OCR of the Document

View the Document >>

United States Cyber Command, USCYBERCOM Operations Order (OPORD) 11-002, Operation Gladiator Shield (OGS), May 19, 2011. Secret/Rel to USA, FVEY

UNITED STATES CYBER COMMAND USCYBERCOM Operations Order OPORD 11-002 Operation Gladiator Shield 068 19 May 2011 Den ultiple Sources Declassify on 19 May 19 May 2011 Operation Gladiator Shield OGS SEE DISTRIBUTION Annex 2 U References Annex Subject Letter of Transmittal U CDRUSCYBERCOM OPORD 11-002 OGS to secure Operate and defend the Department of Defense 000 Global Information Grid is approved and attached for widest possible implementation and dissemination within the and to appropriate mission partners B ALE NDER General USA Commanding TABLE OF CONTENTS 1 Situation - 1 a Threats and Vulnerabilities 1 b Friendly r Forces- 4 c Area of Concern 5 2 Mission 3 Execution -S a Concept of Operation -S Intent E Strategic Objectives Operational Objectives 11 End States -12 b Tasks- -13 Tasks to all Components -13 Tasks to HQ USCYSERCOM -14 J1 14 J2 13 13 18 Tasks to USCYBERCOM Service Components Tasks to all USCYBERCOM Service Components -19 US Air Force vaer Cornmandi ztl AF 20 US Armv Cyber Command Ed Arm r U S Fieel vaer Commandit ' 20 US Marine Forces Evber Command Tasks to Combatant Commands 20 Tasks to Services 20 Tasks to Agencies and Field Activities -21 Tasks to all Agencies and Field Activities National Security AgencvifNSA -21 Defense Information Systems Agencv Defense Intelligence itgenc' r Law Enforcement and Counterintelligence -22 c Coordinating Instructions -22 4 Administration and Logistics 23 5 Command and Control 25 HEADQUARTERS S CYBER COMMAND FT MEADE MD 20755 19 MAY 2011 UNITED STATES CYBER COMMAND USCYBERCOM OPERATION GLADIATOR SHIELD OGS OPERATIONS ORDER OPORD 11-002 TO USA FVEY NARRATIVE- This OPORD guides and directs the Department of Defense and as authorized designated mission partners for cyberspace operations to secure operate and defend the critical mission elements of the Global Information Grid GIG and represents a fundamental change in the way will achieve unity of effort In cyberspace CDRUSCYBERCOM is the supported commander for 0G8 and all other components are supporting unless otherwise specified or directed in this order OGS is foundational in both scope and purpose and is a cornerstone for achieving the overall mission to plan coordinate integrate and conduct activities to direct the security operations and defense of specified information systems and networks and when directed conduct full-spectrum military cyberspace operations in order to enable actions in all domains ensure US and allied freedom of action in cyberspace and when directed deny the same to our adversaries OGS leverages the full range of capabilities capacity and authorities of the entire and mission partners It clarifies the command and control CZ relationships and established authorities OGS directs cyber responses that transcend a combatant command AOR establishes and directs enforcement mechanisms and streamlines processes to enable rapid approval and timely execution of cyberspace operations 1 Situation a Threats and Vulnerabilities 1 USA USSC USSC 2 UHFOUCDI bxa ussc bx3 ussc 3 bx3 ussc 4 mmussc USA immussc ussc UIIFOUOH mm I ugsc USSC 5 U Actors and associated threat vectors include WEV U Types of Actors Adversaries are categorized into five broad types based on their respective cyberspace operations capabilities and tactics techniques and procedures TIP 1 U Full Scope Actors Actors possessing the full range of cyberspace access expertise capability operational reach and espionage TTP 2 U Developed Program Actors Actors with extensive access to information technology IT through industry They possess established cyberspace operations programs to include programs for disruptive and destructive actions and traditional espionage capabilities This actor type has limited resources and may lack global reach 3 U Capable Actors Actors who possess traditional espionage capability and a deveIOping cyberspace Operations capability They lack the resources or penetration of developed program actors These actors focus on remote access disruption of service and insider enabled operations 4 U Remote Access Capable Actors These actors can access Internet connected systems using openly available hacker tools but lack a traditional espionage capability 5 U Stand-alone Actors Actors with access to hardware and software expertise who understand TTPs but exhibit little evidence of active cyberspace operations or traditional espionage activity U Threat Vectors Adversaries typically employ six 6 broad threat vectors independently or in some combination to affect the security of computer networks These are general descriptions and any single threat may be a combination of several of these types 1 U Insider Self-motivated co-Opted or recruited individuals With legitimate access to targeted information systems usmg those systems in un authorized manners 2 U Remote Network Intrusions or attacks through or on the Internet Vla other remotely available connections or access points 3 U Outsourced Service Access to information systems through individuals or companies contracted to provide services to the target 4 U Supply Chain Subversion of the design manufacturing and production distribution installation or maintenance of hardware or software to include access through outsourcing services individuals or companies contracted to provide services to the target 5 U Close Access Exploitation of information systems that requrres the intruder to be in close proximity to the target because of security measures or isolation 3 SEW-SW Close access includes the use of implanted devices as well as the collection of electronic emanations from the target or wireless access points 6 U Foreign Ownership Penetration of information systems and networks through