1 / 12

Col Kevin Wooton Commander 31 May 2011

Col Kevin Wooton Commander 31 May 2011. 67th Network Warfare Wing The Air Force’s Cyber Ops Wing. Overall Classification: UNCLASSIFIED. Where we are… where we’re going. Cyber today is where Airpower was in the 1930s…. O perate. Operations Of and On the Net. A ttack. D efend.

ayla
Download Presentation

Col Kevin Wooton Commander 31 May 2011

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Col Kevin Wooton Commander 31 May 2011 67th Network Warfare WingThe Air Force’s Cyber Ops Wing Overall Classification: UNCLASSIFIED

  2. Where we are… where we’re going Cyber today is where Airpower was in the 1930s…

  3. Operate Operations Of and On the Net Attack Defend 67 NWW Focus • Conducting the full range of Network Warfare • Network Operations(Establish) • Net Defense(Control) • Full Spectrum(Use) 67 NWW 690 NSG Net Ops 26 NOG Net Defense 67 NWG Full Spectrum

  4. CSAF’s Sep 00 One Air Force…One Network NOTAM committed AF to fundamentally changing the way we leverage our networks. CSAF’s msg established AFNetOps, 3 Jul 03…To effectively protect Air Force networks and the advantages they provide, network control…need[s] to be applied in a coherent, disciplinedfashion under control of a single AF commander. CSAF’s 3 Aug 05 memo on AFNETOPs support to USSTRATCOM laid out a path to provide C2 of the AF network. CSAF’s 15 May 09 directive memorandum established AFNETOPS/CC authority to issue ordersfor the operation of AF networks. End-Game: C2 network with focused, precision results AFNetOps Vision

  5. AFNetOps Reality O&M responsibility Matrix AFMCVPN managed by NCC Except at Kirkland where its iNOSC-W AFCYBER = MAJCOM NOSCs under one commander

  6. AFNet Migration (NIPRNET) One AF-wide Active Directory Forest SCOPE 14 Networks into One 840K users across 413 sites BENEFITS E-mail for Life Single Sign-on  Anywhere Reduce System Complexity AF-wide Collaboration STATUS (9 May 11) 138K users // 29 sites 16% of AF 10 Legacy Nets Shutdown

  7. Net-Defense: Current TTP DETECT • 24/7/365 presence • Crews review 10K+ suspicious events per day • Report foreign IP activity to IC • Correlation analysis - low & slow • Recommend IP blocks to NOD • Unity of effort w/other agencies PREVENT • TCNOs up 28% since 2006 • ASIMS strings – filter suspicious net activity • Strong relationship with vendors – share knowledge • Blue assessment – see what hacker sees RESPOND • Highly skilled computer network/forensics analysts • Focal point for net intrusions • Isolate exploitation method & extent of compromise • Work closely with OSI & counter-intel agencies Sensors Air Force: 232 USJFCOM: 2 USCENTCOM: 108

  8. Mission Operations Tempo *CAO 20 Apr 11

  9. Full Spectrum Ops Current Units • 91 NWS • Telephone Network Ops • 315 NWS • Core of AF Ops at Ft Meade • Daily joint operations

  10. Current/Future Initiatives • Host-Based Security System (HBSS), desktop-level security • Information Operations Platform (IOP), intrusion prevention system • Network defense common operating picture (ArcSight) • EnCase – Remote Incident Response Forensics (EnCase) • AF Gateways (aka AF Network Increment 1), network demilitarized zone • Vulnerability Lifecycle Management System (VLMS) • Fidelis for OperationsSecurity (OPSEC): SNS monitoring/Insider threat

  11. Current/Future Initiatives (cont’d) • Continuity of Operations (COOP)/Alternate Operations Locations (AOL) • ROE-governed TTPs/Execution: Stan/Eval • Partnerships for rapid TTP and tool development: ESC, AFCA, Rome Labs, 688 IOW • Active/Dynamic Defense • Indications and Warnings of malicious activity based on actionable, targeted Intel

  12. NetD NetE Full Spectrum NetOps 67 NWW - Air Force’s Execution Arm for Cyber Warfare UNCLASSIFIED

More Related