520 likes | 1.23k Views
Navy NetOps – Aligning for the Future. CAPT Doug Swanson 3 Mar 2011. Roadmap. What’s driving us? Where we’ve been Where we are Where we’re going How we’re getting there NGEN NETOPS Alignment RNOSCs GNOC Merger ITIL Inspections Shared SA Challenges Ahead. Information as a Weapon.
E N D
Navy NetOps – Aligning for the Future CAPT Doug Swanson 3 Mar 2011
Roadmap • What’s driving us? • Where we’ve been • Where we are • Where we’re going • How we’re getting there • NGEN • NETOPS Alignment • RNOSCs • GNOC Merger • ITIL • Inspections • Shared SA • Challenges Ahead
Informationas a Weapon “We must maintain our preeminence in networks, intelligence, and information. There is no other Service or nation that is as good as we are.” “Aligning intelligence and operations and optimizing the network in many ways takes priority over the platform. If we don’t get the intelligence and information right, then the platform is sub-optimized. Therefore we need to elevate the priority of information. Since we already think and operate this way, it’s time aligned organizationally to sustain it … to achieve prominence and dominance” Admiral Gary Roughead Chief of Naval Operations 17 July and 23 October 2009
A Nation at Risk “The cyber threat to our country is real and growing. We are surrounded by foreign adversaries, terrorists, and criminal elements that are able to steal, alter or destroy vast amounts of sensitive government and private sector information --- perhaps most of it --- and to do so at will. In addition, many of our adversaries have or are seeking the knowledge, skills, technology and resources to infiltrate the networks used throughout our country.” Mike McConnell Former Director of National Intelligence
Evolution and Organization 2010 CYBERFOR NNWC Split 2009 FLT Readiness Division FLT Readiness Division FLT Readiness Division FLT Intel TYCOM FLT Intel TYCOM FLT Intel TYCOM FLT EW Center FLT EW Center USCYBERCOM FLTCYBERCOM 2008 NCDOC NAVCIRT + NCDOC NAVCIRT + NCDOC NAVCIRT + NCDOC NAVCIRT + 2006 Navy Task Force CNO Navy Task Force CNO Navy Task Force CNO Navy Task Force CNO Cryptology/Signals Intel Cryptology/Signals Intel Cryptology/Signals Intel Cryptology/Signals Intel Cryptology/Signals Intel 2002 2005 NETWARCOM Networks, IA, Space, COMMS, INFO OPS, CNO, COMSEC, IO FLEET C5I Modernization FLEET C5I Modernization FLEET C5I Modernization FLEET C5I Modernization FLEET C5I Modernization 2004 FLEET C5I Modernization USFF N6/CIO USFF N6/CIO USFF N6/CIO USFF N6/CIO USFF N6/CIO USFF N6/CIO COMNAVCOMTELCOM Naval Space Command Naval Space Command FIWC Naval Space Command NCMS NMSC FIWC FIWC NCMS NMSC FIWC FIWC NCMS NMSC NCMS NMSC Naval Space Command FIWC Naval Space Command Naval Space Command Naval Space Command FIWC NCMS NMSC NCMS NCMS NMSC NMSC COMNAVCOMTELCOM COMNAVCOMTELCOM COMNAVCOMTELCOM COMNAVCOMTELCOM COMNAVCOMTELCOM COMNAVCOMTELCOM
NCDOC NIOCs NNWC NMSC NCTAMS PAC NNWC NAVSOC NCTAMS LANT NIOCs NCMS NAVSOC NCDOC NCTAMS LANT / PAC Common Model STRATCOM Administrative Operational CNO USCYBERCOM COMPACFLT USFF FLTCYBERCOM CYBERFOR COM 10th FLT N6
NETWARCOM Mission & Goals Updated 24-Sep-10
Evolution of Navy Networks NMCI ONE-NET Commonality ONE-NET • Services • Gold Disk • Security Settings • Common Client Hardware • Enterprise Software Licensing • Common Application Approval Excepted ASHORE NGEN Excepted Legacy MCEITS MCEN CANES Combat Systems ISNS / IT21 CENTRIX-M AFLOAT SCI Networks Since Dec 2006, Navy has reduced the number of networks from 1300 to 350 with 120 additional scheduled for termination by Oct 2011 SubLAN NNE 8