foreign proxies subsidiaries orjoint ventures Closely associated with the insider supply chain or outsourcing threat vectors b UIIFOHO Friendly Forces In order to address risks to the GIG effectively and to secure freedom of action in cyberspace USCYBERCOM was established by 000 to integrate cyberspace operations and war ghting effects across the global security environment as well as to provide support to civil authorities and mission partners when directed USSC 1 Commands Service Components Those forces under the Operational control OPCON of USCYBERCOM Combatant Commands Combatant commands build and maintain subordinate or supporting operational plans or associated named branch or sequel plans They respond to dIrectIon from USCYBERCOM for GIG Operations and Defensive Cyberspace Operations that transcend a given combatant command 2 UIIFOUO Services Each military service provides secure assured and interoperable information systems and networks and trained personnel for the effective execution of military cyberspace operations The Services ensure that Service- managed portions of all GIG programs are planned resourced acquired and Implemented IAW policies and priorities They provide USCYBERCOM Servrce Component forces required to execute OGS cyberspace operations 3 UIIFOUO Agencies and Field Activities All 000 agencies and field activities are subject to this order and USCYBERCOM direction for OGS cyberspace operations Agencies and field activities ensure that agency managed portions of all 000 GIG programs are planned resourced acquired and implemented IAW priorities The following agencies are specifically identi ed to support USCYBERCOM To USA FVEY min I ussc him I ussc 4 mm I ussc UIIFGHG The Defense Information Systems Agency DISA DISA supports OGS by engineering and providing C2 capabilities and enterprise infrastructure to continuously operate and assure a global enterprise for the elements of the GIG providing direct support to joint warfighters national-level leaders and other mission partners across the full spectrum of operations gym ussc ussc 4 Law The LEICI community while not wholly within contributes to OGS by providing timely actionable Intelligence in support of current operations identifies the linkages between msrder and other threats to the GIG USCYBERCOM will share information and Intelligence and assist the community as requested or directed 5 Other non-DoD agencies U Other U S Government Agencies Other US Government Agencres may have access to the GIG and DOD GIG resources to include the DHS OMD WHS and FBI USCYBERCOM DISA will coordinate with non- agencies for the security of those portions of the GIG accessed or used by those TO USA mm ussc I ussc c UIIFGHG Area of Concern 1 Area of Responsibility AOR The AOR for OGS is the GIG 2 WW Area of Operations A0 The A0 for OGS is global with effects manifesting in the GIG and with other portions of cyberspace accessed as authorized to achieve OGS objectives The GIG is the globally interconnected 5 end-to end set of information capabilities for collecting processing storing disseminating and managing on-demand information to warfighters policy makers and support personnel The 000 GIG includes owned and leased communications and computing systems and services software data security services related services and select networks of the National Security Systems N88 3 UIIFQUOJ Area of Interest OGS the AOI is global and is represented by the information environment comprised of physical Informational spectral and cognitive dimensions and its cyberspace intersections with the air land maritime and space domains d T0 USA grin ussc 2 TO FVEYJI Lb 1 USSC ussc 3 U Execution a Concept of Operation 1 ussc USSC T0 USA mm ussc ussc ussc TO USA USSC USSC USA USSC SW ussc a USA pm USSC USSC b SIIREL USA ussc c USA ussc USSC 2 USA mm ussc USSC ussc a USA ussc ussc 1 SIIREL USA FVEY I ussc USSC 2 USA FVEY h3g1 wast ussc ussc 3 USA FVEY I IISRP USSC 4 SIIREL USA FVEY MCI IRRP USSC b USA ussc ussc c mm uisg USSC 2 Strategic Objectives TO USA FVEY 1_ ussc USSC 10 b1 IQ use USSC mm usgg I TO USA mm ussc ussc 3 Operational Objectives TO USA 13x1 ussc ussc TO USA FVEY I ussc I I ussc TO USA FVEY ussc I mm ussc All 000 Components are in and sustain compliance with established GIG standards TO USA FVEY I win ussc I mm ussc UIIFBUG Key partner nations and organizations are enabled to coordinate and as required and authorized execute GIG Operations and Defenswe Cyberspace Operations with USCYBERCOM to achieve OGS objectives and intent USA minussc I TO mm ussc I I mm ussc TO USA FVEY mu ussc I ussc SHREL TO USA FVEY 2390 I ussc I TO USA FVEYIL ussc 11 n no I I USSC SIIREL TO USA Q t1 ussg I USSC TO USA FVEY USSC USSC Cl TO USA FVEY ma ussc USSC TO USA FVEY I b 1l ussg ussc e I bx1 ussc I I ussc 4 End States U r oee The GIG is persistently secured operated and defended with mission-critical elements given priority of effort Freedom of action in cyberspace for and mission partners is assured UHFGUO Adversaries are deterred from attacking or exploiting the Operations and Defensive Cyberspace Operations capabilities and capacity to secure operate and defend the GIG are elded and available for employment 12 SW Defense Support to Civil Authorities DSCA is conducted when directed b UIIPOUO Tasks Refer to Annexes for additional tasks 1 U Tasks to all Components Plan and execute GIG Operations Defensive Cyberspace Operations and related support activities to clear hold and build a secure and defensible GIG Maintain and report compliance with USCYBERCOM orders and directives UIIPOHG Comply with all USCYBERCOM policies and orders- Respond to reporting requnrements from USCYBERCOM J3 Provide situational awareness data to USCYBERCOM J3 Coordinate and collaborate on cyberspace equities UNFGUO Collaborate to define and refine requirements that build a more secure and defensible