U S FLEET CYBER COMMAND U S TENTH FLEET Dr Starnes Walker Technical Director CTO Fleet Cyber Command — FLTCYBERCOM  TENTH FLEET — 1 Agenda  Fleet Cyber Command FCC 10th Fleet Introduction  Technical Director CTO Role  Key Initiatives Challenges Unclassified USCYBERCOM  COMUSSTRATCOM will establish USCYBERCOM  DIRNSA is also 4-star Commander U S Cyber Command  IOC Upon CDR confirmation at Ft Meade MD  FOC 1 OCT 10  Services will create a component  JFCC-NW JTF-GNO dissolved by FOC Source 23Jun09 SECDEF Letter Unclassified FCC C10F Mission  Establish Fleet Cyber Command to serve as the Naval component Commander to USCYBERCOM   Unclassified Central operational authority for Navy networks cryptology SIGINT IO cyber EW and space in support of forces afloat and ashore Delineate FLTCYBERCOM’s mission  Directs cyberspace operations to deter and defeat aggression  Ensure freedom of action and achieve military objectives in and through cyberspace  Organize and direct Navy cryptologic operations worldwide  Integrate Information Operations and Space planning and operations Navy Cyberspace C2 Relationships STRATCOM ADCON COCOM CNO FLTCOMs NSW NAVSOUTH NAVCENT NAVAF NAVEUR PACFLT USFF OPCON USCYBERCOM NSA SCC FLTCYBERCOM C10F TYCOMs SUBFOR AIRFOR SURFOR Service Employment NCDOC NNWC NIOCs CYBERFOR NAVSOC Unclassified NCTAMS NCWDG FCC C10F Lines of Operation  Lines of Operation    Operate - Achieve and sustain the ability to navigate and maneuver freely in cyberspace and the RF spectrum Defend - Actively assuring Navy’s ability to Command and Control its operational forces in any environment Exploit Attack - On command and in coordination with Joint and Navy commanders conduct operations to achieve effects in and through cyberspace Aligned with USCYBERCOM Unclassified FCC C10F Operating Authorities STRATCOM NSA Title 50 Authority Title 10 Authority USCYBERCOM FLTCYBERCOM C10F DEFENSE NETWORKS TASK FORCE COMMANDS Warfighter Intelligence Title 50 USC  Analyze network activity of target users and or computers  Analyze network activity of target groups  Provide alerts when target users computers are active  Track network usage  Determine associations of groups individuals R D FCC C10F Commander Title 10 USC  Deny network and or computer use  Degrade network and or computer use  Redirect network traffic  Disrupt  Destroy Coordination Title 14 Authority Unclassified FCC C10F Global Operations Elmendorf London Great Lakes Newport Washington Fallon Naples Capodichino Souda Bay Rota Quantico Norfolk San Diego Millington NCTAMSPAC Pearl Harbor HI PMRF Kauai Vaihingen Wiesbaden Bremerton Beale AFB Hickam AFB Columbus Yuma Corpus Christi Misawa Chinhae Atsugi Sigonella Yokosuka Cairo Bahrain Sasebo Okinawa Jacksonville Puerto Rico Pensacola San Antonio Guam Singapore DISA Interface IT21 NMCI ONENET Excepted Legacy Navy Sensor Unclassified Diego Garcia Technical Director CTO Role  Senior Executive Service career official  Serves as the senior Research Development Test and Evaluation RDT E Executive providing the Commander with advice assistance       Unclassified Serve as command’s Senior Executive responsible for technical direction Formulate Cyber RDT E Strategic Programmatic Objectives supporting command mission Identify Cyber technology investment opportunities strengthening Navy Enterprise capabilities operational tactical effectiveness Recommend technology policies standards Enhance teamwork and collaboration strengthening Command structure and cyber strategic deliverables across the DON OSD OGAs and Coalition Partners Ensure RDT E Cyber objectives meet current and future exponentially growing technology advances and threats FCC C10F Standing Task Organization CTF 1000 FCC C10F HQ C10F CTF 1030 CTF 1090 CO NIOC Norfolk CO NCWDG Suitland CTG 1000 1 CTG 1000 3 CTG 1000 5 CTG 1000 7 CTG 1000 9 CTG 1030 1 NIOC Menwith Hill Station NIOC Misawa NIOC Georgia NIOC Hawaii NIOD Yakima NIOC Norfolk CTG 1000 2 CTG 1000 4 CTG 1000 6 CTG 1000 8 CTG 1000 10 CTG 1030 2 NIOC Sugar Grove NIOC Texas NIOC Maryland NIOC Colorado NIOD Alice Springs NIOC San Diego R D CTG 1030 3 Service Cryptologic Component Operations NIOC Whidbey Island Information Operations CTF 1040 CTF 1050 CTF 1060 CTF 1070 CTF 1080 CO NIOC Texas CO NIOC Georgia CO NIOC Maryland CO NIOC Hawaii CO NIOC Colorado CTG 1040 1 CTG 1050 1 CTG 1060 1 CTG 1070 1 CTG 1080 1 NIOC Texas NIOC Georgia NIOC Maryland NIOC Hawaii NIOC Colorado CTG 1020 2 CTG 1050 2 CTG 1060 2 CTG 1070 2 NIOC Pensacola NIOC Bahrain FIOC UK NIOC Yokosuka CTF 1010 CTF 1020 COMNNWC CO NCDOC CTG 1010 1 CTG 1020 1 NCTAMS LANT NCDOC CTG 1010 2 NCTAMS PAC CTG 1070 3 CTG 1010 3 NIOC Misawa NAVSOC Network Operations Defense Group Fleet and Theater Operations Unclassified Information Dominance Corps PROFESSIONALS 160x 642x 742x 820 AC 138 RC 7 858 Civilians 10432 AC 1492 RC NAVAL WARFARE INTELLIGENCE 161x 644x 1 744x 163x 645x 1 745x 1097 AC 1528 AC 213 RC 1642 RC 374 Civilians 2 735 Civilians a us 8340 AC 2748 AC 697 RC 1712 RC 1 SPACE CAD Various Designators 969 AC 167 RC 320 Civilians OCEANOGRAPHY 180x 646x 384 AC 79 RC 1300 Civilians AG I - I 2'7 47 4 l 1135AC 146 RC 1 Total 46 211 Personnel 31 MAR 10 5 Agenda  Cyber SA Initiatives  Cyber SA Challenges  SCADA Other Initiatives  SCADA Other Challenges  Other Significant Questions 12 A picture says it best Views derived data stored in the cloud proximal to collections points Bandwidth LOG Navy Cyber Battlespace Awareness Current CASREPs Ship status Ship Movements SOH