Implement NETWARCOM Direction • Establish C2: Standardized policies, procedures, processes and tools to operationalize NetOps. • Meet Warfighter Demands • Provide Predictive Operational Support: Shared SA, codified relationships and authorities, and solid reporting requirements. Facilitate NNE Implementation • Need a Consistent Framework: Provide a framework that aligns all NetOps programs under one strategic umbrella (Starting with NGEN). • Improved Resource Alignment • Justified Resourcing: Deliver consistent POM/PR submittals, SMRD reviews, and DRRS-N requirements, aligned to NetOps strategy. Operational Alignment As determined during Operation BUCKSHOT YANKEE, NETWARCOM and its subordinate commands are not optimally aligned to exercise C2 of NetOps across all dimensions of warfare and all network enclaves. Objectives: Desired Effect: A More Responsive, Agile, Secure, and Transparent NetOps Organization That Delivers Information Dominance to the Warfighter
Global Enterprise, Regionally Managed C10F (CTF 1010) CTF 1020 C3F/C7F PACFLT C2F/USFF C4F/NAVSO C6F CNE/NAVAF C5F NAVCENT NIOCs, CND NIOCs, CND NIOCs, CND NIOCs, CND RNOSC PAC RNOSC LANT RNOSC EUR RNOSC CENT DCO DCO DCO DCO PR NOC UAR NOC ECR NOC IOR NOC NGEN NOCs NGEN NOC ONENET-EU ONENET-ME NetOps Control Center Service Lines Standard Operations Dept. Alignment – Services-Based NCTSs NCTSs NCTSs NCTSs Sample Catalog ONENET-FE Command Control Coordinate Communications Services Tactical Network Services Enterprise Network Services Messaging Services Voice & Video Services Field Services Disaster Recovery Asset Mgmt Config. Mgmt Svc Desk Support Data Center Ops Tech Supt. (T3) Security Mgmt Change Mgmt
Aligning for C2 Enterprise View Strengthen the Region Global NetOps Alignment Legacy 10% IT-21 ONE-Net Excepted Legacy Legacy 30% NGEN IT-21 Excepted ONE-Net COSC NGEN/CANES -Unified C2 COSC Regional Focus and DCO GNOC Merger & NNWC Realignment Integrate/ Aggregate RNOSC IOC CTF 1010 / C10F Excepted Networks CND 60% CND 2014+ 28 JAN 11 30 APR 11 30 SEP 11
Cyber Security Inspection and Certification Program
Afloat Assessments • Findings • USB Devices • Patches • Malware • Unauthorized Software • Root Level Access • Weak / No Access Control Lists • Unnecessary Open Ports • Weak / Default Passwords CultureConduct Capability “Not Acceptable” “Acceptable” Same Problems Ashore
Significant Findingsfor Shore Installations Note: Not all installations had all of the findings listed below • Extensive USB device usage • Malware present • Unauthorized software installed on workstations • Unnecessary services running on workstations • Unnecessary open ports on network hosts • Weak / Default passwords on system devices and privileged accounts • Improper configuration of file system permissions 15
New Cyber Security Cycle Three year cycle tied to Network Authority to Operate (ATO) process with an annual drumbeat… • Admin Program Review (ADMAT) • Unit Level Training and Assessment • External Inspection Ready to Train Ready to Operate Certified to Operate Stage 1 Stage 2 Stage 3 • Expect what you inspect
How are we postured? Who are the victims? Can we detect malicious activity? What are we detecting? What is the scope of the attack? What do weneed to do? What’s happening in Cyberspace of concern? Who needs to be informed? National rules Window to get information Intelligence Cognizance Understanding networks Roles and Responsibilities Situational Awareness The Cyber COP