GIG UIIFGHQ Comply with 000 IA standards Comply with 000 equipment accountability standards and procedures Develop and implement OPSEC plans ISO OGS U rr-eue Provide USCYBERCOM J3 a list of mission-critical elements systems networks and nodes on or connected to the GIG U FFetd Implement Information Condition INFOCON or Cyber Condition CYBERCON when approved and report compliance to the USCYBERCOM Joint Operations Center JOC Ul Felde ICW USCYBERCOM J3 develop and implement GIG Operations and Defensive Cyberspace Operations assessment program I UllF'Ob e Implement Cyber Security Inspection Program and provide reporting criteria to USCYBERCOM for DOD-wide assessments Provide reporting as directed in the Annexes UH-F986 ICW USCYBERCOM J8 program and budget for forces or OPCON to USCYBERCOM Provide USCYBERCOM J8 with Planning 13 WW WY Programming Budgeting and Execution PPBES documents Service programs and PPBES issues impacting GIG Operations and Defensive Cyberspace Operations 2 U Tasks to H0 USCYBERCOM U J0- DeveIOp and maintain currency of Annex Public Affairs Annex Strategic Communications and Appendix 9 Legal to Annex Operations U J1 1 ICW USSTRATCOM J1 coordinate with the Services to ensure that quali ed military and civilian personnel are and recrurted for GIG Operations and Defensive Cyberspace Operations 2 Provide plans policies and guidance for personnel readiness Issues that support execution of OGS 3- ICW USSTRATCOM J1 identify skill sets training and readiness metrics for forces in support of OGS 4 Develop and maintain Annex Personnel Coordinate Input from J8 for Appendix 3 Finance and Disbursing U J2 1- Conduct Operational Preparation of the Environment OPE ISO 068 within the limits of USCYBERCOM's delegated authorities 2 Conduct continuous intelligence operations including post- event assessments ISO OGS 3 Through the Joint Intelligence Operations Center JIOC ensure the availability of all sources of intelligence information from Combatant Command and national intelligence resources 4 Coordinate and integrate intelligence into operational plans and GIG Operations and Defensive Cyberspace Operations execution Engage actively with the IC 5 UIHPGUG Provide a quarterly threat update to all 000 Components and authorized mission partners highlighting current and emerging threats 6 UHFGUG ICW DIA and the IC develop implement and maintain an Intelligence architecture to support USCYBERCOM operations 7 Develop and maintain Annex Intelligence U J3 14 SEW 5W 1 Command and control GIG Operations and Defensive Cyberspace Operations to achieve OGS objectives and desired end states 2 or Fees Lead development and direct implementation of 000 GIG monitoring 3 unease Direct coordinate and deconflict Defensive Cyberspace Operations in order to achieve unity of effort to clear adversary presence and vulnerabilities on the GIG in priority of mission criticality 4 Direct coordinate and actions to hold secure the GIG from adversary intrusion or attack with priority on the mission-critical elements 5 ICW USSTRATCOM de ne or update criteria and implement procedures for changes to INFOCON or when approved CYBERCON 6 Lead development of and issue necessary orders to accomplish OGS objectives 7 Lead development and direct the implementation of reporting and analysis processes for GIG Operations and Defensive Cyberspace Operations 8 Lead the development coordination and of options to establish and maintain cyberspace superiority to hold secure the GIG Direct implementation as appropriate with priority to mission critical elements 9 WW Establish and implement procedures for the conduct of risk assessments related to GIG Operations and Defensive Cyberspace Operations 10 Establish and implement a process to assess Tactics Techniques and Procedures for GIG Operations and Defensive Cyberspace Operations 11 ICW USSTRATCOM and USNORTHCOM establish a process for responding to national-level cyber incidents 12 UHFGHO Develop and implement a comprehensive program for assessing components' GIG Operations and Defensive Cyberspace Operations effectiveness and provide recurring feedback to components on their status 13 Establish and maintain an effective Cyber Security Inspection Program 15 WY 14 UNFGHO Establish and implement governance of the GIG that specifies compliance requirements establishes security standards sets service delivery standards and enforcement processes and procedures 15 UNPOUG Establish cyberspace SA information requirements reporting procedures and technology baseline necessary to provide near real time SA Implement and promulgate to all Components and desrgnated missron partners Disseminate global GIG Operations and Defensive Cyberspace Operations SA 16 Establish a process to identify mission-critical elements of the GIG Maintain an active and current database 17 Establish criteria and technology baseline and implement Indications and Warning processes and procedures 18- UIIFOHQL Establish and lead Joint Operational Planning Teams OPT in order to support future Operations and Defensive Cyberspace Operations 19 Implement procedures and direct the operational configuration of capabilities to achieve unity of effort ISO OGS 20- Plan implement and direct execution of DNDO to include establishing Pre-approved Actions PAA through the use of deliberate orders processes which enable rapid action to clear vulnerabilities and adversary presence on the GIG The priority for DNDO will be on mission-critical elements of the GIG Ensure deconfliction coordination and across 000 and with mission partners having equities in any given action 21 UHFGHO Develop and implement a more rapid and comprehensive early warning capability of adversary threat activities against the GIG 22 Provide geolocation and characterization of SATCOM interference develop and promulgate to resolve SATCOM interference 23 WW ICW USSTRATCOM NSA and