NETOPS Watchbox SATCOM User picked and situation dependant widgets USS Neverdock SIGINT Adversary I W Known Threats GCCS Vulnerabilities Widgets are linked together Embedded Querys Blue Force Tracks Red Force Tracks Afloat C2 User defined widget dashboard Available Cyber Widgets Widgets created “on-the-fly” Available C2 Widgets Widget Library UNCLAS FOUO 13 USS Neversail Cyber and Maritime SA External Data Feeds External Data Feeds Tools C10F Tools Maritime Data Cyber Data Numbered Fleet Sensor Data Sensor Data Multiple Views -Logical -Nodal -Check Lists -IP based -Geographic 14 Geographic Views -Spatial -Readiness of ship -Time to get ordnance to target Naval C2SA Cyber SA Initiatives  Mapping Managing the Network  Established Cyber Maritime Operations Center MOC • Space dedicated to and designed for SA  Working through pilots to map the Navy network using the following tools • IPSONAR implementation-pilot network discovery mapping tool currently deployed on SIPRNET Yokosuka Naples Bahrain • Everest implementation-pilot Lawrence Livermore National Laboratory-generated visualization tool employing HBSS agent data • Host-Based Security System HBSS DoD-standard C4I Host-based Intrusion Prevention System deployed on USN terrestrial and Shipboard C4I NIPR and SIPRNET networks 15 Cyber SA Initiatives  Moving to integrate tools capabilities in the context of NSA Cyber Pilot • Enterprise Network Management System ENMS mature capability to monitor shore-side networks to the router on afloat platforms • Integrated Network Management System INMS mature DISA-provided SA tool for monitoring the GIG at the DISA Transport level • SM-7 Hewlett-Packard HP provided info technology system management tool employed in monitoring CONUS shore-side networks and systems • Cybercore Business Object Environment based data store and widget driven front end to provide SA of Navy CND sensors 16 Cyber SA Initiatives – External Awareness  External to the DoD Cyber Awareness  Commercial IT companies • Telecom Companies can provide high level metrics of the internet – slide shows the expected are real usage of commercial IT network • Commercial undersea transport locations helped us to expect outages based events such as the Japanese Tsunami 17 Cyber SA Challenges  Cognitive Science Human Factors    What are the linkages between the data and the actions the operator needs to take or decisions the commander needs to make How should the data be displayed at for different actions or decisions How should the data be displayed given different operational threat environments  Very Large Dataset Analytics    Possibly the most difficult part of developing and maintaining SA Reduce the mass of data into appropriate information sets for display • Net sensor data alarms net anomalies packet capture etc Sharing access “externally owned” data analytics for this data 18 Cyber SA Challenges  Linking virtual locations to physical locations  If we find a client is not behaving as expected we should be able to see it’s location on a ship and the location of the ship on a map 19 Cyber SA Challenges  Ability to afford gaining SA and control of non-SNMP legacy network elements  Analog radios  Extended View of Cyber  SA of cyber external to DoD • What is the quantitative level of attacks • Are sections of the worldwide transport damaged or down  Should this be collected provided at a higher level  Time synchronization of events  Transition from awareness to action automation versus human in the loop 20 SCADA Other Initiatives  Initial threat assessment of HM E risks from cyber  Initial threat assessment of closed loop systems from cyber 21 SCADA Other Challenges  Industrial SCADA systems using PLCs embedded OS and RISC processors are difficult to update to improve security    Use IA agents sensors in realtime environments Develop hardening capabilities to encase SCADA systems with a defensive capability without requiring high cost upgrades using existing hardware and minimal operator knowledge Ability to scan source code of real time systems for vulnerabilities 22 PLC Controller RISC Processor operating in real-time without interrupts Boundary encasing SCADA code to provide security without degradation in speed of actions SCADA Other Challenges  Bridging enterprise security to user owned and operated mobile computing platforms and next generation tablets  DoD required security features such as 2 factor authentication 23 Other Significant Questions 1 Is virtual maneuver of networks to obfuscate deceive executable at large scales  Defending networks that we purposefully change when we are still developing the best way to manage a static network  “Defend and Jump” using virtualized firewalls routers and security devices  Applying virtual maneuver IP Hopping software configured networks in situations where clear knowledge of the network lacking Invicta 24 Redundancy Maneuver Deception Reconstitution Other Significant Questions 2 How do we assess risks boundaries to grant authority to operate in the cloud 3 How do you handle information spill containment in a highly virtualized large cloud environment 4 Is attribute based access control ABAC effective at very large scales  Highly granular identities and tagged data change rapidly 25 Other Significant Questions 5 What are the implications of transitioning an enterprise network from IPv4 to IPv6  Cyber SA  Network Defense 6 Measuring affect of actions in cyberspace 7 Assigning attribution with a level of certainty 26