Challenges • Converging strategy for C2 with emerging technology trends • Negotiating/codifying regional C2 relationships and authorities • Implementing an industry model in Navy • Workforce transition • Network instrumentation to support C2/SA/COP • Risk Assessment • Resources
Questions Naval Network Warfare Command 2465 Guadalcanal Road Virginia Beach VA 23459-3228 (757) 417-6700 www.netwarcom.navy.mil
7 Step ITIL CSI Process • Identify • Vision • Strategy • Tactical Goals • Operational Goals 1. Define what you should measure • 2. Define what you can measure Goals • 7. Implement corrective action 6. Present and use the information to answer “Did we get there?” and to determine next steps • 4. Process the data – align and rationalize data from disparate sources • 5. Analyze the data – are there relationships? Trends? Were targets met? Were plans followed? Is corrective action needed? • 3. Compile available data – not only what is done, but when, how, and by whom
Questions “Our Sailors must be empowered to operate and fight in a vast array of environments that range from failing states and ungoverned spaces to the most technologically advanced nations, virtual worlds and cyberspace.” Statement of CNO to HASC, 1 March 2006
Comply w/Global Orders • Impact limited to AOR • Report to CTF 1010 ASAP • ** Ops Urgency Prevails C10F C2 (CTF 1010) C10F CTF 1010 C3F/C7F PACFLT C2F/USFF C4F/NAVSO C6F CNE/NAVAF C5F NAVCENT NIOCs, CND NIOCs, CND NIOCs, CND NIOCs, CND C10F (CTF 1010) CHAT/VOICE FRAGO RNOSC PAC RNOSC LANT RNOSC EUR RNOSC CENT OPORD CTF 1020 ONENET-EU UAR NOC ONENET-ME PR NOC ECR NOC NGEN NOCs NGEN NOCs IOR NOC CHAT/MSG/VOICE NCTSs OPTASK NCTSs NCTSs OPORD FRAGO/TMS San Diego ONENET-FE Djibouti CHAT/VOICE DCO CONOPS CHAT/MSG/VOICE DCO CONOPS RNOSC Component & Numbered FLT CDRs CTF 10xx Regional NIOC SCI CHAT CND CONOPS Command – lawful command authority over subordinates by assignment or rank Control – non-command authority exercised over activities of organizations Coordinate – delegated authority for coordinating specific functions or activities
Alignment Plan Timeline • Objectives: • Establish Command and Control (C2) • Provide Predictive Operational Support • Facilitate NNE Implementation Assume C2 of NMCI/ COSC Complete Phase I. Execute Phase I: Mature and Consistent C2 Gain NNWC Leadership Approval for Way Ahead Gain FLTCYBER/ C10F Leadership Approval for Way Ahead Form Overarching and Core IPTs 8/10 3/10 4/10 8/10 10/10* 7/12 Achieve RNOSC Interim Operational Capability (IOC) Commence Transition to RNOSCs Achieve RNOSC Full Operational Capability (FOC) * Initiate Exercise C2 over Critical Services FOC expected 1 OCT 2011 4/11 10/12 10/10
FOUO Defensive Cyberspace Operations • DCO WO • Coordinate and execute regional DCO missions • Incident Handling • Respond to network defense events and incidents • Vulnerability Management • Vulnerability assessment, tracking and reporting • Indications & Warning (I&W) • Identifies cyber threats • Correlates with AS&W reporting • Recommends countermeasures • Attack Sensing and Warning (AS&W) • Identifies malicious changes • Detects, correlates and characterizes • Executes and validates countermeasures • Forensics • Low priority incident triage analysis • Comprehensive malware and hard drive analysis FOUO
FY09/10 Significant CND Eventswith NETOPS Implications AFLOAT SURGE (1,2) Terminal Fury ’09 (3) USS XXXXXX (1,2) Terminal Fury ’10 (1,2,3) Operation BUCKSHOT YANKEE (1,2,3) USS XXXXXXX (1,2) INFOCON 3 2008 2010 2009 May 10 Nov 08 May 09 Apr 09 Nov/Dec 08 Jun-Sep 09 Apr/May 10 1. Culture 2. Conduct 3. Capability Afloat Roles/ Responsibilities N6/N39?