DISA develop and deploy shared or peer-to peer sensors to monitor and detect adversary cyber capabilities and methods 24 Plan organize and deploy Cyber Support Elements CSEs to include Expeditionary Cyber Support Elements and other adaptive cyber organizations to the Combatant Commands to support planning and operations and improve SA 25 On order of the SecDef and after completing the required inter-agency deconfliction direct Defensive Cyberspace Operations beyond the boundary of the GIG Coordinate and deconflict with other and authorized mission partners as appropriate 16 SECRETIIREL TO USA FVEY SECRETIIREL TO USA FVEY 26 UIIFSHQ Develop and maintain the currency of the OGS Base Order and Annex A Task Organization Annex Operations Annex Command Relationships Annex Reports Annex 8 Special Technical Operations and Annex Distribution Consolidate all Annexes with the Base Order Disseminate to the and authorized mission partners 27 U Develop and implement a cyberspace process Host a global conference at least annually and address coordination across 000 components and the US Coast Guard 6 U J4 1 UIIFGUG Plan coordinate direct and execute logistics and sustainment functions ISO OGS 2 Develop and maintain Annex Logistics and Sustainment U J5 1 WW Develop and update as required a cyberspace campaign plan for cyberspace operations 2 Support current and future operations planning as subject matter experts for supported Combatant Command contingency plan execution 3 Lead development of future plans to accomplish OGS objectives 4 USSTRATCOM and USCYBERCOM J8 advocate for future capabilities and capacity to achieve OGS objectives Establish and maintain the Cyber Capabilities Registry CCR Components and mission partners 5 Ul Fe de USSTRATCOM assess policy and doctrine related to OGS and recommend changes or new policy and doctrine supportive of full achievement of OGS Intent and objectives 6 UHF-GHQ USSTRATCOM ensure future plans are supportive of OGS end states and objectives 7 Develop and maintain Annex 0 Advocacy Annex Partner Coordination and Annex Acronyms Glossary References 9 U J6 Adjudicate security issues associated with connections on the GIG Coordinate adjudication with USCYBERCOM J3 and affected organization 17 2 UIIFGBG Advise and assist USCYBERCOM J3 with planning and execution of GIG Operations and Defensive Cyberspace Operations 3 UIIFGHO Develop and implement network configurations to facilitate GIG Operations and hold secure the GIG 4 ICW DISA and NSA plan devel0p implement and integrate critical communications systems and services to support GIG Operations and Defensive Cyberspace Operations 5 ICW and USCYBERCOM J1 J3 and J7 develop a user certi cation process and set of Information Assurance IA standards for baseline competency for authorized users on the GIG 6 Ul Fe de Provide technical assistance and expertise to assure timely and accurate situational awareness and GIG monitoring capabilities to the USCYBERCOM J3 JOC 7 UIILFOUO DeveIOp and maintain Annex Command Control Communications and Computing U J7 1 ICW USJFCOM develop sponsor and conduct periodic joint training and exercises to assess GIG Operations and Defensive Cyberspace Operations procedures capabilities effects personnel training proficiency and TTP 2 ICW J1 J3 and J6 develop a master training program to sustain and enhance the proficiency of personnel engaged in GIG Operations and Defensive Cyberspace Operations 3 TO USSC 4 Establish and implement a lessons learned process to capture results best practices and practices to avoid 5 Develop and maintain Annex Exercises and Training U J8 1 ICW USSTRATCOM develop and implement a process to present OGS resource requirements in the POM cycle 2 Ull Fe dO Perform resource management ISO OGS 18 3 ICW J5 and J3 advocate for resources ISO OGS 4 Publish and maintain Appendix 3 Finance and to Annex Personnel to OGS 3 U Tasks to USCYBERCOM Service Components U Tasks to all USCYBERCOM Service Components 1 Respond to direction from USCYBERCOM for planning and execution of 000 GIG Operations and Defensive Cyberspace Operations that secure operate and defend the GIG with priority of effort on mission critical elements 2 UIIFGUG Coordinate with USCYBERCOM J3 for missron priorities requirements and capabilities 3 Develop and maintain subordinate or supporting Operational plans and orders ISO USCYBERCOM OGS or associated branch or sequel plans and orders 4 UIIFOUO Maintain proficiency of administer support and report readiness of Service forces delegated as OPCON from USCYBERCOM 5 If authorized to conduct such activities conduct or support intelligence activities as directed 6 U fF Otle ICW USCYBERCOM J1 coordinate with the Services to ensure that quali ed military and civilian personnel are assigned and recruited for GIG Operations and Defensive Cyberspace Operations 7 ICW USCYBERCOM J3 facilitate the presentation of Service cyber forces for GIG Operations and Defensive Cyberspace Operations and leverage Service capabilities and capacity 8 Provide expeditionary forces as directed 9 Assist USCYBERCOM as requested with operational planning to include identifying forces capabilities logistics requirements and other related planning factors 10 On order assist in the establishment of a Joint Task Force JTF headquarters and as available deploy CZ systems to support the JTF 11 ICW USCYBERCOM J33 provide SA and performance data of current cyber operations 12 When supporting a Combatant Command and USCYBERCOM J3 coordinate for approval of Theatre based cyber actions 19 WW U 8 Air Force Cyber Command 24 h AF AFCYBER Refer to Annexes for tasks specifically assigned and implied US Army Cyber Command l2d Army ARCYBER Refer to Annexes for tasks speci cally and implied U US Fleet Cyber Command 10th Fleet Refer to Annexes for tasks specifically assigned and implied U US Marine Forces Cyber MARFORCYBER Refer to