Address Major General Richard E. Webber, 24 AF/CC 0915 ........ Break 0930 ........ Plenary Address Dr. Mark T. Maybury, Chief Scientist of the United States Air Force 1015 ........ Cyber Threats and Vulnerabilities Fisher Little, 24 AF/A2 1130 ....... Lunch 1230 ....... Breakout to Working Groups 1400 ....... Afternoon Break 1630 ....... Adjourn 1800 ....... Mixer Hotel Valencia Riverwalk Wednesday, 23 March 0700 ........ Registration & Continental Breakfast 0800 ........ Working Group Session 2 1000 ........ Morning Break 1130 ........ Adjourn to Lunch / Working Lunch 1230 ........ Working Group Session 3 1400 ....... Afternoon Break 1630 ....... Adjourn
Mission Assurance: Analysis for Cyber Operations 21 –24 March 2011 | Southwest Research Institute | San Antonio, TX
1703 N. Beauregard St, STE 450, Alexandria, VA 22311 | 703-933-9070 | [email protected]
> More
Thursday, 24 March 0700 ........ Registration & Continental Breakfast 0800 ........ Working Group Session 4 1000 ....... Morning Break 1130 ....... Adjourn to Lunch / Working Lunch 1230 ....... Working Groups Chairs Present Out-briefs (30 minutes per WG + Synthesis)
• Working Group 1 • Working Group 2 • Working Group 3 • Working Group 4 • Synthesis Group
1400 ....... Afternoon Break 1600 ....... Recognitions and Sponsor’s Concluding Remarks Friday, 24 March (Working Chairs/Program Leadership Only – SWRI) 0800 ........ Working Group and Workshop Chairs Wrap-up and Discussions 1200 ........ Adjourn
Working Groups (WGs) WG 1: Situational Awareness (SA) and Intelligence, Surveillance and Reconnaissance (ISR). This WG will explore analysis techniques to improve the understanding of the network, the friendly cyber forces and missions operating on the network, and non-friendly networks, forces and missions. Examples include sensor tasking algorithms, data fusion, and exploring the implications of network topology. WG2: Establish and Extend the Network. While the analyst community has long supported the acquisition and fielding of networks, considering the network within the broader context of cyber indicates the potential for fresh analytical challenges. Some network modifications occur on a very rapid timeline, perhaps hours or days. An adapting cyber threat may add an additional dimension to analysis as it assists in the structuring, evaluation and prioritization of acquisition activities. The need to rapidly extension the network to support the warfighter, and ongoing development of air and terrestrial complements to satellite communications, present a rich set of alternative courses of action, with associated risks, that are amenable to analytic investigation.
Mission Assurance: Analysis for Cyber Operations 21 –24 March 2011 | Southwest Research Institute | San Antonio, TX
1703 N. Beauregard St, STE 450, Alexandria, VA 22311 | 703-933-9070 | [email protected]
> More
WG 3: Operate and Defend the Network. T his WG will focus on how analysis may assist the achievement of Mission Assurance as it relates to operating the network and defending it in depth. Specific areas of interest include the development of courses of action (COAs), prioritization of missions or activities to defend the network, and adaptation to dynamic warfighter priorities. This WG may require sub-groups to explore the different analysis needs of DoD, the Services, and DHS. WG 4: Cyber Force Applications. Force application WG will focus on the analytic requirements to enhance Operational Targeting and increase relevance for Cyber Operations in the Multi-Domain Battlefield. Specific areas will include a discussion of analysis to support determination of Militarily Relevant Cyber Targets, their contribution to the Combined Force Commander's objectives and operational measures of performance and effectiveness. Synthesis Working Group. Members of this WG sit in on the various working groups to gather themes and key thoughts, which are used in the formulation of their report. This report summarizes the common themes/thoughts from the workshop. Potential Government Senior Leader Involvement Workshop Leadership The following individuals are leading this workshop. Keynote Speaker: Major General Richard E. Webber, 24 AF/CC Co-Sponsors: Air Force A9 Studies & Analyses, Assessments and Lessons Learned Host Organizations: 24th Air Force Air Force Space Command Analyses, Assessments and Lessons Learned Workshop Co-Chairs: Maj Michael Artelli and Dr. Lee Lehmkuhl MORS leadership attending include: Dr. Jacqueline R. Henningsen, SES, A9, Sponsor Security Procedures The workshop will be conducted at the SECRET level, US personnel only. Facilities If you need more information, please contact the workshop co-Chair, Dr. Lee Lehmkuhl at 719-572-8307 or [email protected] or contact the MORS office at 703-933-9070 or www.MORS.org
Mission Assurance: Analysis for Cyber Operations 21 –24 March 2011 | Southwest Research Institute | San Antonio, TX
1703 N. Beauregard St, STE 450, Alexandria, VA 22311 | 703-933-9070 | [email protected]