Solutions • Culture • Accountability • Commander’s “Daily View” • Focus on 1000s of Threats • Damage Control, Force Protection • Conduct • Enterprise C2 • One Network, One Fight • Inspection Mentality • Proactive • OPREP 3 • Physical Security • Compliance • Capability • Network Visibility • Information Assurance • TYCOM • Dynamic Defense • Automation • Physical Security • PORs
Building the NetOps Workforce • Transition to ITSM organizational and business model • ITIL-based • Reassessment of workforce skill sets • Competition with industry • INSERT ITIL TRAINING DATA HERE
Our Global Presence NETWARCOM Presence NETWARCOM
Evolution of Navy Networks Naval Networking Environment (NNE) Existing Networks De-centralized control with decentralized execution Government controlled standardized Architecture & managed (Engineered) Interfaces NMCI One-Net Excepted Commonality ONE-Net NGEN • Services • Gold Disk • Security Settings • Common ClientHardware • Enterprise SoftwareLicensing • Common Application Approval MCEITS Excepted ASHORE Legacy MCEN CANES Combat Systems ISNS/IT-21 CENTRIX-M AFLOAT Navy has significantly reduced the number of networks SCI Networks SubLAN
NetOps Command and Control(Starting with NGEN) • Synergy between: • Visibility into health and status of the network • SA of threat environment • SA of operational environment • Focus on mission priorities and Commander’s intent • Authority, People, Processes, and Tools to direct appropriate actions on the network Shared SA + Authority + People + Processes + Tools = NetOps C2
Realignment Objectives • Exercise command & control of Navy NETOPS • Provide shared situational awareness and security posture to meet warfighter demands • Deliver a consistent NETOPS framework for the future • Foster a culture of accountability in NETOPS • Improve resource alignment (people, tools, and finances)
Challenge: Dynamic Threat Attack Sophistication versus Intruder Knowledge Compression of the Discovery-Attack Life Cycle • Has the situation improved or worsened since these graphs were produced? • New exploits since 2003 • Code Red, Slammer/Blaster, BotNets, Phishing & Spear Phishing, Cybercrime “for hire” • What’s next? Can you help the Navy stay ahead? From Eschelbeck, G., Do you feel the force?, July 2003 http://www.scmagazine.com/scmagazine/2003_07/cover/
Solutions • Culture • Accountability – everybody has a role • Commander’s “Daily View” • Focus on 1000s of Threats • Damage Control, Force Protection • Conduct • Enterprise C2 • One Network, One Fight • Inspection Mentality • Proactive • Operational rigor & reporting • Capability • Network Visibility • Information Assurance • Type Commander to focus on Man, Train & Equip functions • Dynamic Defense • Automation
Transformation Strategy NetOps Alignment Plan • MOC – RNOSC Construct • Synchronized Plan • RNOSC IOC → FOC • C10F C2/SA • CTF 1010 /C10F • COSC → NGEN → NNE Jul 10 N-Code Standardization Oct 10 CSICP Jan 11 GNOC Det Merger Jan 11 Codified C2 Mutually Supportive Unity of Effort RNOSC IOC Apr 11 RNOSC Build Out Oct 11 CTF 1010 /C10F C10F C2/SA NGEN C2 Implementation
Continual Service Improvement Notional • CYBERFOR • Plan • Requirements Design • Builds Capability • Gap Analysis • C10F / NNWC NetOps • Test • Implement • Execute Fleet Reqs • CSI • Control • Measure • Design • Prioritize • Coordinate • Improve PMWReqs Gaps NEIRP Measure
Standardizing NETOPS Service Delivery through ITIL V3 • Desired Results: • Standardized, repeatable processes and procedures for supporting and maintaining NETOPS services • Establish policy to guide process development and continual improvement • Common lexicon • Clearly defined roles and responsibilities • Establish tool standards that will enable “single source of information” for collaboration and coordination of daily activities • Operational Objectives • Navy Networks integrated within an effective NetOps C2 construct -- centralized, global and authoritative C2, regionally managed • SOPs to capture standardized network operations tactics, techniques and procedures • Standardized NetOps capabilities that enable visibility and control - processes, procedures, tools and core competencies • Accurate and timely information shared awareness enabling NetOps C2