Annexes for tasks specifically assigned and implied 4 U Tasks to Combatant Commands Respond to direction from USCYBERCOM for planning and execution of GIG Operations and Defensrve Cyberspace Operations that transcend a Combatant Command's AOR Develop and maintain subordinate or SUpporting operational plans and orders ISO USCYBERCOM OGS or associated branch or sequel plans and orders 0 Collaborate with USCYBERCOM to facilitate coordination and deconfliction of GIG Operations and Defensrve Cyberspace Operations UIIFOUO Integrate Operations and Defensive Cyberspace Operations into contingency plans UIIFGHO Accept CSEs and LNOs and integrate into operational and intelligence flow 5 U Tasks to Services UILFQUG Support OGS by providing secure assured and interoperable information systems and networks and ensuring that pertinent information is shared USCYBERCOM Provide organized trained and equipped forces to USCYBERCOM through USSTRATCOM ICW USCYBERCOM ensure that Service-managed portions of all GIG programs are planned resourced acquired and implemented to support attainment of OGS end states and objectives As requested support USCYBERCOM planning and execution of GIG Operations and Defensive Cyberspace Operations 20 WW UIIFOUG ICW USCYBERCOM develop and maintain GIG Operations and Defensive Cyberspace Operations capabilities for Implementation ISO OGS Support USCYBERCOM with assessment of GIG standards compliance 9 Comply with standards to clear hold and build a secure and defensible GIG UIIFOUO Provide shared SA of Servrce-operated portions of the GIG to USCYBERCOM to support GIG Operations and Defensrve Cyberspace Operations ICW USSTRATCOM provide Intelligence Surveillance and Reconnaissance ISR forces and intelligence to USCYBERCOM J2 USSOCOM will comply with Service tasks with the exclusion of providing organized trained and equrpped forces 6 U Tasks to Agencies and Field Activities U Tasks to all Agencies and Field Activities 1 ICW USCYBERCOM ensure that agency-managed and field activity-managed portions of all GIG programs are planned resourced acquired and implemented to support attainment of OGS end states and objectives 2 As directed support USCYBERCOM planning and execution of GIG Operations and Defensive Cyberspace Operations 3 Respond to direction from USCYBERCOM for planning and execution of GIG Operations and Defensive Cyberspace Operations 4 ICW USCYBERCOM J33 provide situational awareness and performance data of current and plan cyber operations for assigned portions of the GIG to support GIG Operations and Defensive Cyberspace Operations U National SecurityAgency NSA 1 IO USA FVEY USSC 2 ussc 3 SIIREL TO USA U380 21 USA FVEY ussc ussc T0 USA FVEY 4 USA ussc ussc U Defenselnformation Systems Agency 1 Provide engineering CZ capabilities and enterprise infrastructure OGS 2 Provide direct support to USCYBERCOM for GIG Operations and Defensive Cyberspace Operations U Defense Intelligence Agency 1 ussc A 0 3 USS 2 tux Fouol ussc USSC 3 ussc ussc U Law Enforcement and Counterintelligence 1 Provide timely actionable intelligence in support of Operations and Defensive Cyberspace Operations to include identifying the linkages between insider and other threats 2- Provide intelligence systems support funding personnel and training OGS 3 investigative actions related to malicious activity against the GIG among Department of Defense law enforcement and counterintelligence investigative organizations c Coordinating Instructions 1 This OPORD is effective upon receipt for planning and execution 2 Direct Liaison Authorized as required to fulfill OGS missmn requrrements Maintain close coordination with USCYBERCOM and supported commands Coordination with partner nations must be accomplished through USCYBERCOM the supported command USSTRATCOM and the Joint Staff JS and following appropriate foreign disclosure and information sharing regulations and policies as well as existing memorandums of agreement or understanding 22 WOW 3 For actions associated with OGS the rules of engagement are per Ref 4 To the maximum extent possible use the Joint Operations Planning and Execution System JOPES to facilitate planning 5 UIIFOUO Routine rotation of forces is authorized as coordinated with the supported command 6 Operational reporting will be in accordance with published annexes to this OPORD and occur via component operational channels to the USCYBERCOM JOC while providing SA to the affected component or mission pannen 7 UIIFGHO components that desire to achieve effects that exceed authorities or capabilities or are not otherwise addressed in existing plans or orders will contact the USCYBERCOM J3 for direction and guidance 8 Operations and Defensive Cyberspace Operations affecting lC networks under authority of the Director of National intelligence DNI and all networks that process sensitive compartmented information SCI will be executed In accordance with joint procedures defined by the Secretary of Defense SecDef and the or their designees 9 U fFG de Submit any recommended updates to this OPORD its annexes or appendixes to USCYBERCOM J3 10 unease USCYBERCOM OPORD 05-01 formerly Jomt Task Force Global Network Operations is superseded by this order 11 Ul FGl-Jei A standard set of metrics and measurements developed and promulgated by USCYBERCOM will be used to assess GIG operating performance determine the mission impact of service degradations or outages and assess the effectiveness of Defensive CyberSpace Operations capabilities to include sensors and systems to counter threats and vulnerabilities 4 U Administration and Logistics 3 Funding components will fund all costs of operations reqUired or incurred as a result of OGS including deployment and redeployment of personnel or units USCYBERCOM Sewice Components will track and report all incremental costs incurred this order to USCYBERCOM J8 Refer to Annex 0 for further guidance tasks and requirements b UIIFSUB Logistics and Sustainment Refer to Annex for further guidance tasks and requirements 23 5W 1 UIIFGUG All 000 components and supporting mission partners will conduct sustainment activities to ensure uninterrupted conduct of OGS 2 UIIFGHG While it is anticipated that the majority of cyberspace operations forces would not physically deploy to accomplish OGS tasks if deployment is necessary all USCYBERCOM Service Components will coordinate with the USCYBERCOM J4 c Personnel Refer to Annex for further guidance tasks and requirements 1 unease Concept of Personnel Support Prior to and during OGS components will receive the majority of routine personnel support through their home station and parent unit J1 monitors component personnel operations and provides assistance as required 2 UIIFGHG Strength Reporting USCYBERCOM J1 prowdes the Joint Personnel Status JPERSTAT to Joint Staff J1 USSTRATCOM J1 and USCYBERCOM leadership as directed All components that are under the Operational Control OPCON of CDRUSCYBERCOM will submit the JPERSTAT to USCYBERCOM J1 daily by 16002 The JPERSTAT Report is to be classified SECRET and the primary transmission method shall be via secure email Reports shall be formatted In accordance with 3150-13C d UIIFGHG Public Affairs PA Refer to Annex for further guidance tasks and requnrements 1 Ul Fetl The PA posture for OGS is passive respond to query only USCYBERCOM Service Components coordinate and PA products with USCYBERCOM PAO prior to release 2 In the event that information regarding a specific defensive cyberspace operation is disclosed the following statement IS authorized after proper notification to USCYBERCOM PAO The Department of Defense depends on cyberspace for critical military capabilities and must be able to secure operate and defend networks The Department has more than 15 000 networks and 7 million computing devices that are vital to our operations The Department s strategy requires the full range of capabilities to defend against a variety of threats and to protect our networks e UIIFGHG Strategic Communication SC USCYBERCOM Service Components will coordinate and OGS related SC themes and messages with USCYBERCOM SC prior to release Refer to Annex for further guidance tasks and requirements 5 U Command and Control 24 a UIIFOUO CDRUSCYBERCOM is the supported commander for 0G8 and all other components are supporting USCYBERCOM provides the C2 that ensures coordination decoaniction and direction of GIG Operations and Defensive Cyberspace Operations that transcend a Combatant Command AOR or that have effects of a global nature CDRUSSTRATCOM delegated authority to CDRUSCYBERCOM in USSTRATCOM 0GP OPORD to direct the security operation and defense of the GIG USCYBERCOM was designated the main effort In the USSTRATCOM OGP OPORD with all other 000 components supporting Previously CDRUSSTRATCOM was designated the supported commander in the by the SecDef b UIIFOUO For DSCA operations USCYBERCOM and USCYBERCOM Service Components are supporting to USPACOM and USNORTHCOM For Combatant Command AOR-specific and functional mission networks and systems the relevant Combatant Command is the supported commander for GIG Operations and Defensive Cyberspace Operations requirements and USCYBERCOM and its components are supporting The supported Combatant Command is responsible for the timing sequencing and operational effects within its AOR d TO USA 021 1 USSC i ussc e TO USA mm ussc 1 ussc f All communications regarding OGS will be by apprOpriater secured means and with full adherence to OPSEC requirements 9 GIG Operations and Defensive Cyberspace Operations data will be shared and exchanged through common interoperable standards in accordance with data sharing poIicies and guidance 25 h Standard orders formats OPORD Fragmentary Order FRAGO Warning Order WARNORD and Plan Order will be used to issue operational direction to secure operate and defend the GIG and for any other cyberspace operation when directed Information dissemination formats will be limited to Cyber Daily Reports Situation Awareness Bulletins J2 Cyber Alerts and Intelligence Summaries Methods of dissemination will remain unchanged Refer to Appendix 23 Orders and Reports to Annex for fUrther guidance and direction i In the event USCYBERCOM is unable to operate from its facilities at Fort George G Meade C2 will be executed per USCYBERCOM Continuity of Operations COOP Plan General USA Commanding 26 27 Annexes A - Task Organization - Intelligence - Operations Logistics and Sustainment Personnel Public Affairs Civil Affairs omitted Meteorological and Oceanographic omitted Not Used Command Relationships Command Control Communications and Computer C4 Systems - Environmental Considerations omitted - Geospatial Information and Services omitted Space Operations omitted Advocacy Host Nation Support omitted Medical Services omitted - Reports 8 Special Technical Operations STO Consequence Management omitted - Exercises and Training - Mission Partner Coordination Acronyms Glossary References Execution Checklist omitted Strategic Communications - Distribution 28 Subject OPORD 12-1016 BASED SECURITY SYSTEM DEPLOYMENT AND Originator USCYBERCOM SC DTG 2121312 Aug 12 Precedence ROUTINE DAC General To AFOG AFWAFCHISC AFRICOM AFRICOM JOC CRIEF MCI COR CUR CDR USPACOM CDR CDR CDR CMB WASHINGTON CNO NASHINGTON COMDT COSARD WASHINGTON DC DA HODA EUCUM EPOC EUCOM HQ HQ CCISC HQ USPACOM JOCISCI HQ SC HO N-NO CMD USCENTCOM COMMAND ETA ARLINGTON VAISCI DARPA ARLINOTON DECA PFAS CLEVELAND DISA DCCISC DISA DSCA DNI WATCH DSS WASHINGTON DC DTRA OPSCENTER WASHINGTON DC HO HO OLA FORT SELVOIR MDA OPERATIONS NRO WASHINGTON DC TMA FALLS CHURCH VA USUHS BETHESDA DIA WASHINGTON LT DISA WASHINGTON DNI WASHINGTON DC UNI WATCH WASHINGTON DC NSACSS FT GEORGE MEADE MD NSACSS SAN ANTONIO TX 080 CIO-PENTAGON 6240C CCISC