OWNER: NCF N4/7 OWNER & MANAGER: NETOPS-1 OWNER: NNWC CIO MANAGER: NETOPS-2 MANAGER: NETOPS-3 Access Mgmt Info Security Mgmt Incident Mgmt Event Mgmt Problem Mgmt NetOps Directorate ACOS/Deputy/Admin/LCPO NetOps-2 IA DiviDir&Deputy IA/Compliance/IA Watch/ DMZ/MOC/COI/Data Conf/CTO(s) NetOps-1 Network Ops DivDir&Deputy BWC-ABWC/NetOps C2 Service Operation Trans/EntOps/Change(ASI) Network Performance NetOps-3 Enterprise Mgmt DivDir & Deputies Transport GTSE/RF Mgmt Pier/Bdry/C2I BAN-LAN/WAN Services Web/Messaging Apps/DB-ESD/OS VOX-VID/File/COI CSI CSI CSI NetOps-5 Plans/policy/Exercise Future Ops/Process & Analysis/CSI/Future Plans/Exercise-COOP Continual Service Improvement (CSI)
NetOps - Command and Control Network Command and Control equates to shared Situational Awareness and Unified C2
Information Dominance Warfare PQS • Officer PQS • Approved by N2/N6 and Community Leaders, the IDC PQS is in final stages of preparation for NETC publication as NAVEDTRA 43360 • Individual community PQSs are undergoing review/update • Information Warfare: Complete • Information Professional Basic PQS working group held in Jun • Intel PQS update conference planned tentatively for Aug/Sep • Space Cadre PQS working group planned for Aug • Enlisted PQS • Common Core assigned NAVEDTRA 43365 • 4 Command specific PQS completed: NCDOC, NIOC, NCTAMS, ONI • Common Core PQS currently being Beta tested and rolled out to all commands
C10F Standing Task Organization Headquarters CTF 1000 C10F CTF 1030 CO NIOC Norfolk CTF 1090 CO NIOC Suitland C10F CTG 1000.9 NIODYakima CTG 1000.1 NIOC MenwithHill Station CTG 1000.7 NIOCHawaii CTG 1000.5 NIOCGeorgia CTG 1000.3 NIOCMisawa CTG 1030.1 NIOCNorfolk R &D D/COM CTG 1000.8 NIOCColorado CTG 1000.10 NIODAlice Springs CTG 1000.6 NIOCMaryland CTG 1000.2 NIOC Sugar Grove CTG 1000.4 NIOC Texas CTG 1030.2 NIOCSan Diego CTG 1030.3 NIOCWhidbey Island Service Cryptologic Component Operations Information Operations CTF 1010 COMNNWC BWC CTF 1020 CO NCDOC CTG 1080.1 NIOCColorado CTF 1040 CO NIOC Texas CTF 1050 CO NIOC Georgia CTF 1060 CO NIOCMaryland CTF 1070 CO NIOCHawaii CTG 1020.1 NCDOC CTG 1010.1 NCTAMS LANT CTG 1040.1 NIOCTexas CTG 1060.1 NIOCMaryland CTG 1070.1 NIOCHawaii CTF 1080 CO NIOCColorado CTG 1050.1 NIOCGeorgia CTG 1050.2 NIOCBahrain CTG 1060.2 FIOCUK CTG 1070.2 NIOCYokosuka CTG 1020.2 NIOCPensacola CTG 1010.2 NCTAMS PAC CTG 1010.3 NAVSOC CTG 1070.3 NIOCMisawa Computer Network Defense NetOps/SpaceOps Fleet and Theater Operations Network Operations & Defense Group
NETWARCOM Organization Commander Deputy and Chief of Staff Cyber Asset Reduction & Security Network Operations Office of Compliance and Assessment Network Assurance & Command Information Office Space Operations Navy Operational Designated Approving Authority
Big 7 ITIL Process Owners & Managers NAVNETWARCOM NAVYCYBERFOR Event Mgmt – NetOps-1 O M IT Service Continuity NCF N8 IT Request Fulfillment NCF N8 Problem Management O O O Incident Mgmt – NetOps-1 O M M M M Problem Mgmt – NetOps-3 M Access Management - CIO O Info Security Mgmt - CIO O Access Mgmt – NetOps-2 M Info Scty Mgmt – NetOps-2 M Man, Train, Equip Operate
Cyber Security Inspection and Certification Program (CSICP) COMFLTCYBERCOM FT GEORGE G MEADE MD 282138Z JAN 11 “ THIS IS A COORDINATED COMPACTFLT, USFF, AND COMFLTCYERCOM MESSAGE TO IMPLEMENT A CNO DIRECTED THREE-STAGE ENTERPRISE CYBER SECURITY INSPECTION AND CERTIFICATION PROGRAM (CSICP). THIS PROGRAM WILL ENSURE THE HEALTH AND SECURITY OF NAVY NETWORKS AND CONNECTED COMBAT SYSTEMS, AND FORMALIZE A PROCESS THAT PROVIDES CONTINUING OVERSIGHT AND ACCOUNTABILITY……. NAVY NETWORKS ARE A COMBAT SYSTEM AND WILL ADHERE TO THE SAME INSPECTION AND CERTIFICATION RIGOR AS ALL OTHER COMBAT SYSTEMS.”
Our Global Presence NETWARCOM Presence NETWARCOM For Official Use Only