ARCYBEF NATCH ARCTBER ARCYBER FT GEORGE MEADS COMNAVCYEERFOR VIRGINIA BEACH MARFORCYBERCOM FT COSARF CIRT ALEXANDRIA VA COGARD CYBERCOM WASHINGTON DC CC OSD WASHINGTON DC DEPT OF COMMERCE NASHINGTON DC DEPT OF ENERGY WASHINGTON DC DEPT OF HOMELAND SFCURITY HASHINGTON DC OF JUSTICE WASHINGTON Df DEPT OF STATE WASHINGTON DC VIRGINIA BEACH VAISCI EEMA HO WASHINGTON DC NMCC WASEINGTON DC WASHINGTON DC FT GEORGE HEADS ND OPERATION GLADIATOR SHIELD OPERATIONS ORDER OPORL TO USA FRAGO 13 TO OPORD 05-01 REQUIREMENTS FOR RAPID CF HESS 0N SIPRNET AND UNCLASSIFIED NOV TO USA USCYBERCOM CTO 10-033 HOST BASED SECURITY SYSTEM BASELINE UPDATES FOR MAINTENANCE RELEASE 5 mum 1- URMU mum OF TSE JOINT CHIEFS OF STAFF MANUAL 6510 01A INFORMATION ASSURANCE AND COMPUTER NETWORK DEFENSE VOLUME I INCIDENT HANDLING JUN 09 OF THE JOINT CHIEFS OF STAFF INSTRUCTION 6510 01E INFORMATION ASSURANCE AND COMPUTER NETWORK DEFENSE FEB 11 DIRECTIVE 0-8530 1 COMPUTER NETWORK DEFENSEICNDIIOB JAN USCYBERCOM CTO 10-13i COMMUNICATIONS TASKING ORDFR 10-133 PROTECTION OF CLASSIFIED INFORMATION ON DESARTNENT OF DEFENSE DODJ SECRET INTERNET PROTOCOL ROUTER NETWORK 3 A IT ff el 3 A I PURPOSE THE PFPIOYNENT EMPLOYMENT REPORWING ANALYSIS AND OPERATIONAL USE OF FBSS FOR DEFENSE 0 THE DOD METHOD USFYBERCCM DIRECT DEFENSIVE ACTIONS AND MANEUVER TO DENY THE ADVERSARY A FOOTEOLD ON THE DOD GIG THE DOD REQUIRES ROBUSF ADAPTIVE AND AJLLE PROIECTION OF ITS INFORMATZON SYSTEMS PROVIDES A ORITICAL LAYER OF THE OF THE GIG AND ES ABLE TO DETECT PREVE T NTTIGATE CYBER ATTACKS AT THE HOST LEVEI II 3 A 5 FND 3 A 3 A Uf F el HESS CAPABILITY IS FIELDED AND FOLLY NISSION READY 3 A 3 ADVERSARIES ARE DETERRED PROM ATTACKING OR EXPLOITINS THE DOD GIG TEE DOD GIG IS SECURED AND BEFENDED USING HESS AS A KEY ELENFNT OF ZAYERED INTEGRATED DEFENSIVE CYBER OPERATIONS 3 8 U CONCEPT OF OPERATIONS SEE ANNEX FOR DETAILED DESCRIPTION 3 C TASKS 3 C I TASKS TO DE LOY HESS AGENT AND MODULES TO ALL COMPATIBLE SYSTEMS AND NETHORKS IAN ANNEX C APPENDIX 1 AND 2 IN ORDER TO DENY AND DETER ADVERSARIAL ACTION ON THE DOD GIG COMPATIBILITY IS DETERMINED BY THE OPERATING SYSTEM A LINK TO THE COMPATIBILITY IS PROVIDED AT D UNDER THE TTP SUBPAGE 3 C I B REPORT ASSFT DATA TO THE TIER ONE ENTERPRISE SERVER IAN ANNEX C APPENDIX I IN ORDER TO PROVIDE INDICATIONS AND WARNING DATA FOR FURTHER ANALYSIS FROM TIER THREE TO TILR ONE 3 C 1 C PROVIDE AND NAINYAIN DATA FEEDS TO THE TIER ONE SEVURITY INFORMATION AND MANAGER TAN ANNEX C APPENDIX 1 AND 2 IN ORDER TO PROVIDE 15W FOR DEFENSIVE CYBER OPERATIONS AND SITUATIONAI AWARENESS FROM TIER IHREE TO TIER ONE 3 8 1 0 REJORT EVENTS TNDICATING AN IMMINENT THREAT TO ENE GIG OR SIGNIFICANT DEGRADATION OF THE DEFENSIVE POSTURE OF THE GIG IAN ANNEX C APPENDIX 3 IN ORDER TO MAINTAIN SITUATIONAL AWARENESS FROM TIER THREE TO TIER ONE 3 C 1 E REPORT DEPLOYMENT AND COMPLIANCE IAN ANNEX C APPENDIX 1 IN ORDER TO PROVIDE SITUATIONAL AWARENESS ON THE DEFENSIVE PUSTURE OF TFE DOD GIG 3 C I F Uf f el PROVIDE CONTACT INFORN TION FOR ALL TIER TWO PERSONNEL RESIONSIBLE FOR ALL ASPECTS OF HESS ON A QUARTERLY BASIS IAN FORMATS SPECIFIED AT IN ORDER TO ENRANHL COMMAND AND CONTROL OF HESS 4 A HESS OPERATIONS SECURITY HESS HAS BEEN LLPIOYED ACROSS THE GIG COIMERCIAL VENDOR ENSTRUCTIUKS HESS PROVIDES A VALUABLE SECURITY AND ANALYSIS TOOL CRITICAL BOTH TO THE OPERATIONAL COMMANDER AND IHE PROTECTION OF INFORMATION ACROSS THE GIG WH-LL ENITIAL COMMERCIAL CONFIGURATIONS AND OF HESS ARE AVAILABLE ON THE INTERNFT BOD SPECIEIC CONFIGURATIONS POLICIES REQUIREMENTS AND CAPABILITIES MUST BE PROTECTED ALL DOD SPECIFIC UNCLASSIFIEE HESS MITIGATIONS CONFIGURATIONS MODULES AND REQUIREMENTS WILL BE PROTECTED FROM INABVERIENT DISCLOSURE OUTSIDE THE DOD AND WHEN OVER ANY UNCLASSIFIED NETHORK ALL DOD SPECIFIC HESS THRESHOLDS ARE CLASSIFIEJ SECRET REL IAW ARC HJST BE PROTECTED AS SUCH CLASSIFIED INFORMATION BF TRANSMITTED ON THE APPROPRIATE NETNORKS OR AND 5 Ui COMMAND AND SIGNAL b A DIRECT ALL TECHNICAL IMPLEMENTATION QUESTIONS TO YOUR LOCAL INFORMATION ASSURANCE MANAGER OR FOE QUESTIONS NOT ADDRESSEP BY YOUR LOCAL 1AM OE TECHNICAL REFERENCES ARE AVAILABLE AT AND FURTHER ASSISTANCE CAN BE OBTAINED FROM THE DISA CUSTOHER SUPPORT DESK 5 8 ax Fees DIRECT ALL HESS OPERATIONAL QUESTIONS To JOINT OPERATIONS CENTER JOC H355 ANALYST COMM '43 654 39 7 NSTS 969-1473 NIPR as oa 519a 33 9 ll 5 C ACKNOWLEDGEMENT ALL DOD WILL ACKNOWLEDGE RECEIPT OF THIS ORDER WITHIN 48 HOURS BY SENDING E-MAILS TO BOTH JCC DYNAMIC NETWORK DEFENSE OFFICER COMM 443-654-3972 NETS 969-1494 NIPR SIPR rr' L HII JOC DUTY OFFICER COMM 443 654-3951 NSTS 966-8730 NIPR SIPR THE COMMANDER BRETT T NILLIAMS HAJOR GENERAL US AIR FORCE UNITED STATES CYBEH COMMAND DIRECTOR OF OPERATIONS FVEY A ussc Wmu T0 USA FVEY VERSION 1 135 CDR Fuerst 1 5 2 m3 mn zm mmwp 0mm 0 USA FVEY USSC - U Limited Scope EXORD USA FVEY b 1 ussc USSC - USA mmussc USSC - - 0 U Draft EXORD currently in staffing with the Joint Staff Awaiting brief to CJCS and SecDef USA FVEY b 1 ussc USSC - USA FVEY U Iranian Cyber Actors - USA FVEY USSC - USA FVEY b 1 ussc USSC A FVEY VERSION 1 135 cm Fuerst 3 WK FVEY USSC ussc T0 USA FVEY VERSION 1 135 CDR Fucrst FVEY ussc ussc 0 USA FVEY 1 135 CDR Fuerst 5 l9 Cicain'fntL 0 USA FVEY USSC USSC T0 USA FVEY VERSION 1 J35 CDR Fuerst I 49 Ilr i 38 Lin - pl '5 - at Him - -r a dag01 Applicancm 1-23 3 1 it r'un' xi 'f iL 3 TEQMEYBER 0'1 v- - - are - 11 65$ 11' i Q2317 JIE Enhancing the Nation s Strategic Flexibility 2-153an ram mat-2R2 i- fa f Trans any- 33 iJL'r'droL CONGPEE Match 20 L33 Stead -Statc chR salami-Start coma Joi'n'tcyber Cen'ter Components Services Supporting - UMCLA USE JIE CZ Based on Transition Model Current Service-Led EOC PER-DECISIONAL DISCUSSION PURPOSES n-n- b-uu-u-nv - bliSI USSC - u mham th me u nn- I mwu Hq-w I l COCOM OPCON gr Suppmting OldSup I i I 3 f t JIE CZ Based on Transition Model Current I EOC PRE-DECISIONAL DISCUSSION PURPOSES - oun I'm 5 USS-C TACOH ADCON ul- Supporting DirlSup 043 wbm mmo my 3 was Cnm mzozu Em Ezra 2 3 2 mmy m Ilia 31 11uIr_ n rl fl 0 9 003- mi m 5 4 I llul u 56 U x 1 J 1 3 5 33 I r - JCS TANK Ealmar Programmers - - overa - I rm 1 In I JIE Lead I romnqc I cucwerrca an flu-Icon smmeammamscmPlanICoor 'cell tTri-phair mo CYBERCOM um ch USN non moi 3 GB uses IJSEHATRL DISA - Ensure of tn e-Dapa m entis JIE plan in coordination 'i'n - ponenl activities - - Govemonceka - j I 1 Governance Artifact 'l Engineeting Anilact I Tochnical Implementation Lead - Develop inlegrate and JIE technical plans programs and capabilities and Execute the JIE tasks Kay Functions syn Develops DOD technical to enable JIE - 9 Provides updates to the through the cell DOD Clo Implem niation activiheswilh Transutionlulanagels Ej-EW Ec r m a I i Executionreudget Year resource shorttalis 1 J9 syuclumiadliunclue upab litlus sun-belting IT sition Russ will ITtransitionstothe1c be environment Workstos - lip - - - - -i Governance Lead - x3 A Developmtegrateand L eiop' Integrate ant 5y nchronize JIE 1 Operation governance model 2 oceglureuslSE JIE processes Eto lwmauu Implementatlom'l'asu i 4 1 i - I I - h 3 Julor I - 0 Au h nrm-na 1 Empress i Global Enterprise Operations Center Enterprise Operations Centers Manages JIE Enterprise - Directs DCOIDGO activities within assigned area Directs full spectrum operations - Works regional cyber challenges as needed directede - Works global cyber challenges Prioritizes regional cyber COCOM priorities - Prioritizes global cyber missions COCOM priorities - JIE focal point for regional external partners multinational etc Manage global external interfaces ex lnternet - Operate maintain and manage security 8 aggregation points within Access Paints etc assigned area JIE global focal point for external partners Law - Maintains regional Situational awareness Enforcement etc Computer Network Defense Service Provider functions - Maintains global situational awareness BaseICampIPostIStation Army Navy Marines - Host Service maintains local infrastructure - Host Service provides touch labor - Host Sewice provides local DGOIDCO incident response - Sewices maintain support to tactical units - Maintain unique support labor and missmn Ir m1 Hf I - 'liz lf W cc aw m m w uifafggwah tig may n L a 12% a - away an ll ii q- TEQMEYBER t A 1 32 - 55 3 Recommend the JCS endorse the attached Information Technology Effectiveness brief which approves JIE increment 1 implementation with a focus in Europe as the first IE area IT Effectiveneas 13331553 12012 7 3 if i 3 CJCS DATE age 1 DATE I a v Jun- 3 FL uh 2m Iylp If i'l h ch km Yv qovalha gm-WK 21 mash '1 Componenl IT Enutonmc l Intramus- - nauh o Ic uul i Va and w'nm-HWnu hit-c a mum Man an tmwwu- rule mp-13mm ML anus vJ kn-m Slam Um I I v 1ntandt't unwan- km uunuul n 1 1 MucouOMaI-M man 51 In tout-g rm 1' um I Dunl- tl u gamma-Invalid 4 qu manual Ion n1 Ml uI-l' - 0 3mm so Nu out I Ital has LIqu on Halli-I I mus ween In Turn-kl twalnelmturln n u Mn blunt Hm umu Nil tut-OI Inl Lula-I- Hm I on Jung 4 rum-u um unit an lnm truly I Iqu mom an Inn Kin-01 IS Mailman u tantrum-ye 1er hm 3165 w we 1 Zhrliwhu aw T-ERMEYBER Enterqrise Operations Centers Core Data Centers - m U 11 a 44m US 5 TRANSCOM CENTCOM 95H NORTHCOM _mn A amass n lu 'a $7 f - Service DISA Components STRATCOM fughodag 13 r 71 14 7-ch amt 1uawa euew TESWY BER ii Ill 'ill IIF Fm SHIP Inclawlicd I-anIhual l' c Unlv Tra nsutlonal__Cyber 92 Concept lnuh Sun 14 nlu #10 am Cums i I 030 an Wart-mum an t shaman rmwauu l Duds I v lun tvm'nmruns 3 wires Pracmms rwmil lm tran MN xc u put as 'Rq um llnluldlt' his 1th IIE ill 'cr mimic-Emu ut _ Lu-m In a Frames am one gag-5r - Open mm man-1 6 manque-n mus mum dun-II anzgaJ i aim Inn-n rue an arc I name are tcacli au at ummumjmd annual mun-u Dem-w - Edigitiialam me caw uw SON HI 11501 1 10 gbn Flurlmri man For mum Unc- Onlv i us a A - Hot mamum mm Hemanwmum'r Ho Szmuw c2 - amt act-rd 1 run IIF Hum hm 1rd mama capability FY2012 FY20 I8 FY2013 FY2014 FY2015 FY2015 FY2017 3 NORMALIZE g 39 4I11 f3 J JIE -lnc c 11 ch ma t-le 5 If e - Yawn up I nIfDInaula- nr pal Data Center Consolldation - Pu ll r data con'er start Jeroe - Clogs 69 data uunzu- - Deergnato 5 con alum Carl-3 5 Network Norm allzatlon - Imporuonl cxunty Conzoncotc - Douro qangle - Se mty Enterprise Services Clruuznr than th 'vecc - n'erpnael nrml SUDSUFIF-E u 055 Cum ein Identity and Access Mnut - Init a Data aug we enhanced cereor troll E'Iroctu JIE - 2 Con-Jxl BEA and 511- cu 0'1 Deveth implementation an - Rea one or locus to be not nod by tin t Data Center Consolidation 3 more core data certarr - fittl Dam terror-1 Network l lormalicatlon or Fun In- Initiatwnc Enterprise Sewices Conlth Inc I Initiatwos Start onese- 5L-t or porn-to- print 05 Identity and Access Ling won ue Inc 1 nutlatwes JIE - Inc 3 Data Centers -1Ur'10r - -cledala - unlct5 t-r Nem- orlt Nor-n alizatian I turn lru 2' in ile' Enterprise Services oleerew Cmuc I M1I Curt n- l - tntemnse I - Irmat LapetIt-llac ldentlwand Access Mnul - Credentlei and cecal-3 5 JIE - le ed Inc11 L JIE Inc 2 urn- Data Center Cmcolidation 'rJIly CPD m ll l clulm Network Normalization u m n-l alive Enterprise Services - rt-ase Cut legacy crutches - Lamplao E- mal Complete cc-nl-lu pm Cross Domain stlulioos c-l uso cut Identity and Access Mnot -Lor-1-r- Lr - Inc a Data Center CcnsolulatIc-n Custan Network Norm lization 'f uan Enterpr ce Service - Secure man or Identity and Access an Inc 4 JIE Inc It Initial Focus on Big Rocks Network Normalization Data Center Consoltc atron Identity an Access lulanagen em Enterprise Services Governar ce Note Level of Programmatic Execution and Operational Risks are captured and mitigated as Implementation occurs - Mission Effectiveness Increased Security IT Efficiencies -- - 4K - 1 - 1 13 14 and3 3 can fun 1 1 1 -1 nd CZOCymuihox new 0 E